Exam Terraform Associate topic 1 question 207 discussion

I'd go with A. If a user_data script fails during the creation of an EC2 instance, Terraform will not mark the resource as tainted automatically. This is because Terraform does not have visibility into the success or failure of the user_data script, as it is executed within the instance itself, and not directly controlled by Terraform. However, if the user_data script failure causes the instance to become unresponsive or otherwise unusable, Terraform may detect this during a subsequent plan or apply operation and mark the instance as "tainted". A tainted resource is one that Terraform cannot verify the current state of, and must be recreated in order to bring it back to a known state.

The script deployment will not have been tracked within Terraform - and will therefore not re-run on the next 'apply' command. The resource the script is running on will have to be redeployed to trigger the script to run a second time - the least disruptive way do achieve this is with the 'taint' command

A. Run terraform taint: This would force the virtual machine to be destroyed and recreated, which is more disruptive than reapplying. I think B

If a creation-time provisioner fails, the resource is marked as tainted. A tainted resource will be planned for destruction and recreation upon the next terraform apply. https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax

going with A

A is correct

C. Run terraform apply again

if it fails, you just re-run terraform apply again , why even run taint for something that didn't even got created in the first place. For example, you're trying to create Resource A, but it fails because resource B was being created. So what do you do to create resource A again ? - terraform apply

In this scenario, the user_data script failed due to a race condition with another resource being deployed simultaneously during the same Terraform run. The least disruptive method to correct the issue is to use the terraform taint command followed by terraform apply. Running terraform taint against the virtual machine's resource name marks the resource as tainted. Tainting a resource indicates that it has a problem and should be destroyed and recreated during the next terraform apply. By doing this, you force Terraform to recreate the virtual machine with the corrected user_data script, resolving the race condition without affecting other resources.

The question leaves room for interpretation. If a creation-time provisioner fails, the resource is marked as tainted. A tainted resource will be planned for destruction and recreation upon the next terraform apply. https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax

A is the Answer since the particular object has become degraded or damaged and Terraform taint will propose to replace it in the next plan you create.

I will go for A