module "example-sg" {
  source      = "../"
  name        = "bastion-sg"
  description = "SG of EC2 bastion instances"
  vpc-id      = "vpc-12345678"
  ingress = {
    r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
    r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
    r3 = "tcp,52311,52311,${aws_ec2_managed_prefix_list.example.id},BigFix server to client"
  }
  egress = {
    r1 = "-1,-1,-1,0.0.0.0/0,Allow Ingress from all"
  }
}


resource "aws_ec2_managed_prefix_list" "example" {
  name           = "Omprem subnets"
  address_family = "IPv4"
  max_entries    = 5

  dynamic "entry" {
    for_each = toset([
      "192.168.99.0/24",
      "192.168.100.0/24"
    ])
    content {
      cidr        = entry.value
      description = "Onprem management subnets"
    }
  }
}