Interview › Infrastructure as Code (Terraform, Ansible)
How do you keep IaC DRY across many similar microservices?
Infrastructure as Code (Terraform, Ansible) · Advanced level
Answer
To keep IaC DRY across many microservices, I use reusable Terraform modules, standard service blueprints, shared Kustomize bases, overlays for differences, Ansible roles, versioned templates, and CI checks. DRY should not mean hiding important differences; it should standardize the boring parts and expose safe inputs.
Technical explanation
DRY must be balanced with explicitness; over-abstraction makes reviews harder.
Use versioned modules/bases so services can upgrade intentionally.
Standard CI templates enforce consistency without forcing every service into identical infrastructure.
Keep source manifests or IaC definitions readable enough that reviewers can understand the final desired state.
Use overlays, modules, or roles for reuse, but keep environment-specific differences explicit and reviewable.
Validate generated output in CI before applying it through kubectl, Argo CD, Terraform, or Ansible.
Hands-on example
1. Implement a team workflow for: How do you keep IaC DRY across many similar microservices?
2. Use a repository layout that separates reusable building blocks from environment entrypoints:
iac/
terraform/modules/
terraform/envs/dev|stage|prod/
ansible/roles/
kubernetes/base/
kubernetes/overlays/dev|stage|prod/
3. For every pull request, generate Terraform plans, render Kustomize output, run ansible-lint, and attach summaries for review.
4. Require owners to approve changes touching IAM, networking, data stores, secrets, and production overlays.
5. After merge, apply through controlled pipelines with state locking, audit logs, and drift detection tickets for anything changed manually.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Infrastructure as Code (Terraform, Ansible) interview questions
- What is Infrastructure as Code, and what problems does it solve over click-ops?
- What is the difference between declarative and imperative IaC, and where do Terraform and Ansible fall?
- What is the difference between configuration management and provisioning?
- What is Terraform, and what is the core plan/apply workflow?
- What does terraform init do?
- What is the Terraform state file, and why is it critical?
- Why should state be stored remotely, and what backend would you use on AWS?
- What is state locking, and why does it matter for teams?