Platform & cloud

Terraform & IaC

Core concepts

  • Providers — AWS, Azure, GCP bindings.
  • Resources — things you create; data sources — read existing.
  • State — maps config to real IDs; remote backend (S3 + DynamoDB lock).
  • Plan / Apply — preview changes; apply is transactional per resource where possible.

Module design

  • Inputs (variable) with types and validation; outputs for wiring.
  • Keep modules small and composable (VPC, EKS cluster, node group).
  • Version modules with tags; pin provider versions.

Interview favorites

  • State locking — why two applies can’t corrupt state.
  • Import — adopt brownfield resources (terraform import / config import blocks).
  • lifecycleprevent_destroy, create_before_destroy.
  • Drift — manual console changes; detect with plan in CI.
  • Blast radius — workspaces vs separate state per env/team.

IAM on cloud interviews

  • Least privilege for CI role (OIDC trust).
  • Difference between role, policy, instance profile (AWS framing).

Anti-patterns to mention you avoid

  • Secrets in .tfvars in git.
  • One giant state file for entire org.
  • Running apply locally without review in prod.

Practical prompt

“How would you add a new region?” — discuss module reuse, state split, DNS/global load balancing, data residency.

← All topics Browse jobs