{% for perm in curr_perms -%}
    {% set_global ranges = "" -%}
    {% if perm.IpRanges -%} 
        {% for rng in perm.IpRanges -%}
            {% if ranges != "" -%} {% set_global ranges = ranges ~ "," -%} {% endif -%}
            {% set_global ranges = ranges ~ "{CidrIp=" ~ rng.CidrIp ~ "}" -%}
        {% endfor -%}
    {% endif -%}
aws ec2 revoke-security-group-ingress \
    --group-id "{{sg_id}}" \
    --ip-permissions "IpProtocol={{perm.IpProtocol}},FromPort={{perm.FromPort}},ToPort={{perm.ToPort}},IpRanges=[{{ranges}}]" \
    --out json
{% endfor -%}
{% for perm in perms -%}
aws ec2 authorize-security-group-ingress \
    --group-id "{{sg_id}}" \
    --tag-specifications 'ResourceType=security-group-rule,Tags=[{Key=Name,Value={{perm.name}}}]' \
    --ip-permissions "IpProtocol={{perm.protocol}},FromPort={{perm.fromPort}},ToPort={{perm.toPort}},IpRanges={{perm.ranges}}" \
    --out json
{% endfor -%}