diff --git a/infrastructure/terraform/lambda/fast-api/main.tf b/infrastructure/terraform/lambda/fast-api/main.tf
index 6915ba85..2689a569 100644
--- a/infrastructure/terraform/lambda/fast-api/main.tf
+++ b/infrastructure/terraform/lambda/fast-api/main.tf
@@ -68,6 +68,14 @@ resource "null_resource" "pip_install" {
   }
 }
 
+############################################
+# IAM role
+############################################
+module "role" {
+  source = "../../modules/lambda_execution_role"
+  name   = "fastapi-lambda-${var.stage}"
+}
+
 ############################################
 # Create deployment zip
 ############################################
@@ -101,29 +109,24 @@ resource "aws_s3_object" "fastapi_zip" {
 }
 
 ############################################
-# FastAPI Lambda + API Gateway
+# FastAPI Lambda (S3-backed)
 ############################################
-module "fastapi" {
-  depends_on = [aws_s3_object.fastapi_zip]
-  source     = "../../modules/lambda_with_api_gateway"
-
-  name        = "fastapi"
-  stage       = var.stage
-  source_dir  = "${path.root}/../../../../"
-  handler     = "backend.app.main.handler"
-  runtime     = "python3.11"
-  timeout     = 600
-  memory_size = 512
-
-  # domain_name     = "api.${var.domain_name}"
-  # certificate_arn = data.aws_ssm_parameter.certificate_arn.value
-  # route53_zone_id = data.aws_route53_zone.this.zone_id
+module "lambda" {
+  source = "../../modules/lambda_service_zip"
 
+  name             = "fastapi-${var.stage}"
+  role_arn         = module.role.role_arn
+  s3_bucket        = aws_s3_object.fastapi_zip.bucket
+  s3_key           = aws_s3_object.fastapi_zip.key
+  source_code_hash = data.archive_file.fastapi_zip.output_base64sha256
+  handler          = "backend.app.main.handler"
+  runtime          = "python3.11"
+  timeout          = 600
+  memory_size      = 512
   environment = {
     ENVIRONMENT    = var.stage
     API_KEY        = var.api_key
     SECRET_KEY     = var.secret_key
-    # DOMAIN_NAME    = var.domain_name
     EPC_AUTH_TOKEN = var.epc_auth_token
     GOOGLE_SOLAR_API_KEY = var.google_solar_api_key
 
@@ -145,6 +148,43 @@ module "fastapi" {
     ENGINE_SQS_URL         = data.terraform_remote_state.engine.outputs.ara_engine_queue_url
     CATEGORISATION_SQS_URL = data.terraform_remote_state.categorisation.outputs.categorisation_queue_url
   }
+
+  depends_on = [aws_s3_object.fastapi_zip]
+}
+
+############################################
+# API Gateway
+############################################
+resource "aws_apigatewayv2_api" "this" {
+  name          = "fastapi-api-${var.stage}"
+  protocol_type = "HTTP"
+}
+
+resource "aws_apigatewayv2_stage" "this" {
+  api_id      = aws_apigatewayv2_api.this.id
+  name        = "$default"
+  auto_deploy = true
+}
+
+resource "aws_apigatewayv2_integration" "this" {
+  api_id                 = aws_apigatewayv2_api.this.id
+  integration_type       = "AWS_PROXY"
+  integration_uri        = module.lambda.lambda_arn
+  payload_format_version = "2.0"
+}
+
+resource "aws_apigatewayv2_route" "catch_all" {
+  api_id    = aws_apigatewayv2_api.this.id
+  route_key = "$default"
+  target    = "integrations/${aws_apigatewayv2_integration.this.id}"
+}
+
+resource "aws_lambda_permission" "apigw_invoke" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = module.lambda.lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_apigatewayv2_api.this.execution_arn}/*/*"
 }
 
 ############################################
@@ -174,7 +214,12 @@ module "fastapi_sqs_policy" {
 }
 
 
-resource "aws_iam_role_policy_attachment" "fastapi_sqs_read_and_write" {
-  role       = module.fastapi.role_name
+resource "aws_iam_role_policy_attachment" "fastapi_s3_read_and_write" {
+  role       = module.role.role_name
   policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_and_write_arn
+}
+
+resource "aws_iam_role_policy_attachment" "fastapi_sqs_policy" {
+  role       = module.role.role_name
+  policy_arn = module.fastapi_sqs_policy.policy_arn
 }
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_service_zip/main.tf b/infrastructure/terraform/modules/lambda_service_zip/main.tf
index 285aa9d4..3438ec9f 100644
--- a/infrastructure/terraform/modules/lambda_service_zip/main.tf
+++ b/infrastructure/terraform/modules/lambda_service_zip/main.tf
@@ -3,6 +3,8 @@ resource "aws_lambda_function" "this" {
   role             = var.role_arn
   package_type     = "Zip"
   filename         = var.filename
+  s3_bucket        = var.s3_bucket
+  s3_key           = var.s3_key
   source_code_hash = var.source_code_hash
   handler          = var.handler
   runtime          = var.runtime
diff --git a/infrastructure/terraform/modules/lambda_service_zip/variables.tf b/infrastructure/terraform/modules/lambda_service_zip/variables.tf
index 68a35370..2a346fb7 100644
--- a/infrastructure/terraform/modules/lambda_service_zip/variables.tf
+++ b/infrastructure/terraform/modules/lambda_service_zip/variables.tf
@@ -1,6 +1,20 @@
 variable "name"             { type = string }
 variable "role_arn"         { type = string }
-variable "filename"         { type = string }
+variable "filename"         {
+    type = string
+    default = null
+    description = "Local path to zip file (mutually exclusive with s3_bucket/s3_key)"
+}
+variable "s3_bucket"        {
+    type = string
+    default = null
+    description = "S3 bucket for Lambda code (used with s3_key)"
+}
+variable "s3_key"           {
+    type = string
+    default = null
+    description = "S3 key for Lambda code (used with s3_bucket)"
+}
 variable "source_code_hash" { type = string }
 variable "handler"          { type = string }
 variable "runtime"          { type = string }