I have 2 modules and each are using count at the resource level to create VM's and network interfaces etc.

I would like to dynamically allow all the private ip's from module 2 in the security group of module 1.

I am able to output the data as tuple or string but I don't know how to transform/split/filter this data and loop so that each value can dynamically become a CIDR entry in the SG.

Example with output as tuple which needs to be input in SG:

Module 2:

output "private_ip" {
value = "${aws_network_interface.test[*].private_ip}"
}

Module 1:

resource "aws_security_group_rule" "SSH" {
  type              = "ingress"
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks       = ["${var.private_ip}/32"]
  security_group_id = aws_security_group.test.id
}

Parent:

module "Module1" {
  source = "./Module1"
  private_ip = "${module.Module2.private_ip}"
}

module "Module2" {
  source = "./Module2"
}

When I run the above as is I get the below error:

│ Error: Invalid template interpolation value
│ 
│   on Module1/main.tf line 129, in resource "aws_security_group_rule" "SSH":
│  129:   cidr_blocks       = ["${var.private_ip}/32"]
│     ├────────────────
│     │ var.private_ip is tuple with 2 elements
│ 
│ Cannot include the given value in a string template: string required.

CodePudding user response：

Since you are using TF v1.2.8, its better to use modern syntax, not syntax from v 0.11. Also this is how you can pass multiple IPs:

output "private_ip" {
   value =  aws_network_interface.test[*].private_ip
}

module "Module1" {
  source = "./Module1"
  private_ip = module.Module2.private_ip
}

resource "aws_security_group_rule" "SSH" {
  type              = "ingress"
  from_port         = 22
  to_port           = 22
  protocol          = "tcp"
  cidr_blocks       = [for ip in var.private_ip: "${ip}/32"]
  security_group_id = aws_security_group.test.id
}