Bird
Raised Fist0
Terraformcloud~20 mins

Variable validation blocks in Terraform - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Terraform Variable Validation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Identify the correct validation block for a variable
Given the following Terraform variable declaration, which validation block correctly ensures the variable 'environment' only accepts the values 'dev', 'staging', or 'prod'?
Terraform
variable "environment" {
  type = string
  description = "Deployment environment"
  validation {
    condition     = ???
    error_message = "Environment must be one of: dev, staging, prod."
  }
}
Acondition = contains(["dev", "staging", "prod"], var.environment)
Bcondition = var.environment == "dev" || var.environment == "staging" || var.environment == "prod"
Ccondition = var.environment in ["dev", "staging", "prod"]
Dcondition = var.environment matches "dev|staging|prod"
Attempts:
2 left
💡 Hint
Use a function that checks if a list contains a value.
service_behavior
intermediate
1:30remaining
What happens when a variable fails validation?
In Terraform, if a variable's validation block condition evaluates to false during plan or apply, what is the expected behavior?
ATerraform continues applying changes but logs a warning.
BTerraform stops and shows the error_message from the validation block.
CTerraform ignores the validation and uses the default value if set.
DTerraform replaces the invalid value with null and continues.
Attempts:
2 left
💡 Hint
Think about how Terraform enforces input correctness.
Architecture
advanced
2:30remaining
Designing variable validation for CIDR blocks
You want to validate a Terraform variable 'network_cidr' to ensure it is a valid CIDR block (e.g., '10.0.0.0/16'). Which validation condition correctly uses Terraform functions to check this?
Acondition = can(cidrsubnet(var.network_cidr, 8, 1))
Bcondition = length(regexall("^\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+$", var.network_cidr)) > 0
Ccondition = var.network_cidr != ""
Dcondition = can(cidrhost(var.network_cidr, 0))
Attempts:
2 left
💡 Hint
Use 'can' with a function that parses CIDR blocks.
security
advanced
2:00remaining
Validating sensitive variable length
You have a sensitive Terraform variable 'api_key' that must be exactly 32 characters long. Which validation block condition correctly enforces this?
Acondition = length(var.api_key) == 32
Bcondition = var.api_key matches "^[a-zA-Z0-9]{32}$"
Ccondition = can(length(var.api_key)) && length(var.api_key) == 32
Dcondition = var.api_key != null && length(var.api_key) >= 32
Attempts:
2 left
💡 Hint
Use 'can' to safely check length on sensitive variables.
Best Practice
expert
3:00remaining
Choosing the best validation for a list variable
You have a Terraform variable 'allowed_ports' of type list(number). You want to validate that all ports are between 1024 and 65535 inclusive. Which validation condition correctly enforces this for every element in the list?
Acondition = can(alltrue([for p in var.allowed_ports : p >= 1024 && p <= 65535]))
Bcondition = length([for p in var.allowed_ports : p >= 1024 && p <= 65535]) == length(var.allowed_ports)
Ccondition = all([for p in var.allowed_ports : p >= 1024 && p <= 65535])
Dcondition = alltrue([for p in var.allowed_ports : p >= 1024 && p <= 65535])
Attempts:
2 left
💡 Hint
Use the correct function that returns true if all elements satisfy a condition.

Practice

(1/5)
1. What is the main purpose of a validation block inside a Terraform variable?
easy
A. To check if the input value meets specific rules before applying the configuration
B. To assign a default value to the variable
C. To declare the variable type
D. To output the variable value after deployment

Solution

  1. Step 1: Understand variable validation purpose

    The validation block is used to enforce rules on input values to prevent invalid configurations.

  2. Step 2: Differentiate from other variable features

    Default values assign fallback values, type declares data type, and output shows results, but validation specifically checks input correctness.

  3. Final Answer:

    To check if the input value meets specific rules before applying the configuration -> Option A

  4. Quick Check:

    Validation block purpose = input checking [OK]
Hint: Validation blocks check inputs before use [OK]
Common Mistakes:
  • Confusing validation with default value assignment
  • Thinking validation outputs variable values
  • Mixing validation with type declaration
2. Which of the following is the correct syntax to add a validation block inside a Terraform variable?
easy
A. variable "example" { validate { condition = length(var.example) > 0 error = "Must not be empty" } }
B. variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } }
C. variable "example" { validation { check = length(var.example) > 0 message = "Must not be empty" } }
D. variable "example" { validation { condition = length(example) > 0 error_message = "Must not be empty" } }

Solution

  1. Step 1: Identify correct block and attribute names

    The correct block is validation with attributes condition and error_message.

  2. Step 2: Check variable references and syntax

    Inside the condition, use var.example to refer to the variable value. variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } } matches this exactly.

  3. Final Answer:

    variable "example" { validation { condition = length(var.example) > 0 error_message = "Must not be empty" } } -> Option B

  4. Quick Check:

    Validation syntax = correct block and attributes [OK]
Hint: Use 'validation' block with 'condition' and 'error_message' [OK]
Common Mistakes:
  • Using 'validate' instead of 'validation'
  • Using wrong attribute names like 'check' or 'error'
  • Referencing variable without 'var.' prefix
3. Given this variable declaration:
variable "port" {
  type = number
  validation {
    condition     = var.port >= 1024 && var.port <= 65535
    error_message = "Port must be between 1024 and 65535"
  }
}

What happens if you set port = 80 when applying Terraform?
medium
A. Terraform will apply successfully with port 80
B. Terraform will prompt to enter a valid port
C. Terraform will ignore the validation and use default port
D. Terraform will fail with error: Port must be between 1024 and 65535

Solution

  1. Step 1: Analyze the validation condition

    The condition requires the port to be between 1024 and 65535 inclusive.

  2. Step 2: Check the input value against the condition

    Port 80 is less than 1024, so the condition fails.

  3. Step 3: Understand Terraform behavior on validation failure

    Terraform stops and shows the error message from error_message.

  4. Final Answer:

    Terraform will fail with error: Port must be between 1024 and 65535 -> Option D

  5. Quick Check:

    Validation fails = error message shown [OK]
Hint: Validation blocks stop apply if condition is false [OK]
Common Mistakes:
  • Assuming Terraform applies anyway
  • Thinking default values are used automatically
  • Expecting interactive prompts for invalid input
4. Identify the error in this variable validation block:
variable "env" {
  type = string
  validation {
    condition     = var.env == "dev" || "prod"
    error_message = "env must be 'dev' or 'prod'"
  }
}
medium
A. Validation blocks cannot use logical OR operators
B. The error_message attribute is misspelled
C. The condition syntax is incorrect; it should compare both values explicitly
D. The variable type should be list, not string

Solution

  1. Step 1: Review the condition expression

    The condition var.env == "dev" || "prod" is invalid because "prod" alone is always true.

  2. Step 2: Correct the condition syntax

    It should be var.env == "dev" || var.env == "prod" to compare both values explicitly.

  3. Final Answer:

    The condition syntax is incorrect; it should compare both values explicitly -> Option C

  4. Quick Check:

    Logical OR needs full comparisons [OK]
Hint: Use full comparisons on both sides of OR [OK]
Common Mistakes:
  • Writing incomplete logical expressions
  • Assuming string alone works as condition
  • Confusing error_message spelling
5. You want to validate a list variable users so it must have at least 2 unique names and none can be empty strings. Which validation block correctly enforces this?
hard
A. validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" }
B. validation { condition = length(var.users) > 2 && distinct(var.users) != [] error_message = "Users must have 2+ unique names" }
C. validation { condition = length(var.users) >= 2 && var.users != [""] error_message = "Users must not be empty" }
D. validation { condition = length(var.users) >= 2 && length(var.users) == length(distinct(var.users)) error_message = "Users must have unique names" }

Solution

  1. Step 1: Check list length and uniqueness

    Condition requires at least 2 items and all must be unique, so length(var.users) >= 2 and length(distinct(var.users)) == length(var.users) ensure this.

  2. Step 2: Ensure no empty strings

    The alltrue([for u in var.users : u != ""]) checks every user is not empty.

  3. Step 3: Compare options

    validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } includes all these checks correctly; others miss empty string check or uniqueness properly.

  4. Final Answer:

    validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } -> Option A

  5. Quick Check:

    All conditions combined = validation { condition = length(var.users) >= 2 && length(distinct(var.users)) == length(var.users) && alltrue([for u in var.users : u != ""]) error_message = "Users must have 2+ unique non-empty names" } [OK]
Hint: Combine length, distinct, and alltrue for list validation [OK]
Common Mistakes:
  • Missing empty string check
  • Using > 2 instead of >= 2 for minimum count
  • Not verifying uniqueness correctly