Unable to parse cidr_block from terraform data source

Question

I'm trying to create a security group that will automatically append the cidr blocks from 2 subnets based from the data source filtered results. However I'm getting the error when deploying using terraform v12 variant

data "aws_vpc" "my-vpc" {
  filter {
    name   = "tag:MY_VPC"
    values = ["TRUE"]
  }
}

data "aws_subnet_ids" "my-subnets" {
 vpc_id = data.aws_vpc.my-vpc.id

 filter {
   name   = "tag:NAME"
   values = ["MY_SUBNET"]
 }
}


resource "aws_security_group" "my-sg" {
 name   = "my-sg"
 description   = "my-sg"
 vpc_id = data.aws_vpc.my-vpc.id

 ingress {
  from_port   = 443
  protocol    = "tcp"
  to_port     = 443
  cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
 }

 ingress {
  from_port   = 22
  protocol    = "tcp"
  to_port     = 22
  cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
 }

 ingress {
  from_port   = 80
  protocol    = "tcp"
  to_port     = 80
  cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
 }

 egress {
  from_port   = 0
  protocol    = "-1"
  to_port     = 0
  cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
 }
}

ERROR Im getting

on terraform/my-sg.tf line 27, in resource "aws_security_group" "my-sg":
  31:     cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]

This object does not have an attribute named "cidr_block".

Answer 1

Data source aws_subnet_ids only returns subnet ids, not cider ranges. To get cidr you have to use aws_subnet:

data "aws_subnet_ids" "my-subnets" {
 vpc_id = data.aws_vpc.my-vpc.id

 filter {
   name   = "tag:NAME"
   values = ["MY_SUBNET"]
 }
}


data "aws_subnet" "selected" {
  for_each = data.aws_subnet_ids.my-subnets.ids
  id = each.value
}

Then you would use the data:

cidr_blocks = "${values(data.aws_subnet.selected).*.cidr_block}"