# aws config
provider "aws" {
  region  = var.region
  profile = var.profile
  version = "~> 2.70.0"
}

# tags
locals {
  tags = {
    "Project"     = "strapi-elb"
    "Description" = "Terraform resources for strapi in Elastic Beanstalk"
  }
}

# Network

module "vpc" {
  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.14.0"
  stage  = var.stage
  name   = var.name

  cidr_block                                      = "172.16.0.0/16"
  enable_default_security_group_with_custom_rules = false
}

module "subnets" {
  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.23.0"
  stage  = var.stage
  name   = var.name

  availability_zones   = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
  vpc_id               = module.vpc.vpc_id
  igw_id               = module.vpc.igw_id
  cidr_block           = module.vpc.vpc_cidr_block
  nat_gateway_enabled  = false
  nat_instance_enabled = false
}

resource "aws_security_group" "ec2_security_group" {
  name        = "${var.stage}-${var.name}-ec2_sg"
  description = "Security group assigned to the Elastic Scaling group that is applied to the EC2 instances."
  vpc_id      = module.vpc.vpc_id

  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    description = "HTTPS"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    description = "Outbound to all"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# RDS instance

module "rds_instance" {
  source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=tags/0.20.0"
  stage  = var.stage
  name   = var.name

  allocated_storage   = 5
  database_name       = "postgres"
  database_user       = "mainuser"
  database_password   = "password"
  database_port       = 5432
  db_parameter_group  = "postgres12"
  engine              = "postgres"
  engine_version      = "12.3"
  instance_class      = "db.t2.micro"
  security_group_ids  = [aws_security_group.ec2_security_group.id]
  subnet_ids          = module.subnets.public_subnet_ids
  vpc_id              = module.vpc.vpc_id
  publicly_accessible = true
  tags                = local.tags
}

# S3 bucket

resource "aws_s3_bucket" "static_assets" {
  bucket = "${var.stage}-${var.name}-strapi-uploads"
  acl    = "private"
  tags   = local.tags
}