Today, I officially passed the HashiCorp Certified: Terraform Associate (003) exam! 🚀
It wasn’t hard — It's one hour exam and I finished in about 40 minutes, reviewed a few flagged questions, and then confidently submitted.
Now, while I'm parking the more advanced HashiCorp Certified: Terraform Authoring & Operations Professional with AWS (HCTOP-002-AWS) for the moment, my next mission is to tackle Certified Kubernetes Administrator (CKA).
After that, we’ll see whether I circle back to the Terraform Professional Level exam.
🔁 A Quick Rewind: The Journey
If you’ve seen my last two blog posts about Terraform, you might have guessed it —
👉 I actually booked the Terraform associate exam upfront, way before I even started the real preparation.
I booked it on purpose to push myself — to create that real, no-turning-back deadline pressure.
Since then, I've been squeezing in study time almost every day, balancing learning from Udemy courses, doing hands-on practice, and posting my Terraform learning journey right here on this blog.
Lesson?
Setting a real goal date works. It forces you to move!
Terraform associate certification cost?
It's $70.5 as of today.
How long does terraform associate exam take?
One hour.
How many questions in terraform associate exam?
Total 57 questions.
What type of questions in Terraform associate exam?
Good question! The Terraform associate exam includes:
- Multiple Choice (Single Answer)
- Multiple Choice (Multiple Answer)
- True/False
- Fill the blank
You can find the sample questions at HashiCorp official site here.
Is the Terraform Associate Certification worth it?
In short: absolutely, yes — if you work with cloud infrastructure.
Terraform has become the industry standard for Infrastructure as Code (IaC), and getting certified shows you understand not just the basic commands, but the right way to manage infrastructure at scale — including modules, state management, workspaces, and advanced features like remote backends. The certification isn’t just a checkbox; it validates that you can design clean, reusable, and reliable Terraform configurations — a huge plus for DevOps, cloud engineers, and even platform architects.
Especially the Professional Level exam are all hands-on format and take 3 hours to finish and it's quite challenging!
If you're serious about leveling up in the cloud/DevOps world, I would recommend you to take it.
📚 Resources I Used to Prepare
Big shoutout to the two courses that shaped my Terraform associate exam preparation journey:
- 🎯 Learn from official website of this exam at here.
-
🎯 All in One course for learning Terraform and gaining the official Terraform Associate Certification (003) by Zeal Vora - 👉 Check it out here
-
🎯 The Original Terraform Associate 003 Prep: Pass your Terraform cert with 300+ Questions with Explanations and Resources by Bryan Krausen - 👉 Check it out here
I also created my own error notebook and learning notes during my preparation as you see in next paragraphs.
✍️ My Terraform Associate Notes and Takeaways
Here's a brain-dump of everything I noted down during my preparation — real, practical, exam-focused.
Even you feel the Terraform Associate is an beginner level exam, I still highly recommend you to read through every point I noted here! You will find out that you will not just need them in Terraform Associate exam!
Key Terraform Concepts and Nuggets
Main Notes
- Terraform Community CLI does not natively support VCS (Version Control System) connections. You have to manually pull/push. But Terraform Cloud / HCP Terraform support it.
- There is a special block:
moved
Tells Terraform a resource has changed address, without touching the actual infrastructure.
Used for Renaming, restructuring resources or modules safely.
Example:moved { from = aws_instance.old_name to = aws_instance.new_name }It tells Terraform:
This old resource is now considered to be at this new address — DON'T destroy and recreate it. - Since Terraform 1.5, there is an
importblock!
Old way: Run terraform import manually for each resourceterraform import <resource_type>.<resource_name> <real-world-ID>
New way: Declare imports alongside code:
import { id = "i-1234567890abcdef0" to = aws_instance.example }It tells Terraform:
- Terraform will import the AWS EC2 instance with ID
i-1234567890abcdef0 - And map it to the resource
aws_instance.exampledeclared in your.tffile.
- Terraform will import the AWS EC2 instance with ID
terraform consolealso will lock state file!- True or false: In Terraform Community, workspaces generally use the same code repository while workspaces in Terraform Enterprise/Cloud are often mapped to different code repositories.
Answer: True.
In Terraform Community, workspaces typically share the same code repository, allowing multiple environments or configurations to be managed within the same repository. On the other hand, in Terraform Enterprise/Cloud, workspaces are often mapped to different code repositories to provide better isolation and organization for different projects or teams. - Object type can specify data type for each field, but all values map type must be same type.
variable "example_map" { type = map(string) } - True or false: Infrastructure as code (IaC) tools allow you to manage infrastructure with configuration files rather than through a graphical user interface.
Answer: True providerblock is not a must!
Terraform can automatically detect and use providers based on the resource configurations defined in the code.terraform planis not a must beforeterraform apply!- Run
terraform initsuccessfully, then directly runterraform apply, what would happen?
It will scan target infrastructure, create new state file, then deploy. - Run
terraform init, then if removing the version line from module block, runterraform init -upgrade, what would happen?
Terraform WILL NOT download latest version of modules!
Terraform will use already downloaded version as Terraform cache it locally! - Run
terraform init -upgrade, what would happen?
It will check and download latest version of plugins/modules complies with the configuration’s version constraints - If the backend hosting state does not supports state blocking, then two
terraform applyat the same might cause corruption in state file! - State file has one purpose to improve performance!
- What does Terraform agents do?
Execute plan and apply changes in infrastructure! - True or False: Any sensitive values referenced in the Terraform code, even as variables, will end up in plain text in the state file.
That’s TRUE!!!! - Same resources needs to have provider alias to have different configuration! Like one AWS resource needs to be in east region, another AWS with alias can be in west region!
- The primary use of Infrastructure as Code (IaC)?
The ability to programmatically deploy and configure resources - True or False: In both Terraform Community and HCP Terraform, workspaces provide similar functionality of using a separate state file for each workspace.
Answer: True
For_each Value Referencing Table
Exhibited Code:
variable "env" {
type = map(any)
default = {
prod = {
ip = "10.0.150.0/24"
az = "us-east-1a"
}
dev = {
ip = "10.0.250.0/24"
az = "us-east-1e"
}
}
}
resource "aws_subnet" "example" {
for_each = var.env
cidr_block = each.value.ip
availability_zone = each.value.az
tags = {
Name = "subnet-${each.key}"
}
}
| Keyword | Meaning |
|---|---|
each.key |
The map key (prod or dev) |
each.value |
The full object for that key |
each.value.ip |
The IP address for that environment |
each.value.az |
The availability zone for that environment |
📚 Terraform Golden Rule Mismatch Table
Well, I gave the name "Golden Rule" ^^
| Mismatch | Terraform Reaction |
|---|---|
| Missing in state but exists in config? | Terraform plans to create it. |
| Exists in state but missing in config? | Terraform plans to destroy it. |
More Terraform Pro Tips
- The credentials to
awsare defined inProviderblock!
provider "aws" { region = "us-east-1" access_key = "YOUR_ACCESS_KEY" secret_key = "YOUR_SECRET_KEY" } - No
nameinproviderblock, it’s usingalias. How to use the alias in resource?
provider "aws" { region = "us-east-1" } provider "aws" { alias = "west" region = "us-west-2" } resource "aws_instance" "example" { provider = aws.west # use the aliased provider ami = "ami-0c55b159cbfafe1f0" instance_type = "t2.micro" } - Inside terraform block:
required_version- to constrain Terraform CLI version. - Backend configuration must be defined inside the terraform block.
You cannot define a backend inside a provider block or outside the terraform block:
terraform { backend "remote" { hostname = "app.terraform.io" organization = "btk" workspaces { name = "bryan-prod" } } } - Constrain single or multiple provider version in
terraformblock, None of this can be in a provider block!!!:
terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } azurerm = { source = "hashicorp/azurerm" version = "2.90.0" } } } - The pattern of source path if using private registry:
module "vpc" { source = "registry.example.com/devops-team/vpc-module/aws" version = "1.0.3" } - Below is on Terraform public registry!
module "consul" { source = "hashicorp/consul/aws" version = "0.1.0" }
References Value
| Source | Reference Format | Example |
|---|---|---|
| Variable | var.<variable_name> |
var.instance_type |
| Local | local.<local_name> |
local.default_tags |
| Data Source | data.<provider>_<data_type>.<name>.<attribute> |
data.aws_ami.ubuntu.id |
| Module Output | module.<module_name>.<output_name> |
module.network.vpc_id |
| Resource Attribute | <provider>_<resource_type>.<resource_name>.<attribute> |
aws_instance.web.public_ip |
| Terraform Built-in Functions | <function>(<arguments>) |
cidrsubnet(var.vpc_cidr, 8, 1) |
| Terraform Meta-Arguments (special cases) | self.<attribute> (within resource) |
self.public_ip |
locals!✨ Closing Thoughts
Passing the Terraform Associate (003) cert wasn't brutal — it just needed focused practice, real deadlines, and hands-on experience.
Next stop: CKA (Certified Kubernetes Administrator)!
Maybe afterward, I'll resume the Terraform Pro-level certs — but for now, it’s Kubernetes grind time. 🚀
Part 2: Terraform Meta Arguments Unlocked: Practical Patterns for Clean Infrastructure Code
