# VPC
resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr

  tags = {
    Name = "${var.db_instance_identifier}-vpc"
  }
}

# Private Subnets
resource "aws_subnet" "private" {
  count             = length(var.private_subnet_cidrs)
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.private_subnet_cidrs[count.index]
  availability_zone = var.availability_zones[count.index]

  tags = {
    Name = "${var.db_instance_identifier}-private-subnet-${count.index}"
  }
}

# DB Subnet Group
resource "aws_db_subnet_group" "main" {
  name       = "${var.db_instance_identifier}-subnet-group"
  subnet_ids = aws_subnet.private[*].id

  tags = {
    Name = "${var.db_instance_identifier}-subnet-group"
  }
}

# Security Group for RDS
resource "aws_security_group" "rds" {
  name        = "${var.db_instance_identifier}-sg"
  description = "Allow inbound traffic to RDS instance"
  vpc_id      = aws_vpc.main.id

  ingress {
    from_port   = 3306 # MySQL default port
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = [var.vpc_cidr] # Allow access from within the VPC
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "${var.db_instance_identifier}-sg"
  }
}

# RDS MySQL Instance
resource "aws_db_instance" "main" {
  allocated_storage    = var.db_allocated_storage
  db_name              = var.db_name
  engine               = "mysql"
  engine_version       = "8.0.28"
  instance_class       = var.db_instance_class
  username             = var.db_username
  password             = var.db_password
  parameter_group_name = "default.mysql8.0"
  skip_final_snapshot  = true
  db_subnet_group_name = aws_db_subnet_group.main.name
  vpc_security_group_ids = [aws_security_group.rds.id]
  identifier           = var.db_instance_identifier

  tags = {
    Name = var.db_instance_identifier
  }
}