HashiCorp Terraform Associate 003 Study Guide

What does the Terraform Associate exam cover?

The HashiCorp Certified Terraform Associate (003) covers Terraform concepts including infrastructure as code fundamentals, purpose and use of Terraform, how Terraform works, core workflow, state management, modules, built-in functions, workspaces, backends, and provider configuration. The exam is 1 hour with 57 questions and costs $70.50 USD.

---

The HashiCorp Certified: Terraform Associate (003) is the foundational Terraform certification validating knowledge of Terraform as an infrastructure as code (IaC) tool. It is the most widely taken IaC certification and validates skills in provisioning infrastructure across multiple cloud providers using Terraform's declarative configuration language (HCL).

Terraform has become the de facto standard for multi-cloud infrastructure provisioning, used by DevOps engineers, platform engineers, and cloud architects globally. The Terraform Associate is a common requirement or preference in cloud engineering job postings. The exam costs $70.50 USD and certification is valid for 2 years.

---

Exam Overview

Detail	Information
Exam	HashiCorp Certified: Terraform Associate (003)
Provider	HashiCorp
Number of Questions	57
Time Limit	1 hour
Passing Score	Not published (estimated 70%)
Cost	$70.50 USD
Format	Online proctored; multiple choice and multi-select
Validity	2 years

The exam covers nine objectives:

1. Understand infrastructure as code concepts
2. Understand Terraform's purpose
3. Understand Terraform basics
4. Use Terraform outside the core workflow
5. Interact with Terraform modules
6. Use the core Terraform workflow
7. Implement and maintain state
8. Read, generate, and modify configuration
9. Understand HCP Terraform capabilities

"The Terraform Associate exam rewards candidates who have actually used Terraform to provision real infrastructure. Many questions present HCL code snippets and ask about behavior, expected output, or potential errors. Candidates who have only studied conceptually and never written Terraform configurations consistently struggle with these questions." -- Terraform certification community

---

Core Terraform Concepts

Infrastructure as Code Fundamentals

Benefits of IaC:

• Reproducibility: Infrastructure defined in code can be provisioned identically across environments
• Version control: Infrastructure changes tracked in Git with full history
• Collaboration: Pull request workflows for infrastructure changes
• Automation: CI/CD pipelines provision and update infrastructure automatically
• Self-documentation: Code describes the desired state of infrastructure

Declarative vs. imperative:

• Declarative (Terraform): Describe the desired end state; the tool figures out how to achieve it
• Imperative (Ansible, shell scripts): Specify the exact steps to reach the desired state

Terraform Architecture

Terraform components:

• Terraform Core: The terraform binary that reads configuration and manages state
• Providers: Plugins that interface with APIs (AWS, Azure, GCP, Kubernetes, etc.)
• State: JSON file recording the current state of managed infrastructure
• Configuration: HCL files (.tf) describing desired infrastructure

---

HCL Syntax and Configuration

Resource Configuration

# Resource block: the primary building block
resource "aws_instance" "web_server" {
  ami           = "ami-0c94855ba95b798c7"
  instance_type = "t2.micro"

  tags = {
    Name        = "WebServer"
    Environment = var.environment
  }
}

# Reference another resource's attribute
resource "aws_eip" "web_ip" {
  instance = aws_instance.web_server.id
}

# Data source: read existing infrastructure
data "aws_ami" "ubuntu" {
  most_recent = true
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-*-22.04-amd64-server-*"]
  }
  owners = ["099720109477"]  # Canonical
}

Variables and Outputs

# Variable declarations (variables.tf)
variable "environment" {
  description = "Deployment environment"
  type        = string
  default     = "development"
  validation {
    condition     = contains(["development", "staging", "production"], var.environment)
    error_message = "Environment must be development, staging, or production."
  }
}

variable "instance_count" {
  type    = number
  default = 1
}

# Output values (outputs.tf)
output "web_server_public_ip" {
  description = "Public IP address of the web server"
  value       = aws_instance.web_server.public_ip
}

output "web_server_id" {
  value     = aws_instance.web_server.id
  sensitive = false
}

Local Values and Built-in Functions

# Local values
locals {
  common_tags = {
    Project     = var.project_name
    Environment = var.environment
    ManagedBy   = "Terraform"
  }
  instance_name = "${var.environment}-web-${var.instance_count}"
}

# Using functions
resource "aws_instance" "example" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  # String interpolation
  user_data = templatefile("${path.module}/userdata.sh", {
    environment = var.environment
  })

  tags = merge(local.common_tags, {
    Name = local.instance_name
  })
}

---

Core Workflow

Terraform Commands

Command	Purpose
terraform init	Initialize working directory; download providers
terraform validate	Validate configuration syntax
terraform fmt	Format configuration files
terraform plan	Show execution plan (what will change)
terraform apply	Apply changes to provision/update infrastructure
terraform destroy	Destroy all managed infrastructure
terraform show	Display state or plan in human-readable format
terraform output	Display output values
terraform state list	List resources in state
terraform import	Import existing infrastructure into state
terraform taint	Mark resource for recreation on next apply
terraform refresh	Update state to match real infrastructure

Plan and Apply Workflow

# Initialize
terraform init

# Format and validate
terraform fmt
terraform validate

# Plan with variable file
terraform plan -var-file="production.tfvars" -out=production.plan

# Apply from saved plan (no confirmation required)
terraform apply production.plan

# Apply with auto-approve (for CI/CD)
terraform apply -auto-approve -var-file="production.tfvars"

---

State Management

Terraform State

State is the Terraform-tracked record of infrastructure. Key concepts:

• State is the mapping between configuration and real-world resources
• Default state is stored locally in terraform.tfstate
• State contains resource IDs, attributes, and dependencies

Remote backends store state remotely for collaboration:

# S3 backend with state locking via DynamoDB
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "production/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-state-lock"
  }
}

State Commands

# List all resources in state
terraform state list

# Show specific resource in state
terraform state show aws_instance.web_server

# Move resource to new address (after refactoring)
terraform state mv aws_instance.web_server aws_instance.app_server

# Remove resource from state (without destroying it)
terraform state rm aws_instance.web_server

# Import existing resource into state
terraform import aws_instance.web_server i-1234567890abcdef0

---

Modules

Module Structure

modules/
  web_server/
    main.tf       # Resources
    variables.tf  # Input variables
    outputs.tf    # Output values
    README.md     # Documentation

Using Modules

# Calling a module
module "web_server" {
  source = "./modules/web_server"

  # Pass input variables
  instance_count = 2
  environment    = var.environment
  subnet_id      = aws_subnet.public.id
}

# Using module outputs
output "web_server_ips" {
  value = module.web_server.public_ips
}

Module registry: Public modules available from registry.terraform.io:

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 5.0"

  name = "my-vpc"
  cidr = "10.0.0.0/16"
  azs  = ["us-east-1a", "us-east-1b"]
}

---

Workspaces and Environments

Terraform Workspaces

# List workspaces
terraform workspace list

# Create new workspace
terraform workspace new staging

# Switch workspace
terraform workspace select production

# Show current workspace
terraform workspace show

# Delete workspace
terraform workspace delete staging

Within configuration, reference current workspace:

resource "aws_instance" "example" {
  instance_type = terraform.workspace == "production" ? "t3.large" : "t3.micro"
}

---

Frequently Asked Questions

What is the difference between Terraform and Ansible? Terraform is primarily an infrastructure provisioning tool (creating and managing cloud resources declaratively). Ansible is primarily a configuration management tool (configuring and managing software on existing servers). Terraform excels at standing up infrastructure; Ansible excels at configuring it after provisioning. Many organizations use both: Terraform to provision VMs, Ansible to configure them. Terraform can also do configuration management and Ansible can provision infrastructure, but each tool's strength is different.

How does Terraform handle credentials securely? Terraform uses provider-specific authentication mechanisms. For AWS, it reads credentials from environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY), the AWS credential file, or an IAM role for EC2/ECS. For Azure, it uses the Azure CLI, environment variables, or managed identity. Credentials should never be hardcoded in Terraform configuration files. Sensitive variable values should use sensitive = true to prevent them from appearing in plan output.

What is HCP Terraform (formerly Terraform Cloud)? HCP Terraform (HashiCorp Cloud Platform Terraform, formerly Terraform Cloud) is HashiCorp's managed service providing remote execution of Terraform plans, remote state storage, cost estimation, policy enforcement via Sentinel, and a collaborative interface for team management of infrastructure. The Terraform Associate exam includes questions about HCP Terraform concepts. The free tier supports up to 5 users and unlimited resources.

References

1. HashiCorp. (2025). Terraform Associate Certification. https://developer.hashicorp.com/certifications/infrastructure-automation
2. HashiCorp. (2025). Terraform Documentation. https://developer.hashicorp.com/terraform/docs
3. HashiCorp. (2025). Terraform Registry. https://registry.terraform.io/
4. Brikman, Y. (2022). Terraform: Up and Running, 3rd Edition. O'Reilly Media.
5. Winkler, J. (2023). Terraform in Action. Manning Publications.
6. HashiCorp. (2025). HCP Terraform Documentation. https://developer.hashicorp.com/terraform/cloud-docs