Interview › Infrastructure as Code (Terraform, Ansible)
What recent IaC practice or tool have you adopted, and what did it improve?
Infrastructure as Code (Terraform, Ansible) · Advanced level
Answer
A recent IaC practice I would highlight is moving from ad-hoc imports and manual reviews to reviewable import blocks, drift detection, and policy-as-code in CI. It improves confidence because existing resources can be onboarded through code review and risky changes are caught before apply.
Technical explanation
A good answer should name a concrete practice and measurable outcome.
Examples include OpenTofu evaluation, import blocks, OIDC federation, drift checks, policy-as-code, or Kustomize build validation.
Tie the practice to reliability, security, speed, or reduced incidents.
Keep source manifests or IaC definitions readable enough that reviewers can understand the final desired state.
Use overlays, modules, or roles for reuse, but keep environment-specific differences explicit and reviewable.
Validate generated output in CI before applying it through kubectl, Argo CD, Terraform, or Ansible.
Hands-on example
1. Implement a team workflow for: What recent IaC practice or tool have you adopted, and what did it improve?
2. Use a repository layout that separates reusable building blocks from environment entrypoints:
iac/
terraform/modules/
terraform/envs/dev|stage|prod/
ansible/roles/
kubernetes/base/
kubernetes/overlays/dev|stage|prod/
3. For every pull request, generate Terraform plans, render Kustomize output, run ansible-lint, and attach summaries for review.
4. Require owners to approve changes touching IAM, networking, data stores, secrets, and production overlays.
5. After merge, apply through controlled pipelines with state locking, audit logs, and drift detection tickets for anything changed manually.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Infrastructure as Code (Terraform, Ansible) interview questions
- What is Infrastructure as Code, and what problems does it solve over click-ops?
- What is the difference between declarative and imperative IaC, and where do Terraform and Ansible fall?
- What is the difference between configuration management and provisioning?
- What is Terraform, and what is the core plan/apply workflow?
- What does terraform init do?
- What is the Terraform state file, and why is it critical?
- Why should state be stored remotely, and what backend would you use on AWS?
- What is state locking, and why does it matter for teams?