resource "aws_security_group" "rhsso_rds_sg" {
  name = "${var.identifier}_rds_sg"
  description = "Security Group for KeyCloak RDS"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "rhsso_rds_in" {
  description = "Inbound Postgres"
  type = "ingress"
  from_port = 5432
  to_port = 5432
  protocol = "tcp"
  cidr_blocks = var.cidr_map["vpc-public"]
  security_group_id = aws_security_group.rhsso_rds_sg.id
}

resource "aws_security_group_rule" "rhsso_security_in" {
  description = "Inbound From Scanners"
  type = "ingress"
  from_port =  0
  to_port = 65535
  protocol = "-1"
  cidr_blocks = var.cidr_map["vpc-scanners"]
  security_group_id = aws_security_group.rhsso_rds_sg.id
}