resource "aws_vpc_dhcp_options" "default" {
	count = "${var.enable_domain_name}"
	domain_name = "ec2.internal ${var.r53_domain_name}"
	domain_name_servers = ["AmazonProvidedDNS"]
	tags {
		Name = "${var.project}-${var.environment}-dhcp_options_set"
		service = "${var.project}-${var.environment}-dhcp_options_set"
		project = "${var.project}"
		environment = "${var.environment}"
		role = "dhcp_options_set"
	}
}

resource "aws_vpc_dhcp_options_association" "default" {
	count = "${var.enable_domain_name}"
	vpc_id = "${aws_vpc.default.id}"
	dhcp_options_id = "${aws_vpc_dhcp_options.default.id}"
}

resource "aws_vpc" "default" {
	cidr_block = "${var.cidr}"
	enable_dns_hostnames = "${var.enable_dns_hostnames}"
	enable_dns_support = "${var.enable_dns_support}"
	instance_tenancy = "default"
	tags {
		Name = "${var.project}-${var.environment}-vpc"
		service = "${var.project}-${var.environment}-vpc"
		project = "${var.project}"
		environment = "${var.environment}"
		role = "vpc"
	}
}

resource "aws_internet_gateway" "default" {
	vpc_id = "${aws_vpc.default.id}"
	tags {
		Name = "${var.project}-${var.environment}-igw"
		service = "${var.project}-${var.environment}-igw"
		project = "${var.project}"
		environment = "${var.environment}"
		role = "igw"
	}
}

data "aws_vpc_peering_connection" "peer" {
	count = "${length(var.peering_connection_ids)}"
	id = "${element(var.peering_connection_ids, count.index)}"
}

resource "aws_default_route_table" "default" {
	default_route_table_id = "${aws_vpc.default.default_route_table_id}"
}

resource "aws_route" "default_gateway" {
	route_table_id = "${aws_default_route_table.default.id}"
	destination_cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.default.id}"
}

resource "aws_route" "default_peer" {
	count = "${length(var.peering_connection_ids)}"
	route_table_id = "${aws_default_route_table.default.id}"
	destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
	vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
}

resource "aws_route_table" "public" {
	vpc_id = "${aws_vpc.default.id}"
	tags {
		Name = "${var.project}-${var.environment}-public"
		service = "${var.project}-${var.environment}-route-table"
		project = "${var.project}"
		environment = "${var.environment}"
		role = "route-table"
	}
}

resource "aws_route" "public_gateway" {
	route_table_id = "${aws_route_table.public.id}"
	destination_cidr_block = "0.0.0.0/0"
	gateway_id = "${aws_internet_gateway.default.id}"
}

resource "aws_route" "public_peer" {
	count = "${length(var.peering_connection_ids)}"
	route_table_id = "${aws_route_table.public.id}"
	destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index)}"
	vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index)}"
}

resource "aws_subnet" "public" {
	count = "${length(var.public_azs)}"
	vpc_id = "${aws_vpc.default.id}"
	cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_public)}"
	availability_zone = "${element(var.public_azs, count.index)}"
	tags {
		Name = "${var.project}-${var.environment}-public-${element(var.public_azs, count.index)}"
		project = "${var.project}"
		environment = "${var.environment}"
		service = "${var.project}-${var.environment}-subnet-public"
		role = "subnet"
		zone = "pub"
	}
	map_public_ip_on_launch = true
}

resource "aws_route_table_association" "public" {
	count = "${length(var.public_azs)}"
	subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
	route_table_id =  "${element(aws_route_table.public.*.id, count.index)}"
}

resource "aws_subnet" "private" {
	count = "${length(var.private_azs)}"
	vpc_id = "${aws_vpc.default.id}"
	cidr_block = "${cidrsubnet(var.cidr, 8, count.index + var.subnets_offset_private)}"
	availability_zone = "${element(var.private_azs, count.index)}"
	tags {
		Name = "${var.project}-${var.environment}-private-${element(var.private_azs, count.index)}"
		project = "${var.project}"
		environment = "${var.environment}"
		service = "${var.project}-${var.environment}-subnet-private"
		role = "subnet"
		zone = "priv"
	}
	map_public_ip_on_launch = false
}

resource "aws_route_table_association" "private" {
	count = "${length(var.private_azs)}"
	subnet_id = "${element(aws_subnet.private.*.id, count.index)}"
	route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
}

resource "aws_route_table" "private" {
	count = "${length(var.private_azs)}"
	vpc_id = "${aws_vpc.default.id}"
	tags {
		Name = "${var.project}-${var.environment}-private${format("%02d", count.index + 1)}"
		project = "${var.project}"
		environment = "${var.environment}"
		service = "${var.project}-${var.environment}-route-table-private"
		role = "route-table"
	}
}

resource "aws_route" "private_gateway" {
	count = "${length(var.private_azs)}"
	route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
	destination_cidr_block = "0.0.0.0/0"
	nat_gateway_id = "${element(aws_nat_gateway.default.*.id, count.index)}"
}

resource "aws_route" "private_peer" {
	count = "${length(var.peering_connection_ids) * length(var.private_azs)}"
	route_table_id = "${element(aws_route_table.private.*.id, count.index / length(var.private_azs))}"
	destination_cidr_block = "${element(data.aws_vpc_peering_connection.peer.*.cidr_block, count.index % length(var.private_azs))}"
	vpc_peering_connection_id = "${element(data.aws_vpc_peering_connection.peer.*.id, count.index % length(var.private_azs))}"
}

resource "aws_eip" "nat" {
	count = "${length(var.private_azs)}"
	vpc = true
}

resource "aws_nat_gateway" "default" {
	count = "${length(var.private_azs)}"
	allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
	subnet_id = "${element(aws_subnet.public.*.id, count.index)}"
}

data "aws_iam_policy_document" "base" {
	statement {
		sid = "aws-read"
		resources = ["*"]
		actions = [
			"autoscaling:Describe*",
			"cloudwatch:ListMetrics",
			"cloudwatch:GetMetricsStatistics",
			"cloudwatch:Describe*",
			"ec2:Describe*",
			"elasticloadbalancing:Describe*",
			"logs:CreateLogGroup",
			"logs:CreateLogStream",
			"logs:Describe*",
			"logs:PutLogEvents",
			"logs:PutMetricFilter"
		]
	}
}

resource "aws_iam_policy" "base" {
	name = "base-policy"
	path = "/"
	description = "base-policy"
	policy = "${data.aws_iam_policy_document.base.json}"
}

resource "aws_security_group" "general-access" {
	name = "general-access"
	description = "Allow all ICMP and intra-vpc SSH traffic"
	vpc_id = "${aws_vpc.default.id}"
}

resource "aws_security_group_rule" "ga_out_all" {
	security_group_id = "${aws_security_group.general-access.id}"
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "all"
	cidr_blocks = ["0.0.0.0/0"]
	lifecycle {
		create_before_destroy = true
	}
}

resource "aws_security_group_rule" "ga_in_icmp" {
	security_group_id = "${aws_security_group.general-access.id}"
	type = "ingress"
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["0.0.0.0/0"]
	lifecycle {
		create_before_destroy = true
	}
}

resource "aws_security_group_rule" "ga_in_ssh" {
	security_group_id = "${aws_security_group.general-access.id}"
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["${concat(list(var.cidr), var.ssh_allowed_cidr)}"]
	lifecycle {
		create_before_destroy = true
	}
}