# Terraform configuration to create an S3-triggered Lambda function for generating thumbnails.

provider "aws" {
  region = "us-east-1"
}

# --- Random Suffix for Uniqueness ---
resource "random_pet" "suffix" {
  length = 2
}

# --- S3 Buckets ---
resource "aws_s3_bucket" "source" {
  bucket = "my-source-images-tf-${random_pet.suffix.id}"
  # Enable versioning for safety
  versioning {
    enabled = true
  }
}

resource "aws_s3_bucket" "destination" {
  bucket = "my-destination-thumbnails-tf-${random_pet.suffix.id}"
  versioning {
    enabled = true
  }
}

# --- IAM Role and Policy for Lambda ---
data "aws_iam_policy_document" "lambda_assume_role" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "lambda_s3_role" {
  name               = "LambdaS3ThumbnailRole-tf"
  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
}

data "aws_iam_policy_document" "lambda_s3_policy" {
  statement {
    actions = [
      "logs:CreateLogGroup",
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]
    resources = ["arn:aws:logs:*:*:*"]
  }
  statement {
    actions   = ["s3:GetObject"]
    resources = ["${aws_s3_bucket.source.arn}/*"]
  }
  statement {
    actions   = ["s3:PutObject"]
    resources = ["${aws_s3_bucket.destination.arn}/*"]
  }
}

resource "aws_iam_policy" "lambda_s3_policy" {
  name   = "LambdaS3ThumbnailPolicy-tf"
  policy = data.aws_iam_policy_document.lambda_s3_policy.json
}

resource "aws_iam_role_policy_attachment" "lambda_s3_attachment" {
  role       = aws_iam_role.lambda_s3_role.name
  policy_arn = aws_iam_policy.lambda_s3_policy.arn
}

# --- Lambda Function ---
# Archive the python script into a zip file
data "archive_file" "lambda_zip" {
  type        = "zip"
  source_file = "${path.module}/thumbnail_generator.py"
  output_path = "${path.module}/function.zip"
}

resource "aws_lambda_function" "thumbnail_generator" {
  function_name    = "S3ThumbnailGenerator-tf"
  handler          = "thumbnail_generator.lambda_handler"
  runtime          = "python3.9"
  role             = aws_iam_role.lambda_s3_role.arn
  filename         = data.archive_file.lambda_zip.output_path
  source_code_hash = data.archive_file.lambda_zip.output_base64sha256
  timeout          = 30
  memory_size      = 256

  environment {
    variables = {
      DESTINATION_BUCKET = aws_s3_bucket.destination.bucket
    }
  }

  depends_on = [aws_iam_role_policy_attachment.lambda_s3_attachment]
}

# --- S3 Trigger Configuration ---
# Grant S3 permission to invoke the Lambda function
resource "aws_lambda_permission" "allow_s3" {
  statement_id  = "AllowS3Invoke"
  action        = "lambda:InvokeFunction"
  function_name = aws_lambda_function.thumbnail_generator.function_name
  principal     = "s3.amazonaws.com"
  source_arn    = aws_s3_bucket.source.arn
}

# Create the S3 bucket notification
resource "aws_s3_bucket_notification" "s3_trigger" {
  bucket = aws_s3_bucket.source.id

  lambda_function {
    lambda_function_arn = aws_lambda_function.thumbnail_generator.arn
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "images/"
    filter_suffix       = ".jpg"
  }

  depends_on = [aws_lambda_permission.allow_s3]
}

# --- Outputs ---
output "source_bucket_name" {
  value       = aws_s3_bucket.source.bucket
  description = "The name of the source S3 bucket. Upload images here."
}

output "destination_bucket_name" {
  value       = aws_s3_bucket.destination.bucket
  description = "The name of the destination S3 bucket for thumbnails."
}

output "lambda_function_name" {
  value       = aws_lambda_function.thumbnail_generator.function_name
  description = "The name of the Lambda function."
}