{"id":14957794,"url":"https://github.com/amazingandyyy/terraform-cert","last_synced_at":"2026-01-20T20:33:32.978Z","repository":{"id":82579043,"uuid":"263789571","full_name":"amazingandyyy/terraform-cert","owner":"amazingandyyy","description":null,"archived":false,"fork":false,"pushed_at":"2020-06-08T06:22:30.000Z","size":29,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-07T12:49:47.071Z","etag":null,"topics":["devops","hashicorp-terraform","terraform","terraform-module"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amazingandyyy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-14T01:57:17.000Z","updated_at":"2020-06-08T06:22:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"a9a931dc-07ac-408b-90f6-df8efc152e0d","html_url":"https://github.com/amazingandyyy/terraform-cert","commit_stats":{"total_commits":6,"total_committers":2,"mean_commits":3.0,"dds":"0.16666666666666663","last_synced_commit":"04f6e0ec1aecf13a7c673b8b51101a3323a6053f"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/amazingandyyy/terraform-cert","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fterraform-cert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fterraform-cert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fterraform-cert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fterraform-cert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amazingandyyy","download_url":"https://codeload.github.com/amazingandyyy/terraform-cert/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fterraform-cert/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28612968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T18:56:40.769Z","status":"ssl_error","status_checked_at":"2026-01-20T18:54:26.653Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","hashicorp-terraform","terraform","terraform-module"],"created_at":"2024-09-24T13:15:35.502Z","updated_at":"2026-01-20T20:33:32.963Z","avatar_url":"https://github.com/amazingandyyy.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Certified Terraform Associate\n\nPrepare for [Certified Terraform Associate Certification](https://www.hashicorp.com/certification/terraform-associate/)\n\n## Configuration management vs Infrastrucure as code(IAC)\n\nIAS is a provisioners, which can use configuration management tool such as Ansible.\n\n## Basic\n\n```sh\ninstance.tf\nvariable.tf\nprovider.tf\nbackend.tf // https://www.terraform.io/docs/backends/types/remote.html\nmain.tf\nterraform.tfvars // ignored\nmodules/\n```\n\n### Commands\n\n```shell\nterraform init // it will download plugins for providers\nterraform plan // list out what to do\nterraform apply // do the job\nterraform destroy\nterraform destroy -target aws_instance.myec2\nterraform refresh // will fetch current state from AWS and update `.tfstate` files\nterraform show // show current tfstate\nterraform console // try out functions\nterraform fmt // format\nterraform validate\nterraform taint // destroy that item and recreate it again\nterraform workspace show|list|select\nterraform state list|mv|pull|push|rm(remove tracking, but the instance are still running)\nterraform import aws_instance.myec2 i-24fdsf34f24(instance id)\n```\n  \n## Variables\n\n- create variables with variables.tf file or do either following to override\n  - explicitly set with `-var='key=valu'` flag\n  - use `terraform.tfvars` file\n  - use `custommmm.tfvars` and `-var-file='custommmm.tfvars` flag\n  - use `export TF_VAR_instance_type=\"m5.large\"` enviroment variable\n- you can define variables types, types can be string, list, map, number\n\n```sh\nvariable \"access_key\" {\n  type = number\n}\n```\n\n### Points\n\n- TF use `terraform.tfstate` file to store curent state\n- if someone went to AWS interface to change something, terraform plan will catch that current state is different from desired state(in the `.tf` files)\n- if the state on AWS is not a part of the definition then it will not know the shape of the current state\n- providers have different versions, should better explicitly set the provider version in tf files. (`\u003e=`, `~\u003e`, `\u003c=`)\n- third party providers should be downloaded and copy to `~/.terraform.d/plugins` to make it available\n- you can have output in the tf file\n- use count and count.index and list variable to iterate and generate dynamic names\n- conditional expression\n- local values\n- terraform [functions](https://www.terraform.io/docs/configuration/functions.html)\n  - max(), element(), lookup(), file(\"${path.module}\"), formatdate(\"DD MMMM YYYY hh:mm:ss ZZZ\", timestamp())\n\n- data source: data block, fetch data from owner\n\n```sh\ndata \"aws_ami\" \"app_ami\" {\n  most_recent = true\n  owners = [\"amazon\"]\n\n  filter {\n    name = \"name\"\n    values = [\"amzn2-ami-hvm*\"]\n  }\n}\n```\n\n- debugging: set TF_LOG to either TRACE(default), DEBUG, INFO, WARN, or ERROR\n  - can also set TF_LOG_PATH to /tmp/terraform-crash.log\n- dynamic block, iterator is optional alternative name\n\n```sh\nvariable \"sg_ports\" {\n  type        = list(number)\n  description = \"list of ingress ports\"\n  default     = [8200, 8201,8300, 9200, 9500]\n}\n\nresource \"aws_security_group\" \"dynamicsg\" {\n  name        = \"dynamic-sg\"\n  description = \"Ingress for Vault\"\n\n  dynamic \"ingress\" {\n    for_each = var.sg_ports\n    iterator = port\n    content {\n      from_port   = port.value\n      to_port     = port.value\n      protocol    = \"tcp\"\n      cidr_blocks = [\"0.0.0.0/0\"]\n    }\n  }\n\n  dynamic \"egress\" {\n    for_each = var.sg_ports\n    content {\n      from_port   = egress.value\n      to_port     = egress.value\n      protocol    = \"tcp\"\n      cidr_blocks = [\"0.0.0.0/0\"]\n    }\n  }\n}\n```\n\n## [Provisioner](https://www.terraform.io/docs/provisioners/index.html)\n\n- to execute scripts on a machine\n  - local-exec // run on the machine whichever run the terraform apply command\n  - remote-exec // run on the created remote machine\n\n```sh\nresource \"aws_instance\" \"web\" {\n  # ...\n\n  provisioner \"remote-exec\" {\n    inline = [\n      \"puppet apply\",\n      \"consul join ${aws_instance.web.private_ip}\",\n    ]\n  }\n}\n```\n\n- [connection](https://www.terraform.io/docs/provisioners/connection.html)\n  - using self.public_ip\n- use case\n  - run ansible as local-exec\n\n## Modules\n\n- use source to use any tf file to be a module\n- using variable and default value to make modules' value overridable, otherwise cannot be overwritten at all\n- terragorm registry\n  - modules written by community\n  - `module` [e.g](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/2.33.0)\n\n## Workspace\n\n- lookup\n\n```sh\n\nresource \"aws_instance\" \"myec2\" {\n   ami = \"ami-082b5a644766e0e6f\"\n   instance_type = lookup(var.instance_type,terraform.workspace)\n}\n\nvariable \"instance_type\" {\n  type = \"map\"\n\n  default = {\n    default = \"t2.nano\"\n    dev     = \"t2.micro\"\n    prd     = \"t2.large\"\n  }\n}\n```\n\n- the .fstate will be created into `terraform.tfstate.d`\n- use file to pass password and that file is ignored by git\n- backend, use s3 to save tfstate file\n- locking state\n  - enable s3 locking with dynamodb_table and with LockID as primary key\n- import\n- aws provider will default to find .aws/credentials\n  - or when it sees .aws folder, it default to use aws as provider\n- multiple providers: use alias in provider and point to provider by alias name\n- sensite: true\n- terraform cloud\n  - team collaboration on apply/destroy\n  - a CI to run terraform commands\n  - serverless solution when connecting with one github repository\n- [sentinel](https://docs.hashicorp.com/sentinel/terraform/) (policy check)\n- remote backend, local command will execute on the terraform cloud, and the cloud will streaming output to local machine\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazingandyyy%2Fterraform-cert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famazingandyyy%2Fterraform-cert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazingandyyy%2Fterraform-cert/lists"}