Local, for each and module security group

Hi,
im trying to learn terraform on my own to use it on one of my projects, so sorry if this is a basic misunderstanding, i’m a totally noob here.

I would like to create multiple security groups and inside of them, some specific rules for each security group.
I have been reading about, the basic resource type, and then modules.

i have in my mind something like create a local var, defining all the fields from a security group, then invoke it in in a for each inside this module:
https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/latest

here is the local:

locals {
  aws_security_group = {
    "test1"               = { 
        name                = "test1"
        description         = "test1"
        vpc_id              = var.vpc_destiny
        ingress_cidr_blocks = ["0.0.0.0/16"]
        ingress_rules       = ["https-443-tcp"]

        ingress_with_cidr_blocks   =  [ 
            {
              description  = "ingress test rules 1"
              protocol     = "tcp"
              from_port    = 443
              to_port      = 443
              cidr_blocks  = ["192.168.36.0/23"]
            },
            {
              description  = "ingress test rules 2"
              rule        = "postgresql-tcp"
              cidr_blocks = "0.0.0.0/0"
            },
        ]
    }    
  }
}

and here is the module:

module "test_sg" {
  source = "terraform-aws-modules/security-group/aws"
  for_each = local.aws_security_group

  name        = each.key
  description = each.value.description
  vpc_id      = each.value.vpc_id

  ingress_cidr_blocks      = each.value.ingress_cidr_blocks
  ingress_rules            = each.value.ingress_rules
  ingress_with_cidr_blocks = [
    {
      from_port   =  each.value.ingress_with_cidr_blocks.from_port
      to_port     = 8080
      protocol    = "tcp"
      description = "description"
      cidr_blocks = "10.10.0.0/16"
    },
    {
      rule        = "postgresql-tcp"
      cidr_blocks = "0.0.0.0/0"
    },
  ]
}

something seems work until i get inside the ingress_with_cidr_blocks, there i get this error:
each.value.ingress_with_cidr_blocks is tuple with 2 elements

this is the first example just with one item (test1), but i would like to define all of my sgs inside this local, and then iterate in the module for each one i need.

is it possible to do what i am trying? how could i get this?

thank you :slight_smile:

Hi @v4mpir0ck

On of the best ways to lean is to see how the experts do it, I suggest you take a look at the code from Anton Babenko.
(the page is broken and says 0 providers, 0 modules… it is actually many with million of visits.

See the source code for AWS EC2-VPC Security Group

You can also learn from my tutorials, maybe this one, Creating AWS EC2 Instances and Security Rules with Terraform: