0
0
Terraformcloud~10 mins

Dynamic blocks in security groups in Terraform - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Dynamic blocks in security groups
Start Terraform config
Define security group resource
Enter dynamic block for rules
Loop over input list
Create each rule block
Apply config to cloud
Security group with rules created
Terraform reads the security group resource, loops over the input list inside the dynamic block, creates each rule block, and applies the configuration to create the security group with all rules.
Execution Sample
Terraform
resource "aws_security_group" "example" {
  name = "example-sg"

  dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    }
  }
}
This Terraform code creates a security group with multiple ingress rules defined dynamically from a list variable.
Process Table
StepActionInputDynamic Block IterationResulting Rule Created
1Start resource creationvar.ingress_rules = [{from_port=80, to_port=80, protocol="tcp", cidr_blocks=["0.0.0.0/0"]}, {from_port=443, to_port=443, protocol="tcp", cidr_blocks=["0.0.0.0/0"]}]N/ANo rules yet
2Enter dynamic blockList has 2 itemsPrepare to loop over 2 itemsNo rules yet
3First iterationFirst item: from_port=80, to_port=80, protocol=tcp, cidr_blocks=["0.0.0.0/0"]1Create ingress rule: port 80 tcp from 0.0.0.0/0
4Second iterationSecond item: from_port=443, to_port=443, protocol=tcp, cidr_blocks=["0.0.0.0/0"]2Create ingress rule: port 443 tcp from 0.0.0.0/0
5Finish dynamic blockAll items processedN/ASecurity group has 2 ingress rules
6Apply configurationTerraform applies resourceN/ASecurity group created with 2 ingress rules
💡 All ingress rules from the input list are processed and created in the security group.
Status Tracker
VariableStartAfter 1After 2Final
var.ingress_rules[2 items][2 items][2 items][2 items]
ingress.valueN/A{from_port=80, to_port=80, protocol=tcp, cidr_blocks=["0.0.0.0/0"]}{from_port=443, to_port=443, protocol=tcp, cidr_blocks=["0.0.0.0/0"]}N/A
security_group.ingress_rules_count0122
Key Moments - 3 Insights
Why does Terraform loop over the list inside the dynamic block?
Terraform uses the dynamic block to create multiple nested blocks based on the list length. Each item in the list becomes one ingress rule block, as shown in execution_table rows 3 and 4.
What happens if the input list is empty?
If the list is empty, the dynamic block creates no ingress rules. The security group will have zero ingress rules, as the loop does not run any iterations.
Can the dynamic block create different types of rules?
Yes, the dynamic block content can use values from each list item to create varied rules. For example, different ports or protocols per item, as seen in the different values in rows 3 and 4.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the ingress rule created at step 4?
APort 443 TCP from 0.0.0.0/0
BPort 80 TCP from 0.0.0.0/0
CPort 22 TCP from 0.0.0.0/0
DNo rule created
💡 Hint
Check execution_table row 4 under 'Resulting Rule Created'
At which step does Terraform finish processing all ingress rules?
AStep 3
BStep 5
CStep 4
DStep 6
💡 Hint
Look for the step where 'All items processed' is noted in execution_table
If var.ingress_rules had 3 items instead of 2, how would the execution table change?
AThe dynamic block would create only 2 rules regardless
BTerraform would error out due to too many rules
CThere would be 3 iterations in the dynamic block loop
DThe security group would have zero rules
💡 Hint
Refer to variable_tracker and execution_table showing loop iterations per list item
Concept Snapshot
Terraform dynamic blocks let you create multiple nested blocks from a list.
Use for_each inside dynamic to loop over input data.
Each iteration creates one nested block with values from the list.
This is useful for security groups to define many rules cleanly.
If the list is empty, no blocks are created.
Dynamic blocks keep configs DRY and flexible.
Full Transcript
This visual execution traces how Terraform uses dynamic blocks inside a security group resource. The dynamic block loops over a list variable containing ingress rules. For each item, Terraform creates one ingress block with the specified ports, protocol, and CIDR blocks. The execution table shows step-by-step how each rule is created in order. The variable tracker shows how the loop variable changes each iteration. Key moments clarify why the loop runs and what happens if the list is empty. The quiz tests understanding of the iteration steps and effects of changing the input list. The snapshot summarizes how dynamic blocks simplify creating multiple similar nested blocks in Terraform resources.