merging aws security rules

[Matt Graham]

I think someone once may have posted something like this but Im trying to merge a list of base firewall rules (AWS) into a master_rules for that role

Example: all the roles listed in default/main.yml would merge in the base ip rules. I cant use python eval and not sure what is the best way to tackle merging. Here's what Ive been attempting. Im sure there is an easier way Im missing. Thanks for any help. 

defaults/main.yml

    roles:

        - nat

        - apps

        - db

        - web

        - log

vars/
      base.yml
      apps.yml
          rules:

             - proto: tcp

               from_port: 22

               to_port: 22

              cidr_ip: 0.0.0.0/0

- name: Include ip Base rules 

  include_vars:

    file: "base.yml"

    name: base

- name: Include Rules per  Role 

  include_vars:

    file: "{{ item }}.yml"

    name: "{{ item }}_rules"

  with_items:

    - "{{ roles }}"

- name: Set facts

  set_fact:

    master_rules_for_{{ item }}: "{{ (item + '_rules')['rules'] |  union(base['rules']) }}"

  with_items:

    - "{{ roles }}"