Hello, I’ve created a security groups using for
expressions, however I realized that, my main rules.tf
file is growing exponentially.
Is there any way, to make a map?
sg.tf
resource "aws_security_group_rule" "public_ingress" {
for_each = { for rule in var.public__ingress_rules : "${rule.description}-${rule.protocol}" => rule }
depends_on = [ aws_security_group.public ]
type = "ingress"
security_group_id = concat(aws_security_group.public.*.id,[""])[0]
self = lookup(each.value, "self_parameter", null)
cidr_blocks = compact(split(",", lookup(each.value, "cidr_blocks_ipvf", "")))
ipv6_cidr_blocks = compact(split(",", lookup(each.value, "cidr_blocks_ipvs", "")))
prefix_list_ids = compact(split(",", lookup(each.value, "endpoints_prefix", "")))
from_port = lookup(each.value, "source_port", 0)
to_port = lookup(each.value, "target_port", 0)
protocol = lookup(each.value, "protocol", "-1")
description = lookup(each.value, "description", null)
lifecycle {
create_before_destroy = true
ignore_changes = [ security_group_id, type ]
}
}
resource "aws_security_group_rule" "public_egress" {
for_each = { for rule in var.public__ingress_rules : "${rule.description}-${rule.protocol}" => rule }
depends_on = [ aws_security_group.public ]
type = "egress"
... omitted ...
Here is my rules.tf
locals {
public__rules = {
ingress_rules = [
{
self_parameter = false
cidr_blocks_ipvf = "10.0.0.0/8"
cidr_blocks_ipvs = var.enable_ipvs_cidr ? var.master_cidrblock_ipvs : ""
endpoints_prefix = ""
source_port = 22,
target_port = 22,
protocol = "TCP"
description = "[SSH] Secure Shell",
... omitted ...