# SG Summary - Server
#   Legacy was:
#     TCP+UDP/1514 - From 10.0.0.0/8
#     TCP/443 - From 10.0.0.0/8
#     TCP/8080 - From 10.0.0.0/8
#     TCP/5432 - Outbound to 10.0.0.0/8
#
#   New:
#     Ingress: TCP/8080 from LB, VPC-Access
#     Egress:  TCP/5432 to local vpc
resource "aws_security_group" "jira_server" {
  name_prefix = "jira_server"
  tags        = merge(local.standard_tags, var.tags, { Name = "jira_server" })
  vpc_id      = var.vpc_id
  description = "Jira Server"
}

#-----------------------------------------------------------------
# Inbound access
#-----------------------------------------------------------------
resource "aws_security_group_rule" "jira_server_inbound_8080" {
  security_group_id = aws_security_group.jira_server.id
  type              = "ingress"
  cidr_blocks       = local.cidr_map["vpc-access"]
  from_port         = 8080
  to_port           = 8080
  protocol          = "tcp"
  description       = "Inbound 8080 (from access, for testing)"
}

#-----------------------------------------------------------------
# Outbound access
#-----------------------------------------------------------------
resource "aws_security_group_rule" "jira_server_outbound_postgres" {
  security_group_id        = aws_security_group.jira_server.id
  type                     = "egress"
  source_security_group_id = var.rds_sg
  from_port                = 5432
  to_port                  = 5432
  protocol                 = "tcp"
  description              = "Outbound postgres to RDS"
}