resource "aws_security_group" "grafana-allow-security" {
  name        = "grafana-allow-security"
  description = "Allow inbound traffic"
  vpc_id      = var.VPC_ID
  
  ingress {
    description      = "SSH"
    from_port        = 22
    to_port          = 22
    protocol         = "tcp"
    cidr_blocks      =  ["118.223.123.161/32"]
  }

  ingress {
    description      = "TLS from grafana"
    from_port        = 443
    to_port          = 443
    protocol         = "tcp"
    cidr_blocks      =  ["118.223.123.161/32"]
  }

  ingress {
    description      = "http fron grafana"
    from_port        = 80
    to_port          = 80
    protocol         = "tcp"
    cidr_blocks      =  ["118.223.123.161/32"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "grafana-allow-security"
  }
}

resource "aws_instance" "grafana" {
  ami           = "ami-0409b7ddbc59e3222"
  instance_type = "t3.small"
  key_name = "kp-jay-bastion-datasaker"
  vpc_security_group_ids = [aws_security_group.grafana-allow-security.id]
  availability_zone = "ap-northeast-2a"
  subnet_id = var.Public_Subnet_ID_1
  
  root_block_device {
    delete_on_termination = true
    volume_size = 30
  }

  tags = {
    Name = "grafana"
  }
}