resource "aws_route_table" "private-prod-a-datasaker" {
  tags = {
    "Name" = "private-prod-a-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}

resource "aws_route_table" "private-prod-b-datasaker" {
  tags = {
    "Name" = "private-prod-b-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}

resource "aws_route_table" "private-prod-c-datasaker" {
  tags = {
    "Name" = "private-prod-c-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}

resource "aws_route" "route-private-rt-prod-a-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-a-datasaker.id
  route_table_id         = aws_route_table.private-prod-a-datasaker.id
}

resource "aws_route" "route-private-rt-prod-b-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-b-datasaker.id
  route_table_id         = aws_route_table.private-prod-b-datasaker.id
}

resource "aws_route" "route-private-rt-prod-c-datasaker-0-0-0-0--0" {
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id         = aws_nat_gateway.natgw-prod-c-datasaker.id
  route_table_id         = aws_route_table.private-prod-c-datasaker.id
}

resource "aws_subnet" "sbn-prod-a" {
  availability_zone                           = "ap-northeast-2a"
  cidr_block                                  = "172.24.8.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-a-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}

resource "aws_subnet" "sbn-prod-b" {
  availability_zone                           = "ap-northeast-2b"
  cidr_block                                  = "172.24.10.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-b-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}

resource "aws_subnet" "sbn-prod-c" {
  availability_zone                           = "ap-northeast-2c"
  cidr_block                                  = "172.24.12.0/23"
  enable_resource_name_dns_a_record_on_launch = true
  private_dns_hostname_type_on_launch         = "resource-name"
  tags = {
    "Name"                                      = "sbn-prod-c-datasaker"
    "SubnetType"                                = "Private"
    "kubernetes.io/cluster/datasaker" 		    = "owned"
    "kubernetes.io/cluster/prod.datasaker.io" 	= "shared"
    "kubernetes.io/role/nlb"                    = "1"
    "kubernetes.io/role/internal-nlb"           = "1"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}


resource "aws_route_table_association" "rta-prod-a" {
  route_table_id = aws_route_table.private-prod-a-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-a.id
}

resource "aws_route_table_association" "rta-prod-b" {
  route_table_id = aws_route_table.private-prod-b-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-b.id
}

resource "aws_route_table_association" "rta-prod-c" {
  route_table_id = aws_route_table.private-prod-c-datasaker.id
  subnet_id      = aws_subnet.sbn-prod-c.id
}

resource "aws_security_group" "sg-prod-datasaker" {
  description = "Security group prod-datasaker"
  name        = "secg-prod-datasaker"
  tags = {
    "Name" = "sg-prod-datasaker"
  }
  vpc_id = aws_vpc.vpc-prod-datasaker.id
}


resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-tcp-22to22-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 22
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 22
  type              = "ingress"
}

resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-ingress-icmp-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 8
  protocol          = "icmp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 8
  type              = "ingress"
}

resource "aws_security_group_rule" "sgr-to-0-0-0-0--0-egress-icmp-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 8
  protocol          = "icmp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 8
  type              = "egress"
}

resource "aws_security_group_rule" "sgr-from-0-0-0-0--0-engress-tcp-all-prod-datasaker-io" {
  cidr_blocks       = ["0.0.0.0/0"]
  from_port         = 0
  protocol          = "tcp"
  security_group_id = aws_security_group.sg-prod-datasaker.id
  to_port           = 65535
  type              = "egress"
}