Aws security group source(CIDR/Source SG)

Hello All,

I am trying to create security group with multiple ingress rules(Lets assume 2 ingress rules). One Rule with source as CIDR and the another rule with source as another security group.

So, we have use to cidr_blocks argument for CIDR Source and source_security_group_id for 2nd scenario.

Here is my code.
variables.tf

variable “ingress_rules” {
type = map(object({
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
description = string
source_sg_id= string
}))
}

main.tf

resource “aws_security_group_rule” “managed_node_ssh_access” {
for_each = var.ingress_rules
security_group_id = aws_security_group.default.id
description = lookup(each.value, “description”, null)
type = “ingress”
from_port = lookup(each.value, “from_port”, null)
to_port = lookup(each.value, “to_port”, null)
protocol = lookup(each.value, “protocol”, null)
cidr_blocks = lookup(each.value, “cidr_blocks”, null)
source_security_group_id = lookup(each.value, “source_sg_id”, null)
}

terraform.tfvars

ingress_rules = {
rule1 = {
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“10.0.0.0/16”]
description = “test”
# source_sg_id = “”
},
rule2 = {
from_port = 80
to_port = 80
protocol = “tcp”
# cidr_blocks = [“0.0.0.0/0”]
description = “test”
source_sg_id = “sg-123456”
},
}

I am getting error that says cidr_blocks/source security group is required field.

I want to use cidr for rule1 and source_sg_id for rule2, please advice.
Thanks in advance.