# Terraform configuration to enable AWS Inspector (v2) for EC2 and ECR scanning.

provider "aws" {
  region = "us-east-1"
}

# --- 1. Enable Inspector ---
resource "aws_inspector2_member_association" "current_account" {
  account_id = data.aws_caller_identity.current.account_id
  # Inspector2 is enabled per account, not per region.
  # This resource implicitly enables it for the account.
}

resource "aws_inspector2_enabler" "ec2_enabler" {
  account_ids = [data.aws_caller_identity.current.account_id]
  resource_types = ["EC2"]
}

resource "aws_inspector2_enabler" "ecr_enabler" {
  account_ids = [data.aws_caller_identity.current.account_id]
  resource_types = ["ECR"]
}

# Data source to get current AWS account ID
data "aws_caller_identity" "current" {}

# --- Outputs ---
output "inspector_enabled_account_id" {
  value       = data.aws_caller_identity.current.account_id
  description = "The AWS Account ID for which Inspector is enabled."
}