Day 7 - Type Constraints in Terraform

Terraform has been feeling smooth so far.

Define variables. Pass values. Resources get created.

But today, I realized something important.

Terraform is very trusting.

And that can quietly become a problem.

The moment it clicked

Until now, I could pass almost anything as input.

  • A string where a number was expected
  • A wrong environment name like “testing”
  • Even an invalid network CIDR

Terraform wouldn’t complain immediately.
The error would show up later… sometimes deep into execution.

That’s not something you want when working on real infrastructure. What changed today

Today was about type constraints.

Instead of saying:

“Give me some value”

You start saying:

“Give me exactly this type of value”

That small shift adds a lot of control.

Basic Types (simple, but powerful)

Terraform supports three core types:

  • string
  • number
  • bool

At first glance, it feels basic.
But defining these explicitly removes ambiguity.

variables.tf showing:

  • string
  • number
  • bool

Collections (this is where thinking begins)

Now things get interesting.

Terraform allows grouping values in different ways:

  • list → ordered values
  • set → unique, unordered values
  • map → key-value pairs

Initially, they seem interchangeable.
But choosing the right one actually affects behavior.

For example:

  • set prevents duplicates automatically
  • map is perfect for tags

variables.tf with list, set, map



terraform.tfvars showing values



Complex Types (this felt like real design)

This was the most interesting part for me.

Instead of passing multiple variables, you can define structured input.

Object type

You define attributes like:

  • name
  • instance type
  • size
  • flags

Everything grouped into one clean structure.

object definition in variables.tf



corresponding values in terraform.tfvars

Tuple type

This one is positional.

Each value has a fixed place and type.

Less flexible than object, but useful in specific cases.

tuple definition and values



Validation (this is where Terraform becomes strict)

This was my favorite part today.

You can define rules that inputs must follow.

For example:

  • Allow only dev, qa, prod
  • Validate CIDR blocks
  • Prevent invalid configurations

Instead of debugging later, Terraform stops you immediately.

Run terraform plan with wrong value (like environment = "test")



Run terraform plan with correct values


Bringing everything together

Instead of testing types individually, I combined everything into one working example.

That included:

  • Basic types
  • Collections
  • Object and tuple
  • Validation rules

Seeing all of them work together made things much clearer. I made sure related variables like availability zones, subnet CIDRs, and instance count stay aligned to avoid index errors during deployment.

Full terraform.tfvars

All data types working together in a single Terraform execution

terraform plan output








What I understood today

This wasn’t just about syntax. It changed how I think about Terraform.

Before:

  • I was just passing values

Now:

  • I’m defining rules
  • Designing structure
  • Preventing mistakes early

Key takeaways

  • Always define types for variables
  • Use validation to enforce rules
  • Prefer object for structured data
  • Choose between list, set, map carefully
  • Treat inputs like contracts, not suggestions

Closing thought

Today felt like a shift.

Not just writing Terraform, but building something predictable and safe. Because in real systems, it’s not about what works once, It’s about what works correctly every time.

Screenshots from my setup


AWS Console screenshots after Terraform apply







Video Reference


Jay

Comments

Post a Comment

Popular posts from this blog

ASM Integrity check failed with PRCT-1225 and PRCT-1011 errors while creating database using DBCA on Exadata 3 node RAC

Image
  Error: The error message PRCT-1225: failed to verify Oracle Automatic Storage Management (Oracle ASM) user credentials using the command 'asmcmd credverify' indicates that the asmcmd credverify command failed to verify the Oracle ASM user credentials. This can happen for a number of reasons, including: The user credentials are incorrect. The user credentials file is corrupted. The user does not have the necessary permissions to run the asmcmd credverify command. There is a problem with the Oracle ASM instance. To troubleshoot this error, you can try the following: Make sure that the user credentials are correct. You can do this by trying to log in to the Oracle ASM instance using the same credentials. Check the user credentials file for errors. You can do this by using a text editor to open the file and inspect the contents. Make sure that the user has the necessary permissions to run the asmcmd credverify command. You can do this by checking the user's permissi...
Read more

Lock Tables in MariaDB

Whether or not you need to lock tables while backing up MariaDB depends on a few factors, including the type of backup you are performing and the tools you are using. If you are performing a full backup , you should lock the tables to ensure that the backup is consistent. This is because a full backup copies all of the data in the database, including any data that is currently being modified by transactions. If you do not lock the tables, it is possible that the backup could contain inconsistent data. If you are performing a differential backup or an incremental backup , you may not need to lock the tables. Differential and incremental backups only copy the data that has changed since the previous backup. This means that the data is already consistent, so there is no need to lock the tables. However, some backup tools may require you to lock the tables, even if you are performing a differential or incremental backup. This is because these tools may need to modify the database in some ...
Read more

Life is beautiful

Image
Life brings unexpected tragedies that are beyond our control. It's heartbreaking to witness people facing circumstances they never chose. We react with tears and inevitably wonder, "What if that happens to me?" As humans, we naturally focus on the positive and avoid dwelling on such thoughts—and that's healthy. But this perspective has shaped how I approach life: Am I prepared for these scenarios? Are my loved ones protected if something goes wrong? If I were to die, I couldn't be there to tell them to stay strong—they'd have to face that grief alone. But I can give them financial security through proper planning, wills, and trusts. These are tangible ways to care for them even when I'm gone. Beyond that, what else can I control? I don't waste energy worrying about an uncertain past or future. Instead, I choose to spread peace, truly listen to others, and share genuine smiles. I embrace the principle of living fully while letting others do the same. ...
Read more