I'm trying to create a security group that will automatically append the cidr blocks from 2 subnets based from the data source filtered results. However I'm getting the error when deploying using terraform v12 variant
data "aws_vpc" "my-vpc" {
filter {
name = "tag:MY_VPC"
values = ["TRUE"]
}
}
data "aws_subnet_ids" "my-subnets" {
vpc_id = data.aws_vpc.my-vpc.id
filter {
name = "tag:NAME"
values = ["MY_SUBNET"]
}
}
resource "aws_security_group" "my-sg" {
name = "my-sg"
description = "my-sg"
vpc_id = data.aws_vpc.my-vpc.id
ingress {
from_port = 443
protocol = "tcp"
to_port = 443
cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
}
ingress {
from_port = 22
protocol = "tcp"
to_port = 22
cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
}
ingress {
from_port = 80
protocol = "tcp"
to_port = 80
cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
}
egress {
from_port = 0
protocol = "-1"
to_port = 0
cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
}
}
ERROR Im getting
on terraform/my-sg.tf line 27, in resource "aws_security_group" "my-sg":
31: cidr_blocks = ["${data.aws_subnet_ids.my-subnets.*.cidr_block}"]
This object does not have an attribute named "cidr_block".
Data source aws_subnet_ids only returns subnet ids, not cider ranges. To get cidr you have to use aws_subnet:
data "aws_subnet_ids" "my-subnets" {
vpc_id = data.aws_vpc.my-vpc.id
filter {
name = "tag:NAME"
values = ["MY_SUBNET"]
}
}
data "aws_subnet" "selected" {
for_each = data.aws_subnet_ids.my-subnets.ids
id = each.value
}
Then you would use the data:
cidr_blocks = "${values(data.aws_subnet.selected).*.cidr_block}"