I’m trying to generate security group rules to be fed to aws_security_group as the ingress block. I’m not with aws_security_group_rule because I want the module to be flexible if do self source etc.
Example pulling private subnet cidr_block and description of the rule as the availability zone.
simplified example: I’m actually pulling from Terraform state etc.
Source
list of maps
locals {
subnets = [
{
availability_zone = "us-east-1a"
cidr_block = "10.0.0.0/23"
},
{
availability_zone = "us-east-1b"
cidr_block = "10.0.2.0/23"
},
{
availability_zone = "us-east-1c"
cidr_block = "10.0.4.0/23"
}
]
}
Expected Results
list of maps
[
{
description = "us-east-1a"
type = "ingress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["10.0.0.0/23"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
},
{
description = "us-east-1b"
type = "ingress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["10.0.2.0/23"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
},
{
description = "us-east-1c"
type = "ingress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["10.0.4.0/23"]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}
]
Not Working Draft (Need help here)
ingress_rules = flatten([
for subnets, values in local.subnets : [
for key in values: {
description = key.availability_zone
type = "ingress"
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = [key.cidr_block]
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}
]
])