# aws config
provider "aws" {
  region  = var.region
  profile = var.profile
  version = "~> 2.70.0"
}

# tags
locals {
  tags = {
    "Project"     = "strapi-elb"
    "Description" = "Terraform resources for strapi in Elastic Beanstalk"
  }
}

# Network

module "vpc" {
  source = "git::https://github.com/cloudposse/terraform-aws-vpc?ref=tags/0.14.0"
  stage  = var.stage
  name   = var.name

  cidr_block                                      = "172.16.0.0/16"
  enable_default_security_group_with_custom_rules = false
}

module "subnets" {
  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets?ref=tags/0.23.0"
  stage  = var.stage
  name   = var.name

  availability_zones   = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  vpc_id               = module.vpc.vpc_id
  igw_id               = module.vpc.igw_id
  cidr_block           = module.vpc.vpc_cidr_block
  nat_gateway_enabled  = false
  nat_instance_enabled = false
}

# RDS instance

module "rds_instance" {
  source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=tags/0.20.0"
  stage  = var.stage
  name   = var.name

  allocated_storage   = 5
  database_name       = "postgres"
  database_user       = "mainuser"
  database_password   = "password"
  database_port       = 5432
  db_parameter_group  = "postgres12"
  engine              = "postgres"
  engine_version      = "12.3"
  instance_class      = "db.t2.micro"
  subnet_ids          = module.subnets.public_subnet_ids
  vpc_id              = module.vpc.vpc_id
  publicly_accessible = true
  tags                = local.tags
}

# Set maintenance window
# subnet_ids and vpc_id required
# need a security group for the DB with ingress rule allowing inbound from the autoscaler/EB security group (does a single instance have an SC?) - use 0.0.0.0 for initial creation then change the TF stack with the EB security group once it's created.