ShowIPRoute
All posts

Terraform Associate (004): A Network Engineer's Journey

TerraformIaC
Marco Basso7 min read

Introduction

Over the past months, I've been extensively exposed to Cisco's Services as Code projects, which represent a fundamental shift in how network infrastructures are operated and maintained. The traditional approach based on manual, device-by-device CLI configuration is giving way to a declarative, automated model where the entire infrastructure is defined and maintained as code. If you haven't had a chance to explore this yet, I recommend checking out the official Services as Code page, a technical deep-dive on the topic and a real-world implementation case study with Intesa Sanpaolo (I plan to dedicate a separate post to this specific project).

These services are entirely built on top of Terraform, with Cisco having designed and developed dedicated providers and modules for a wide range of networking technologies (for further reference, see the Network as Code page). Working daily with this framework in a real-world context gave me a solid hands-on understanding of its core mechanics, and at some point I thought: why not expand that knowledge into a broader understanding of Terraform itself?

That's what pushed me to pursue the HashiCorp Terraform Associate (004) certification. After weeks of focused studying, I managed to pass it, and in this post I want to share the resources I used to prepare, the areas that deserve the most attention and a heads-up on an upcoming post that will dive deeper into a Terraform concept that might not be intuitive at first glance.

Before getting into the details, though, does this certification make me a Terraform expert? Absolutely not. But that was never the goal. The real value of studying for this certification lies in building a solid understanding of the fundamental building blocks: how state works, how providers interact with resources, how modules are structured and how the plan-apply lifecycle operates under the hood. These are exactly the concepts that come into play during troubleshooting sessions, where knowing why Terraform behaves a certain way makes the difference between blindly reapplying a plan and actually diagnosing the root cause.

Exam Details

Detailed information about the certification is available on the official portal. The key details worth highlighting are:

  • Duration: one hour
  • Validity: two years from the date of completion
  • Question type: multiple choice and multiple select
  • Exam objectives: a detailed list of all covered topics
  • Version differences: a comparison between version 003 and 004, useful for those looking to renew an existing certification
Note that the exam interface allows navigating freely between questions and flagging them for later review. This makes it possible to skip uncertain questions, continue with the rest and return to the flagged ones before submitting.

Resources

Several resources are available to prepare for the HashiCorp Terraform Associate (004) certification. The following is a curated list of those that I found most effective during the preparation process.

Official Documentation

The HashiCorp Terraform Exam Content List represents the primary and most authoritative source, listing all the topics covered in the exam. Additionally, this study guide serves as a useful reference throughout the study journey.

The official website also provides a set of sample questions to get familiar with the exam format.

For network engineers who are not accustomed to working with cloud infrastructure such as AWS or Google Cloud Platform (GCP), it is recommended to review some basic concepts like EC2 and VPC beforehand. This helps in better understanding the examples presented throughout the study material and in the exam itself.

Study Courses

In addition to the free official material provided by HashiCorp, two on-demand courses available on the O'Reilly platform stand out as particularly valuable:

Both courses help in understanding cloud provider terminology mentioned earlier and in seeing the various concepts applied in real-world scenarios. Each topic is introduced with a clear theoretical overview, followed by practical exercises in a lab environment that can be reproduced step by step, making it possible to replicate every operation along the way.

Beyond the clarity of the explanations, the examples provided by the instructors help in grasping all the covered concepts quickly and effectively. For anyone looking for structured courses to support the preparation, these are well worth considering.

Additional Videos

Along with the official documentation and the O'Reilly courses, a couple of topics require additional exploration as they are recent additions to the exam content list: the Test Framework and Ephemeral Resources. The following two freely available videos cover these subjects in a clear and well-structured manner:

Challenging Areas

While the exam covers a broad range of topics, certain areas require deeper insight and careful attention. The following sections highlight the concepts that tend to be most challenging.

Terraform State

Understanding how Terraform manages state is essential. The topic goes beyond simply knowing that a terraform.tfstate file exists. It is important to understand:

  • The purpose of state and why it is necessary
  • The difference between local and remote state backends
  • How state locking works and why it matters in team environments
  • The implications of the terraform state subcommands, such as mv, rm and import

Terraform Cloud and Workspaces

Terraform Cloud deserves dedicated focus, especially for candidates who primarily use Terraform in a local context. A key distinction to grasp is that Terraform Cloud workspaces are not equivalent to CLI workspaces: they are full organizational units that encompass configuration, state, variables and role-based access control. Topics such as the three execution modes (remote, local and agent), the difference between VCS-driven, CLI-driven and API-driven workflows, and Sentinel policy enforcement levels (hard-mandatory, soft-mandatory and advisory) require thorough familiarity.

Module Structure and Best Practices

Modules are a core building block in Terraform, and a solid understanding of the standard module structure (main.tf, variables.tf, outputs.tf) is expected. Equally important is knowing how modules can be sourced from different locations, whether local paths, the Terraform registry or VCS repositories. But what about provider dependencies? Each module must declare its own requirements through the required_providers block, even though provider configurations are inherited from the root module. Finally, familiarity with how module outputs are referenced in root configurations using the module.<name>.<output> syntax is key to connecting modules effectively.

Going Beyond the Certification

For those interested in going further, including topics that extend beyond the exam scope, the course More than Certified in Terraform 2025 by Derek Morgan is highly recommended.

What Is Coming Next

During the study process, one topic stands out above the others: state management. While the exam covers the fundamentals, certain operations carry implications that are worth exploring in greater detail through practical examples.

A dedicated post on this topic is planned for the near future, with hands-on scenarios built around the Network as Code paradigm to illustrate Terraform state behavior in a networking context.

Closing Thoughts

Preparing for the HashiCorp Terraform Associate (004) certification was a rewarding experience that pushed me to explore Infrastructure as Code beyond the surface level. For anyone considering this certification, I genuinely recommend combining the official documentation with hands-on practice, as the exam values practical understanding over rote memorization.

I hope this summary serves as a helpful starting point for your own journey. If you have any questions or want to share your own experience with the exam, feel free to reach out!

See you in the next post! 馃憢