HashiCorp Certified: Terraform Associate 2026

Learn the simple installation process for terraform by downloading the single binary, understand platform options (Windows, Mac OS, Linux, Solaris), and ensure the binary is in your system path.

Install Terraform on Windows by downloading the amd64 binary, extracting it, and adding the binary folder to the system path. Verify access from any directory using a new terminal session.

Install terraform on linux using package manager commands, verify Ubuntu with /etc/os-release, and follow Linux-specific steps rather than binary downloads, mirroring Mac OS and Windows guidance.

Install and set up Visual Studio Code across Windows, macOS, and Linux, create and manage a kplabs-terraform project folder, and use the built-in terminal with split or separate window options.

Choose a suitable source code editor for Terraform, as you can write Terraform code in any editor; Visual Studio Code offers extensions, terminal integration, and cross-platform support.

Discover how Visual Studio Code extensions enhance the Terraform workflow with color highlighting, autocompletion, and spelling checks using the official HashiCorp Terraform extension.

Explore the AWS account signup process, compare free and paid plans, understand credits and verification steps, and set up payment, contact, and security details.

Learn to create a new aws account via the management console, verify email, set credentials, enter billing and identity details, choose a plan, and understand activation timing and welcome emails.

Sign in to an existing AWS account using the root user email, verify with the email code, and enable MFA with an authenticator app or alternative token.

Implement multi-factor authentication for AWS to protect root credentials and prevent costly charges by requiring time-sensitive codes from a mobile authenticator app such as Google Authenticator or Authy.

Set up multi-factor authentication for AWS by configuring the root user's MFA with an authenticator app, scanning a QR code, and verifying codes to secure access.

Terraform authenticates with each provider before resource creation, then applies authorization using provider credentials, such as AWS access keys or GitHub tokens, to grant appropriate permissions.

Generate AWS credentials by creating an IAM user with administrator access, then obtain and securely store the access key and secret key for Terraform operations.

Launch your first aws ec2 instance with Terraform by configuring the aws provider, selecting a region, choosing the ami and instance_type, and applying tags via terraform init, plan, and apply.

Explore Terraform resources and providers, learn how provider plugins power AWS and Azure via Terraform init, and understand resource blocks, types, and unique local names.

Explore the three Terraform provider tiers—official HashiCorp, partner, and community—along with namespaces and the required_provider block for non-hashicorp plugins, and guidance for production use.

Learn to create a GitHub repository with Terraform by configuring the GitHub provider, supplying a token, and running terraform init, plan, and apply to create an example repository.

Explore destroying Terraform-created resources with terraform destroy, including destroying all in a folder and targeting specific resources using the target flag.

Learn secure authentication for the AWS provider by moving credentials from the provider block to AWS CLI config files stored in HOME/.aws or Windows equivalents, enabling Terraform without secrets.

Terraform state file stores the infrastructure data, including resource IDs and types, enabling precise planning and updates. It is JSON, must not be edited manually, and should be backed up.

Define the desired state in Terraform files and compare it with the current state to reconcile infrastructure, creating missing resources, updating differences, and deleting when the state is removed.

Explore difference between desired state and current state in Terraform, using defaults like storage and security groups as examples. Learn how defining attributes prevents drift and guides plan and apply.

Discover how Terraform refresh updates the state during plan and apply, avoid manual refresh to prevent state loss, and use the refresh only option with backups and versioning.

Learn how Terraform provider versioning works with provider plugins independent from Terraform, how to constrain versions using >=, <=, ~, and how .terraform.lock.hcl locks providers, with the upgrade flag.

Explore how the course organizes Terraform practicals into separate folders, linked GitHub sections, and clear readme navigation, and remember to destroy resources to avoid charges.

Focus on mastering core terraform concepts through AWS practicals, highlighting four primary services: EC2, security groups, AWS users, and Elastic IP, and covering basic firewall concepts for diverse learners.

Learn the basics of firewalls and ports, and how AWS security groups serve as virtual firewalls to control inbound and outbound traffic to EC2.

Create a security group from scratch, define inbound rules for ssh port 22, icmp, and http, and attach it to an EC2 instance to manage firewall traffic.

learn to create an aws security group named terraform-firewall with inbound port 80 from 0.0.0.0/0 and outbound traffic using terraform, including separate ingress and egress rules with from_port and to_port.

Navigate Terraform documentation updates and provider version changes, compare newer and older AWS security group approaches, and maintain stable infrastructure code across provider releases.

Create an elastic ip in AWS using Terraform with the aws_eip resource, noting the optional instance parameter, domain, and a provider block for us-east-1, then run plan, apply, and destroy.

Learn how Terraform attributes populate the state file for resources like an EC2 instance and an elastic IP, including id, public_ip, private_ip, private_dns, and arn.

Explore cross-resource attribute references in Terraform by wiring an elastic IP's public_ip into a security group's cidr IPv4 block, and understand resource dependencies and automatic sequencing.

Explore cross-resource attribute references in Terraform by wiring an Elastic IP to a security group rule, using computed cidr_ipv4 with a /32 via string interpolation.

Use terraform output values to expose a public ip from aws_eip to the command line and other configurations. Understand how outputs enable cross-project collaboration via tfstate.

Learn how terraform variables centralize values to avoid repeating static vpn_ip and ports across many rules, and fetch them from a central location for easy updates.

Learn to define and use Terraform variables to replace repeated values in an AWS security group, fetch from a central file, and apply changes with plan and apply.

Define and manage variables with a variables.tf and terraform.tfvars setup, using dev.tfvars or prod.tfvars to supply values for multiple environments.

Learn to assign Terraform variables using defaults, tfvars, environment variables, and the -var option. Explore Terraform prompts for input when undefined and set tf_var_ environment variables on Windows.

Install Terraform on Linux, set and verify environment variables with export, follow tf_vr_instance_type naming, and run Terraform plan successfully.

Explore Terraform variable definition precedence, including environment variables, terraform.tfvars and tfvars.json, auto.tfvars files, and -var/-var-file options, with practical instance_type examples.

Understand Terraform data types, including string and number, and learn to restrict variables to a specific type. Explore how lists and maps vary by resource argument.

Explore the list data type in Terraform, learning how to store multiple values for variables and resource arguments using square brackets, with examples like VPC security group IDs.

Explore the map data type in Terraform, a collection of key-value pairs used for tags and resource attributes. Apply map syntax with defaults and outputs to manage AWS EC2 tags.

Learn how to reference specific values from maps and lists in Terraform variables, pulling instance types like t2.nano from us-west-2 and m5.large from a list.

Explore Terraform's count meta-argument, enabling multiple identical aws_instance blocks to create several EC2 instances with minimal code, and address unique naming and plan behaviors using tags.

Learn how count index in Terraform's count meta argument provides zero-based, unique names for EC2 instances and IAM users, and verify changes with plan and apply.

Learn how Terraform conditional expressions select between values like t2.micro and m5.large based on var.environment (and optional var.region), using condition, true value, and false value.

Learn how terraform functions like max and file simplify infrastructure code by loading external content, tested via the terraform console, with built-in categories and no user defined functions.

Analyze Terraform code containing functions without applying, using the Terraform console to test lookup, length, element, formatdate, and timestamp functions, and understand how AWS resources are created.

Analyze Terraform code containing functions such as lookup, length, element, and timestamp to see how variables, AMI mappings, and date formatting drive EC2 resource creation.

Learn how local values in Terraform centralize common resource values across multiple resources, compare them with variables, and compute dynamic tags like CreationDate with formatdate.

Learn how data sources fetch information defined outside Terraform using data blocks, enabling flexible and modular configurations. See examples with digitalocean_account, local_file, and aws_instances, and how data feeds resource blocks.

Explore HashiCorp documentation to identify data sources and resources for AWS, GCP, and Azure, using examples like aws_ami to fetch existing information in Terraform.

Explore the data sources format in Terraform, learn to define data blocks, use filters to target specific aws_instance or aws_instances, and compare single versus multiple instance retrieval.

Learn to fetch the latest operating system image automatically with a Terraform data source, avoiding hardcoded AMI IDs and enabling cross-region server creation in AWS EC2.

Learn to fetch the latest Ubuntu AMI with the data aws_ami source and reference data.aws_ami.myimage.image_id in your ec2 resource to avoid hard coding.

Learn to debug Terraform by generating detailed logs with TF_LOG and TF_LOG_PATH, using trace or info levels to capture root causes and save output to a file.

Set TF_LOG and TF_LOG_PATH to enable detailed Terraform debugging across Windows and Linux, with info or trace logs, temporarily or permanently.

Explore the Terraform troubleshooting model across four areas—language errors, state issues, core application bugs, and provider plugin problems—learning to inspect code, state, and relevant GitHub repositories for fixes.

Learn to report terraform bugs on the core or provider plugin GitHub pages by submitting a bug report with version, configuration files, debug output, and tf log traces.

Master the terraform fmt command to enforce canonical format and improve readability across teams, and use -diff, -recursive, and -check in CI/CD pipeline.

Learn how terraform loads and merges all .tf and .tf.json files in a directory during plan and apply, and why unique resource addresses prevent duplicates.

Explore dynamic blocks in Terraform to generate multiple ingress blocks for a security group's inbound rules, reducing code repetition and aligning with the DRY principle.

Validate Terraform configuration files using terraform validate to catch syntax errors, unsupported arguments, and undeclared variables. See how the plan also runs validation.

learn how manual changes to terraform-managed infrastructure are handled with terraform taint and the -replace option in terraform apply to recreate affected resources.

Explore splat expressions in Terraform to retrieve the ARN attribute for all aws_iam_user resources created with count, and access individual attributes via index or all at once.

Explore Terraform graph to visualize resource dependencies, including the AWS provider, EC2 instances, elb, and Route 53, and learn to generate graph images with dot and Graphviz.

Save a terraform plan to a file (infra.plan), then apply from that plan to guarantee production consistency; inspect the plan with terraform show and JSON output.

Learn how to use Terraform output to extract IAM names and ARNs from the state file, using a splat expression and the output command across apply cycles.

Explore how Terraform settings tune project behavior by configuring the Terraform block to enforce required Terraform and provider versions, manage provider constraints, and enable backend and experimental features.

Learn how to use Terraform's target flag to apply, plan, or destroy a specific resource within a multi-resource folder, including local files, IAM users, and security groups.

Explore how to manage large infrastructure with Terraform and handle API throttling. Learn practical strategies such as splitting projects, using resource targeting, and using refresh=false to reduce API calls.

Zipmap constructs a map from a list of keys and a corresponding list of values. It maps IAM user names to ARNs and demonstrates the syntax zipmap(keys, values) for clearer outputs.

Learn how to add comments in Terraform code using # or // for single lines and /* ... */ for multi-line, and how they affect the Terraform plan.

Explore resource behavior in Terraform and learn how meta-arguments, especially the lifecycle block, control in place updates, replacements, and ignoring manual changes to keep infrastructure consistent.

explore the lifecycle meta-argument in Terraform, covering create_before_destroy, prevent_destroy, replace_triggered_by, and ignore_changes to customize default resource behavior.

Learn how the create before destroy lifecycle argument changes Terraform’s default destroy-then-create behavior by creating the new resource first and then removing the old EC2 instance, ensuring minimal downtime.

this lecture explains how to use the prevent_destroy lifecycle argument in Terraform to prevent resource destruction, demonstrated with an EC2 instance and the consequences of removing the resource block.

Master Terraform's lifecycle ignore_changes to ignore manual or external updates by selectively listing attributes like tags or instance_type, or using all to ignore all attributes during plan and apply.

Explain how the count meta-argument in Terraform identifies resources by index starting at zero, and why changing order or inserting elements can disrupt addresses and deployments.

Learn how Terraform ensures resource dependencies with the depends_on meta-argument to enforce that a S3 bucket (external storage) is created before an EC2 instance initializes.

Explore implicit versus explicit dependencies in Terraform, learn how to use the depends_on meta argument or resource attributes like vpc_security_group_ids to sequence an EC2 instance and a security group.

Explore the set data type in Terraform, contrast it with lists, and learn how sets enforce uniqueness, are unordered, and require explicit element types.

Use the foreach meta argument to create one resource per map or set member, enabling unique configurations such as multiple IAM users, and compare it with count.

Explore the object data type in Terraform, a key-value structure that allows mixed value types with a defined schema, and learn how extra attributes are discarded.

Explore input variable validation in Terraform to prevent plan-apply errors, using provider and user side checks to enforce db_password minimum length 12 and other resource naming rules.

Guide to input variable validation in Terraform, using a validation block to enforce a length of 12 for var.db_password with an error_message; shown through a practical plan and admin1234.

Explore pre-conditions and post-conditions in Terraform, using lifecycle blocks to enforce free-tier eligibility for EC2 instances and verify post-launch attributes like public IP.

Explore moved blocks in Terraform to rename resources without recreation. Map from old to new addresses and update state, with examples and alternatives like state mv for scripting and visibility.

Discover how Terraform provisioners enable end-to-end infrastructure by executing scripts on remote hosts via SSH after launching EC2 instances and installing software packages.

Discover how Terraform provisioners run scripts on local and remote machines during resource creation, focusing on local-exec and remote-exec, with a note on the file provisioner.

Define provisioners inside a resource by their type, such as local exec, remote exec, or file, and specify the local command or remote server commands with a connection block.

Implement the local-exec provisioner inside an aws_instance resource to capture the server ip and store it in server_ip.txt after the resource is created, using echo and self.private_ip or public_ip.

Learn how to implement a remote-exec provisioner in Terraform with a proper connection block using ssh or winrm, including key pairs, private keys, and commands to install nginx.

Explore provisioners in terraform, showing how local-exec and remote-exec run after resource creation, across any resource type like aws_iam_user or aws_instance, and how multiple provisioners can run in one block.

Explore creation-time and destroy-time provisioners in Terraform, showing how creation-time runs after resource creation and destroy-time runs before destruction, with tainting on failures and examples using local-exec.

Explore how provisioners influence terraform apply failure, learn to use on_failure with continue to avoid tainting resources, and verify outcomes with plan and taint state.

Explore how Terraform modules centralize standardized templates to reuse infrastructure code and reduce duplication. See how teams leverage modules for EC2, VPC, and EKS, enabling easier updates and standards compliance.

Learn to accelerate infrastructure creation with a ready-made Terraform module to deploy an EC2 instance and a security group, using the Terraform registry and the workflow: init, plan, apply, destroy.

Discover how to choose the right terraform module by evaluating downloads, GitHub activity, documentation, version history, and community support, including HashiCorp partner modules and security considerations.

Design a base module structure in Terraform with a modules folder and team-specific references, organizing EC2, VPC, IAM, and SG modules for reuse.

Create a simple EC2 module in the modules folder with main.tf, and learn to reference it from teams, while comparing internal modules to publicly hosted ones and their options.

Explore module sources and learn to reference a specific module using the module block and source argument. Cover local paths, git, S3, Terraform registry, HTTP URLs, and version blocks.

Call a custom module using a local path in Terraform, navigate with ./ and ../, reference the EC2 module, run terraform init and plan to provision a t2.micro EC2 instance.

Learn how to improve custom Terraform modules by removing hardcoded values, enabling overrides for ami and instance_type, and implement a required_provider block to specify AWS provider versions across regions.

Use variables in Terraform modules to replace hard-coded values, letting callers override settings such as instance type (t2.micro or m5.large) and other arguments for flexibility.

Convert hardcoded values to variables in a custom Terraform module, declare var.ami, var.instance_type, and var.region, override them in the calling code, and validate with terraform init and plan.

Improve your terraform modules by replacing hardcoded providers with a required_providers block, pinning aws plugin versions, and aligning region handling for robust, error-free terraform init and plan.

Learn how module outputs enable cross-project collaboration in terraform by exposing module-level instance IDs and attaching elastic IPs to EC2 instances through root module references.

Identify the root module as the entry point in the main terraform working directory, and note that a child module is the module called by another module.

Adopt HashiCorp's standard module structure for reusable Terraform modules, with README, main.tf, variables.tf, and outputs.tf (and versions.tf when needed) to enable clear documentation and consistent provider blocks.

Learn to configure multiple provider instances for Terraform modules, pass aliased providers from root to child modules, and deploy resources in us-east-1 and ap-south-1 using provider meta-arguments.

Publish modules to the terraform registry by hosting on github, following the three-part name format, using semantic version tags, and adopting a standard module structure with main.tf, variables.tf, and outputs.tf.

Manage multiple environments with a single Terraform configuration using Terraform workspace and separate state files. Switch between dev and prod workspaces to deploy environment-specific resources with separate state.

Explore Terraform workspace basics with a base EC2 deployment and multiple workspaces. Use a map and terraform.workspace to tailor instance_type per environment (default, dev, prod) and manage separate state folders.

Explore how git repositories enable team collaboration in Terraform, offering centralized access, version history, code review, and CI/CD, while avoiding tf state file and dot terraform folder in commits.

Avoid committing the Terraform state file to Git, as it can contain passwords and tokens in plain text, risking exposure in public or compromised repositories.

Master how to use gitignore with terraform to protect sensitive files, exclude the dotterraform folder and terraform state files, and implement git ignore rules with practical demos.

Explore how Terraform backends store state in central or local backends, configure remote options like S3, Consul, or GCS, and enable team collaboration.

Lock the tfstate during terraform operations to prevent concurrent writes and state corruption. Explore backend state locking, lock files, and handling lock errors in collaborative workflows.

Configure the S3 backend to store Terraform state in an S3 bucket, learn backend configuration, use_lockfile for state locking, and verify state files in S3 after init and apply.

Master Terraform state management by using state commands such as list, show, pull, rm, mv, env, and replace provider, while avoiding manual edits and leveraging remote backends like S3.

Explore how cross-project collaboration uses the remote state data source to fetch outputs from another team's Terraform state stored in S3, enabling automated IP addresses whitelisting and firewall rules.

Use the Terraform remote state data source to fetch the networking team's elastic IP from a remote S3 tfstate and apply it in the security team's inbound rule.

Explore Terraform import, now generating state and configuration for manually created resources. See a security group demo with plan and apply, plus requirements for Terraform 1.5+.

Explore practical Terraform import by manually creating an AWS security group, using import blocks and automatic code generation to generate an aws_security_group configuration, plan, and apply changes in Terraform.

Delink a resource from the Terraform state using the removed block, with destroy = false, to preserve the resource while removing it from state, declaratively.

Learn how to configure multiple providers with aliases in Terraform and map resources to specific provider blocks, enabling deployment of resources like security groups in Singapore and Mumbai.

Learn to use Terraform's sensitive parameter to prevent secrets in CLI output and logs. Compare local_file and local_sensitive_file and understand outputs and state implications.

Explore how Vault stores secrets securely and enables dynamic secrets with rotation. See its GUI, generate AWS and database credentials with short leases, such as one hour, and encryption.

Explore how the Vault provider enables Terraform to read secrets like secret/db_creds and use Vault generated iam credentials, while noting secrets may appear in the Terraform state file.

Discover how the terraform dependency lock file controls provider plugin versions with terraform.lock.hcl and associated hashes. Learn how independent release cycles and version constraints shape terraform init and upgrade.

Explore ephemeral values and write-only arguments in Terraform, showing how ephemeral blocks avoid storing passwords in the state file, and how password_wo with a version argument updates secrets securely.

Explore the HashiCorp cloud platform for Terraform (HCP) and its gui-based workflow, with plan, cost estimation, policy checks, and apply, plus state file storage and GitHub integration.

Explore ACP Terraform pricing across essentials, standard, and premium plans, with per month and per resource billing, pay-as-you-go options, and feature differences like audit logging and drift detection.

Create your first free account on HCP Terraform via app.terraform.io, verify your email, and begin setting up your first organization to explore hosted Terraform features.

Learn the base structure of the HashiCorp cloud platform for Terraform, including organizations, workspaces connected to git repositories, and projects for organizing teams.

Create and manage an HCP Terraform practical workflow by setting up an organization, a project, and a workspace, and explore registry, settings, and plan options on the free plan.

Explore HCP Terraform workspaces, linking a workspace to a git repository, and running plan and apply through a version control workflow with AWS credentials and environment variables.

Explore the cli driven workflow in hcp terraform by linking your local directory to a remote workspace and running plan and apply from the terminal.

Explore the practical CLI-driven run workflow for Terraform, linking local workspaces to an HCP cloud integration, authenticating with a token, and performing init, plan, and apply from the local CLI.

Sentinel enforces Terraform apply decisions with policy as code, using policy sets and workspaces, including hard mandatory tag checks and cost estimation.

Learn how air gapped environments physically isolate networks, with or without internet gateways, and how Terraform Enterprise supports online and airgapped deployments by using offline preparations and airgap bundles.

discover how the hcp terraform private registry helps organizations share private modules and providers from GitHub, manage versions and source URLs, and authenticate with an API token.

Invite users to your HCP Terraform organization and assign them to teams, such as owners, to enable collaboration. Understand invitations, team settings, and the default owner's access.

Manage HCP Terraform permissions by creating teams, inviting users, and configuring workspace access with read, plan, write, admin, private registry access, and variables and state controls.

Explore health assessments in HCP Terraform, detailing drift detection and continuous validation to ensure real infrastructure aligns with your Terraform configuration. Understand drift, gui checks, and standard and premium editions.

Learn how run triggers in hcp terraform automate cross-workspace updates by using the terraform_remote_state data source to fetch network project outputs and trigger security project auto-apply.

Learn how to migrate your Terraform state from local to HCP Terraform, enabling secure remote state storage and team collaboration.

Choose the right Terraform version in HCP Terraform, because each workspace has its own version for remote operations; avoid latest in production, and use tested versions for legacy code.

Explore practical Terraform challenges that build hands-on experience in troubleshooting, security, and optimization through structured tasks and code analysis, linked to the kplabs-terraform-challenges repository.

Clone the kplabs terraform challenges repository with git clone or download the zip, then pull the latest updates to start with challenge number one.

Explore versioning across Terraform and provider versions, refactor legacy 0.12 code to run on the latest Terraform, and follow a step-by-step challenge with AWS EIP resources.

Explore how to implement the Terraform challenge using the provided code without modification, with the correct 0.12.31 version, fix hard-coded keys, and align AWS and DigitalOcean provider blocks.

Demonstrates solving Terraform Challenge 1 by building with older 0.12.31 code, upgrading to latest Terraform and provider blocks, configuring AWS credentials, and ensuring Elastic IP creation.

Explore Terraform best practices in challenge two, focusing on variables in a sample AWS setup (security group and AWS EIP) and overriding Splunk from 8088 to 8089 without code changes.

Discover best practices for Terraform challenge two, including proper indentation, replacing hardcoded values with variables and tfvars, tagging production resources, variable precedence, and a clean folder structure.

Watch the Terraform challenge two solution video. Learn to optimize code, fix egress, format with terraform fmt, and use variables, tfvars, and tags for production readiness.

Master loops in Terraform by using a map variable instance_config to drive EC2 instance creation and automatic destruction when map entries change, as shown in challenge 3.

Master using a map variable with for_each to create and destroy resources based on key-value pairs in Terraform, keeping code minimal by looping through maps or sets.

Learn how to use for_each with a map to create multiple aws_instance resources in Terraform, including iterating keys, selecting ami and instance_type, and handling removals.

Outlines the Terraform challenge four requirements: create admin-user-<account> for each AWS account, display all users, and report a numeric total, with upcoming solution hints.

Explore dynamic infrastructure discovery using data sources to fetch AWS account IDs and usernames, then use Terraform functions to count users and produce outputs for the challenge.

Explore how to fetch IAM users with aws_iam_users, output their names and total count using the length function, and dynamically create an admin-user-<account_id> with aws_caller_identity in Terraform.