Terraform Associate Exam - Question 32

A: True. Example: resource "aws_instance" "web" { # ... provisioner "local-exec" { command = "echo The server's IP address is ${self.private_ip}" } }

To use a provisioner in Terraform, you must include it as part of a resource configuration block. This is because a provisioner operates on a resource that has been created or updated by Terraform.

the question is stated provisioner must be. the key word being Must. They do not have to be so I voted B

While it's common to place provisioners inside the resource block for clarity and organization, they can also be defined outside of the block at the same level. Both approaches are valid, and the choice depends on your preference and the organization of your Terraform code. The main point is that provisioners are associated with a specific resource and are configured within the resource block or at the same level in the code.

A CORRECT If you are certain that provisioners are the best way to solve your problem after considering the advice in the sections above, you can add a provisioner block inside the resource block of a compute instance. https://www.terraform.io/language/resources/provisioners/syntax

Quote from Terraform site "f you are certain that provisioners are the best way to solve your problem after considering the advice in the sections above, you can add a provisioner block inside the resource block of a compute instance." https://www.terraform.io/language/resources/provisioners/syntax#how-to-use-provisioners

"you can add a provisioner block inside the resource block..." source : https://www.terraform.io/language/resources/provisioners/syntax

I think ans is A

I think the answer is A. This is an example of code that I've written that has been tested and works. resource "aws_volume_attachment" "ebs_att" { device_name = "/dev/sdh" volume_id = aws_ebs_volume.kibana_storage.id instance_id = aws_instance.kibana.id } resource "aws_ebs_volume" "kibana_storage" { availability_zone = "us-east-2a" size = 50 }

resource "aws_eip" "myeip" { vpc = "true" } resource "aws_eip" "myeip01" { vpc = "true" provider = aws.aws02 } provider "aws" { region = "us-west-1" } provider "aws" { alias = "aws02" region = "ap-south-1" } Looking at my lab example. The answer is false. You can put it inside resource block but it doesn't have to be. You only put it in resource block if there are multiple providers.

https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax Provisioners are used to execute scripts on a local or remote machine as part of resource creation or destruction. Provisioners can be used to bootstrap a resource, cleanup before destroy, run configuration management, etc. How to use Provisioners Note: Provisioners should only be used as a last resort. For most common situations there are better alternatives. For more information, see the sections above. If you are certain that provisioners are the best way to solve your problem after considering the advice in the sections above, you can add a provisioner block inside the resource block of a compute instance. resource "aws_instance" "web" { # ... provisioner "local-exec" { command = "echo The server's IP address is ${self.private_ip}" } }

Provisioner configuration doesn't go inside a resource configuration block.

A is correct answer. "If you are certain that provisioners are the best way to solve your problem after considering the advice in the sections above, you can add a provisioner block inside the resource block of a compute instance." https://www.terraform.io/language/resources/provisioners/syntax?_ga=2.158695858.964344447.1656246968-433701022.1656246968&_gl=1*1rbcuyq*_ga*NDMzNzAxMDIyLjE2NTYyNDY5Njg.*_ga_P7S46ZYEKW*MTY1NjI3MDA3Ny4yLjEuMTY1NjI3MTM5NS4w#how-to-use-provisioners

answer B. not must be. it can be inside resource block.

True null_resource is resource type used when you want to run provsioner out side any resorce block provsioner block will not work if it is not included in a resource/null_resource block

Examples given in "https://developer.hashicorp.com/terraform/language/resources/provisioners/connection" are not inside a resource configuration block. provisioner "file" { source = "conf/myapp.conf" destination = "/etc/myapp.conf" connection { type = "ssh" user = "root" password = "${var.root_password}" host = "${var.host}" } }

A: true. for instance, resource "aws_instance" "testInstance" { ami = "${var.instance_ami}" instance_type = "${var.instance_type}" subnet_id = "${aws_subnet.subnet_public.id}" vpc_security_group_ids = ["${aws_security_group.sg_22.id}"] key_name = "${aws_key_pair.ec2key.key_name}" tags { "Environment" = "${var.environment_tag}" } provisioner "local-exec" { command = "echo ${aws_instance.testInstance.public_ip} >> public_ip.txt" } }

A is the correct answer

Provisioner block should be inside the resource config block.

A Terraform provisioner must be nested inside a resource configuration block

Terraform provisioner must NOT be nested inside a resource configuration block because not all resource configuration blocks require a provisioner block. (it is absolutely not necessary a provisioner block for example for "aws_vpc").

But the key here is "must be". it's not "must be"

can be , not must be.

Should be B # Terraform Block terraform { required_version = ">= 1.0.0" required_providers { azurerm = { source = "hashicorp/azurerm" version = ">= 2.0" } random = { source = "hashicorp/random" version = ">= 3.0" } } } # Provider Block provider "azurerm" { features {} }

A. If you need to run provisioners that aren't directly associated with a specific resource, you can associate them with a null_resource.

A- True

A : True

True. Ans is A

True provisioner should only placed under the resource block PS E:\Terraform> terraform.exe validate ╷ │ Error: Unsupported block type │ │ on main.tf line 34: │ 34: provisioner "local-exec" { │ │ Blocks of type "provisioner" are not expected here. ╵

No Standalone Provisioners: Terraform does not support defining provisioners as standalone elements outside of resource blocks. All provisioner configurations must be part of a resource definition because their execution context is tightly coupled with resources. Alternatives to Provisioners: For scenarios where you might think about using provisioners in a more decoupled or independent manner, Terraform suggests other mechanisms. For instance, if the goal is to manage configuration or orchestration that seems beyond the scope of what should be tightly coupled to a single resource's lifecycle, tools like Ansible, Chef, Puppet, or Terraform itself (through resource dependencies and proper module design) are recommended to handle such configurations. These tools can be used in conjunction with Terraform but managed through their mechanisms for orchestration or configuration management, rather than through Terraform provisioners.

Answer is A: True Multiple provisioners can be specified within a resource. Multiple provisioners are executed in the order they're defined in the configuration file. https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax resource "aws_instance" "web" { # ... provisioner "local-exec" { command = "echo first" } provisioner "local-exec" { command = "echo second" } }

Definitely A as provisioners are executed as part of the create and destroy phases of the resource lifecycle. They cannot exist independently outside of a resource block. If you decide to define a provisioner outside of a resource block , terraform with throw a syntax error.