feat: Move to using for_each for resource blocks

[pincher95]

Description

Move the security groups rules resource blocks to using the for_each meta-argument from the count.

Motivation and Context

It is pretty widely understood that using the count meta-argument can cause churn (ref) in some contexts, such as the context in which this module is used.

Breaking Changes

This change will break all security group rules resources based on count. It will cause churn when switching from an old count-based version of the module to a for_each-based version, because the resources are switching from being an ordered list (sg_rule[0], sg_rule[1], etc.) to a map (sg_rule["443-443-tcp"], sg_rule["22-22-tcp"], etc.).

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
• I have tested and validated these changes using one or more of the provided examples/* projects

# module.security_group.aws_security_group_rule.ingress_with_cidr_blocks["443-443-tcp"] will be created
  + resource "aws_security_group_rule" "ingress_with_cidr_blocks" {
      + cidr_blocks              = [
          + "10.10.0.0/16",
        ]
      + description              = "HTTPS"
      + from_port                = 443
      + id                       = (known after apply)
      + ipv6_cidr_blocks         = []
      + prefix_list_ids          = []
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + security_group_rule_id   = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 443
      + type                     = "ingress"
    }

• I have executed pre-commit run -a on my pull request

[pincher95]

@antonbabenko @bryantbiggs
Can you please check this PR.

Thank you

[bryantbiggs]

I think if we are going to do a breaking change on this module, we should evaluate all potential changes in order to minimize the amount of disruption. For example, I would hope in the next breaking change we would drop the use of aws_security_group_rule and replace it with aws_vpc_security_group_ingress_rule/ aws_vpc_security_group_egress_rule

[bryantbiggs]

just an initial glance - if we are going to do this, we should re-evaluate it from a first principles approach, not just for the sake of changing from count to for_each

[bryantbiggs]

we cannot use toset() in this manner because it will inevitably cause conflicts down the road with computed values as keys

[bryantbiggs]

this should be

Suggested change

	resource "aws_security_group_rule" "ingress_rules" {
	resource "aws_vpc_security_group_ingress_rule" "this" {

[bryantbiggs]

all of these can go away to one generic ingress rule resource and one generic egress rule resource

[bryantbiggs]

drop

[bryantbiggs]

drop

[bryantbiggs]

Suggested change

	resource "aws_security_group_rule" "egress_rules" {
	resource "aws_vpc_security_group_egress_rule" "this" {

[bryantbiggs]

no toset()

[bryantbiggs]

drop

[bryantbiggs]

drop

[bryantbiggs]

drop

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[github-actions]

This PR was automatically closed because of stale in 10 days

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.