locals {
  # The IP block for the VPC.
  vpc_cidr = "10.0.0.0/16"
}

data "aws_availability_zones" "all" {}

# The main VPC.
module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "Main"
  cidr = local.vpc_cidr

  azs             = [data.aws_availability_zones.all.names[0]]
  private_subnets = [cidrsubnet(local.vpc_cidr, 8, 0)]
  public_subnets  = [cidrsubnet(local.vpc_cidr, 8, 4)]

  private_subnet_tags = { SubnetOf = "Main", SubnetType = "Private" }
  public_subnet_tags  = { SubnetOf = "Main", SubnetType = "Public" }

  map_public_ip_on_launch = true
  enable_dns_hostnames    = true
  enable_dns_support      = true

  private_route_table_tags = { TableOf = "Main", TableType = "Public" }
}

# Only allow HTTP(s) and SSH traffic. Allow full access to internet.
resource "aws_security_group" "public_access" {
  vpc_id = module.vpc.vpc_id
  tags = { GroupOf = "Main", GroupType = "Public" }
}

resource "aws_vpc_security_group_ingress_rule" "ingress" {
  for_each = toset(["80", "443", "22", "2222", "81", "8080", "4321", "1234"])

  security_group_id = aws_security_group.public_access.id

  from_port   = each.value
  to_port     = each.value
  ip_protocol = "tcp"
  cidr_ipv4   = "0.0.0.0/0"
}

resource "aws_vpc_security_group_egress_rule" "egress" {
  for_each = toset(["-1"])

  security_group_id = aws_security_group.public_access.id

  from_port   = each.value
  to_port     = each.value
  ip_protocol = "-1"
  cidr_ipv4   = "0.0.0.0/0"
}