/***************************************************
* AUTO SCALING GROUP FOR NUXEO INSTANCE
****************************************************/

data "aws_ami" "ami" {
  most_recent = true
  owners      = ["self"]
  name_regex  = "^nuxeo*"

  filter {
    name   = "tag:Release"
    values = ["${var.nuxeo_release}"]
  }
}

resource "aws_launch_configuration" "main" {
    name                        = "${var.stack_name}-${var.instance_role}"
    image_id                    = "${aws_ami.ami.id}"
    instance_type               = "${var.ami_type}"
    key_name                    = "${var.keyname}"
    security_groups             = ["${var.alb_secgroups}"]
    enable_monitoring           = false
    ebs_optimized               = false
    iam_instance_profile = "${aws_iam_instance_profile.main.id}"


    user_data       		= "${file("userdata.sh")}"

    root_block_device {
        volume_type           = "gp2"
        volume_size           = 20
        delete_on_termination = true
    }

}

resource "aws_autoscaling_group" "main" {
    name                      = "${var.stack_name}-${var.instance_role}"

    health_check_grace_period = 60
    health_check_type         = "EC2"
    launch_configuration      = "${aws_launch_configuration.main.id}"

    max_size                  = "${var.asg_max}"
    min_size                  = "${var.asg_min}"
    desired_capacity          = "${var.asg_desired}"

    vpc_zone_identifier       = ["${var.app_subnets}"]
    target_group_arns = ["${aws_alb_target_group.main.arn}"]

    tag {
        key   = "role"
        value = "${var.instance_role}"
        propagate_at_launch = true
    }

}

# Create an IAM role for the Servers.
resource "aws_iam_role" "main" {
    name = "${var.stack_name}-${var.instance_role}"
    assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_instance_profile" "main" {
    name = "${var.stack_name}"
    roles = ["${var.stack_name}-${var.instance_role}"]
}

resource "aws_iam_role_policy" "main" {
  name = "${var.stack_name}-${var.instance_role}"
  role = "${aws_iam_role.main.id}"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket-name"]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": [
          "arn:aws:s3:::nuxeo-${sha1("${var.stack_name}")}/*",
          "arn:aws:s3:::nuxeo-backup-${sha1("${var.stack_name}")}/*"    
      ]
    }
  ]
}
EOF
}