#------------------------------------
# RDS Cluster
#------------------------------------
resource "aws_kms_key" "customer_portal_kms" {
  description = "RDS KMS Key"
  enable_key_rotation = true
}

resource "aws_db_subnet_group" "customer_portal_rds_subnets" {
  name        = "customer_portal_rds_subnets"
  description = "Customer Portal RDS Private subnet"
  subnet_ids  = [ element(var.subnets,0), element(var.subnets,1), element(var.subnets,2) ]
}

resource "aws_db_instance" "postgres" {
  allocated_storage      = 20
  storage_type           = "gp2"
  engine                 = "postgres"
  db_subnet_group_name   = aws_db_subnet_group.customer_portal_rds_subnets.name
  vpc_security_group_ids = [ aws_security_group.postgres.id, ]
  instance_class         = "db.t2.small"
  identifier             = "customerportal"
  name                   = "customerportal"
  username               = "portal"
  password               = "foobarbaz"
  kms_key_id             = aws_kms_key.customer_portal_kms.arn
  storage_encrypted      = "true"
  ca_cert_identifier     = "rds-ca-2017"
}

#------------------------------------
# Security Groups
#------------------------------------

resource "aws_security_group" "postgres" {
  name        = "customer_portal_postgres_inbound_sg"
  description = "Allow Customer Portal HTTP Traffic Inbound"
  vpc_id      = var.vpc_id
}

resource "aws_security_group_rule" "customer_portal_postgres_inbound" {
  security_group_id = aws_security_group.postgres.id

  type        = "ingress"
  from_port   = 5432
  to_port     = 5432
  protocol    = "tcp"
  cidr_blocks = ["10.0.0.0/8"]
}