Last Updated on August 3, 2025 by Arnav Sharma
Terraform, one of the most popular Infrastructure as Code (IaC) tools, offers a flexible way to manage and provision cloud resources using a high-level configuration language. As your Terraform configurations grow more complex, you’ll often need to manipulate and validate strings. This is where Terraform’s regex functions become incredibly useful. By allowing you to match and extract patterns from strings, these functions enable efficient data parsing and transformation within your infrastructure code.
In this blog, we’ll dive into the core regex functions in Terraform: regex and regexall, exploring their syntax, use cases, and how they can elevate your Terraform projects.
What is Regex?
Regular expressions (regex) are sequences of characters that form search patterns, primarily used for string searching, pattern matching, and text manipulation. Terraform employs regex to match patterns within strings, which can be crucial for tasks like validating input, parsing complex string formats, and more.
Terraform uses the RE2 regular expression language, which is a subset of commonly used regex engines. Although it lacks support for features like backreferences, RE2 is lightweight and performs well within Terraformโs configuration language.
Terraformโs Core Regex Functions
Terraform provides two primary functions for working with regex:
regex: Returns a single match for a pattern in a string.regexall: Returns all matches for a pattern in a string.
regex Function
The regex function allows you to match a regular expression against a string and return the substring(s) that match. It can handle both unnamed and named capture groups, returning either a list or a map depending on the pattern.
The basic syntax for regex is:
regex(pattern, string)
- pattern: The regular expression pattern to search for.
- string: The input string on which the regex will operate.
Example 1: Simple String Matching
This example shows a simple regex match for lowercase letters in a string:
> regex("[a-z]+", "53453453.345345aaabbbccc23454")
"aaabbbccc"
The pattern [a-z]+ matches one or more lowercase letters. The regex function extracts and returns the first match it encounters.
Example 2: Matching Dates
In this example, the regex captures parts of a date:
> regex("(\d\d\d\d)-(\d\d)-(\d\d)", "2019-02-01")
[
"2019",
"02",
"01"
]
Here, the regex matches the date format YYYY-MM-DD, returning the year, month, and day as separate elements in a list.
Example 3: Using Named Capture Groups
Named capture groups provide a way to reference matched parts of a string by name, making your regex patterns easier to understand and use:
> regex("^(?:(?P<scheme>[^:/?#]+):)?(?://(?P<authority>[^/?#]*))?", "https://terraform.io/docs/")
{
"authority" = "terraform.io"
"scheme" = "https"
}
In this example, we use named capture groups (?P<name>pattern) to capture the scheme (https) and authority (terraform.io) from a URL. The result is returned as a map, with keys matching the capture group names.
Error Handling
If the regex pattern doesn’t match any part of the string, Terraform will raise an error:
> regex("[a-z]+", "53453453.34534523454")
Error: Error in function call
This occurs because the pattern [a-z]+ couldn’t find any lowercase letters in the provided string.
regexall Function
The regexall function works similarly to regex, but instead of returning the first match, it returns all matches for the given pattern.
The syntax for regexall is:
regexall(pattern, string)
Example 1: Finding Multiple Matches
Letโs use regexall to find all sequences of digits in a string:
> regexall("\d+", "Address: 1234 Main St, Apt 56")
[
"1234",
"56"
]
Here, the pattern \d+ (which matches one or more digits) is used to find all the digit sequences in the string. regexall returns a list containing all matches.
Example 2: Capturing Multiple Parts of a String
You can combine regexall with named or unnamed capture groups to extract multiple segments of a string:
> regexall("([A-Za-z]+)", "[email protected] [email protected]")
[
"john",
"example",
"com",
"jane",
"doe",
"domain",
"org"
]
In this case, regexall returns all the alphanumeric components of the email addresses.
Best Practices for Using Regex in Terraform
While regex can be a powerful tool for string manipulation, there are a few best practices to keep in mind when using it in Terraform configurations:
- Keep patterns simple and clear: Complex regex patterns can be hard to read and maintain. Whenever possible, use built-in Terraform functions like
split,replace, andjoinfor basic string operations before resorting to regex. - Handle errors gracefully: Since regex will raise an error if the pattern doesn’t match, ensure that your strings are well-validated before applying regex functions. You can use
regexallfor scenarios where no match might be acceptable, as it returns an empty list instead of an error. - Use named capture groups for clarity: When your regex pattern includes multiple parts, named capture groups can improve readability and help future collaborators understand what each part of the pattern does.
- Use specialized functions when possible: Sometimes, Terraformโs other string manipulation functions, such as
replaceandsplit, may be more appropriate than regex for simple tasks. Regular expressions can obscure your intent if overused.