Terraform Input Validation Samples
# Validation to check for a fixed length string, typically used for API tokens and secrets
variable "api_token" {
type = string
default = ""
description = "Please enter a valid API Token"
validation {
condition = length(var.api_token) == 32
error_message = "The input value (api_token) must be exactly 32 character(s)."
}
sensitive = true
}
# Validation to check for a valid IP address
variable "ip_address" {
type = string
default = ""
description = "Please enter a valid IP address"
validation {
condition = can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", var.ip_address))
error_message = "The input value (ip_address) was not a valid IP address. Please enter a valid IP address. For example, 0.0.0.0."
}
sensitive = false
}
# Validation to check for a list of valid IP addresses
variable "ip_address_list" {
type = string
default = ""
description = "Please enter a list of valid IP addresses"
validation {
condition = can([for ip in var.ip_address_list : regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", ip)])
error_message = "The input value (ip_address_list) was not a list of valid IP addresses. Please enter a valid list of IP addresses. For example, [10.0.0.1, 172.16.0.1, 192.168.0.1]."
}
sensitive = false
}
# Validation to check for a valid timestamp
variable "epoch_timestamp" {
type = string
default = ""
description = "Please enter a valid timestamp"
validation {
condition = can(formatdate("", var.epoch_timestamp))
error_message = "The input value (epoch_timestamp) was not a valid timestamp. Please enter a valid RFC3339 timestamp."
}
sensitive = false
}
# Validation to check for a valid Amazon Machine Image (AMI) ID
variable "ami_id" {
type = string
default = ""
description = "Please enter a valid Amazon Machine Image (AMI) ID"
validation {
condition = length(var.ami_id) > 4 && substr(var.ami_id, 0, 4) == "ami-"
error_message = "The Amazon Machine Image ID (ami_id) value must start with the prefix \"ami-\"."
}
sensitive = false
}
# Validation to check for a valid Amazon Virtual Private Cloud (VPC) ID
variable "vpc_id" {
type = string
default = ""
description = "Please enter a valid Amazon Virtual Private Cloud (VPC) ID"
validation {
condition = length(var.vpc_id) > 4 && substr(var.vpc_id, 0, 4) == "vpc-"
error_message = "The Amazon Virtual Private Cloud (VPC) ID (vpc_id) value must start with the prefix \"vpc-\"."
}
sensitive = false
}
# Validation to check for a valid list of CNAME aliases
variable "cname_aliases" {
type = list(string)
default = ""
description = "Please enter a valid list of CNAME aliases"
validation {
condition = alltrue([for cname_alias in var.cname_aliases : can(regex("^[.0-9a-z-]+$", cname_alias))
error_message = "The list of CNAME aliases (cname_aliases) value is invalid."
}
sensitive = false
}
# Validation to check for a valid Azure Storage Account name
variable "storage_account_name" {
type = string
default = ""
description = "Please enter a valid and globally unique name for the new Azure Storage Account"
validation {
condition = length(var.storage_account_name) >= 3 && length(var.storage_account_name) <= 24
error_message = "The input value was not a valid Azure Storage Account name. The storage_account_name variable name must be 3-24 characters in length. Please enter a valid Azure Storage Account name."
}
sensitive = false
}
# Validation to check for a valid Azure Storage Account name with a prefix
variable "storage_account_name_w_prefix" {
type = string
default = ""
description = "Please enter a valid and globally unique name for the new Azure Storage Account with the \"azsa\" prefix"
validation {
condition = length(var.storage_account_name_w_prefix) >= 3 && length(var.storage_account_name_w_prefix) <= 24
error_message = "The Azure Storage Account name with a prefix (storage_account_name_w_prefix) was not a valid Azure Storage Account name with the \"azsa-\" prefix. The storage_account_name_w_prefix must also be 3-24 characters in length. Please enter a valid Azure Storage Account name with the \"azsa-\"."
}
validation {
condition = can(regex("^azsa", var.storage_account_name_w_prefix))
error_message = "The Azure Storage Account name with a prefix (storage_account_name_w_prefix) was not a valid Azure Storage Account name with the \"azsa-\" prefix. The storage_account_name_w_prefix must also be 3-24 characters in length. Please enter a valid Azure Storage Account name with the \"azsa-\"."
}
sensitive = false
}
# Validation to check for a valid Azure Storage Access Tier
variable "storage_access_tier" {
type = string
default = ""
description = "Storage Access Tier for a storage account must be \"Hot\" or \"Cool\".Please enter a valid Azure Storage Access Tier"
validation {
condition = contains(["Hot", "Cool"], var.storage_access_tier)
error_message = "The Storage Access Tier (storage_access_tier) for the Azure Storage Account must either be set to \"Hot\" or \"Cool\"."
}
sensitive = false
}
# Validation to check for a valid Azure Container Registry SKU
variable "container_registry_sku" {
type = string
default = ""
description = "Azure Container Registry SKU must either be \"Standard\" or \"Premium\". Please enter a valid Azure Container Registry SKU."
validation {
condition = contains(["Standard", "Premium"], var.container_registry_sku)
error_message = "The Azure Container Registry SKU (container_registry_sku) must either be set to \"Standard\" or \"Premium\"."
}
sensitive = false
}
Sources
Knowledge Resources