Terraform Interview Questions (2026): By Level, With Model Answers

How to use this

Terraform is easy to run and dangerous to run carelessly. These questions check whether a candidate understands state, modules and safe change management.

Hiring a Terraform developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.

Junior Terraform interview questions

0–2 years

Core concepts.

What is infrastructure as code and why use it?

What a strong answer covers

Defining infrastructure declaratively in version-controlled files for reproducible, reviewable, automatable provisioning.

Red flag

Clicks resources together in a console with no record.

What is the difference between plan and apply?

What a strong answer covers

plan previews the changes Terraform will make; apply executes them. Always review the plan first.

Red flag

Runs apply without reading the plan.

What is Terraform state?

What a strong answer covers

A file mapping your configuration to real resources; Terraform uses it to know what exists and what to change.

Red flag

Deletes or ignores state and gets duplicate resources.

What are providers?

What a strong answer covers

Plugins that let Terraform manage a platform’s resources (AWS, GCP, etc.) through its API.

Red flag

Doesn’t know how Terraform talks to a cloud.

What are resources and data sources?

What a strong answer covers

Resources are things Terraform creates and manages; data sources read existing information without managing it.

Red flag

Recreates existing resources instead of referencing them.

What are variables and outputs?

What a strong answer covers

Variables parameterise configuration; outputs expose values for humans or other modules.

Red flag

Hardcodes values everywhere.

Why is idempotency important in Terraform?

What a strong answer covers

Re-running with no config change should make no changes; the desired-state model enables this.

Red flag

Expects each apply to recreate everything.

Why should the state file be handled carefully?

What a strong answer covers

It can contain secrets and is the source of truth; it belongs in secure remote storage, not committed to git.

Red flag

Commits terraform.tfstate to the repo.

Mid-level Terraform interview questions

2–5 years

State and modules.

What is remote state and why use it?

What a strong answer covers

State stored in a shared backend (S3, etc.) so teams collaborate safely, with locking to prevent concurrent corruption.

Red flag

Keeps state locally and overwrites teammates’ changes.

What is state locking?

What a strong answer covers

A mechanism preventing simultaneous applies from corrupting state, provided by backends like S3+DynamoDB.

Red flag

Two engineers apply at once and corrupt state.

What are modules and why use them?

What a strong answer covers

Reusable, parameterised groups of resources that keep configuration DRY and consistent across environments.

Red flag

Copy-pastes the same resources per environment.

How do you manage multiple environments?

What a strong answer covers

Separate state per environment via workspaces or directory structure with shared modules, avoiding cross-environment blast radius.

Red flag

Shares one state across prod and dev.

What is terraform import for?

What a strong answer covers

Bringing existing, manually-created resources under Terraform management by adding them to state.

Red flag

Recreates existing infra instead of importing it.

What is a provisioner and why avoid overusing it?

What a strong answer covers

A hook to run scripts on resources; it’s a last resort because it’s imperative and brittle compared to declarative config.

Red flag

Uses provisioners for everything.

How do count and for_each differ?

What a strong answer covers

Both create multiple instances; for_each keys by a map/set so adding/removing items doesn’t shuffle others like count can.

Red flag

Uses count where removing an item re-indexes and destroys the wrong resources.

How do you handle secrets in Terraform?

What a strong answer covers

Reference a secrets manager and mark variables sensitive; never hardcode secrets, and remember state may store them.

Red flag

Puts plaintext secrets in .tf files.

Senior Terraform interview questions

5+ years

Operations and safety.

What is state drift and how do you handle it?

What a strong answer covers

When real infrastructure diverges from state (manual changes); plan detects it and you reconcile via import or re-apply.

Red flag

Unaware that console changes cause drift.

How do you make Terraform changes safely in production?

What a strong answer covers

Reviewed plans in CI, small blast radius, targeted applies where needed, and understanding destroy-and-recreate behaviour.

Red flag

Applies sweeping changes that silently destroy resources.

How do you structure Terraform for a large organisation?

What a strong answer covers

Layered state by lifecycle/ownership, reusable modules, a module registry, and clear boundaries to limit blast radius.

Red flag

One giant state file for the whole company.

How do you integrate Terraform into CI/CD?

What a strong answer covers

Automated plan on PRs, gated apply on merge, remote state with locking, and policy checks (OPA/Sentinel).

Red flag

Applies from laptops with no review.

How do you avoid destroying stateful resources by accident?

What a strong answer covers

Lifecycle rules like prevent_destroy, careful review of plans, and understanding which changes force replacement.

Red flag

Ignores “forces replacement” in the plan and drops a database.

How do you test and validate infrastructure code?

What a strong answer covers

validate/fmt, policy-as-code, plan review, and tools like Terratest for module testing.

Red flag

Ships modules with no validation.

How do you manage provider and module versions?

What a strong answer covers

Pin versions and use a lockfile so applies are reproducible and upgrades are deliberate.

Red flag

Uses unpinned versions and gets surprise changes.

When is Terraform the wrong tool or approach?

What a strong answer covers

For imperative one-off tasks, application deployment, or where a platform’s native tooling fits better; IaC isn’t always the answer.

Red flag

Forces everything, including app config, through Terraform.

Skip the screening entirely.We vet Terraform engineers so you don’t have to — embed one in your team, or have us build it.

Hire Terraform developersCompare us

Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.

Share