0
0
Terraformcloud~10 mins

Nested dynamic blocks in Terraform - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Nested dynamic blocks
Start Terraform config
Identify outer dynamic block
Iterate over outer collection
For each outer item:
Create outer block instance
Identify inner dynamic block
Iterate over inner collection
Create inner block instances
Complete all iterations
Terraform plan/apply with nested blocks
Terraform processes the outer dynamic block by looping over its collection, then for each item, it processes the inner dynamic block by looping over its inner collection, creating nested blocks accordingly.
Execution Sample
Terraform
resource "aws_security_group" "example" {
  dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      from_port = ingress.value.from
      dynamic "cidr_blocks" {
        for_each = ingress.value.cidr_blocks
        content {
          cidr_block = cidr_blocks.value
        }
      }
    }
  }
}
This Terraform code creates a security group with nested dynamic blocks: an outer 'ingress' block iterating over ingress rules, and an inner 'cidr_blocks' block iterating over CIDR blocks for each ingress.
Process Table
StepOuter Loop IndexOuter ItemInner Loop IndexInner ItemActionResulting Block Created
10{"from": 80, "cidr_blocks": ["10.0.0.0/24", "192.168.1.0/24"]}0"10.0.0.0/24"Create ingress block with from_port=80 and cidr_block=10.0.0.0/24ingress[0] with cidr_blocks[0]
20{"from": 80, "cidr_blocks": ["10.0.0.0/24", "192.168.1.0/24"]}1"192.168.1.0/24"Create ingress block with from_port=80 and cidr_block=192.168.1.0/24ingress[0] with cidr_blocks[1]
31{"from": 443, "cidr_blocks": ["0.0.0.0/0"]}0"0.0.0.0/0"Create ingress block with from_port=443 and cidr_block=0.0.0.0/0ingress[1] with cidr_blocks[0]
42{"from": 22, "cidr_blocks": []}N/AN/ACreate ingress block with from_port=22 but no cidr_blocksingress[2] with no cidr_blocks
5N/AN/AN/AN/AAll outer items processedAll nested dynamic blocks created
💡 Outer loop completed all ingress rules; inner loops completed all cidr_blocks for each ingress.
Status Tracker
VariableStartAfter 1After 2After 3Final
outer_indexN/A001Completed
outer_itemN/A{"from": 80, "cidr_blocks": ["10.0.0.0/24", "192.168.1.0/24"]}{"from": 80, "cidr_blocks": ["10.0.0.0/24", "192.168.1.0/24"]}{"from": 443, "cidr_blocks": ["0.0.0.0/0"]}Completed
inner_indexN/A010N/A
inner_itemN/A"10.0.0.0/24""192.168.1.0/24""0.0.0.0/0"N/A
Key Moments - 3 Insights
Why does the inner dynamic block run multiple times for each outer block?
Because the inner dynamic block loops over a collection inside each outer item, it runs once per inner item for every outer item, as shown in execution_table rows 1 and 2 for outer_index 0.
What happens if the inner collection is empty for an outer item?
No inner blocks are created for that outer item, but the outer block still exists. See execution_table row 4 where ingress[2] has no cidr_blocks.
How does Terraform know which blocks belong nested inside others?
Terraform nests inner dynamic blocks inside the outer block's content, matching the loop structure. Each inner block is created within the current outer block iteration, as shown in the nested block creation in execution_table.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the inner_item at Step 3?
A"0.0.0.0/0"
B"192.168.1.0/24"
C"10.0.0.0/24"
DNo inner item at Step 3
💡 Hint
Check the 'Inner Item' column in execution_table row with Step 3.
At which outer_index does the inner dynamic block have zero iterations?
A0
B2
C1
DNone, all have inner iterations
💡 Hint
Look at execution_table row 4 where inner loop is N/A and no cidr_blocks exist.
If the outer collection had one more item with two cidr_blocks, how would the execution_table change?
ANo change, only existing items processed
BAdd one row with outer_index 3 and inner_index N/A
CAdd two more rows with outer_index 3 and inner_index 0 and 1
DAdd one row with outer_index 2 and inner_index 2
💡 Hint
Each outer item loops over its inner collection, so two cidr_blocks mean two inner iterations.
Concept Snapshot
Nested dynamic blocks in Terraform:
- Outer dynamic block loops over a collection.
- Inner dynamic block loops over a nested collection inside each outer item.
- Each inner block is created inside its outer block instance.
- Empty inner collections create no inner blocks but outer block still exists.
- Useful for complex nested resource configurations.
Full Transcript
This visual execution trace shows how Terraform processes nested dynamic blocks. First, it loops over the outer collection, creating an outer block for each item. Then, for each outer item, it loops over the inner collection to create nested inner blocks. Variables track the current outer and inner indices and items. The execution table details each step, showing how blocks are created. Key moments clarify common confusions like why inner blocks run multiple times and what happens with empty inner collections. The quiz tests understanding of inner items at specific steps, empty inner loops, and how adding items affects the execution. The snapshot summarizes the concept for quick recall.