Reputation: 153
I'm having trouble defining a dynamic block for security group rules with Terraform. My use almost exactly the same as described by this StackOverflow answer
security_group.tf
source = "terraform-aws-modules/security-group/aws"
version = "4.0.0"
name = "databroker-mendix-public-sg-${terraform.workspace}"
description = "Security group created for public network with custom ports open for zk, kafka, jmx, and ssh"
vpc_id = module.databroker_vpc.vpc_id
dynamic "ingress" {
for_each = var.ingress_rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
egress_with_cidr_blocks = [
{
cidr_blocks = "0.0.0.0/0"
from_port = 0
to_port = 0
protocol = "-1"
description = "egress security group"
}
]
tags = var.tags
}
nonprod.tfvars
default = {
"my ingress rule" = {
description = "For HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
"my other ingress rule" = {
description = "For SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
type = map(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
When I run terraform plan
, I get
│ Error: Unsupported block type
│
│ on security-group.tf line 29, in module "databroker_public_sg":
│ 29: dynamic "ingress" {
│
│ Blocks of type "dynamic" are not expected here.
I have tried replacing "ingress" with "ingress_with_cidr_blocks" as well to get same error. I cannot find any information about use of dynamic blocks being allowed/disallowed in security groups. Appreciate any pointers to understanding what is going on.
Upvotes: 1
Views: 2481
Reputation: 594
just quick look you have missing first line something like
module "dhfjfkfkf" {
as your last } has no opening {
Upvotes: 0
Reputation: 4408
This dynamic "ingress"
seems to be defined in a module, looking at the code you posted.
Not to a aws_security_group resource
ingress_with_cidr_blocks = [
for key, value in var.ingress_rules :
{
description = lookup(value, "description", null)
from_port = lookup(value, "from_port", null)
to_port = lookup(value, "to_port", null)
protocol = lookup(value, "protocol", null)
cidr_blocks = lookup(value, "cidr_blocks", null)
}
]
Maybe you need something like this?
Upvotes: 2