I first started using Terraform back in 2018. I couldn’t tell you what version it was or anything like that. It was new to me, and I was learning as I went. It wasn’t great, but it also wasn’t CloudFormation. I liked how it provided a way to enforce state by running terraform apply again.
Fast-forward a few years, and I had been asked to start writing Terraform modules for version 0.14 and above. I spent the next 6 months writing common modules for my organization and thought, “I wonder if there’s a certification for Terraform?”
Exam Details
The HashiCorp Certified: Terraform Associate exam is only offered through online proctor (at the time of this writing), lasts 1 hour, costs $70.50(USD), and is valid for 2 years. There are nine objectives for the exam:
- Understand infrastructure as code (IaC) concepts
- Understand Terraform’s purpose (vs other IaC)
- Understand Terraform basics
- Use the Terraform CLI (outside of core workflow)
- Interact with Terraform modules
- Navigate Terraform workflow
- Implement and maintain state
- Read, generate, and modify configuration
- Understand Terraform Cloud and Enterprise capabilities
Preparation
As always, I started with A Cloud Guru to see if they offered a course for this certification, and of course, they did. The current course is HashiCorp Certified Terraform Associate, it’s slightly outdated as the version of Terraform used is 0.13, but the concepts taught still apply today.
Having two-plus years of experience and completing the ACG course, I didn’t think it was quite enough to sit the exam. I looked around for more study material and found that HashiCorp had plenty of it to prepare me for the exam. The Study Guide provides lots of documentation & tutorials on all the nine objectives listed above. The Exam Review further breaks down the nine objectives and which documentation & tutorials to review. The Sample Questions were generic so that you could see the format the questions and answers may appear.
Things That I Learned
Dependency Lock File
Throughout my time using Terraform, I would see that when running terraform init, there was a dotfile called .terraform.lock.hcl being created. I wasn’t exactly sure what it was used for, but for most of my career as a developer, dotfiles shouldn’t be committed to your repos.
Well, in this case, I was wrong. This dotfile is for making sure everyone on your team is using the same version of providers so that you don’t get breaking changes accidentally introduced. In order to move on to a newer version of the provider, you would need to execute terraform init -upgrade command.
CLI Configuration File
There are many config files for applications, such as .npmrc. Terraform has this as well, .terraformrc. You have no idea how important this discovery was to me. My team and I have been needing to occasionally delete the .terraform/ directory that is created on each terraform init run as it pulls down the plugins to the directory which the command was run. This was leading to disk space issues for some of us.
In the .terraformrc file, one can have Terraform store all the plugins in a specific directory by setting the plugin_cache_dir. Terraform will check for a previously downloaded copy of the plugin and use that. This will save some much disk space for me as I run out quickly due to writing so many modules.
Terraform Cloud/Enterprise Usage
Terraform Cloud/Enterprise was the one area of the exam that I couldn’t fully prepare for as I’m not currently using Terraform Cloud or Enterprise at work. Some features that I would like to use at work are Sentinel and Private Registry.
Sentinel allows for your team to control deployments with “policy-as-code”. Say you want to make sure that anything that you deploy to AWS has specific tags on the resources. Sentinel will enforce that policy for you and not allow the deployment of the infrastructure without the required tags.
Private registries allows your organization produce modules & providers that are written by you. No need for end users to have direct access to the repo to download the code. With the private registry, you publish the modules & providers there and the user retrieves them with Terraform Cloud/Enterprise credentials.
Exam Day
I scheduled this exam for the day after re-certifying the AWS Certified Solutions Architect - Associate exam. I figured I was in the certification exam taking kinda mood. As mentioned above, this exam is through PSI Online Proctoring service. I again prepared my office by putting bedsheets over one desk and another over the bookcase as I didn’t want them to be an issue with being approved to take the exam.
There was around 57 questions on the exam, and I finished with plenty of time to spare. I passed the exam with a 78.95% score and not sure what is considered passing. I can now say I am HashiCorp Certified: Terraform Associate.
