For loop help - SG rule generating

I’m trying to generate security group rules to be fed to aws_security_group as the ingress block. I’m not with aws_security_group_rule because I want the module to be flexible if do self source etc.

Example pulling private subnet cidr_block and description of the rule as the availability zone.

simplified example: I’m actually pulling from Terraform state etc.

Source

list of maps

locals {
  subnets = [
    {
      availability_zone = "us-east-1a"
      cidr_block = "10.0.0.0/23"
    },
    {
      availability_zone = "us-east-1b"
      cidr_block = "10.0.2.0/23"
    },
    {
      availability_zone = "us-east-1c"
      cidr_block = "10.0.4.0/23"
    }
  ]
}

Expected Results

list of maps

[
    {
      description               = "us-east-1a"
      type                      = "ingress"
      from_port                 = "0"
      to_port                   = "0"
      protocol                  = "-1"
      cidr_blocks               = ["10.0.0.0/23"]
      ipv6_cidr_blocks          = []
      prefix_list_ids           = []
      security_groups           = []
      self                      = false
    },
    {
      description               = "us-east-1b"
      type                      = "ingress"
      from_port                 = "0"
      to_port                   = "0"
      protocol                  = "-1"
      cidr_blocks               = ["10.0.2.0/23"]
      ipv6_cidr_blocks          = []
      prefix_list_ids           = []
      security_groups           = []
      self                      = false
    },
    {
      description               = "us-east-1c"
      type                      = "ingress"
      from_port                 = "0"
      to_port                   = "0"
      protocol                  = "-1"
      cidr_blocks               = ["10.0.4.0/23"]
      ipv6_cidr_blocks          = []
      prefix_list_ids           = []
      security_groups           = []
      self                      = false
    }
]

Not Working Draft (Need help here)

ingress_rules = flatten([
    for subnets, values in local.subnets : [
      for key in values: {
        description               = key.availability_zone
        type                      = "ingress"
        from_port                 = "0"
        to_port                   = "0"
        protocol                  = "-1"
        cidr_blocks               = [key.cidr_block]
        ipv6_cidr_blocks          = []
        prefix_list_ids           = []
        security_groups           = []
        self                      = false
      }
    ]
  ])

Got the answer from stackoverflow user…

ingress_rules = [
    for subnets, values in local.subnets : {
        description               = values.availability_zone
        type                      = "ingress"
        from_port                 = "0"
        to_port                   = "0"
        protocol                  = "-1"
        cidr_blocks               = [values.cidr_block]
        ipv6_cidr_blocks          = []
        prefix_list_ids           = []
        security_groups           = []
        self                      = false
    }
  ]