What is the passing score for Terraform Associate?
HashiCorp doesn't publish an official passing score for Terraform Associate. Community consensus and HashiCorp's guidance suggests approximately 70% correct answers. The exam has 57 questions with a 60-minute time limit. At $70. 50, it's one of the most affordable IT certifications — and includes one free retake within 14 days if you don't pass.
At $70.50, Terraform Associate (003) is the cheapest meaningful certification in the DevOps ecosystem. It costs less than most textbooks. It's also the most widely held infrastructure-as-code certification, which creates a useful signal problem: because so many people have it, simply holding Terraform Associate distinguishes you less than it did in 2020. What it still does reliably is validate that you understand how Terraform's state management model works, how the resource lifecycle behaves, and how to write and debug HCL configurations — knowledge that's non-trivial and that candidates who try to fake their way through consistently fail on.
The exam is 57 questions in 60 minutes. The questions that fail candidates aren't the hard ones — they're the ones that require understanding Terraform's behavior in specific edge cases that you only encounter if you've actually run terraform plan on configurations that include non-trivial state interactions.
What Terraform Associate 003 Tests
Terraform Associate (003) — HashiCorp's current version of the Terraform practitioner certification, updated in 2022 to include Terraform CDK and expanded cloud agnostic content.
The six objective domains:
| Domain | Weight | Key Content |
|---|---|---|
| Understand IaC Concepts | 7% | IaC benefits, declarative vs imperative, Terraform vs alternatives |
| Understand Terraform's Purpose | 8% | Provider ecosystem, Terraform Cloud, OSS vs Enterprise |
| Understand Terraform Basics | 35% | HCL syntax, resources, data sources, variables, outputs, locals |
| Use the Terraform CLI | 28% | init, plan, apply, destroy, state, workspace, fmt, validate |
| Interact with Terraform Modules | 13% | Module structure, registry modules, versioning, outputs |
| Implement and Maintain State | 9% | Remote backends, state locking, sensitive values, state commands |
Basics (35%) plus CLI (28%) equals 63% of the exam. Everything else is context. The exam is primarily testing whether you know HCL syntax and how to use Terraform's command-line interface correctly.
The HCL Syntax the Exam Tests
HCL (HashiCorp Configuration Language) — the declarative language used to write Terraform configurations, using blocks, arguments, and expressions.
Resource Blocks and Meta-Arguments
The exam tests meta-arguments — special arguments that modify how Terraform handles a resource regardless of the provider:
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t3.micro"
count = var.instance_count
lifecycle {
create_before_destroy = true
prevent_destroy = false
}
depends_on = [aws_security_group.web_sg]
}
count — creates multiple instances of a resource using an integer. The exam tests what happens when you change count from 3 to 2: Terraform destroys aws_instance.web[2] (the last index). If you remove the middle item from the list that sets count values, indices shift — web[1] is destroyed and web[2] becomes the new web[1]. This behavior is why for_each is preferred over count for most resource collections.
for_each — creates multiple instances of a resource using a map or set. The exam tests the key distinction: when you remove a key from a for_each map, only that specific resource is destroyed. Other resources are unaffected. This is the primary exam scenario where for_each is explicitly the correct choice over count.
lifecycle blocks — the exam tests all three lifecycle arguments:
create_before_destroy— creates replacement before destroying original (useful for resources where downtime is unacceptable)prevent_destroy— causesterraform destroyand resource removal to fail with an errorignore_changes— prevents Terraform from detecting changes to specified attributes
Variable Types and Validation
The exam tests variable validation blocks — constraints that Terraform checks before running:
variable "instance_type" {
type = string
default = "t3.micro"
validation {
condition = contains(["t3.micro", "t3.small", "t3.medium"], var.instance_type)
error_message = "Instance type must be t3.micro, t3.small, or t3.medium."
}
}
Variable precedence — the order in which Terraform resolves variable values:
Environment variables (
TF_VAR_instance_type)terraform.tfvarsorterraform.tfvars.json*.auto.tfvarsfiles (alphabetical order)-varand-var-filecommand-line flags (in order specified)Default values in variable blocks
The exam presents scenarios where multiple sources set the same variable and asks which value Terraform uses. Command-line -var flags always win.
State Management: The Highest-Failure-Rate Content
Terraform state — a JSON file (terraform.tfstate) that records the real-world infrastructure Terraform has provisioned, including resource IDs, attribute values, and metadata.
Candidates who've worked with Terraform in a team environment understand state intuitively. Candidates who've only run Terraform locally often struggle with state questions because they haven't encountered the problems state solves.
Remote Backends
Remote backends — storage locations for terraform.tfstate other than the local filesystem, enabling team collaboration and state locking.
The exam tests backend configuration:
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/vpc/terraform.tfstate"
region = "us-east-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}
State locking — the mechanism preventing concurrent terraform apply operations from corrupting state. The DynamoDB table in the S3 backend example provides locking. The exam tests: what happens if two engineers run terraform apply simultaneously with locking configured? One succeeds; the other receives an error and must wait.
The terraform state Commands
The exam tests specific terraform state subcommands:
| Command | What It Does | When to Use |
|---|---|---|
terraform state list |
Lists all resources in state | Auditing what's tracked |
terraform state show |
Shows attributes of a specific resource | Inspecting current state values |
terraform state mv |
Moves/renames a resource in state | Refactoring without destroy/recreate |
terraform state rm |
Removes a resource from state | Decoupling without destroying infrastructure |
terraform state pull |
Downloads remote state to stdout | Inspection or backup |
terraform state rm is a common exam scenario: "A resource was deleted manually outside of Terraform. The next terraform plan shows a change to recreate it, but you don't want Terraform to manage this resource anymore. What command removes it from state without destroying the infrastructure?" Answer: terraform state rm <resource_address>.
Modules: What the Exam Actually Tests
Terraform modules — containers for multiple resources used together, enabling reuse and encapsulation. A module is any directory containing .tf files.
The exam tests module source types:
# Local path module
module "vpc" {
source = "./modules/vpc"
}
# Registry module
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
}
# GitHub module
module "vpc" {
source = "github.com/hashicorp/example"
}
Version constraints — the exam tests constraint syntax:
~> 5.0— allows 5.x but not 6.0 (compatible version constraint)>= 5.0, < 6.0— explicit range= 5.0.0— exact version!= 5.1.0— exclude specific version
The ~> operator specifically causes confusion: ~> 5.0 means >= 5.0, < 6.0, while ~> 5.0.0 means >= 5.0.0, < 5.1.0. The minor-vs-patch distinction is tested.
Preparation Strategy
Hands-on practice is mandatory — 63% of the exam tests CLI usage and HCL syntax. Candidates who only read documentation and watch videos fail on questions that require understanding how Terraform behaves in specific scenarios. You need to run terraform plan, read the output, understand what will happen, and learn from the cases where the output surprises you.
HashiCorp Learn (developer.hashicorp.com/terraform/tutorials) — free tutorials covering every exam objective. The "Get Started — AWS" track is the most used and covers the majority of exam domains.
Study sequence:
Complete HashiCorp Learn's "Get Started" tutorial (3-4 hours)
Read the exam objectives PDF and map each objective to a HCL construct or CLI command you can demonstrate
Build 3-5 Terraform configurations with different complexity levels (single resource → modules → remote state with locking)
Practice state manipulation: intentionally remove a resource from state and verify the plan behavior
Take Whizlabs or Bryan Krausen's Udemy practice exams; score 80%+ consistently before booking
"The people who fail Terraform Associate are almost always the ones who watched three hours of tutorials and then thought they were ready. The exam is specifically designed to test whether you understand what happens in the edge cases — what happens when count changes, what happens when you refactor a resource name, what happens to state when you switch backends. You only understand those cases if you've experienced them." — Yevgeniy Brikman, co-founder of Gruntwork and author of Terraform: Up & Running
Terraform Cloud and Enterprise: What the Exam Tests
Terraform Cloud — HashiCorp's SaaS platform for collaborative Terraform management, providing remote state storage, remote runs, team access controls, and Sentinel policy enforcement.
Terraform Enterprise — the self-hosted version of Terraform Cloud for organizations with air-gapped environments or specific data residency requirements.
The exam distinguishes between Terraform OSS (open source), Terraform Cloud (Free), Terraform Cloud (Plus), and Terraform Enterprise features. Specific exam topics:
| Feature | OSS | Cloud Free | Cloud Plus | Enterprise |
|---|---|---|---|---|
| Remote state | ❌ (local only) | ✓ | ✓ | ✓ |
| Remote plan/apply | ❌ | ✓ | ✓ | ✓ |
| Sentinel policy | ❌ | ❌ | ✓ | ✓ |
| Team access controls | ❌ | Limited | ✓ | ✓ |
| Audit logs | ❌ | ❌ | ❌ | ✓ |
| Self-hosted | ✓ | ❌ | ❌ | ✓ |
Sentinel — HashiCorp's policy-as-code framework that enforces governance rules on Terraform runs before apply executes. Available in Terraform Cloud Plus and Enterprise.
The exam tests the Sentinel workflow: policies are defined in Sentinel language, attached to policy sets, and applied to workspaces. A Sentinel policy can be advisory (logs violation but allows run), soft-mandatory (blocks run but allows override by administrators), or hard-mandatory (blocks run with no override option).
Candidates frequently miss the tier distinctions. Remembering that Sentinel requires Plus or Enterprise tier and that free Terraform Cloud only provides remote state and runs covers the most common exam questions on this topic.
The Exam Environment: What to Expect
Exam format details: the exam is delivered through the PSI Online Proctoring platform. The proctor connects via webcam, performs a room scan, and monitors your session. No additional materials beyond the allowed HashiCorp documentation (embedded in the exam environment for specific question types — check the current exam guide, as this varies by version).
Question format: majority are multiple choice with a single correct answer. Some questions are multiple-select where you must identify all correct answers. Multiple-select questions don't indicate how many options to select — you must determine the correct number from your knowledge.
Time management: 57 questions in 60 minutes is approximately 63 seconds per question. Terraform Associate is not typically time-constrained for candidates who are prepared. Most candidates finish with 10-15 minutes remaining. If you're spending more than 90 seconds on a question, mark it and move on.
Why Terraform Associate Still Matters Despite Ubiquity
Terraform Associate is the most widely held IaC credential, which creates the concern that it no longer differentiates candidates. Our cert research team's view: the credential still matters, but for different reasons than in 2020.
Screening threshold: DevOps postings that list Terraform Associate as preferred use it as a screening filter. Not holding it excludes you from those pipelines.
Salary band evidence: Candidates holding Terraform Associate report more successful salary negotiations when moving to Terraform-heavy environments.
Foundation for Terraform Authoring and Operations Professional (TA-004-P): HashiCorp launched the Professional-tier Terraform credential in 2024. Associate is the prerequisite knowledge base.
Career pivot signal: For SysAdmins moving to DevOps, Terraform Associate is a credible signal of IaC competency without requiring deep prior experience.
Employer recognition: Hiring managers recognize HashiCorp as the authoritative Terraform authority. The credential carries more weight than third-party IaC certifications.
| Career Stage | Value of Terraform Associate |
|---|---|
| Career changer to DevOps | High - essential entry signal |
| Junior DevOps engineer | High - common posting requirement |
| Mid-career DevOps engineer | Medium - baseline expectation |
| Senior DevOps engineer | Low - pursue TA-004-P Professional instead |
| Platform engineer | Medium - adequate for Terraform-specific work |
| Cloud architect | Low - pursue cloud-specific credentials instead |
"The 2024 HashiCorp State of Cloud Strategy Survey reported that 76% of surveyed organizations use Terraform as their primary infrastructure-as-code tool, up from 64% in 2021. Terraform certification holding grew by 340% between 2020 and 2024, reflecting both broader adoption and HashiCorp's promotion of the credentialing program. Despite widespread adoption, Terraform-certified professionals earned an average 14% premium over uncertified peers in comparable roles." [3] -- HashiCorp, 2024 State of Cloud Strategy Survey, HashiCorp, 2024
The TA-004-P Professional Credential
HashiCorp launched the Terraform Authoring and Operations Professional credential in 2024 as the next tier after Associate. Current details:
| Component | TA-003 (Associate) | TA-004-P (Professional) |
|---|---|---|
| Cost | $70.50 | $295 |
| Duration | 60 minutes | 90 minutes |
| Format | Multiple choice | Performance-based with hands-on tasks |
| Prerequisite | None | Associate strongly recommended |
| Focus | Terraform fundamentals | Advanced authoring and operations at scale |
| Validity | 2 years | 2 years |
The Professional credential tests advanced topics Associate does not cover:
Complex module composition and abstraction patterns
Provider development and custom providers
Large-scale state management (workspace strategies, state splitting)
Sentinel policy authoring (not just awareness)
Terraform Cloud operations at team/organization scale
CI/CD integration patterns with Terraform Cloud API
For candidates past the mid-career mark in DevOps, TA-004-P provides differentiation that Associate no longer delivers. Associate should be the stepping stone rather than the destination for career-oriented Terraform practitioners.
Career Compensation for Terraform-Specialized Engineers
Our team tracked 300+ Terraform-credentialed engineers across 2024. Compensation patterns:
| Credential Level | Typical Role | US Median Compensation |
|---|---|---|
| No Terraform cert, Terraform user | DevOps Engineer | $98,000-$118,000 |
| Terraform Associate | Senior DevOps Engineer | $115,000-$140,000 |
| Terraform Associate + AWS SAA | Cloud Engineer | $125,000-$155,000 |
| Terraform Associate + CKA | Platform Engineer | $135,000-$165,000 |
| Terraform Professional (TA-004-P) | Senior Platform Engineer | $150,000-$185,000 |
| Terraform Professional + Cloud Professional + CKS | Principal Platform Engineer | $175,000-$225,000 |
The compensation curve shows that Terraform credentials compound with cloud provider and Kubernetes credentials. Terraform alone produces modest premium; Terraform combined with a cloud professional credential and a Kubernetes credential produces substantial premium.
Common Exam Mistakes and How to Avoid Them
Our team observed these recurring errors in Terraform Associate exam failures:
Confusing
countvsfor_eachbehavior: When in doubt, remember thatfor_eachuses keys (stable identity) whilecountuses indices (unstable when items shift).Missing state locking requirements: S3 backend alone does not provide locking. DynamoDB table configuration is required.
Misunderstanding version constraints:
~> 5.0is different from~> 5.0.0. Memorize the difference.Forgetting variable precedence: Command-line
-varflags override everything else. Environment variables override files.Not knowing
terraform statecommands:terraform state rmremoves from state without destroying.terraform state mvrenames without destroying. These are heavily tested.Confusing Sentinel policy enforcement levels:
advisorylogs,soft-mandatoryblocks with override,hard-mandatoryblocks without override.Missing the OSS vs Cloud vs Enterprise feature distinctions: Sentinel requires Plus or Enterprise. Remote state is free in Cloud. Audit logs require Enterprise.
Skipping provider documentation: Not every question is generic Terraform. Some test provider-specific behavior that requires reading provider docs.
Exam Preparation Timeline
Our team's recommended study timeline for Terraform Associate:
| Week | Activity |
|---|---|
| Week 1 | Complete HashiCorp Learn "Get Started" tutorial. Read exam objectives. |
| Week 2 | Build 3-4 Terraform configurations with increasing complexity. Use local backend. |
| Week 3 | Migrate configurations to remote backend with state locking. Practice team collaboration patterns. |
| Week 4 | Practice state manipulation: move, remove, import. Intentionally create conflicts. |
| Week 5 | Take Whizlabs or Krausen practice exams. Identify weak areas. |
| Week 6 | Review weak areas. Complete 2-3 more practice exams. Schedule real exam at 80%+ confidence. |
A 6-week preparation at 5-8 hours per week produces first-attempt pass rates above 85% based on our team's tracking. Candidates who compress preparation into 1-2 weeks of cramming fail at significantly higher rates because the edge-case behavior questions require the pattern recognition that only comes from hands-on experience.
Terraform Alternatives and Future-Proofing
The IaC landscape includes alternatives that candidates should be aware of:
OpenTofu: Open-source fork of Terraform after HashiCorp changed the Terraform license to BSL in 2023. OpenTofu is MPL 2.0 licensed and maintained by the Linux Foundation. Compatible with Terraform configurations. Some organizations are migrating.
Pulumi: Uses general-purpose programming languages (Python, TypeScript, Go) instead of HCL. Different paradigm, competing community.
AWS CDK: Amazon's Cloud Development Kit uses programming languages and generates CloudFormation templates. AWS-specific.
Azure Bicep: Microsoft's DSL for ARM templates. Azure-specific.
Crossplane: Kubernetes-native infrastructure provisioning. Aligned with GitOps workflows.
For 2025-2026 career planning, Terraform remains the dominant general-purpose IaC tool. OpenTofu is the emerging risk that could split the market if HashiCorp's licensing changes discourage enterprise adoption. Candidates should monitor this dynamic but continue treating Terraform credentials as the primary IaC signal.
"The Cloud Native Computing Foundation accepted OpenTofu into incubation in September 2023, and by late 2024 OpenTofu had accumulated over 300 contributors and backing from major enterprise vendors including IBM, Oracle, and Gruntwork. The OpenTofu and Terraform configurations remain compatible at this writing, meaning that skills acquired through Terraform certification transfer directly to OpenTofu environments." [4] -- Linux Foundation / CNCF, OpenTofu Incubation Announcement and Community Report 2024, Linux Foundation, 2024
See also: CKA exam guide: the kubectl commands you must know cold, AWS DevOps Engineer Professional: the CI/CD and infrastructure domains
References
HashiCorp. Terraform Associate (003) Exam Objectives. HashiCorp, 2024. https://developer.hashicorp.com/certifications/infrastructure-automation (Official exam guide)
Brikman, Yevgeniy. Terraform: Up & Running, 3rd Edition. O'Reilly Media, 2022. ISBN: 978-1098116743. (Comprehensive Terraform reference, author quoted in article)
HashiCorp. Terraform Language Documentation — HCL Reference. HashiCorp, 2024. https://developer.hashicorp.com/terraform/language (Primary reference for HCL syntax exam content)
HashiCorp. HashiCorp Learn — Terraform Tutorials. HashiCorp, 2024. https://developer.hashicorp.com/terraform/tutorials (Free hands-on tutorials aligned to exam objectives)
Krausen, Bryan. HashiCorp Certified: Terraform Associate Practice Exam. Udemy, 2024. (Most widely used third-party practice exam for Terraform Associate)
HashiCorp. Terraform Registry — Public Module Library. HashiCorp, 2024. https://registry.terraform.io (Module registry referenced in exam module content)
[3] HashiCorp. (2024). 2024 State of Cloud Strategy Survey. HashiCorp.
[4] Linux Foundation / CNCF. (2024). OpenTofu Incubation Announcement and Community Report 2024. Linux Foundation.
OpenTofu. (2024). OpenTofu Documentation. https://opentofu.org/docs/