Hello,
I’m trying to create a modular Security group rule by using lookup on the following variable:
ingress_rules = [
{
description = "HTTP from anywhere"
from_port = "80"
to_port = "80"
protocol = "tcp"
**cidr_blocks = ["0.0.0.0/0"]**
},
{
description = "HTTPS from anywhere"
from_port = "443"
to_port = "443"
protocol = "tcp"
**cidr_blocks = ["0.0.0.0/0"]**
}
]
This is the resource where I’m performing the lookup:
resource "aws_security_group_rule" "ingress_rules" {
count = length(var.ingress_rules)
security_group_id = aws_security_group.security_group
type = "ingress"
**cidr_blocks = lookup(var.ingress_rules[count.index], "cidr_blocks", null)**
description = lookup(var.ingress_rules[count.index], "description", null)
from_port = lookup(var.ingress_rules[count.index], "from_port", null)
to_port = lookup(var.ingress_rules[count.index], "to_port", null)
protocol = lookup(var.ingress_rules[count.index], "protocol", null)
}
The error I receive is the following:
Error: Incorrect attribute value type
│
│ on main.tf line 38, in resource "aws_security_group_rule" "ingress_rules":
│ 38: cidr_blocks = lookup(var.ingress_rules[count.index], "cidr_blocks", null)
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ var.ingress_rules is a list of map of string, known only after apply
│
│ Inappropriate value for attribute "cidr_blocks": list of string required.
Is this a limitation of the lookup function ? Can you please let me know if there is a workaround for this ?