Part 3: AWS Tag Validation in Terraform Continued: Validating Tag Names and Values
May 3, 2023
Guides
2 minutes
Refactor
Let’s refactor the module calls in ourmain.tf to separate the tags into separate variables. This will ensure that those variable keys are always correct and specified:
1
2
3
4
5
6
7
8
9
10
11
12
13
module "finance-bucket" {
count = 1
source = "./s3-bucket"
team = "finance"
service = "s3"
}
module "devops-bucket" {
count = 1
source = "./s3-bucket"
team = "devops"
service = "s3"
}
s3-bucket/main.tf. As you can see, we have modified the bucket attribute once again to reference our var.team. Since it is its own variable now, we don’t have to utilize an index. We’ve also utilized the lower()function to ensure the name is lowercase.
1
2
3
4
5
6
7
8
9
10
11
12
resource "random_id" "s3_id" {
byte_length = 2
}
resource "aws_s3_bucket" "team-bucket" {
bucket = "${lower(var.team)}-bucket-${random_id.s3_id.dec}"
tags = {
Service = var.service
Team = var.team
}
}
s3-bucket/variables.tf to initialize and validate those new variables:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
variable "service" {
type = string
validation {
condition = contains(["s3", "ec2", "rds"], var.service)
error_message = "Please define the service tag as s3, ec2, or rds."
}
}
variable "team" {
type = string
validation {
condition = contains(["devops", "finance", "security"], var.team)
error_message = "Please define the Team tag as devops, finance, or security."
}
}
contains() function to ensure that the definition of the variable is contained within the list provided. Let’s do some testing!
Run terraform apply -auto-approve first to deploy these resources. Everything should deploy successfully.
Once that has been done, comment out the team variable definition from the finance bucket in your main.tf.
Now, run terraform apply -auto-approve once again.
1
2
3
4
5
6
│ Error: Missing required argument
│
│ on main.tf line 31, in module "dev-bucket":
│ 31: module "dev-bucket" {
│
│ The argument "team" is required, but no definition was found.
team variable definition and change the definition to management.
Run another terraform apply -auto-approve.
1
2
3
4
5
6
7
8
│ Error: Invalid value for variable
│
│ on main.tf line 34, in module "dev-bucket":
│ 34: team = "management"
│
│ Please define the Team tag as devops, finance, or security.
│
│ This was checked by the validation rule at s3-bucket/variables.tf:11,3-13.
Conclusion
So we’ve seen another way to validate tags. Tune in to the next post to see how we can take this a step further and add extra variables to this deployment.
Derek Morgan
Industrial IoT engineer and course creator for More Than Certified. His Terraform course on Udemy has over 10,000+ students to date.
