Production-tested. Partner links.
🛸 Proton VPN – Encrypted tunnel
🔐 Proton Pass – Zero-knowledge vault
🦑 GitKraken Pro – Visual Git client
🐧 Linux Foundation – Code: VALDEMAR
Mastering Terraform Contains and Strcontains Functions
By Vladimir Mikhalev · Solutions Architect · Docker Captain · IBM Champion
Terraform’s a declarative language — which is just a fancy way of saying you don’t get if-statements like a normal programmer. So when you need to validate inputs, control behavior, or gate deployments, you reach for the logic tools Terraform does give you.
Two of the most deceptively simple — and ridiculously useful — are contains() and strcontains().
If you’ve ever been bitten by a bad variable, a missing VM size, or a misnamed AZ, this post is for you.
Let’s break these two down. Sharp, real, no fluff.
contains(): Check If It’s In There — Or Burn a Saturday Debugging
The contains() function checks whether a specific value exists inside a list or a set.
contains(list, value) => boolIt returns true if the list contains the value. false if it doesn’t. That’s it.
Sounds basic? Sure. But when your infra logic starts depending on user input, region capabilities, or feature flags, this little guy becomes the bouncer at the front of your Terraform nightclub.
Real-World Example: Azure VM Sizes
Let’s say you’re deploying to Azure, and someone on your team decides to request a beefy VM in a tiny region that doesn’t support it. You want to stop that mistake before the apply fails.
variable "region" { default = "uksouth"}
variable "vm_size" { default = "Standard_DS2_v2"}
data "azurerm_virtual_machine_sizes" "example" { location = var.region}
output "is_supported" { value = contains(data.azurerm_virtual_machine_sizes.example.sizes, var.vm_size)}If vm_size isn’t available in that region, it returns false. You can use this in a count, a for_each, or as part of a validation block. Either way, it’s miles better than letting Terraform barf mid-deploy.
strcontains(): When You’re Parsing Strings Like It’s Bash Again
Now let’s talk about strcontains() — Terraform’s way of answering the question: “Does this string have that other string inside it?”
strcontains(string, substr) => boolUse it when you don’t have a list, just a single string — like an AZ name, tag, or label — and want to match patterns.
Example: Is This AZ Optimized?
strcontains("us-east-1b-optimal", "optimal") // returns trueThis is especially handy when providers or modules return strings with embedded metadata — and you want to route logic accordingly.
Say you only want to run a deployment if the target zone is labeled “optimal”:
locals { is_optimal_zone = strcontains(var.availability_zone, "optimal")}Now local.is_optimal_zone becomes your condition switch — whether for creating resources, setting tags, or adding taints.
Gotchas (That Bit Me, So You Don’t Have To)
contains()cares about exact values. Case-sensitive. No fuzzy matches.strcontains()won’t match regex or wildcards. It’s pure substring.- Maps don’t work with
contains()the way you want. Only lists and sets. If you trycontains({ key = "val" }, "key")— expect disappointment. - Nulls can mess with results. Validate your variables, or wrap with
coalesce()if needed.
Bonus: Validate with Style
Want to enforce logic on inputs? Use validation blocks with these functions.
variable "az" { type = string default = "us-east-1b-optimal"
validation { condition = strcontains(var.az, "optimal") error_message = "Only 'optimal' AZs are allowed for this deployment." }}Now Terraform fails early — with a message that makes sense — instead of crashing halfway through your infra plan.
TL;DR
- Use
contains()when working with lists or sets. - Use
strcontains()for substring checks in single strings. - Combine them with
validation,count, orfor_eachfor clean, safe logic in your modules. - Don’t guess. Test.
Related Posts
- 1Docker supply chain hardening — from Scout D to OpenSSF 7.8 on a 730K-pull imageDevOps & Cloud · How I hardened a 730K-pull public Docker image from Scout grade D to OpenSSF Scorecard 7.8. Multi-stage build, cosign signing, SLSA provenance, non-root default, and the incident that changed how I ship attestations.
- 2Cloudflare Web Analytics on Astro — Why Removing GA4 Unlocked Lighthouse 100DevOps & Cloud · How removing Google Analytics 4 from an Astro site unlocked Lighthouse 100, why Cloudflare Web Analytics replaced it, and what the tradeoffs actually cost.
- 3Platform Engineering — The Complete, Practical Guide to Building Internal Developer Platforms That ScaleDevOps & Cloud · A deep, practical guide to Platform Engineering. Learn how to build internal developer platforms, golden paths, GitOps workflows, and scalable cloud foundations.
- 4Amazon Q vs DevOps Chaos — Can This AI Fix AWS Faster Than You?DevOps & Cloud · Fix AWS issues faster with Amazon Q, the AI assistant built for DevOps. Real-world examples, limitations, and how it compares to ChatGPT.
Random Posts
- 1Install Zabbix on Ubuntu ServerDevOps & Cloud · Install Zabbix on Ubuntu Server 22.04 with Apache, MySQL, and SSL. Full step-by-step guide with Certbot, secure configs, and database setup.
- 2Update Kernel in UbuntuSysAdmin & IT Pro · Learn how to safely update the Linux kernel in Ubuntu using Terminal and .deb packages. Step-by-step guide for system administrators and Linux users.
- 3Install Mattermost Using Docker ComposeSelf-Hosting · Step-by-step guide to install Mattermost with Docker Compose. Set up secure team chat using Traefik, Let's Encrypt, and Docker on your own server.
- 4Disable Server Manager Autostart in Windows Server 2012 R2SysAdmin & IT Pro · Learn how to disable Server Manager autostart in Windows Server 2012 R2 using Server Manager settings, Task Scheduler, CMD, and PowerShell.