Terraform
Exam Content List - Terraform Authoring and Operations Pro
The Terraform Authoring and Operations Professional certification assesses knowledge of Terraform best practices, both in developing dynamic HCL configuration and establishing scalable, collaborative workflows. This exam assumes deep knowledge of the configuration language, best practices, and using the CLI. Professional experience using Terraform with a cloud provider is required.
The table below contains the objectives and topics common to all versions of the exam. The documentation pages listed below are starting points for studying the related objective, and they may not cover all aspects of the topic covered on the exam.
| Exam objective and sub-topics | Documentation | |
|---|---|---|
| 1 | Manage resource lifecycle | |
| 1a | Initialize a configuration using terraform init and its options | Initialization overviewinit CLI command |
| 1b | Generate an execution plan using terraform plan and its options | plan CLI command |
| 1c | Apply configuration changes using terraform apply and its options | apply CLI command |
| 1d | Destroy resources using terraform destroy and its options | destroy CLI command |
| 1e | Manage resource state, including importing resources and reconciling resource drift | State overviewimport blocksmoved blocksCLI documentation |
| 2 | Develop & troubleshoot dynamic configuration | |
| 2a | Use language features to validate configuration | Tests Checks Input variables Type constraints Custom conditions |
| 2b | Query providers using data sources | Data sources |
| 2c | Compute and interpolate data using HCL functions | Functions |
| 2d | Use meta-arguments in configuration | Resources |
| 2e | Configure input variables and outputs, including complex types | Variables and outputs Types and values Expressions |
| 2f | Analyze best practices for managing sensitive data, such as using Vault for secrets management. | Sensitive data in state |
| 3 | Develop collaborative Terraform workflows | |
| 3a | Manage the Terraform binary, providers, and modules using version constraints | terraform blocksVersion constraints Dependency lock file |
| 3b | Configure remote state | Remote state |
| 3c | Use the Terraform workflow in automation | Configuring state locking |
| 3d | Share data across configurations and workspaces | The terraform_remote_state data sourcetfe_outputs data source |
| 4 | Create, maintain, and use Terraform modules | |
| 4a | Create a module | Modules documentation Creating a module Module design recommended patterns |
| 4b | Use a module in configuration | Sourcing a module Declaring a module |
| 4c | Refactor a module and use module versioning | Refactoring modules Version constraints |
| 4d | Refactor an existing configuration into modules | moved blocks |
| 5 | Configure and use Terraform providers | |
| 5a | Understand Terraform's plugin-based architecture | Providers |
| 5b | Configure providers, including aliasing, versioning, sourcing, and managing upgrades | Provider requirements Provider configuration Dependency lock file Configuring providers in modules |
| 5c | Manage provider authentication | Provider configuration |
| 5d | Troubleshoot provider errors | Dependency lock file Debugging Terraform |
| 6 | Collaborate on infrastructure as code using HCP Terraform (multiple-choice only) | |
| 6a | Analyze the HCP Terraform run workflow | Remote operations Viewing and managing runs Run modes and options Migrating to HCP Terraform |
| 6b | Understand HCP Terraform workspaces and their configuration options, including access management | Workspaces documentation |
| 6c | Manage provider credentials in HCP Terraform | Workspace variables Dynamic provider credentials |
| 6d | Analyze policy as code and governance features | Policy enforcement |
Cloud provider study resources
The Terraform Authoring & Operations Professional exam currently covers the AWS cloud provider. The Azure provider version is in active development, with expected launch in late 2026.
- The resources below are organized by the Terraform topic covered in the exam.
- Cloud provider and Terraform documentation are available during the exam.
- Limited access to Terraform Registry is available during the exam.
AWS cloud provider resources
- aws_instance
- aws_ami data source
- aws_launch_template
- aws_autoscaling_group
- aws_security_group
- aws_security_group_rule
- aws_s3_object
- random_integer
- aws_s3_bucket
- aws_caller_identity data source
- aws_iam_session_context data source
- aws_iam_policy_document data source
- aws_iam_role
- aws_subnet data source
- aws_vpc_security_group_ingress_rule
- aws_iam_instance_profile
- aws_iam_policy
- aws_iam_role_policy_attachment
- The terraform s3 backend
- terraform_remote_state data source (that uses the s3 backend)
Azure cloud provider resources
- azurerm
- Azure API
- azurerm_virtual_machine
- azurerm_resource_group
- azurerm_network_interface
- azurerm_network_security_group
- azurerm_subnet
- azurerm_virtual_network
- azurerm_storage_account
- azurerm_resource_group data source
- azurerm_subscription data source
Next steps
Review the learning path for more information about the exam. Move on to the practice labs to practice in a sandbox environment.