# resource "aws_instance" "Test" {
#   ami           = data.aws_ami.this.id
#   instance_type = "t4g.large"
#
#   tags = {
#     Name : "TestInstance001"
#   }
# }

module "TestInstance" {
  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "6.2.0"

  ami                         = data.aws_ami.this.id
  associate_public_ip_address = false
  create_eip                  = false
  name                        = "TestInstance001"
  instance_type               = "t4g.large"
  subnet_id                   = data.terraform_remote_state.vpc.outputs.private_subnets[0]
  create_security_group       = false
  vpc_security_group_ids      = [module.TestSg.id]
  root_block_device = {
    device_name           = "/dev/xvda"
    type                  = "gp3"
    size                  = 20
    delete_on_termination = true
    kms_key_id            = module.KmsKeys.cmks["allpurpose"].arn
  }
  metadata_options = {
    http_put_response_hop_limit = 2
    http_tokens                 = "required"
  }
}

data "aws_ami" "this" {
  most_recent = true
  name_regex  = "^al2023-ami-2023.*-kernel-6.1-arm64"
  owners      = ["amazon"]
}

resource "random_pet" "this" {
  length = 1
}

module "KmsKeys" {
  source = "../../../modules/security_identity_compliance/CustomerManagedKmsKeys"

  create-allpurpose-key   = true
  create-backup-key       = false
  create-database-key     = false
  create-eksebs-key       = false
  create-log-key          = false
  create-notify-key       = false
  create-secret-key       = false
  create-storage-key      = false
  deletion_window_in_days = 7
}


module "TestSg" {
  source      = "../../../modules/compute/security_group"
  name        = "example-sg"
  description = "SG of EC2 bastion instances"
  vpc-id      = data.terraform_remote_state.vpc.outputs.vpc_id
  ingress = {
    r1 = "tcp,4750,4750,1.2.3.4/32,Patch Management Tool"
    r2 = "tcp,22,22,1.2.3.4/32,Patch Management Tool"
  }
  egress = {
    r1 = "-1,-1,-1,0.0.0.0/0,Allow egress ipv4"
    r2 = "-1,-1,-1,::/0,Allow egress ipv6"
  }
}