resource "aws_security_group" "external_ssh_accept_sg" {
  name        = "${var.vpc-name}_external_ssh_accept_sg"
  description = "${var.vpc-name}_external_ssh_accept_sg"
  vpc_id      = "${aws_vpc.fundapp_demo_aws_vpc.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "app_sg" {
  name        = "${var.vpc_name}_app_sg"
  description = "${var.vpc_name}_app_sg"
  vpc_id      = "${aws_vpc.fundapp_demo_vpc.id}"

  ingress {
    from_port       = 80
    to_port         = 80
    protocol        = "tcp"
    security_groups = ["${aws_security_group.app_elb_sg.id}"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "app_elb_sg" {
  name        = "${var.vpc_name}_app_elb_sg"
  description = "${var.vpc_name}_app_elb_sg"
  vpc_id      = "${aws_vpc.fundapp_demo_vpc.id}"

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}