#--------------------------------------------------------------
# Internal ELB
#--------------------------------------------------------------
resource "aws_route53_record" "github_internal" {
  zone_id  = var.dns_info["private"]["zone_id"]
  name     = "github.${var.dns_info["private"]["zone"]}"
  type     = "CNAME"
  records  = [aws_elb.internal.dns_name]
  ttl      = "60"
  provider = aws.c2
}

resource "aws_route53_record" "github_internal_wildcard" {
  zone_id  = var.dns_info["private"]["zone_id"]
  name     = "*.github.${var.dns_info["private"]["zone"]}"
  type     = "CNAME"
  records  = [aws_elb.internal.dns_name]
  ttl      = "60"
  provider = aws.c2
}

resource "aws_elb" "internal" {
  name_prefix     = "gheint"
  internal        = true
  subnets         = var.private_subnets
  security_groups = [aws_security_group.ghe_elb_internal.id]

  listener {
    instance_port      = 443
    instance_protocol  = "HTTPS"
    lb_port            = 443
    lb_protocol        = "HTTPS"
    ssl_certificate_id = aws_acm_certificate.cert.arn
  }

  listener {
    instance_port     = 8444
    instance_protocol = "TCP"
    lb_port           = 8443
    lb_protocol       = "TCP"
  }

  listener {
    instance_port     = 23
    instance_protocol = "TCP"
    lb_port           = 22
    lb_protocol       = "TCP"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 3
    target              = "HTTPS:443/status"
    interval            = 30
  }
}

resource "aws_proxy_protocol_policy" "internal_proxy_protocol" {
  load_balancer  = aws_elb.internal.name
  instance_ports = ["23", "444", "8444"]
}

# Create a new load balancer attachment
resource "aws_elb_attachment" "internal_attachment" {
  count    = var.instance_count
  elb      = aws_elb.internal.id
  instance = aws_instance.ghe[count.index].id
}