Advanced-Level Terraform Questions

11. What is Terraform’s “desired state” model?
Terraform compares the desired state (in configuration) with the actual state (in the cloud) and makes changes only where they differ.

12. How do you perform drift detection?
Run terraform plan periodically to compare your state file with real infrastructure and detect manual changes.

13. What are workspaces in Terraform?
Workspaces let you manage multiple environments (like dev, staging, prod) with the same configuration but separate state files.

14. How do you version control Terraform code?
Use Git for versioning, maintain separate branches for environments, and use PR-based reviews for changes.

15. How can you improve Terraform performance in large infrastructures?
Use parallelism (-parallelism flag), split infrastructure into smaller modules, and run targeted applies (-target flag).

16. What are Terraform provisioners and why should they be used sparingly?
Provisioners run scripts or commands on resources after creation. They’re less reliable and break the declarative model — prefer configuration management tools instead.

17. How does Terraform handle dependencies between resources?
Terraform automatically builds a dependency graph based on resource references but can use depends_on for explicit ordering.

18. How can you enforce policies in Terraform?
Use Sentinel or Open Policy Agent (OPA) to define and enforce governance policies before deployment.

19. What’s the difference between Terraform and CloudFormation?
Terraform is multi-cloud, open source, and uses HCL, while CloudFormation is AWS-specific and uses JSON/YAML.

20. How do you test Terraform configurations?
Use tools like Terratest, Checkov, or InSpec for validation and automated testing.