#########################
# EIP
resource "aws_eip" "static" {
  count = 2
  #checkov:skip=CKV2_AWS_19:These EIPs are attached to the NLB
  vpc = true

  lifecycle {
    prevent_destroy = true # Even if everything else goes away, we want to keep these.
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

#########################
# ELB
resource "aws_lb" "static" {
  name_prefix                      = substr("${var.name}-static", 0, 6)
  load_balancer_type               = "network"
  internal                         = false #tfsec:ignore:aws-elb-alb-not-public
  enable_cross_zone_load_balancing = true

  subnet_mapping {
    subnet_id     = var.public_subnets[0]
    allocation_id = aws_eip.static[0].id
  }

  subnet_mapping {
    subnet_id     = var.public_subnets[1]
    allocation_id = aws_eip.static[1].id
  }

  access_logs {
    bucket  = "xdr-elb-${var.environment}"
    enabled = true
  }

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

resource "aws_lb_listener" "static" {
  load_balancer_arn = aws_lb.static.arn
  port              = var.listener_port
  protocol          = "TCP"
  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.static.arn
  }

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

resource "aws_lb_target_group" "static" {
  name_prefix = substr("${var.name}-static", 0, 6)
  port        = var.listener_port
  protocol    = "TCP"
  target_type = "alb"
  vpc_id      = var.vpc_id

  health_check {
    protocol = "HTTPS"
    port     = var.listener_port
    path     = var.healthcheck_path
    interval = "10"
  }

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

resource "aws_lb_target_group_attachment" "static" {
  target_group_arn = aws_lb_target_group.static.arn
  target_id        = aws_lb.external.id
  port             = var.listener_port
}

# Redirect
resource "aws_lb_listener" "static-redirect" {
  count = var.redirect_80 ? 1 : 0

  load_balancer_arn = aws_lb.static.arn
  port              = 80
  protocol          = "TCP"
  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.static-redirect[0].arn
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

resource "aws_lb_target_group" "static-redirect" {
  count = var.redirect_80 ? 1 : 0

  name_prefix = substr("${var.name}-static", 0, 6)
  port        = 80
  protocol    = "TCP"
  target_type = "alb"
  vpc_id      = var.vpc_id

  lifecycle {
    create_before_destroy = true
  }

  tags = merge(var.tags, { Name = "${var.name}-nlb-external-${var.environment}" })
}

resource "aws_lb_target_group_attachment" "static-redirect" {
  count = var.redirect_80 ? 1 : 0

  target_group_arn = aws_lb_target_group.static-redirect[0].arn
  target_id        = aws_lb.external.id
  port             = 80
}