resource "aws_security_group" "hec_pvt_elb_security_group" {
  count = local.is_moose ? 1 : 0
  name = "hec_pvt_elb_security_group"
  description = "Security Group for the private moose HEC ELBs"
  vpc_id = var.vpc_id
  tags = merge(var.standard_tags, var.tags, { "Name" = "hec_pvt_elb_security_group" })
}

## Ingress
resource "aws_security_group_rule" "hec-pvt-https-in" {
  count             = local.is_moose ? 1 : 0
  description       = "HEC port - HTTPS for moose only"
  type              = "ingress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

resource "aws_security_group_rule" "hec-pvt-in" {
  count             = local.is_moose ? 1 : 0
  description       = "HEC port in"
  type              = "ingress"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = [ "10.0.0.0/8" ]
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}

## Egress
resource "aws_security_group_rule" "hec-pvt-out" {
  count             = local.is_moose ? 1 : 0
  description       = "HEC to the indexers"
  type              = "egress"
  from_port         = 8088
  to_port           = 8088
  protocol          = "tcp"
  cidr_blocks       = local.splunk_vpc_cidrs
  security_group_id = aws_security_group.hec_pvt_elb_security_group[0].id
}