resource "aws_eks_cluster" "eks_cluster" {
  name = "eks-cluster-${var.environment}"

  role_arn = aws_iam_role.eks_role.arn

  vpc_config {  
    subnet_ids = [for subnet in aws_subnet.subnets : subnet.id]
  }
}

# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group
resource "aws_eks_node_group" "eks_cluster" {
  cluster_name    = aws_eks_cluster.eks_cluster.name
  node_group_name = "eks_cluster-${var.environment}"
  node_role_arn   = aws_iam_role.eks_role.arn
  subnet_ids      = [for subnet in aws_subnet.subnets : subnet.id]

  instance_types = ["t2.small"] # Free tiers

  remote_access {
    ec2_ssh_key = aws_key_pair.ssh.id
    # TODO: define source_security_group_ids; Undefined but with a key, port 22 is opened WW.
  }

  scaling_config {
    desired_size = 1
    max_size     = 1
    min_size     = 1
  }

  # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
  # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
  depends_on = [
    aws_iam_role_policy_attachment.eks-AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.eks-AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.eks-AmazonEC2ContainerRegistryReadOnly,
  ]
}