Define an AWS Region Variable with Validation

AWS Region Variable with Validation

One of the most common Terraform variables is the AWS region. Rather than hardcoding the region in your provider block, defining it as a variable lets you deploy the same infrastructure to different regions without modifying code.

Variable Definition

variable "aws_region" {
  type        = string
  description = "The AWS region to deploy resources in"
  default     = "us-east-1"

  validation {
    condition     = can(regex("^(us|eu|ap|sa|ca|me|af)-(north|south|east|west|central|southeast|northeast)-[0-9]+$", var.aws_region))
    error_message = "Must be a valid AWS region (e.g., us-east-1, eu-west-2)."
  }
}

tfvars Usage

aws_region = "eu-west-1"

Key Points

• The can(regex(...)) pattern returns true if the regex matches and false otherwise, without raising an error
• The regex covers all AWS region naming conventions: continent prefix, direction, and zone number
• A sensible default (us-east-1) means the variable is optional — callers can override it but don't have to
• This validation catches typos early during terraform plan rather than at AWS API call time

Common Alternatives

Some teams prefer an allowed_values approach using contains() instead of regex, explicitly listing the regions they've approved:

validation {
  condition     = contains(["us-east-1", "us-west-2", "eu-west-1", "eu-central-1"], var.aws_region)
  error_message = "Only approved regions are allowed."
}

This is stricter and better for organizations that restrict deployments to specific regions for compliance.