dev-resources.site

for different kinds of informations.

Terraform Validation Rules: Best Practices & Examples

Published at

12/16/2024

Terraform Validation Rules: Best Practices & Examples

Validation rules in Terraform ensure that variables and inputs meet expected conditions. Here are some common validation patterns with examples.

String Length Validation
Regex Validation for Email Format
Number Range Validation
Allowed Values (Whitelist)
Disallowed Values (Blacklist)
List Element Validation
Map Key Validation
CIDR Block Validation
Custom Combination Validation
Validation for List Length
String Prefix Validation
Port Number Range Validation
Environment Whitelist Validation
Minimum Resource Count Validation
Disallowed Subnet IP Validation
Map Key Constraint Validation

1. String Length Validation

Ensure that a string variable has a minimum and maximum length.

variable "project_name" {
  type        = string
  description = "Project name for the deployment"
  default     = "project1"
  validation {
    condition     = length(var.project_name) >= 3 && length(var.project_name) <= 10
    error_message = "Project name must be between 3 and 10 characters."
  }
}

2. Regex Validation for Email Format

Validate that a string follows an email format.

variable "admin_email" {
  type        = string
  description = "Administrator email address"
  default     = myemail@domain.com

  validation {
    condition     = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.admin_email))
    error_message = "Please provide a valid email address."
  }
}

3. Number Range Validation

Ensure a numeric variable falls within a specified range.

variable "instance_count" {
  type        = number
  description = "Number of instances to create"
  default     = 1

  validation {
    condition     = var.instance_count >= 1 && var.instance_count <= 5
    error_message = "Instance count must be between 1 and 5."
  }
}

4. Allowed Values (Whitelist)

Ensure a variable matches one of the allowed values.

variable "region" {
  type        = string
  description = "AWS deployment region"
  default     = "ap-southeast-2"

  validation {
    condition     = contains(["ap-southeast-1", "ap-southeast-2"], var.region)
    error_message = "Region must be one of ap-southeast-1 or ap-southeast-2."
  }
}

5. Disallowed Values (Blacklist)

Ensure a variable does not match specific disallowed values.

variable "restricted_user" {
  type        = string
  description = "Username for system access"
  default     = "user1"

  validation {
    condition     = !contains(["admin", "root", "superuser"], var.restricted_user)
    error_message = "The username cannot be admin, root, or superuser."
  }
}

6. List Element Validation

Ensure all elements in a list follow a specific format.

variable "allowed_ips" {
  type        = list(string)
  description = "List of allowed IP addresses"
  default     = ["10.1.1.1"]

  validation {
    condition     = alltrue([for ip in var.allowed_ips : can(regex("^\\d{1,3}(\\.\\d{1,3}){3}$", ip))])
    error_message = "Each IP address must be a valid IPv4 format."
  }
}

7. Map Key Validation

Ensure specific keys exist in a map.

variable "environment_settings" {
  type = map(string)
  description = "Environment-specific settings"
  default = {
    "env"    = "production"
    "app"    = "web-app"
    "region" = "ap-southeast-2"
  }

  validation {
    condition     = alltrue([for key in ["env", "app", "region"] : contains(keys(var.environment_settings), key)])
    error_message = "The map must include keys: env, app, and region."
  }
}

8. CIDR Block Validation

Validate that a CIDR block follows the correct pattern.

variable "vpc_cidr_block" {
  type        = string
  description = "CIDR block for the VPC"
  default     = "10.0.0.0/16"

  validation {
    condition     = can(regex("^\\d{1,3}(\\.\\d{1,3}){3}/\\d{1,2}$", var.vpc_cidr_block))
    error_message = "CIDR block must be in the correct format (e.g., 10.0.0.0/16)."
  }
}

9. Custom Combination Validation

Ensure multiple variables follow related rules.

variable "disk_size" {
  type        = number
  description = "Size of the disk in GB"
  default     = 101
}

variable "disk_type" {
  type        = string
  description = "Type of disk storage"
  default     = "premium"

  validation {
    condition     = !(var.disk_type == "premium" && var.disk_size < 100)
    error_message = "Premium disks must be at least 100 GB."
  }
}

10. Validation for List Length

Ensure the list has at least two elements.

variable "backup_servers" {
  type        = list(string)
  description = "List of backup servers"
  default     = ["bkpserver1", "bkpserver2"]

  validation {
    condition     = length(var.backup_servers) >= 2
    error_message = "At least two backup servers must be specified."
  }
}

11. String Prefix Validation

Ensure a string starts with a specific prefix.

variable "resource_name" {
  type = string
  description = "Name of the resource"
  default = "prod-vm"

  validation {
    condition     = startswith(var.resource_name, "prod-")
    error_message = "Resource name must start with 'prod-'."
  }
}

12. Port Number Range Validation

Ensure port numbers are within a valid range.

variable "http_port" {
  type        = number
  description = "Port for HTTP traffic"
  default     = 8080

  validation {
    condition     = var.http_port >= 1024 && var.http_port <= 65535
    error_message = "Port must be between 1024 and 65535."
  }
}

13. Environment Whitelist Validation

Ensure deployment environment matches allowed values.

variable "deploy_env" {
  type = string
  description = "Deployment environment"
  default = "dev"

  validation {
    condition     = contains(["dev", "stage", "prod"], var.deploy_env)
    error_message = "Environment must be one of: dev, stage, prod."
  }
}

14. Minimum Resource Count Validation

Ensure a resource count is above the minimum.

variable "node_count" {
  type        = number
  description = "Number of nodes to deploy"
  default     = 3

  validation {
    condition     = var.node_count >= 3
    error_message = "At least three nodes must be deployed."
  }
}

15. Disallowed Subnet IP Validation

Ensure a subnet IP isn't from a restricted list.

variable "subnet_ip" {
  type        = string
  description = "Subnet IP address"
  default     = "10.0.1.0/24"

  validation {
    condition     = !contains(["192.168.1.0/24", "10.0.0.0/16"], var.subnet_ip)
    error_message = "Subnet IP cannot be from restricted ranges."
  }
}

16. Map Key Constraint Validation

Ensure specific keys exist in a configuration map.

variable "app_config" {
  type        = map(string)
  description = "Application configuration map"
  default = {
    "name"       = "my_app"
    "version"    = "1.0.0"
    "owner"      = "[email protected]"
    "deployment" = "production"
    "region"     = "us-west-2"
  }

  validation {
    condition     = alltrue([for key in ["name", "version", "owner"] : contains(keys(var.app_config), key)])
    error_message = "The app configuration must include keys: name, version, and owner."
  }
}

Conclusion

Terraform's validation rules provide a robust way to enforce best practices, prevent misconfigurations, and simplify debugging. Use these
examples as a reference for implementing secure, reliable infrastructure deployments.

Let me know if you'd like additional validation patterns! 🚀

validation Article's

30 articles in total

"yup" is the new extra virgin olive oil

read article

JavaScript Email Validation Regex: Ensuring Accuracy in User Inputs

read article

Simplifying JSON Validation with Ajv (Another JSON Validator)

read article

Dynamic string validation using go's text/template package

read article

Practical Email Validation Using JavaScript: Techniques for Web Developers