Hi @apparentlymart , thank you for the quick reply.
I may have not explained clearly my goal by using those maps.
I wanted to replace my old vpc configuration that had a security group including hard coded inline ingress rules (fixed list of ports) by => an iteration of a dynamic block of type “aws_security_group_rule” using for_each function.
- In addition I also want to have the posibility of choosing the list of ports to open through a variable (example : linux => 22 , webserver=>22/80/443, windows=> rdp/80/443) . Hence the 3 maps I listed in my OP.
I will start with your example , I feel I’m getting close 
.
thank you again.
@brokedba