# IAM Role for Lambda Functions
resource "aws_iam_role" "lambda_role" {
  name = "lambda-execution-role"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}

resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
  role       = aws_iam_role.lambda_role.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

# Hello World Lambda Function
resource "aws_lambda_function" "hello_world" {
  function_name = var.lambda_function_name_hello
  role          = aws_iam_role.lambda_role.arn
  handler       = "hello_world.handler"
  runtime       = "nodejs14.x"
  filename      = "hello_world.zip"
  source_code_hash = filebase64sha256("hello_world.zip")
}

# S3 Bucket for Lambda Interaction
resource "aws_s3_bucket" "lambda_interaction" {
  bucket = var.s3_bucket_name_for_lambda
}

# S3 Interaction Lambda Function
resource "aws_lambda_function" "s3_interaction" {
  function_name = var.lambda_function_name_s3
  role          = aws_iam_role.lambda_role.arn
  handler       = "s3_interaction.handler"
  runtime       = "nodejs14.x"
  filename      = "s3_interaction.zip"
  source_code_hash = filebase64sha256("s3_interaction.zip")

  environment {
    variables = {
      BUCKET_NAME = aws_s3_bucket.lambda_interaction.bucket
    }
  }
}

resource "aws_iam_policy" "s3_access_policy" {
  name        = "lambda-s3-access-policy"
  description = "IAM policy for Lambda to access S3 bucket"

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "${aws_s3_bucket.lambda_interaction.arn}",
        "${aws_s3_bucket.lambda_interaction.arn}/*"
      ]
    }
  ]
}
POLICY
}

resource "aws_iam_role_policy_attachment" "lambda_s3_access" {
  role       = aws_iam_role.lambda_role.name
  policy_arn = aws_iam_policy.s3_access_policy.arn
}