resource "aws_security_group" "management-elb" {
	count = "${var.management_elb > 0 ? 1 : 0}"
	vpc_id = "${var.vpc_id}"
	name = "${var.management_service_name}-elb"
	description = "${var.management_service_name} internal ELB"
}
resource "aws_security_group_rule" "management-elb-out-all" {
	count = "${var.management_elb > 0 ? 1 : 0}"
	security_group_id = "${aws_security_group.management-elb.id}"
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "all"
	cidr_blocks = [ "0.0.0.0/0" ]
}
resource "aws_security_group_rule" "management-elb-in-ssh" {
	count = "${var.management_elb > 0 ? 1 : 0}"
	security_group_id = "${aws_security_group.management-elb.id}"
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = [ "0.0.0.0/0" ]
}

resource "aws_security_group" "management" {
	vpc_id = "${var.vpc_id}"
	name = "${var.management_service_name}"
	description = "${var.management_service_name} service"
}
resource "aws_security_group_rule" "management-out-all" {
	security_group_id = "${aws_security_group.management.id}"
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "all"
	cidr_blocks = [ "0.0.0.0/0" ]
}
resource "aws_security_group_rule" "management-in-self" {
	security_group_id = "${aws_security_group.management.id}"
	type = "ingress"
	from_port = 0
	to_port = 0
	protocol = "all"
	self = true
}
resource "aws_security_group_rule" "management-in-elb" {
	security_group_id = "${aws_security_group.management.id}"
	type = "ingress"
	from_port = 0
	to_port = 0
	protocol = "all"
	source_security_group_id = "${aws_security_group.management-elb.id}"
}

resource "aws_elb" "management" {
	count = "${var.management_elb > 0 ? 1 : 0}"
	name = "${var.management_service_name}-int-elb"
	security_groups = ["${aws_security_group.management-elb.id}"]
	internal = true
	listener {
		instance_port = 22
		instance_protocol = "TCP"
		lb_port = 22
		lb_protocol = "TCP"
	}
	health_check {
		healthy_threshold = 3
		unhealthy_threshold = 2
		target = "TCP:22"
		interval = 30
		timeout = 10
	}
	idle_timeout = 600
	subnets = ["${var.management_subnet_ids}"]
}

data "aws_ami" "amazon_linux" {
	count = "${length(var.ami) > 0 ? 0 : 1}"
	most_recent = true
	owners = ["amazon"]
	filter {
		name = "name"
		values = ["amzn-ami-hvm-*-gp2"]
	}
	filter {
		name = "root-device-type"
		values = ["ebs"]
	}
	# hack filter to ignore .rc- release candidate amis
	name_regex = "amzn-ami-hvm-[^r]*-gp2"
}

data "aws_region" "current" {
	current = true
}
data "template_file" "user_data" {
	template = "${file("${path.module}/user-data.tpl")}"
	vars {
		region = "${data.aws_region.current.name}"
		app_name = "${var.management_service_name}"
		stack = ""
		phase = "${var.phase}"
		country = ""
		cluster = "${var.management_service_name}-d0${var.phase}"
		acct_name = "${var.acct_name}"
	}
}

resource "aws_launch_configuration" "management" {
	name_prefix = "${var.management_service_name}"
	image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
	instance_type = "${var.instance_type}"
	iam_instance_profile = "${aws_iam_instance_profile.management.name}"
	key_name = "${var.key_name}"
	security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
	associate_public_ip_address = false
	user_data = "${data.template_file.user_data.rendered}"
	lifecycle {
		create_before_destroy = true
	}
}

resource "aws_autoscaling_group" "management" {
	name = "${var.management_service_name}"
	launch_configuration = "${aws_launch_configuration.management.name}"
	vpc_zone_identifier = ["${var.management_subnet_ids}"]
	min_size = 0
	max_size = "${length(var.management_subnet_ids)}"
	default_cooldown = 10
	health_check_type = "EC2"
	load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
	lifecycle {
		create_before_destroy = true
	}
	tag {
		propagate_at_launch = true
		key = "module"
		value = "${var.management_service_name}"
	}
	tag {
		propagate_at_launch = true
		key = "phase"
		value = "${var.phase}"
	}
}

resource "aws_autoscaling_notification" "management" {
	group_names = ["${aws_autoscaling_group.management.name}"]
	topic_arn = "${aws_sns_topic.management-events.arn}"
	notifications = [
		"autoscaling:EC2_INSTANCE_LAUNCH",
		"autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
		"autoscaling:EC2_INSTANCE_TERMINATE",
		"autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
	]
}

data "aws_subnet" "management" {
	count = "${length(var.management_subnet_ids)}"
	id = "${element(var.management_subnet_ids, count.index)}"
}

resource "aws_ebs_volume" "management-data" {
	count = "${length(var.management_subnet_ids) * var.management_data_efs}"
	availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
	size = "${var.management_data_volume_size}"
	type = "gp2"
	tags {
		module = "${var.management_service_name}"
	}
}

resource "aws_efs_file_system" "management-data" {
	count = "${var.management_data_efs}"
	creation_token = "${var.management_service_name}-data"
	tags {
		Name = "${var.management_service_name}-data"
	}
}

resource "aws_efs_mount_target" "management-data" {
	count = "${length(var.management_subnet_ids) * var.management_data_efs}"
	file_system_id = "${aws_efs_file_system.management-data.id}"
	subnet_id = "${element(var.management_subnet_ids, count.index)}"
	security_groups = ["${aws_security_group.management.id}"]
}