diff --git a/modules/net-vlan-attachment/README.md b/modules/net-vlan-attachment/README.md
index f324a036..6c3fb92c 100644
--- a/modules/net-vlan-attachment/README.md
+++ b/modules/net-vlan-attachment/README.md
@@ -503,16 +503,16 @@ module "example-va-b" {
| [description](variables.tf#L35) | VLAN attachment description. | string
| ✓ | |
| [name](variables.tf#L52) | The common resources name, used after resource type prefix and suffix. | string
| ✓ | |
| [network](variables.tf#L57) | The VPC name to which resources are associated to. | string
| ✓ | |
-| [peer_asn](variables.tf#L70) | The on-premises underlay router ASN. | string
| ✓ | |
-| [project_id](variables.tf#L75) | The project id where resources are created. | string
| ✓ | |
-| [region](variables.tf#L80) | The region where resources are created. | string
| ✓ | |
-| [router_config](variables.tf#L85) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…})
| ✓ | |
+| [peer_asn](variables.tf#L74) | The on-premises underlay router ASN. | string
| ✓ | |
+| [project_id](variables.tf#L79) | The project id where resources are created. | string
| ✓ | |
+| [region](variables.tf#L84) | The region where resources are created. | string
| ✓ | |
+| [router_config](variables.tf#L89) | Cloud Router configuration for the VPN. If you want to reuse an existing router, set create to false and use name to specify the desired router. | object({…})
| ✓ | |
| [admin_enabled](variables.tf#L17) | Whether the VLAN attachment is enabled. | bool
| | true
|
| [dedicated_interconnect_config](variables.tf#L23) | Partner interconnect configuration. | object({…})
| | null
|
| [ipsec_gateway_ip_ranges](variables.tf#L40) | IPSec Gateway IP Ranges. | map(string)
| | {}
|
| [mtu](variables.tf#L46) | The MTU associated to the VLAN attachment (1440 / 1500). | number
| | 1500
|
-| [partner_interconnect_config](variables.tf#L62) | Partner interconnect configuration. | object({…})
| | null
|
-| [vlan_tag](variables.tf#L106) | The VLAN id to be used for this VLAN attachment. | number
| | null
|
-| [vpn_gateways_ip_range](variables.tf#L112) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string
| | null
|
+| [partner_interconnect_config](variables.tf#L62) | Partner interconnect configuration. | object({…})
| | null
|
+| [vlan_tag](variables.tf#L110) | The VLAN id to be used for this VLAN attachment. | number
| | null
|
+| [vpn_gateways_ip_range](variables.tf#L116) | The IP range (cidr notation) to be used for the GCP VPN gateways. If null IPSec over Interconnect is not enabled. | string
| | null
|
diff --git a/modules/net-vlan-attachment/variables.tf b/modules/net-vlan-attachment/variables.tf
index dacc3b4d..941003f9 100644
--- a/modules/net-vlan-attachment/variables.tf
+++ b/modules/net-vlan-attachment/variables.tf
@@ -62,8 +62,12 @@ variable "network" {
variable "partner_interconnect_config" {
description = "Partner interconnect configuration."
type = object({
- edge_availability_domain = optional(string, "AVAILABILITY_DOMAIN_ANY")
+ edge_availability_domain = string
})
+ validation {
+ condition = var.partner_interconnect_config == null ? true : contains(["AVAILABILITY_DOMAIN_1", "AVAILABILITY_DOMAIN_2", "AVAILABILITY_DOMAIN_ANY"], var.partner_interconnect_config.edge_availability_domain)
+ error_message = "The edge_availability_domain must have one of these values: AVAILABILITY_DOMAIN_1, AVAILABILITY_DOMAIN_2, AVAILABILITY_DOMAIN_ANY."
+ }
default = null
}