# ---------------------------
# VPC
# ---------------------------
resource "aws_vpc" "cmdb-vpc" {
  cidr_block           = "10.5.0.0/16"
  enable_dns_hostnames = true # DNSホスト名を有効化
  tags = {
    Name = "cmdb-vpc"
  }
}

# ---------------------------
# サブネット
# ---------------------------
# パブリックサブネット1
resource "aws_subnet" "cmdb_public_1a_subnet" {
  vpc_id                  = aws_vpc.cmdb-vpc.id
  cidr_block              = "10.5.1.0/24"
  availability_zone       = "ap-northeast-1a"
  map_public_ip_on_launch = true
  tags = {
    Name = "cmdb-public-1a-subnet"
  }
}

# パブリックサブネット2
resource "aws_subnet" "cmdb_public_1c_subnet" {
  vpc_id                  = aws_vpc.cmdb-vpc.id
  cidr_block              = "10.5.3.0/24"
  availability_zone       = "ap-northeast-1c"
  map_public_ip_on_launch = true
  tags = {
    Name = "cmdb-public-1c-subnet"
  }
}

# プライベートサブネット1
resource "aws_subnet" "cmdb_private_1a_subnet" {
  vpc_id            = aws_vpc.cmdb-vpc.id
  cidr_block        = "10.5.2.0/24"
  availability_zone = "ap-northeast-1a"
  tags = {
    Name = "cmdb-private-1a-subnet"
  }
}

# プライベートサブネット2
resource "aws_subnet" "cmdb_private_1c_subnet" {
  vpc_id            = aws_vpc.cmdb-vpc.id
  cidr_block        = "10.5.4.0/24"
  availability_zone = "ap-northeast-1c"
  tags = {
    Name = "cmdb-private-1c-subnet"
  }
}

# ---------------------------
# インターネットゲートウェイ
# ---------------------------
resource "aws_internet_gateway" "cmdb_igw" {
  vpc_id = aws_vpc.cmdb-vpc.id
  tags = {
    Name = "cmdb-igw"
  }
}

# ---------------------------
# ルートテーブル
# ---------------------------
# パブリックサブネット用のルートテーブル
resource "aws_route_table" "cmdb_public_rtb" {
  vpc_id = aws_vpc.cmdb-vpc.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.cmdb_igw.id
  }
  tags = {
    Name = "cmdb-public-rtb"
  }
}

# ルートテーブルの関連付け（パブリックサブネット1）
resource "aws_route_table_association" "cmdb_public_1a_rtb_associate" {
  subnet_id      = aws_subnet.cmdb_public_1a_subnet.id
  route_table_id = aws_route_table.cmdb_public_rtb.id
}

# ルートテーブルの関連付け（パブリックサブネット2）
resource "aws_route_table_association" "cmdb_public_1c_rtb_associate" {
  subnet_id      = aws_subnet.cmdb_public_1c_subnet.id
  route_table_id = aws_route_table.cmdb_public_rtb.id
}

# ---------------------------
# セキュリティグループ
# ---------------------------
# EC2用
resource "aws_security_group" "cmdb_ec2_sg" {
  name        = "cmdb-ec2-sg"
  description = "for ec2"
  vpc_id      = aws_vpc.cmdb-vpc.id
  tags = {
    Name = "cmdb-ec2-sg"
  }
}

# RDS用
resource "aws_security_group" "cmdb_rds_sg" {
  name        = "cmdb-rds-sg"
  description = "for rds"
  vpc_id      = aws_vpc.cmdb-vpc.id
  tags = {
    Name = "cmdb-rds-sg"
  }
}

# ---------------------------
# セキュリティグループルール
# ---------------------------

# EC2用インバウンドルール ssh
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_ssh" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 22
  to_port           = 22
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール http
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_http" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 80
  to_port           = 80
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール https
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_https" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール smtps
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_smtps" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 465
  to_port           = 465
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール gitea
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_gitea" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 3000
  to_port           = 3000
  ip_protocol       = "tcp"
}

# EC2用インバウンドルール jenkins
resource "aws_vpc_security_group_ingress_rule" "cmdb_ec2_sg_allow_jenkins" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 3500
  to_port           = 3500
  ip_protocol       = "tcp"
}

# EC2用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "cmdb_ec2_sg_allow_all" {
  security_group_id = aws_security_group.cmdb_ec2_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}

# RDS用インバウンドルール mysql
resource "aws_vpc_security_group_ingress_rule" "cmdb_rds_sg_allow_http" {
  security_group_id = aws_security_group.cmdb_rds_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  from_port         = 3306
  to_port           = 3306
  ip_protocol       = "tcp"
}

# RDS用アウトバウンドルール any
resource "aws_vpc_security_group_egress_rule" "cmdb_rds_sg_allow_all" {
  security_group_id = aws_security_group.cmdb_rds_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1"
}