adjusted with the s3 key

2026-06-08 11:17:27 +00:00 · 2026-03-11 18:05:23 +00:00 · 2026-03-11 18:05:23 +00:00 · 7dfc87b24e
commit 7dfc87b24e
parent 5d933b73f6
3 changed files with 81 additions and 20 deletions
--- a/infrastructure/terraform/lambda/fast-api/main.tf
+++ b/infrastructure/terraform/lambda/fast-api/main.tf
@ -68,6 +68,14 @@ resource "null_resource" "pip_install" {
  }
 }

+############################################
+# IAM role
+############################################
+module "role" {
+  source = "../../modules/lambda_execution_role"
+  name   = "fastapi-lambda-${var.stage}"
+}
+
 ############################################
 # Create deployment zip
 ############################################
@ -101,29 +109,24 @@ resource "aws_s3_object" "fastapi_zip" {
 }

 ############################################
-# FastAPI Lambda + API Gateway
+# FastAPI Lambda (S3-backed)
 ############################################
-module "fastapi" {
-  depends_on = [aws_s3_object.fastapi_zip]
-  source     = "../../modules/lambda_with_api_gateway"
-
-  name        = "fastapi"
-  stage       = var.stage
-  source_dir  = "${path.root}/../../../../"
-  handler     = "backend.app.main.handler"
-  runtime     = "python3.11"
-  timeout     = 600
-  memory_size = 512
-
-  # domain_name     = "api.${var.domain_name}"
-  # certificate_arn = data.aws_ssm_parameter.certificate_arn.value
-  # route53_zone_id = data.aws_route53_zone.this.zone_id
+module "lambda" {
+  source = "../../modules/lambda_service_zip"

+  name             = "fastapi-${var.stage}"
+  role_arn         = module.role.role_arn
+  s3_bucket        = aws_s3_object.fastapi_zip.bucket
+  s3_key           = aws_s3_object.fastapi_zip.key
+  source_code_hash = data.archive_file.fastapi_zip.output_base64sha256
+  handler          = "backend.app.main.handler"
+  runtime          = "python3.11"
+  timeout          = 600
+  memory_size      = 512
  environment = {
    ENVIRONMENT    = var.stage
    API_KEY        = var.api_key
    SECRET_KEY     = var.secret_key
-    # DOMAIN_NAME    = var.domain_name
    EPC_AUTH_TOKEN = var.epc_auth_token
    GOOGLE_SOLAR_API_KEY = var.google_solar_api_key

@ -145,6 +148,43 @@ module "fastapi" {
    ENGINE_SQS_URL         = data.terraform_remote_state.engine.outputs.ara_engine_queue_url
    CATEGORISATION_SQS_URL = data.terraform_remote_state.categorisation.outputs.categorisation_queue_url
  }
+
+  depends_on = [aws_s3_object.fastapi_zip]
+}
+
+############################################
+# API Gateway
+############################################
+resource "aws_apigatewayv2_api" "this" {
+  name          = "fastapi-api-${var.stage}"
+  protocol_type = "HTTP"
+}
+
+resource "aws_apigatewayv2_stage" "this" {
+  api_id      = aws_apigatewayv2_api.this.id
+  name        = "$default"
+  auto_deploy = true
+}
+
+resource "aws_apigatewayv2_integration" "this" {
+  api_id                 = aws_apigatewayv2_api.this.id
+  integration_type       = "AWS_PROXY"
+  integration_uri        = module.lambda.lambda_arn
+  payload_format_version = "2.0"
+}
+
+resource "aws_apigatewayv2_route" "catch_all" {
+  api_id    = aws_apigatewayv2_api.this.id
+  route_key = "$default"
+  target    = "integrations/${aws_apigatewayv2_integration.this.id}"
+}
+
+resource "aws_lambda_permission" "apigw_invoke" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = module.lambda.lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_apigatewayv2_api.this.execution_arn}/*/*"
 }

 ############################################
@ -174,7 +214,12 @@ module "fastapi_sqs_policy" {
 }


-resource "aws_iam_role_policy_attachment" "fastapi_sqs_read_and_write" {
-  role       = module.fastapi.role_name
+resource "aws_iam_role_policy_attachment" "fastapi_s3_read_and_write" {
+  role       = module.role.role_name
  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_and_write_arn
+}
+
+resource "aws_iam_role_policy_attachment" "fastapi_sqs_policy" {
+  role       = module.role.role_name
+  policy_arn = module.fastapi_sqs_policy.policy_arn
 }
--- a/infrastructure/terraform/modules/lambda_service_zip/main.tf
+++ b/infrastructure/terraform/modules/lambda_service_zip/main.tf
@ -3,6 +3,8 @@ resource "aws_lambda_function" "this" {
  role             = var.role_arn
  package_type     = "Zip"
  filename         = var.filename
+  s3_bucket        = var.s3_bucket
+  s3_key           = var.s3_key
  source_code_hash = var.source_code_hash
  handler          = var.handler
  runtime          = var.runtime
--- a/infrastructure/terraform/modules/lambda_service_zip/variables.tf
+++ b/infrastructure/terraform/modules/lambda_service_zip/variables.tf
@ -1,6 +1,20 @@
 variable "name"             { type = string }
 variable "role_arn"         { type = string }
-variable "filename"         { type = string }
+variable "filename"         {
+    type = string
+    default = null
+    description = "Local path to zip file (mutually exclusive with s3_bucket/s3_key)"
+}
+variable "s3_bucket"        {
+    type = string
+    default = null
+    description = "S3 bucket for Lambda code (used with s3_key)"
+}
+variable "s3_key"           {
+    type = string
+    default = null
+    description = "S3 key for Lambda code (used with s3_bucket)"
+}
 variable "source_code_hash" { type = string }
 variable "handler"          { type = string }
 variable "runtime"          { type = string }