# Rather than pass in the aws security group, we just look it up. This will
# probably be useful other places, as well.
data "aws_security_group" "typical-host" {
  name   = "typical-host"
  vpc_id = var.vpc_id
}

data "aws_security_group" "aws_endpoints" {
  name   = "aws_endpoints"
  vpc_id = var.vpc_id
}

resource "aws_security_group" "instance" {
  name = local.server_name_stem
  description = "${local.server_name_stem} Instances"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "instance-https-in" {
  description = "Access TQ/TQ API from internal IPs"
  type = "ingress"
  from_port = "443"
  to_port = "443"
  protocol = "tcp"
  cidr_blocks = var.supernets
  security_group_id = aws_security_group.instance.id
}