Q: How would you manage infrastructure for microservices?
Use Terraform modules for common patterns. Each service has its own state. Use a monorepo with consistent structure. Run terraform plan on PRs.
Q: What happens if someone modifies infrastructure outside Terraform?
Terraform detects drift on next plan. You can import the change or let Terraform revert it. Prevent drift with IAM policies restricting console access.
Q: How do you handle secrets in Terraform?
Never commit secrets. Use environment variables or secret managers. Mark sensitive outputs with sensitive = true.