heroku_space_inbound_ruleset using counts isn't possible about terraform-provider-heroku HOT 4 CLOSED

Having this resource replicate the aws_security_group_rule would require the API endpoint to be rewritten by our friends at Heroku because as you mention the API overwrites/replaces rulesets.

The good news is that you can pass a list to HCL blocks. This is some example code I came up with for another person looking for similar behavior:

provider "heroku" {}

resource "heroku_space" "foobar" {
  name         = "joe-testing-1"
  organization = "my-team"
  region       = "virginia"
}

locals {
  prd = [
    {
      action = "allow"
      source = "8.8.8.8/32"
    }
  ]

  vpn = [
    {
      action = "allow"
      source = "8.8.4.4/32"
    }
  ]

  space = [
    {
      action = "allow"
      source = "${heroku_space.foobar.outbound_ips[0]}/32"
    },
    {
      action = "allow"
      source = "${heroku_space.foobar.outbound_ips[1]}/32"
    },
    {
      action = "allow"
      source = "${heroku_space.foobar.outbound_ips[2]}/32"
    },
    {
      action = "allow"
      source = "${heroku_space.foobar.outbound_ips[3]}/32"
    }
  ]
}

resource "heroku_space_inbound_ruleset" "lock_space_to_itself" {
  space = "${heroku_space.foobar.id}"
  rule = ["${local.prd}"]
  rule = ["${local.vpn}"]
  rule = ["${local.space}"]
}

from terraform-provider-heroku.

TL;DR you can pass lists of maps into an HCL block and it'll just work.

from terraform-provider-heroku.

Helpful suggestion! I'll try this out. There's an additional axis here, that is my space has a count so that introduces splat syntax.

It's not strictly true that support for this would require a Heroku API change. One would have to get the rules via the api, and do some comparisons, then send the set back.

from terraform-provider-heroku.

This didn't end up working for me, so I just used the older deprecated trusted_ip_ranges

from terraform-provider-heroku.