Bird
Raised Fist0
Terraformcloud~5 mins

Variable validation blocks in Terraform - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
When you create variables in Terraform, you want to make sure the values given are correct. Variable validation blocks help check these values before Terraform uses them. This stops mistakes early and keeps your infrastructure safe.
When you want to ensure a variable is within a certain range, like a number between 1 and 10.
When you want to check that a string variable matches a specific pattern, like a region name.
When you want to prevent users from entering invalid values that could break your setup.
When you want to give clear error messages if the input is wrong.
When you want to enforce rules on variables without writing extra scripts.
Config File - variables.tf
variables.tf
variable "instance_count" {
  type        = number
  description = "Number of instances to create"
  default     = 3

  validation {
    condition     = var.instance_count >= 1 && var.instance_count <= 5
    error_message = "The instance_count must be between 1 and 5."
  }
}

variable "environment" {
  type        = string
  description = "Deployment environment"

  validation {
    condition     = contains(["dev", "staging", "prod"], var.environment)
    error_message = "The environment must be one of: dev, staging, prod."
  }
}

This file defines two variables with validation blocks:

  • instance_count: Must be a number between 1 and 5. If not, Terraform shows the error message.
  • environment: Must be one of the allowed strings: dev, staging, or prod.

The validation block checks the value and shows a clear message if it is wrong.

Commands
This command sets up Terraform in the current folder. It downloads necessary plugins and prepares the environment.
Terminal
terraform init
Expected OutputExpected
Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes.
This command checks if the Terraform files are valid. It also runs the variable validation blocks to check if the default values meet the rules.
Terminal
terraform validate
Expected OutputExpected
Success! The configuration is valid.
This command tries to plan the infrastructure using an invalid instance_count value (6). Terraform will run the validation and show an error.
Terminal
terraform plan -var='instance_count=6' -var='environment=dev'
Expected OutputExpected
Error: Invalid value for variable on variables.tf line 2: 2: variable "instance_count" { The instance_count must be between 1 and 5.
-var - Set a variable value from the command line
This command plans the infrastructure with valid variable values. The validation passes and Terraform shows the planned actions.
Terminal
terraform plan -var='instance_count=3' -var='environment=prod'
Expected OutputExpected
Refreshing Terraform state in-memory prior to plan... No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist.
-var - Set a variable value from the command line
Key Concept

If you remember nothing else from this pattern, remember: variable validation blocks stop wrong inputs early by checking values and showing clear errors before applying changes.

Common Mistakes
Not using validation blocks and relying on users to input correct values.
This can cause Terraform to apply wrong or harmful configurations, leading to failures or broken infrastructure.
Always add validation blocks to important variables to enforce rules and prevent mistakes.
Writing validation conditions that are too complex or incorrect syntax.
Terraform will fail to parse the file or the validation won't work as expected, causing confusion.
Keep validation conditions simple and test them with terraform validate and terraform plan.
Not providing clear error_message in the validation block.
Users get generic errors and don't know how to fix their input.
Always write clear, friendly error messages explaining what is wrong and how to fix it.
Summary
Use terraform init to prepare Terraform and download plugins.
Use terraform validate to check configuration and variable validations.
Use terraform plan with -var flags to test variable values and see validation errors.
Variable validation blocks help catch wrong inputs early with clear messages.

Practice

(1/5)
1. What is the main purpose of a validation block inside a Terraform variable?
easy
A. To check if the input value meets specific rules before applying the configuration
B. To assign a default value to the variable
C. To declare the variable type
D. To output the variable value after deployment

Solution

  1. Step 1: Understand variable validation purpose

    The validation block is used to enforce rules on input values to prevent invalid configurations.

  2. Step 2: Differentiate from other variable features

    Default values assign fallback values, type declares data type, and output shows results, but validation specifically checks input correctness.

  3. Final Answer:

    To check if the input value meets specific rules before applying the configuration -> Option A

  4. Quick Check:

    Validation block purpose = input checking [OK]
Hint: Validation blocks check inputs before use [OK]
Common Mistakes:
  • Confusing validation with default value assignment
  • Thinking validation outputs variable values
  • Mixing validation with type declaration
2. Which of the following is the correct syntax to add a validation block inside a Terraform variable?
easy
A. variable "example" { validate { condition = length(var.example) > 0 error = "Must not be empty" } }
B. variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } }
C. variable "example" { validation { check = length(var.example) > 0 message = "Must not be empty" } }
D. variable "example" { validation { condition = length(example) > 0 error_message = "Must not be empty" } }

Solution

  1. Step 1: Identify correct block and attribute names

    The correct block is validation with attributes condition and error_message.

  2. Step 2: Check variable references and syntax

    Inside the condition, use var.example to refer to the variable value. variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } } matches this exactly.

  3. Final Answer:

    variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } } -> Option B

  4. Quick Check:

    Validation syntax = correct block and attributes [OK]
Hint: Use 'validation' block with 'condition' and 'error_message' [OK]
Common Mistakes:
  • Using 'validate' instead of 'validation'
  • Using wrong attribute names like 'check' or 'error'
  • Referencing variable without 'var.' prefix
3. Given this variable declaration:
variable "port" {
  type = number
  validation {
    condition     = var.port >= 1024 && var.port <= 65535
    error_message = "Port must be between 1024 and 65535"
  }
}

What happens if you set port = 80 when applying Terraform?
medium
A. Terraform will apply successfully with port 80
B. Terraform will prompt to enter a valid port
C. Terraform will ignore the validation and use default port
D. Terraform will fail with error: Port must be between 1024 and 65535

Solution

  1. Step 1: Analyze the validation condition

    The condition requires the port to be between 1024 and 65535 inclusive.

  2. Step 2: Check the input value against the condition

    Port 80 is less than 1024, so the condition fails.

  3. Step 3: Understand Terraform behavior on validation failure

    Terraform stops and shows the error message from error_message.

  4. Final Answer:

    Terraform will fail with error: Port must be between 1024 and 65535 -> Option D

  5. Quick Check:

    Validation fails = error message shown [OK]
Hint: Validation blocks stop apply if condition is false [OK]
Common Mistakes:
  • Assuming Terraform applies anyway
  • Thinking default values are used automatically
  • Expecting interactive prompts for invalid input
4. Identify the error in this variable validation block:
variable "env" {
  type = string
  validation {
    condition     = var.env == "dev" || "prod"
    error_message = "env must be 'dev' or 'prod'"
  }
}
medium
A. Validation blocks cannot use logical OR operators
B. The error_message attribute is misspelled
C. The condition syntax is incorrect; it should compare both values explicitly
D. The variable type should be list, not string

Solution

  1. Step 1: Review the condition expression

    The condition var.env == "dev" || "prod" is invalid because "prod" alone is always true.

  2. Step 2: Correct the condition syntax

    It should be var.env == "dev" || var.env == "prod" to compare both values explicitly.

  3. Final Answer:

    The condition syntax is incorrect; it should compare both values explicitly -> Option C

  4. Quick Check:

    Logical OR needs full comparisons [OK]
Hint: Use full comparisons on both sides of OR [OK]
Common Mistakes:
  • Writing incomplete logical expressions
  • Assuming string alone works as condition
  • Confusing error_message spelling
5. You want to validate a list variable users so it must have at least 2 unique names and none can be empty strings. Which validation block correctly enforces this?
hard
A. validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" }
B. validation { condition = length(var.users) > 2 && distinct(var.users) != [] error_message = "Users must have 2+ unique names" }
C. validation { condition = length(var.users) >= 2 && var.users != [""] error_message = "Users must not be empty" }
D. validation { condition = length(var.users) >= 2 && length(var.users) == length(distinct(var.users)) error_message = "Users must have unique names" }

Solution

  1. Step 1: Check list length and uniqueness

    Condition requires at least 2 items and all must be unique, so length(var.users) >= 2 and length(distinct(var.users)) == length(var.users) ensure this.

  2. Step 2: Ensure no empty strings

    The alltrue([for u in var.users : u != ""]) checks every user is not empty.

  3. Step 3: Compare options

    validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } includes all these checks correctly; others miss empty string check or uniqueness properly.

  4. Final Answer:

    validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } -> Option A

  5. Quick Check:

    All conditions combined = validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } [OK]
Hint: Combine length, distinct, and alltrue for list validation [OK]
Common Mistakes:
  • Missing empty string check
  • Using > 2 instead of >= 2 for minimum count
  • Not verifying uniqueness correctly