Skip to main content

atmos terraform validate

Use this command to validate the Terraform HCL configuration files (.tf files) for an Atmos component in a stack, checking for syntax and consistency errors. This validates Terraform code, not Atmos stack YAML configurations.

atmos terraform validate --help

Usage​

Execute the terraform validate command like this:

atmos terraform validate <component> -s <stack> [options]

This command validates the Terraform HCL configuration files in a component directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.

Atmos Behavior

Atmos provides standard setup for this command including automatic terraform init and workspace selection. The validation itself is performed by native Terraform.

Configuration​

Configure validation behavior in your atmos.yaml:

components:
  terraform:
    # Always run init before validate
    init_run_reconfigure: false

    # Auto-generate backend file for validation
    auto_generate_backend_file: true

Validation includes:

  • Checking for syntax errors
  • Verifying internal consistency
  • Ensuring all required arguments are specified
  • Checking that all variables are declared
  • Validating output value expressions
  • Ensuring resource configurations are complete

Examples​

Basic Validation​

Validate a component in a stack:

atmos terraform validate vpc -s dev

Validation with JSON Output​

Get validation results in JSON format for parsing:

atmos terraform validate vpc -s dev -json

Skip Initialization​

Validate without running terraform init first:

atmos terraform validate vpc -s dev --skip-init

When to Use Validate​

Pre-Deployment Checks​

Run validation before planning or applying:

# Validate first
atmos terraform validate app -s prod

# Then plan if validation succeeds
atmos terraform plan app -s prod

After Configuration Changes​

Always validate after modifying Terraform configurations:

# After editing *.tf files
atmos terraform validate component -s stack

# After updating module versions
atmos terraform validate component -s stack

Arguments​

component (required)

Atmos component name to validate.

Flags​

--stack / -s (required)

Atmos stack name where the component is defined.

--skip-init (optional)

Skip running terraform init before validation. Use this when you know the working directory is already initialized.

atmos terraform validate vpc -s dev --skip-init
--dry-run (optional)

Show what would be executed without actually running the command.

atmos terraform validate vpc -s dev --dry-run

Native Terraform Flags​

The atmos terraform validate command supports all native terraform validate flags:

-json

Output the validation result in JSON format. This is useful for programmatic processing of validation results.

atmos terraform validate vpc -s dev -json

Example JSON output:

{
  "valid": true,
  "error_count": 0,
  "warning_count": 0,
  "diagnostics": []
}
-no-color

Disable color codes in the output.

atmos terraform validate vpc -s dev -no-color

Common Validation Errors​

Missing Required Arguments​

Error: Missing required argument

The argument "vpc_id" is required, but no definition was found.

Solution: Add the missing argument to your configuration or variables.

Undeclared Variables​

Error: Reference to undeclared variable

A variable named "instance_type" is not declared.

Solution: Declare the variable in a variables.tf file or in your Atmos stack configuration.

Invalid Resource Configuration​

Error: Invalid resource type

The resource type "aws_not_real" is not supported by provider "aws".

Solution: Check the resource type name and ensure you're using valid resource types.

Syntax Errors​

Error: Argument or block definition required

An argument or block definition is required here. To set an argument, use the
equals sign "=" to introduce the argument value.

Solution: Fix the syntax error in your Terraform configuration files.

Best Practices​

1. Validate Early and Often​

Run validation:

  • After every configuration change
  • Before running plan or apply
  • As part of your CI/CD pipeline
  • During code reviews

2. Use in Pre-Commit Hooks​

Add validation to your pre-commit hooks:

# .pre-commit-config.yaml
- repo: local
  hooks:
    - id: terraform-validate
      name: Terraform Validate
      entry: atmos terraform validate
      language: system
      files: \.tf$

3. Combine with Other Checks​

Use validation alongside other quality checks. For security scanning with tools like tfsec, checkov, or terrascan, use JSON planfiles generated with atmos terraform generate planfile for more accurate analysis.

This integration is best implemented using Atmos custom commands with embedded shell scripts:

# atmos.yaml
commands:
  - name: security-scan
    description: Run security checks on component
    steps:
      - atmos terraform fmt {component} -s {stack} -check
      - atmos terraform validate {component} -s {stack}
      - atmos terraform generate planfile {component} -s {stack}
      - checkov -f ./{component}-{stack}.planfile.json

4. Parse JSON Output​

Use JSON output for automated processing:

# Check validation status
result=$(atmos terraform validate vpc -s dev -json)
valid=$(echo $result | jq -r '.valid')

if [ "$valid" = "false" ]; then
    echo "Validation failed!"
    echo $result | jq -r '.diagnostics[]'
    exit 1
fi
tip

Use terraform validate as the first step in your deployment pipeline to catch configuration errors early before they can affect your infrastructure.