package dev.stratospheric.cdk;

import dev.stratospheric.cdk.Network;
import dev.stratospheric.cdk.PostgresDatabase;
import java.util.Collections;
import java.util.Objects;
import software.amazon.awscdk.core.CfnOutput;
import software.amazon.awscdk.core.Construct;
import software.amazon.awscdk.core.Environment;
import software.amazon.awscdk.services.ec2.CfnInstance;
import software.amazon.awscdk.services.ec2.CfnSecurityGroup;
import software.amazon.awscdk.services.ec2.CfnSecurityGroupIngress;

/* loaded from: input_file:dev/stratospheric/cdk/JumpHost.class */
public class JumpHost extends Construct {
    private final ApplicationEnvironment applicationEnvironment;

    /* loaded from: input_file:dev/stratospheric/cdk/JumpHost$JumpHostInputParameters.class */
    public static class JumpHostInputParameters {
        private final String keyName;

        public JumpHostInputParameters(String str) {
            Objects.requireNonNull(str, "parameter 'keyName' cannot be null");
            this.keyName = str;
        }
    }

    public JumpHost(Construct construct, String str, Environment environment, ApplicationEnvironment applicationEnvironment, JumpHostInputParameters jumpHostInputParameters, PostgresDatabase.DatabaseOutputParameters databaseOutputParameters) {
        super(construct, str);
        this.applicationEnvironment = applicationEnvironment;
        Network.NetworkOutputParameters outputParametersFromParameterStore = Network.getOutputParametersFromParameterStore(this, applicationEnvironment.getEnvironmentName());
        CfnSecurityGroup build = CfnSecurityGroup.Builder.create(this, "securityGroup").groupName(applicationEnvironment.prefix("jumpHostSecurityGroup")).groupDescription("SecurityGroup containing the jump host").vpcId(outputParametersFromParameterStore.getVpcId()).build();
        String databaseSecurityGroupId = databaseOutputParameters.getDatabaseSecurityGroupId();
        allowAccessToJumpHost(build);
        allowAccessToDatabase(build, databaseSecurityGroupId);
        CfnOutput.Builder.create(this, "publicIp").value(createEc2Instance(jumpHostInputParameters.keyName, build, outputParametersFromParameterStore).getAttrPublicIp()).build();
        applicationEnvironment.tag(this);
    }

    private CfnInstance createEc2Instance(String str, CfnSecurityGroup cfnSecurityGroup, Network.NetworkOutputParameters networkOutputParameters) {
        return CfnInstance.Builder.create(this, "jumpHostInstance").instanceType("t2.nano").securityGroupIds(Collections.singletonList(cfnSecurityGroup.getAttrGroupId())).imageId("ami-0f96495a064477ffb").subnetId(networkOutputParameters.getPublicSubnets().get(0)).keyName(str).build();
    }

    private void allowAccessToDatabase(CfnSecurityGroup cfnSecurityGroup, String str) {
        CfnSecurityGroupIngress.Builder.create(this, "IngressFromJumpHost").sourceSecurityGroupId(cfnSecurityGroup.getAttrGroupId()).groupId(str).fromPort(5432).toPort(5432).ipProtocol("TCP").build();
    }

    private void allowAccessToJumpHost(CfnSecurityGroup cfnSecurityGroup) {
        CfnSecurityGroupIngress.Builder.create(this, "IngressFromOutside").groupId(cfnSecurityGroup.getAttrGroupId()).fromPort(22).toPort(22).ipProtocol("TCP").cidrIp("0.0.0.0/0").build();
    }
}
