Production-tested. Partner links.
🛸 Proton VPN – Encrypted tunnel
🔐 Proton Pass – Zero-knowledge vault
🦑 GitKraken Pro – Visual Git client
🐧 Linux Foundation – Code: VALDEMAR
Mastering Terraform Contains and Strcontains Functions
By Vladimir Mikhalev · Solutions Architect · Docker Captain · IBM Champion
Terraform’s a declarative language — which is just a fancy way of saying you don’t get if-statements like a normal programmer. So when you need to validate inputs, control behavior, or gate deployments, you reach for the logic tools Terraform does give you.
Two of the most deceptively simple — and ridiculously useful — are contains() and strcontains().
If you’ve ever been bitten by a bad variable, a missing VM size, or a misnamed AZ, this post is for you.
Let’s break these two down. Sharp, real, no fluff.
contains(): Check If It’s In There — Or Burn a Saturday Debugging
The contains() function checks whether a specific value exists inside a list or a set.
contains(list, value) => boolIt returns true if the list contains the value. false if it doesn’t. That’s it.
Sounds basic? Sure. But when your infra logic starts depending on user input, region capabilities, or feature flags, this little guy becomes the bouncer at the front of your Terraform nightclub.
Real-World Example: Azure VM Sizes
Let’s say you’re deploying to Azure, and someone on your team decides to request a beefy VM in a tiny region that doesn’t support it. You want to stop that mistake before the apply fails.
variable "region" { default = "uksouth"}
variable "vm_size" { default = "Standard_DS2_v2"}
data "azurerm_virtual_machine_sizes" "example" { location = var.region}
output "is_supported" { value = contains(data.azurerm_virtual_machine_sizes.example.sizes, var.vm_size)}If vm_size isn’t available in that region, it returns false. You can use this in a count, a for_each, or as part of a validation block. Either way, it’s miles better than letting Terraform barf mid-deploy.
strcontains(): When You’re Parsing Strings Like It’s Bash Again
Now let’s talk about strcontains() — Terraform’s way of answering the question: “Does this string have that other string inside it?”
strcontains(string, substr) => boolUse it when you don’t have a list, just a single string — like an AZ name, tag, or label — and want to match patterns.
Example: Is This AZ Optimized?
strcontains("us-east-1b-optimal", "optimal") // returns trueThis is especially handy when providers or modules return strings with embedded metadata — and you want to route logic accordingly.
Say you only want to run a deployment if the target zone is labeled “optimal”:
locals { is_optimal_zone = strcontains(var.availability_zone, "optimal")}Now local.is_optimal_zone becomes your condition switch — whether for creating resources, setting tags, or adding taints.
Gotchas (That Bit Me, So You Don’t Have To)
contains()cares about exact values. Case-sensitive. No fuzzy matches.strcontains()won’t match regex or wildcards. It’s pure substring.- Maps don’t work with
contains()the way you want. Only lists and sets. If you trycontains({ key = "val" }, "key")— expect disappointment. - Nulls can mess with results. Validate your variables, or wrap with
coalesce()if needed.
Bonus: Validate with Style
Want to enforce logic on inputs? Use validation blocks with these functions.
variable "az" { type = string default = "us-east-1b-optimal"
validation { condition = strcontains(var.az, "optimal") error_message = "Only 'optimal' AZs are allowed for this deployment." }}Now Terraform fails early — with a message that makes sense — instead of crashing halfway through your infra plan.
TL;DR
- Use
contains()when working with lists or sets. - Use
strcontains()for substring checks in single strings. - Combine them with
validation,count, orfor_eachfor clean, safe logic in your modules. - Don’t guess. Test.
Related Posts
- 1Docker supply chain hardening — from Scout D to OpenSSF 7.8 on a 730K-pull imageDevOps & Cloud · How I hardened a 730K-pull public Docker image from Scout grade D to OpenSSF Scorecard 7.8. Multi-stage build, cosign signing, SLSA provenance, non-root default, and the incident that changed how I ship attestations.
- 2Cloudflare Web Analytics on Astro — Why Removing GA4 Unlocked Lighthouse 100DevOps & Cloud · How removing Google Analytics 4 from an Astro site unlocked Lighthouse 100, why Cloudflare Web Analytics replaced it, and what the tradeoffs actually cost.
- 3Platform Engineering — The Complete, Practical Guide to Building Internal Developer Platforms That ScaleDevOps & Cloud · A deep, practical guide to Platform Engineering. Learn how to build internal developer platforms, golden paths, GitOps workflows, and scalable cloud foundations.
- 4Amazon Q vs DevOps Chaos — Can This AI Fix AWS Faster Than You?DevOps & Cloud · Fix AWS issues faster with Amazon Q, the AI assistant built for DevOps. Real-world examples, limitations, and how it compares to ChatGPT.
Random Posts
- 1Git Cheat SheetDevOps & Cloud · Fast and practical Git cheat sheet for developers. Learn essential Git commands for setup, commits, branching, merging, and more in one convenient guide.
- 2The Fates of Famous Figures Under the Pressure of Power from the Russian Empire to Our DaysOpinion & Culture · Explore the lives of famous figures persecuted by Russian regimes—from the Empire to today. Discover stories of censorship, exile, and resistance.
- 3Install Terraform on macOSDevOps & Cloud · Learn how to install Terraform on macOS using Homebrew. Step-by-step guide includes setup, version check, and usage tips for managing infrastructure as code.
- 4Amazon Project Dawn Cut 30,000 Jobs — Including the Head of AWS Community Builders. Here's What It Means.Opinion & Culture · Amazon laid off Jason Dunn, the architect of the AWS Community Builders program. This isn't the death of community — it's the signal that community must prove production value, not just engagement metrics.