Process Flow - Dynamic blocks in ingress rules

Start Terraform config

↓

Define ingress rules list

↓

Enter resource block

↓

Use dynamic block to loop over ingress rules

↓

For each rule: create ingress block

↓

Terraform applies config

↓

Ingress rules created dynamically

↓

End

Terraform reads a list of ingress rules, then uses a dynamic block inside a resource to create multiple ingress entries automatically.

Execution Sample

Terraform

variable "ingress_rules" {
  default = [
    { from_port = 80, to_port = 80, protocol = "tcp", cidr_blocks = ["0.0.0.0/0"] },
    { from_port = 443, to_port = 443, protocol = "tcp", cidr_blocks = ["0.0.0.0/0"] }
  ]
}

resource "aws_security_group" "example" {
  name = "example-sg"

  dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    }
  }
}

This Terraform code dynamically creates two ingress rules in a security group using a dynamic block looping over a list.

Process Table

Step	Action	Dynamic Block Iteration	Ingress Rule Created	Resource State
1	Start Terraform apply	N/A	No	Security group resource initialized, no ingress rules yet
2	Evaluate dynamic block	Iteration 1	Ingress rule with from_port=80, to_port=80, protocol=tcp, cidr_blocks=["0.0.0.0/0"]	Ingress block 1 added to security group
3	Evaluate dynamic block	Iteration 2	Ingress rule with from_port=443, to_port=443, protocol=tcp, cidr_blocks=["0.0.0.0/0"]	Ingress block 2 added to security group
4	Finish apply	N/A	All ingress rules created	Security group with 2 ingress rules ready

💡 All ingress rules from the list processed, dynamic block iterations complete

Status Tracker

Variable	Start	After Iteration 1	After Iteration 2	Final
var.ingress_rules	[{from_port=80,...},{from_port=443,...}]	Same	Same	Same
ingress.value	N/A	{from_port=80, to_port=80, protocol=tcp, cidr_blocks=["0.0.0.0/0"]}	{from_port=443, to_port=443, protocol=tcp, cidr_blocks=["0.0.0.0/0"]}	N/A
aws_security_group.example.ingress	Empty	1 ingress rule added	2 ingress rules added	2 ingress rules total

Key Moments - 3 Insights

Why does Terraform create multiple ingress blocks from one dynamic block?

What happens if var.ingress_rules is empty?

How does Terraform know which values to assign inside each ingress block?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the from_port value in iteration 2 of the dynamic block?

A443

B22

C80

D0

Concept Snapshot

Terraform dynamic blocks let you create multiple nested blocks from a list.
Use dynamic "block_name" { for_each = list ... } to loop.
Inside content { ... }, use block_name.value to access each item.
This avoids repeating similar blocks manually.
Useful for ingress rules where many similar entries exist.

Full Transcript

This visual execution shows how Terraform uses dynamic blocks to create multiple ingress rules in a security group. It starts by defining a list of ingress rules. Then, inside the aws_security_group resource, a dynamic block loops over this list. For each item, Terraform creates one ingress block with the specified ports, protocol, and CIDR blocks. The execution table traces each iteration, showing how ingress rules are added step-by-step. Variables track the list and current item values. Key moments clarify why multiple blocks are created and how values are assigned. The quiz tests understanding of iteration details and dynamic block behavior. This helps beginners see how dynamic blocks automate repetitive resource definitions in Terraform.