data "aws_default_tags" "this" { lifecycle { postcondition { condition = length(self.tags) >= 1 error_message = "Validation failed: Provider default_tags not set." } } } resource "aws_security_group" "sg" { name = var.name description = var.description vpc_id = var.vpc-id tags = { Name = var.name } } resource "aws_vpc_security_group_ingress_rule" "ingress-rules" { for_each = var.ingress security_group_id = aws_security_group.sg.id ip_protocol = split(",", each.value)[0] from_port = split(",", each.value)[1] to_port = split(",", each.value)[2] cidr_ipv4 = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null cidr_ipv6 = strcontains(split(",", each.value)[3], "::") ? split(",", each.value)[3] : null referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null description = split(",", each.value)[4] } resource "aws_vpc_security_group_egress_rule" "egress-rules" { for_each = var.egress security_group_id = aws_security_group.sg.id ip_protocol = split(",", each.value)[0] from_port = split(",", each.value)[1] to_port = split(",", each.value)[2] cidr_ipv4 = can(regex("^([0-9]+\\.){3}[0-9]+\\/[0-9]+$", split(",", each.value)[3])) ? split(",", each.value)[3] : null cidr_ipv6 = strcontains(split(",", each.value)[3], "::") ? split(",", each.value)[3] : null referenced_security_group_id = substr(split(",", each.value)[3], 0, 2) == "sg" ? split(",", each.value)[3] : null prefix_list_id = substr(split(",", each.value)[3], 0, 2) == "pl" ? split(",", each.value)[3] : null description = split(",", each.value)[4] }