data "aws_ami" "preauthorized" {

  most_recent = true
  owners      = ["aws-marketplace"]

  filter {
    name   = "product-code"
    values = ["1mp9h4zd2ze4biqif5schqeyu"]
  }
  filter {
    name   = "name"
    values = ["qVSA*"]
  }
}

data "aws_ami" "standard" {

  most_recent = true
  owners      = ["aws-marketplace"]

  filter {
    name   = "product-code"
    values = ["9hnn1m0a6jb7k2r1n9itk3jxu"]
  }
  filter {
    name   = "name"
    values = ["qVSA*"]
  }
}

# Use the default EBS key
data "aws_kms_key" "ebs-key" {
  key_id = "alias/ebs_root_encrypt_decrypt"
}

resource "aws_instance" "qualys_scanner_preauthorized" {

  count         = var.create_preauthorized_scanner == true ? 1 : 0
  ami           = data.aws_ami.preauthorized.id
  instance_type = "t3.medium"
  subnet_id     = var.subnets[0]

  user_data = base64encode("PERSCODE=${var.personalization_codes["preauthorized"]}%{if var.proxy != ""}\nPROXY_URL=${var.proxy}:80%{endif}")
  key_name  = "msoc-build"

  ebs_optimized = true
  vpc_security_group_ids = [
    module.qualys_scanner_sg.security_group_id
  ]

  credit_specification {
    cpu_credits = "unlimited"
  }

  tags        = merge(var.standard_tags, var.tags, { "Name" : "qualys-scanner-preauthorized" })
  volume_tags = merge(var.standard_tags, var.tags, { "Name" : "qualys-scanner-preauthorized" })
  root_block_device {
    volume_size = 100
    volume_type = "gp2"
    encrypted   = true
    kms_key_id  = data.aws_kms_key.ebs-key.arn
  }
  lifecycle {
    ignore_changes = [ami]
  }
}

resource "aws_instance" "qualys_scanner_standard" {

  count         = var.create_standard_scanner == true ? 1 : 0
  ami           = data.aws_ami.standard.id
  instance_type = "t3.medium"
  subnet_id     = var.subnets[0]
  key_name      = "msoc-build"

  user_data = base64encode("PERSCODE=${var.personalization_codes["standard"]}%{if var.proxy != ""}\nPROXY_URL=${var.proxy}:80%{endif}")

  ebs_optimized = true
  vpc_security_group_ids = [
    module.qualys_scanner_sg.security_group_id
  ]

  credit_specification {
    cpu_credits = "unlimited"
  }

  tags        = merge(var.standard_tags, var.tags, { "Name" : "qualys-scanner-standard" })
  volume_tags = merge(var.standard_tags, var.tags, { "Name" : "qualys-scanner-standard" })
  root_block_device {
    volume_size = 100
    volume_type = "gp2"
    encrypted   = true
    kms_key_id  = data.aws_kms_key.ebs-key.arn
  }

  lifecycle {
    ignore_changes = [ami]
  }
}

module "private_dns_record_preauthorized" {
  source = "../../submodules/dns/private_A_record"
  count  = var.create_preauthorized_scanner == true ? 1 : 0

  name            = "qualys-preauthorized"
  ip_addresses    = [aws_instance.qualys_scanner_preauthorized[count.index].private_ip]
  dns_info        = var.dns_info
  reverse_enabled = var.reverse_enabled

  providers = {
    aws.c2 = aws.c2
  }
}

module "private_dns_record_standard" {
  source = "../../submodules/dns/private_A_record"

  count = var.create_standard_scanner == true ? 1 : 0

  name            = "qualys-standard"
  ip_addresses    = [aws_instance.qualys_scanner_standard[count.index].private_ip]
  dns_info        = var.dns_info
  reverse_enabled = var.reverse_enabled

  providers = {
    aws.c2 = aws.c2
  }
}