Hi there,
We have services that distributed in different VPCs and I need to add SG rules for all instances from all of the VPCs to able to connect to port on an instance in the management VPC. Say, eg. I have three VPCs: xxxprd-n, xxxprd-l and xxxprd-h and I need to source the PIV4_CIDR for a given VPC dynamically to create an ingress rule on that.
My idea was to source the PIV4_CIDR for any given VPC, using the aws_vpcs data-source to identify the VPC first and then get the CIDR from ID but the seems not to be working. This is what I tried:
data "aws_vpcs" "prod" {
tags = {
Name = "${var.project}prd-*"
}
}
#
resource "aws_security_group_rule" "pa-allow" {
count = length(data.aws_vpcs.prod.ids)
type = "ingress"
from_port = 8140
to_port = 8140
protocol = "tcp"
cidr_blocks = [sort(data.aws_vpcs.prod.ids)[count.index].cidr_block]
security_group_id = aws_security_group.secg.id
description = "allow from ${sort(data.aws_vpcs.prod.ids)[count.index]}"
}
and this is what I get when I plan or apply:
Error: Unsupported attribute
on …/…/modules/mgt/ec2.tf line 42, in resource “aws_security_group_rule” “pa-allow”:
42: cidr_blocks = [sort(data.aws_vpcs.prod.ids)[count.index].cidr_block]This value does not have any attributes.
It seems CIDR is not an attribute for the aws_vpcs data type but I tried that following the example for aws_vpc, which returns info about a single VPC and .cidr_block works for it. Hence I thought probably it’s gonna work the similar way for the aws_vpcs list element.
What am I missing or can do to make it working?