resource "aws_instance" "private_web" {
  ami                         = var.ami_id
  instance_type               = "t2.micro"
  subnet_id                   = var.private_subnet_id
  iam_instance_profile        = var.instance_profile_name
  vpc_security_group_ids      = [var.security_group_id]
  associate_public_ip_address = false

  metadata_options {
    http_endpoint = "enabled"
    http_tokens   = "required"
  }

  user_data = file("${path.module}/webserver-userdata.sh")

  tags = {
    Name = "Private-WebServer"
  }
}