diff --git a/cloud_Azure/terraform/module/cloudexport.tf b/cloud_Azure/terraform/module/cloudexport.tf
index 888ac38..d88c1ae 100644
--- a/cloud_Azure/terraform/module/cloudexport.tf
+++ b/cloud_Azure/terraform/module/cloudexport.tf
@@ -14,9 +14,9 @@ provider "kentik-cloudexport" {
 
 # Creates one Kentik CloudExport for every requested Resource Group
 resource "kentik-cloudexport_item" "azure_export" {
-  for_each = toset(var.resource_group_names)
+  for_each = { for nsg in local.flat_nsgs : nsg.key => nsg.value }
 
-  name           = "${var.name}-${each.value}-${var.subscription_id}" # resource group name + subscription id make the name unique
+  name           = "${var.name}-${var.subscription_id}" # resource group name + subscription id make the name unique
   type           = "CLOUD_EXPORT_TYPE_KENTIK_MANAGED"
   enabled        = var.enabled
   description    = var.description
@@ -25,7 +25,7 @@ resource "kentik-cloudexport_item" "azure_export" {
   azure {
     subscription_id            = var.subscription_id
     location                   = var.location
-    resource_group             = each.value
+    resource_group             = each.value.rg
     storage_account            = azurerm_storage_account.logs_storage_account[each.key].name # storage accounts are mapped 1:1+:1 to nsg(s) and resource_group_names
     security_principal_enabled = true
   }