resource "aws_security_group" "elb_external" {
  name = "Keycloak ELB"
  description = "Keycloak Instances"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags)
}

resource "aws_security_group_rule" "elb-http-in" {
  description = "Inbound HTTP, for redirect only"
  type = "ingress"
  from_port = "80"
  to_port = "80"
  protocol = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = aws_security_group.elb_external.id
}

resource "aws_security_group_rule" "elb-https-in" {
  description = "Inbound HTTPS, where the magic happens"
  type = "ingress"
  from_port = "443"
  to_port = "443"
  protocol = "tcp"
  cidr_blocks = [ "0.0.0.0/0" ]
  security_group_id = aws_security_group.elb_external.id
}

resource "aws_security_group_rule" "elb-alt-http-to-instances" {
  description = ""
  type = "egress"
  from_port = "8080"
  to_port = "8080"
  protocol = "TCP"
  security_group_id = aws_security_group.elb_external.id
  source_security_group_id = aws_security_group.instance.id
}

resource "aws_security_group_rule" "elb-alt-https-to-instances" {
  description = ""
  type = "egress"
  from_port = "8443"
  to_port = "8443"
  protocol = "TCP"
  security_group_id = aws_security_group.elb_external.id
  source_security_group_id = aws_security_group.instance.id
}