Create multiple rules in AWS security Group Terraform

Hello everyone, I followed a tutorial on setting up terraforms aws Security Group rules
below is the code

#CREATE AWS SECURITY GROUP TO ALLOW PORT 80,22,443
resource "aws_security_group" "Tycho-Web-Traffic-Allow" {
  name        = "Tycho-Web-Traffic-Allow"
  description = "Allow Web traffic into Tycho Station"
  vpc_id      = aws_vpc.Tyco-vpc.id

  ingress = [
    {
      description      = "HTTPS from VPC"
      from_port        = 443
      to_port          = 443
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    },
    {
      description      = "HTTP from VPC"
      from_port        = 80
      to_port          = 80
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    },
    {
      description      = "SSH from VPC"
      from_port        = 22
      to_port          = 22
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    }
  ]


  egress = [
    {
      from_port        = 0
      to_port          = 0
      protocol         = "-1"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    }
  ]

  tags = {
    Name = "Tycho-Allow-Web-Traffic"
  }
}

but i got this error below

 Error: Incorrect attribute value type
│ 
│   on main.tf line 82, in resource "aws_security_group" "Tycho-Web-Traffic-Allow":
│   82:   ingress = [
│   83:     {
│   84:       description      = "HTTPS from VPC"
│   85:       from_port        = 443
│   86:       to_port          = 443
│   87:       protocol         = "tcp"
│   88:       cidr_blocks      = ["0.0.0.0/0"]
│   89:       ipv6_cidr_blocks = ["::/0"]
│   90:     },
│   91:     {
│   92:       description      = "HTTP from VPC"
│   93:       from_port        = 80
│   94:       to_port          = 80
│   95:       protocol         = "tcp"
│   96:       cidr_blocks      = ["0.0.0.0/0"]
│   97:       ipv6_cidr_blocks = ["::/0"]
│   98:     },
│   99:     {
│  100:       description      = "SSH from VPC"
│  101:       from_port        = 22
│  102:       to_port          = 22
│  103:       protocol         = "tcp"
│  104:       cidr_blocks      = ["0.0.0.0/0"]
│  105:       ipv6_cidr_blocks = ["::/0"]
│  106:     }
│  107:   ]
│ 
│ Inappropriate value for attribute "ingress": element 0: attributes "prefix_list_ids", "security_groups", and "self" are required.
╵
╷
│ Error: Incorrect attribute value type
│ 
│   on main.tf line 110, in resource "aws_security_group" "Tycho-Web-Traffic-Allow":
│  110:   egress = [
│  111:     {
│  112:       from_port        = 0
│  113:       to_port          = 0
│  114:       protocol         = "-1"
│  115:       cidr_blocks      = ["0.0.0.0/0"]
│  116:       ipv6_cidr_blocks = ["::/0"]
│  117:     }
│  118:   ]
│ 
│ Inappropriate value for attribute "egress": element 0: attributes "description", "prefix_list_ids", "security_groups", and "self" are required.

I’m new to terraform any help???

I think the idea is you repeat the ingress/egress block for each rule you require. So one rule per block. Can you try that?

@fergoid Yes I did but it didn’t work

Something like this?

locals {
  ports_in = [
    443,
    80,
    22
  ]
  ports_out = [
    0
  ]
}

resource "aws_security_group" "test" {
  name        = "test"
  description = "test"
  vpc_id      = aws_vpc.test.id

  dynamic "ingress" {
    for_each = toset(local.ports_in)
    content {
      description      = "HTTPS from VPC"
      from_port        = ingress.value
      to_port          = ingress.value
      protocol         = "tcp"
      cidr_blocks      = ["0.0.0.0/0"]
    }
  }

  dynamic "egress" {
    for_each = toset(local.ports_out)
    content {
      from_port        = egress.value
      to_port          = egress.value
      protocol         = "-1"
      cidr_blocks      = ["0.0.0.0/0"]
    }
  }
}

Thanks Guys for your help. Got it to work using another method

I am facing the same issue, Can you please guide me?

Error -
Inappropriate value for attribute “egress”: element 0: attributes “description”,
│ “prefix_list_ids”, “security_groups”, and “self” are required.