Local, for each and module security group

im trying to learn terraform on my own to use it on one of my projects, so sorry if this is a basic misunderstanding, i’m a totally noob here.

I would like to create multiple security groups and inside of them, some specific rules for each security group.
I have been reading about, the basic resource type, and then modules.

i have in my mind something like create a local var, defining all the fields from a security group, then invoke it in in a for each inside this module:

here is the local:

locals {
  aws_security_group = {
    "test1"               = { 
        name                = "test1"
        description         = "test1"
        vpc_id              = var.vpc_destiny
        ingress_cidr_blocks = [""]
        ingress_rules       = ["https-443-tcp"]

        ingress_with_cidr_blocks   =  [ 
              description  = "ingress test rules 1"
              protocol     = "tcp"
              from_port    = 443
              to_port      = 443
              cidr_blocks  = [""]
              description  = "ingress test rules 2"
              rule        = "postgresql-tcp"
              cidr_blocks = ""

and here is the module:

module "test_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = local.aws_security_group

  name        = each.key
  description = each.value.description
  vpc_id      = each.value.vpc_id

  ingress_cidr_blocks      = each.value.ingress_cidr_blocks
  ingress_rules            = each.value.ingress_rules
  ingress_with_cidr_blocks = [
      from_port   =  each.value.ingress_with_cidr_blocks.from_port
      to_port     = 8080
      protocol    = "tcp"
      description = "description"
      cidr_blocks = ""
      rule        = "postgresql-tcp"
      cidr_blocks = ""

something seems work until i get inside the ingress_with_cidr_blocks, there i get this error:
each.value.ingress_with_cidr_blocks is tuple with 2 elements

this is the first example just with one item (test1), but i would like to define all of my sgs inside this local, and then iterate in the module for each one i need.

is it possible to do what i am trying? how could i get this?

thank you :slight_smile:

Hi @v4mpir0ck

On of the best ways to lean is to see how the experts do it, I suggest you take a look at the code from Anton Babenko.
(the page is broken and says 0 providers, 0 modules… it is actually many with million of visits.

See the source code for AWS EC2-VPC Security Group

You can also learn from my tutorials, maybe this one, Creating AWS EC2 Instances and Security Rules with Terraform: