data aws_ami "preauthorized" {

  most_recent      = true
  owners           = ["aws-marketplace"]

  filter {
    name   = "product-code"
    values = [ "1mp9h4zd2ze4biqif5schqeyu" ]
  }
  filter {
      name = "name"
      values = [ "qVSA*" ]
  }
}

data aws_ami "standard" {

  most_recent      = true
  owners           = ["aws-marketplace"]

  filter {
    name   = "product-code"
    values = [ "9hnn1m0a6jb7k2r1n9itk3jxu" ]
  }
  filter {
      name = "name"
      values = [ "qVSA*" ]
  }
}

# Use the default EBS key
data "aws_kms_key" "ebs-key" {
  key_id = "alias/ebs_root_encrypt_decrypt"
}

resource aws_instance "qualys_scanner_preauthorized" {

  count                       = var.create_preauthorized_scanner == true ? 1 : 0
  ami                         = data.aws_ami.preauthorized.id
  instance_type               = "t3.medium"
  subnet_id                   = var.subnets[0]

  user_data                   = base64encode("PERSCODE=${var.personalization_codes["preauthorized"]}%{ if var.proxy!="" }\nPROXY_URL=${var.proxy}:80%{ endif }")
  key_name                    = "msoc-build"

  ebs_optimized               = true
  vpc_security_group_ids      = [
    module.qualys_scanner_sg.security_group_id
  ]

  credit_specification {
    cpu_credits            = "unlimited"
  }

  tags                        = merge(var.standard_tags,var.tags,{"Name": "qualys-scanner-preauthorized"})
  volume_tags                 = merge(var.standard_tags,var.tags,{"Name": "qualys-scanner-preauthorized"})
  root_block_device {
    volume_size = 100
    volume_type = "gp2"
    encrypted   = true
    kms_key_id  = data.aws_kms_key.ebs-key.arn
  }
  lifecycle {
    ignore_changes = [ ami ]
  }
}

resource aws_instance "qualys_scanner_standard" {

  count                       = var.create_standard_scanner == true ? 1 : 0
  ami                         = data.aws_ami.standard.id
  instance_type               = "t3.medium"
  subnet_id                   = var.subnets[0]
  key_name                    = "msoc-build"

  user_data                   = base64encode("PERSCODE=${var.personalization_codes["standard"]}%{ if var.proxy!="" }\nPROXY_URL=${var.proxy}:80%{ endif }")

  ebs_optimized               = true
  vpc_security_group_ids      = [
    module.qualys_scanner_sg.security_group_id
  ]

  credit_specification {
    cpu_credits            = "unlimited"
  }

  tags                        = merge(var.standard_tags,var.tags,{"Name": "qualys-scanner-standard"})
  volume_tags                 = merge(var.standard_tags,var.tags,{"Name": "qualys-scanner-standard"})
  root_block_device {
    volume_size = 100
    volume_type = "gp2"
    encrypted   = true
    kms_key_id  = data.aws_kms_key.ebs-key.arn
  }

  lifecycle {
    ignore_changes = [ ami ]
  }
}

module "private_dns_record_preauthorized" {
  source = "../../submodules/dns/private_A_record"
  count  = var.create_preauthorized_scanner == true ? 1 : 0

  name = "qualys-preauthorized"
  ip_addresses = [ aws_instance.qualys_scanner_preauthorized[count.index].private_ip ]
  dns_info = var.dns_info
  reverse_enabled = var.reverse_enabled

  providers = {
    aws.c2 = aws.c2
  }
}

module "private_dns_record_standard" {
  source = "../../submodules/dns/private_A_record"

  count = var.create_standard_scanner == true ? 1 : 0

  name = "qualys-standard"
  ip_addresses = [ aws_instance.qualys_scanner_standard[count.index].private_ip ]
  dns_info = var.dns_info
  reverse_enabled = var.reverse_enabled

  providers = {
    aws.c2 = aws.c2
  }
}