0
0
Terraformcloud~20 mins

Variable validation rules in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Terraform Variable Validation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Identify the output of a variable validation failure

Given this Terraform variable with validation, what will happen if you provide the value "test"?

variable "env" {
  type = string
  validation {
    condition     = contains(["prod", "dev", "stage"], var.env)
    error_message = "The environment must be one of: prod, dev, stage."
  }
}
ATerraform plan will fail with the error: The environment must be one of: prod, dev, stage.
BTerraform plan will succeed and use the value "test".
CTerraform plan will ignore the validation and warn but continue.
DTerraform plan will fail with a syntax error.
Attempts:
2 left
💡 Hint

Think about what happens when a variable value does not meet the validation condition.

service_behavior
intermediate
2:00remaining
Determine the effect of a numeric variable validation rule

Consider this Terraform variable:

variable "instance_count" {
  type = number
  default = 3
  validation {
    condition     = var.instance_count >= 1 && var.instance_count <= 5
    error_message = "Instance count must be between 1 and 5."
  }
}

What happens if you set instance_count = 6 in your Terraform configuration?

ATerraform apply will fail with the error: Instance count must be between 1 and 5.
BTerraform apply will succeed and create 6 instances.
CTerraform apply will ignore the validation and create 6 instances.
DTerraform apply will fail with a type error.
Attempts:
2 left
💡 Hint

Validation conditions must be true for the plan to succeed.

Architecture
advanced
2:00remaining
Choose the correct validation for a CIDR block variable

You want to validate a variable vpc_cidr to ensure it is a valid CIDR block in Terraform. Which validation condition correctly checks this?

Acondition = length(var.vpc_cidr) > 0
Bcondition = var.vpc_cidr != ""
Ccondition = var.vpc_cidr matches "^\d+\.\d+\.\d+\.\d+/\d+$"
Dcondition = can(cidrhost(var.vpc_cidr, 0))
Attempts:
2 left
💡 Hint

Terraform has built-in functions to test CIDR validity.

security
advanced
2:00remaining
Identify the security risk of missing variable validation

What is a potential security risk if you do NOT use validation rules on a Terraform variable that accepts a list of IP addresses for firewall rules?

ATerraform will automatically block invalid IPs, so no risk exists.
BInvalid or malicious IP addresses could be allowed, opening unintended network access.
CThe variable will default to an empty list, causing no firewall rules to be created.
DTerraform will fail to apply the configuration due to missing validation.
Attempts:
2 left
💡 Hint

Think about what happens if bad input is accepted without checks.

Best Practice
expert
3:00remaining
Select the best validation rule for a variable that must be a non-empty list of strings

You have a Terraform variable allowed_users that must be a list of strings and cannot be empty. Which validation block enforces this correctly?

A
validation {
  condition     = length(var.allowed_users) &gt;= 0
  error_message = "allowed_users must be a list."
}
B
validation {
  condition     = var.allowed_users != []
  error_message = "allowed_users cannot be empty."
}
C
validation {
  condition     = length(var.allowed_users) &gt; 0 &amp;&amp; alltrue([for u in var.allowed_users : can(regex("^[a-zA-Z0-9_-]+$", u))])
  error_message = "allowed_users must be a non-empty list of valid usernames."
}
D
validation {
  condition     = alltrue([for u in var.allowed_users : length(u) &gt; 0])
  error_message = "allowed_users must contain non-empty strings."
}
Attempts:
2 left
💡 Hint

Check both non-empty list and string format in the condition.