provider "aws" {
  access_key = "${var.AWS_ACCESS_KEY_ID}"
  secret_key = "${var.AWS_SECRET_ACCESS_KEY}"
  region     = "${var.AWS_DEFAULT_REGION}"
}

resource "aws_s3_bucket" "b" {
  bucket = "drakemall-chartmuseum"
  acl    = "private"

  tags {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

resource "aws_iam_policy" "policy" {
  name        = "chartmuseum_policy"
  path        = "/"
  description = "chartmuseum policy"

  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
    {
      "Sid": "AllowListObjects",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": "arn:aws:s3:::drakemall-chartmuseum"
    },
    {
      "Sid": "AllowObjectsCRUD",
      "Effect": "Allow",
      "Action": [
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::drakemall-chartmuseum/*"
    }
  ]
}
EOF
}

resource "aws_iam_user" "user" {
    name = "chartmuseum"
}


resource "aws_iam_user_policy_attachment" "chartmuseum-attach" {
    user       = "chartmuseum"
    policy_arn = "${aws_iam_policy.policy.arn}"
}

resource "aws_iam_access_key" "key" {
  user    = "chartmuseum"
}

resource "aws_instance" "swarm-node1" {
  ami           =  "${var.swarm_ec2_ami}"
  instance_type = "${var.swarm_ec2_instance_type}"
  key_name = "popov2018"
  security_groups  = [
    "swarm_rules"
  ]
  ebs_block_device {
    device_name = "/dev/sda1"
    volume_size = 40
    volume_type = "gp2"
  } 
  tags {
    Name = "swarm-node1"
  }
}
resource "aws_eip" "swarm-node1" {
  instance = "${aws_instance.swarm-node1.id}"
  vpc      = true
}
resource "aws_instance" "swarm-node2" {
  ami           =  "${var.swarm_ec2_ami}"
  instance_type = "${var.swarm_ec2_instance_type}"
  key_name = "popov2018"
  security_groups  = [
    "swarm_rules"
  ]
  ebs_block_device {
    device_name = "/dev/sda1"
    volume_size = 40
    volume_type = "gp2"
  } 
  tags {
    Name = "swarm-node2"
  }
}
resource "aws_eip" "swarm-node2" {
  instance = "${aws_instance.swarm-node2.id}"
  vpc      = true
}
resource "aws_instance" "swarm-node3" {
  ami           =  "${var.swarm_ec2_ami}"
  instance_type = "${var.swarm_ec2_instance_type}"
  key_name = "popov2018"
  security_groups  = [
    "swarm_rules"
  ]
  ebs_block_device {
    device_name = "/dev/sda1"
    volume_size = 40
    volume_type = "gp2"
  } 
  tags {
    Name = "swarm-node3"
  }
}
resource "aws_eip" "swarm-node3" {
  instance = "${aws_instance.swarm-node3.id}"
  vpc      = true
}

resource "aws_security_group" "swarm_rules" {
  name        = "swarm_rules"

  ingress {
    from_port   = 2377
    to_port     = 2377
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 7946
    to_port     = 7946 
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 7946
    to_port     = 7946
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 4789
    to_port     = 4789
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }
}

output "secret" {
  value = "${aws_iam_access_key.key.secret}"
}