terraform {

  required_version = ">= 0.13"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.49.0"
    }
  }
}

provider "aws" {

  region     = var.region
  access_key = var.aws_provider_access_key
  secret_key = var.aws_provider_access_secret

  alias = "myaws"

}

resource "random_password" "password" {
  length = 16
  special = true
  override_special = "_!"
  min_numeric = 1
  upper = true
  lower = true
  number = true
  min_lower = 2
  min_upper = 2
  min_special = 2
}

locals {
  provid5              = substr(var.provision_id, 0, 5)
  vpc_id               = (var.region == "eu-west-1") ? var.vpc_id_eu : (var.region == "us-east-1") ? var.vpc_id_us : var.vpc_id_ap
  subnet_ids           = (var.region == "eu-west-1") ? var.subnet_ids_eu : (var.region == "us-east-1") ? var.subnet_ids_us : var.subnet_ids_ap
  port                 = "5439"
  tags = {
    QMI_user = var.user_id
    ProvID   = var.provision_id
  }
}

module "security_group" {
  # SGs created here as Ports differ per Engine. Only Azure Firewall IPs added for now.
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.3"

  providers = {
    aws = aws.myaws
  }

  name        = "${var.provision_id}-SG"
  description = "${var.provision_id}-SG"
  vpc_id      = local.vpc_id


  # ingress

  ingress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]

  ingress_with_cidr_blocks = [
    {
      from_port   = local.port
      to_port     = local.port
      protocol    = "tcp"
      description = "Redshift"

    },
  ]

  # egress

  egress_cidr_blocks = ["52.249.189.38/32", "13.67.39.86/32", "20.67.110.207/32", "14.98.59.168/29", "182.74.33.8/29", "188.65.156.32/28", "212.73.252.96/29", "194.90.96.176/29", "213.57.84.160/29", "4.4.97.104/29", "206.196.17.32/27", "18.205.71.36/32", "18.232.32.199/32", "34.237.68.254/32", "34.247.21.179/32", "52.31.212.214/32", "54.154.95.18/32", "13.210.43.241/32", "13.236.104.42/32", "13.236.206.172/32"]

  
  egress_with_cidr_blocks = [
    {
      from_port   = local.port
      to_port     = local.port
      protocol    = "tcp"
      description = "Redshift"

    },
  ]

  tags = local.tags
}

module "redshift" {

  providers = {
    aws = aws.myaws
  }

  source  = "terraform-aws-modules/redshift/aws"
  version = "~> 3.0"

  cluster_identifier      = "qmi-${var.provision_id}"
  cluster_node_type       = "dc2.large" #"dc1.large"
  cluster_number_of_nodes = 1

  cluster_database_name   = var.cluster_database_name
  cluster_master_username = var.cluster_master_username
  cluster_master_password = random_password.password.result

  # Group parameters
  #wlm_json_configuration = "[{\"query_concurrency\": 5}]"

  # DB Subnet Group Inputs
  subnets = local.subnet_ids
  vpc_security_group_ids = [module.security_group.security_group_id]
  publicly_accessible = true

  # IAM Roles
  #cluster_iam_roles = ["arn:aws:iam::225367859851:role/developer"]

  tags = local.tags

}