#----------------------------------------------------------------------------
# Jira RDS Security Group
#----------------------------------------------------------------------------
resource "aws_security_group" "jira_rds_sg" {
	# checkov:skip=CKV2_AWS_5: this SG is attached to Jira RDS
  name        = "${var.identifier}_rds_sg"
  description = "Security Group for Jira RDS"
  vpc_id      = var.vpc_id
  tags        = merge(local.standard_tags, var.tags)
}

#-----------------------------------------------------------------
# Ingress
#-----------------------------------------------------------------
resource "aws_security_group_rule" "jira_rds_in" {
  type              = "ingress"
  description       = "Inbound Postgres"
  from_port         = 5432
  to_port           = 5432
  protocol          = "tcp"
  cidr_blocks       = local.cidr_map["vpc-public"]
  security_group_id = aws_security_group.jira_rds_sg.id
}

resource "aws_security_group_rule" "jira_security_in" {
  type              = "ingress"
  description       = "Inbound From Scanners"
  from_port         = 0
  to_port           = 65535
  protocol          = "-1"
  cidr_blocks       = local.cidr_map["vpc-scanners"]
  security_group_id = aws_security_group.jira_rds_sg.id
}