Terraformcloud~7 mins

Preconditions and postconditions in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes you want to check conditions before or after creating resources in Terraform. Preconditions stop the process if requirements are not met. Postconditions verify the result after creation to ensure correctness.

When you want to ensure a variable has a valid value before creating resources

When you need to check that a resource attribute meets a condition after deployment

When you want to prevent Terraform from applying changes if certain rules are broken

When you want to validate outputs to catch mistakes early

When you want to enforce policies in your infrastructure code

Config File - main.tf

main.tf

terraform {
  required_version = ">= 1.2.0"
}

variable "instance_count" {
  type    = number
  default = 2

  validation {
    condition     = var.instance_count > 0 && var.instance_count <= 5
    error_message = "instance_count must be between 1 and 5"
  }
}

resource "null_resource" "example" {
  count = var.instance_count
}

resource "null_resource" "post_check" {
  depends_on = [null_resource.example]

  lifecycle {
    ignore_changes = ["triggers"]
  }

  triggers = {
    always_run = timestamp()
  }

  provisioner "local-exec" {
    command = "echo 'Postcondition check: instance_count is ${var.instance_count}'"
  }

  # Postcondition example using a custom condition
  provisioner "local-exec" {
    when    = "destroy"
    command = "echo 'Resource is being destroyed'"
  }
}

output "instance_count_output" {
  value = var.instance_count

  # Postcondition to check output value
  postcondition {
    condition     = var.instance_count > 0
    error_message = "Output instance_count must be positive"
  }
}

terraform block: sets the minimum Terraform version to 1.2.0 which supports pre/postconditions.

variable block: defines a variable with a validation condition as a precondition to ensure the value is between 1 and 5.

null_resource example: creates dummy resources based on the variable count.

postcondition example: uses provisioners and output postcondition to check values after resource creation.

Commands

Initializes the Terraform working directory and downloads required providers.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/null... - Installing hashicorp/null v3.1.0... - Installed hashicorp/null v3.1.0 (signed by HashiCorp) Terraform has been successfully initialized!

Checks the configuration files for syntax errors and validates preconditions like variable validations.

Terminal

terraform validate

Expected OutputExpected

Success! The configuration is valid.

Applies the configuration to create resources. It will stop if preconditions fail and show errors. Postconditions run after creation.

Terminal

terraform apply -auto-approve

Expected OutputExpected

null_resource.example[0]: Creating... null_resource.example[1]: Creating... null_resource.example[0]: Creation complete after 0s [id=123456] null_resource.example[1]: Creation complete after 0s [id=123457] null_resource.post_check: Creating... null_resource.post_check: Provisioning with 'local-exec'... Postcondition check: instance_count is 2 null_resource.post_check: Creation complete after 0s [id=123458] Apply complete! Resources: 3 added, 0 changed, 0 destroyed. Outputs: instance_count_output = 2

→

-auto-approve - Skips interactive approval prompt

Displays the output value and verifies the postcondition on output.

Terminal

terraform output instance_count_output

Expected OutputExpected

Key Concept

If you remember nothing else from this pattern, remember: preconditions stop bad inputs before changes, postconditions verify results after changes.

Common Mistakes

Not setting the required Terraform version to 1.2.0 or higher

Preconditions and postconditions require Terraform 1.2.0 or newer to work properly

Specify 'required_version = ">= 1.2.0"' in the terraform block

Using invalid conditions in variable validation or output condition blocks

Terraform will fail validation or apply with unclear errors if conditions are not boolean expressions

Write clear boolean expressions for conditions, e.g., var.instance_count > 0

Expecting postconditions to prevent resource creation

Postconditions run after resource creation and only validate results; they do not stop creation

Use preconditions (variable validation) to prevent bad inputs before creation

Summary

Use variable validation blocks as preconditions to check inputs before resource creation.

Use output postcondition blocks and provisioners as postconditions to verify resource states after creation.

Run 'terraform validate' to check preconditions and 'terraform apply' to create resources and run postconditions.