Terraform input variable restrictions - A feature wish

One of the things I find myself occasionally missing from terraform are the native AWS specific parameter types you can use in CloudFormation. These are refinements to the usual template parameters that further limit the valid input, help describe what the value should actually be, and in some cases verify that the resource passed in actually exists.

In CloudFormation you’d often start with a basic string parameter like this in your templates:

"Parameters" : {

    "SubnetID" : {
      "Type" : "String",
      "MinLength": "5",
      "Description" : "The subnet ID for blah.",
      "AllowedPattern" : "subnet-[a-z0-9]*",
      "ConstraintDescription" : "Must be a valid subnet ID E.g. subnet-a1b2c3d"

The example isn’t too bad and can be understood with a little bit of effort. But what if your regex is wrong or they change the identifier length again? Here comes a big sed created PR with updated allowances. Eventually someone on the CloudFormation team saw all the horrendous regexs people were writing to validate the resource names and decided to do it properly once and save the rest of us the hassle. Using the AWS specific parameter types you can re-write your params to be more concise, self-descriptive, and probably more correct.

"Parameters" : {

    "AMIId" : {
      "Type" : "AWS::EC2::Image::Id",
      "Description" : "The AMI to base instances on."

    "KeyName" : {
      "Description": "Name of an existing EC2 KeyPair",
      "Type": "AWS::EC2::KeyPair::KeyName"

I think this kind of specialised typing would be a wonderful extension to the native Terraform variable declarations. It would help ensure correctness while also avoiding the hand rolling of many custom regexs. With a little external extension magic rolled in you could even localise it to be more specific and add your own permitted variable types such as a reuable list of AWS nstance types. I know it’s not a feature yet but a cloudop can dream.