Aravindh Sathish
Aravindh Sathish

Reputation: 153

dynamic blocks in terraform aws_security_group

I'm having trouble defining a dynamic block for security group rules with Terraform. My use almost exactly the same as described by this StackOverflow answer

security_group.tf

  source  = "terraform-aws-modules/security-group/aws"
  version = "4.0.0"

  name        = "databroker-mendix-public-sg-${terraform.workspace}"
  description = "Security group created for public network with custom ports open for zk, kafka, jmx, and ssh"
  vpc_id      = module.databroker_vpc.vpc_id

  dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      description      = lookup(ingress.value, "description", null)
      from_port        = lookup(ingress.value, "from_port", null)
      to_port          = lookup(ingress.value, "to_port", null)
      protocol         = lookup(ingress.value, "protocol", null)
      cidr_blocks      = lookup(ingress.value, "cidr_blocks", null)
    }
  }
  egress_with_cidr_blocks = [
    {
      cidr_blocks = "0.0.0.0/0"
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      description = "egress security group"
    }
  ]

  tags = var.tags
}

nonprod.tfvars

  default = {
    "my ingress rule" = {
      description = "For HTTP"
      from_port   = 80
      to_port     = 80
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    },
    "my other ingress rule" = {
      description = "For SSH"
      from_port   = 22
      to_port     = 22
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
  type = map(object({
    description = string
    from_port   = number
    to_port     = number
    protocol    = string
    cidr_blocks = list(string)
  }))
}

When I run terraform plan, I get

│ Error: Unsupported block type
│ 
│   on security-group.tf line 29, in module "databroker_public_sg":
│   29:   dynamic "ingress" {
│ 
│ Blocks of type "dynamic" are not expected here.

I have tried replacing "ingress" with "ingress_with_cidr_blocks" as well to get same error. I cannot find any information about use of dynamic blocks being allowed/disallowed in security groups. Appreciate any pointers to understanding what is going on.

Upvotes: 1

Views: 2481

Answers (2)

David
David

Reputation: 594

just quick look you have missing first line something like

module "dhfjfkfkf" {

as your last } has no opening {

Upvotes: 0

Tolis Gerodimos
Tolis Gerodimos

Reputation: 4408

This dynamic "ingress" seems to be defined in a module, looking at the code you posted.

Not to a aws_security_group resource

ingress_with_cidr_blocks = [
  for key, value in var.ingress_rules :  
  {
    description      = lookup(value, "description", null)
    from_port        = lookup(value, "from_port", null)
    to_port          = lookup(value, "to_port", null)
    protocol         = lookup(value, "protocol", null)
    cidr_blocks      = lookup(value, "cidr_blocks", null)
  }
]

Maybe you need something like this?

Upvotes: 2

Related Questions