import os
from aws_cdk import (
    Stack,
    aws_ec2 as ec2,
    aws_iam as iam,
    CfnOutput
)
from constructs import Construct

class IptvUpdaterStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Create VPC
        vpc = ec2.Vpc(self, "IptvUpdaterVPC",
            max_azs=1,  # Use only one AZ for free tier
            nat_gateways=0,  # No NAT Gateway to stay in free tier
            subnet_configuration=[
                ec2.SubnetConfiguration(
                    name="public",
                    subnet_type=ec2.SubnetType.PUBLIC,
                    cidr_mask=24
                )
            ]
        )

        # Security Group
        security_group = ec2.SecurityGroup(
            self, "IptvUpdaterSG",
            vpc=vpc,
            allow_all_outbound=True
        )

        security_group.add_ingress_rule(
            ec2.Peer.any_ipv4(),
            ec2.Port.tcp(443),
            "Allow HTTPS traffic"
        )
        
        security_group.add_ingress_rule(
            ec2.Peer.any_ipv4(),
            ec2.Port.tcp(80),
            "Allow HTTP traffic"
        )

        security_group.add_ingress_rule(
            ec2.Peer.any_ipv4(),
            ec2.Port.tcp(22),
            "Allow SSH traffic"
        )

        # Key pair for IPTV Updater instance
        key_pair = ec2.KeyPair(
            self,
            "IptvUpdaterKeyPair",
            key_pair_name="iptv-updater-key",
            public_key_material="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZcD20mfOQ/al6VMXWWUcUILYIHyIy5gY9RmC6koicaMYTJ078yMUnYw9DONEIfvxZwceTrtdUWv7vOXjknh1bberF78Pi3vwwFKazdgjbyZnkM9r2N40+PqfOFYf03B53VIA8jdae6gaD3VvYdlwV5dqqW3N+JE/+7sXHLeENnqxeS5jNLoRKDIxHgV4MBnewWNdp77ZEHZFrG3Fj/0lnqq2EfDh+5E/Vhkc/mzkuXu2l5Z1szw2rcjJz4IYUjgnClorBVlmWwwiICrHbyVCYivaaVvpVmZoBy7WW1P8KFAiot4G6C0Klyn4sy2AwCQ7u65TyDtbCR89VuuwW0zLgERAfWMdhn/5HdIudcTScXEsUsADTqxb2x0IXVbs3uhxHCUcc7BVg0S7dpAbmpK+80NlDCH38LFcyrYASRD6/Le2skVePIFt0Tw1OnwPH/QqPG0Y9vLZJl8779pg+kpk+o1MaRnczPq9Sk9zr3dR4Sv82CObnjTeY5LCTvs06JBCtcey/vLk7RQYs43uXZgg746aWIcM0lgHPivh2JpUOAd/Kj1v4aEXTRgHyPPLQ4KKwnALcd4s6+ytXwf4gxumRmPf/7P6HYJQvY8pfVda8jEvu08rvSVMXb09Jq4tzS/JTX2flfEdF0qIyTNHnK/lum27fgP0yq6Pq24IWYXha9w== stefano@MSI"
        )

        # Create IAM role for EC2
        role = iam.Role(
            self, "IptvUpdaterRole",
            assumed_by=iam.ServicePrincipal("ec2.amazonaws.com")
        )

        # Add SSM managed policy
        role.add_managed_policy(
            iam.ManagedPolicy.from_aws_managed_policy_name(
                "AmazonSSMManagedInstanceCore"
            )
        )
        
        # Read the userdata script with proper path resolution
        script_dir = os.path.dirname(os.path.abspath(__file__))
        userdata_path = os.path.join(script_dir, "userdata.sh")
        userdata_file = open(userdata_path, "rb").read()

        # Creates a userdata object for Linux hosts
        userdata = ec2.UserData.for_linux()
        # Adds one or more commands to the userdata object.
        userdata.add_commands(str(userdata_file, 'utf-8'))

        # EC2 Instance
        instance = ec2.Instance(
            self, "IptvUpdaterInstance",
            vpc=vpc,
            instance_type=ec2.InstanceType.of(
                ec2.InstanceClass.T2,
                ec2.InstanceSize.MICRO
            ),
            machine_image=ec2.AmazonLinuxImage(
                generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2
            ),
            security_group=security_group,
            key_pair=key_pair,
            role=role,
            user_data=userdata,
        )

        # Create Elastic IP
        eip = ec2.CfnEIP(
            self, "IptvUpdaterEIP",
            domain="vpc",
            instance_id=instance.instance_id
        )

        # Output the public DNS name
        CfnOutput(
            self, "InstancePublicDNS",
            value=eip.attr_public_ip
        )