locals {
  # Each subsystem in each environment will be a security group
  security_group_name_list = flatten([
    for e in var.environments : [
      for s in e.subsystems : {
        name        = join("-", [var.system_desc.program, e.name, s.name, "sg"])
        description = try(s.description, "allow ${join(", ", try(distinct(s.ingress[*].description), []))} access")
        env         = e.name
      }
    ]
  ])
}

resource "aws_security_group" "security_group" {
  count       = length(local.security_group_name_list)
  name        = local.security_group_name_list[count.index].name
  description = local.security_group_name_list[count.index].description
  vpc_id      = var.aws_vpc_id

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = merge({ Name = local.security_group_name_list[count.index].name, group = var.system_desc.group, program = var.system_desc.program, environment = local.security_group_name_list[count.index].env })

  depends_on = [var.dependencies]
}