diff --git a/.github/workflows/_deploy_lambda.yml b/.github/workflows/_deploy_lambda.yml
index 6d1430a2..3cef705e 100644
--- a/.github/workflows/_deploy_lambda.yml
+++ b/.github/workflows/_deploy_lambda.yml
@@ -16,12 +16,14 @@ on:
         type: string
 
       ecr_repo:
-        required: true
+        required: false
         type: string
+        default: ''
 
       image_digest:
-        required: true
+        required: false
         type: string
+        default: ''
 
       terraform_apply:
         required: false
@@ -119,11 +121,21 @@ jobs:
           TF_VAR_google_solar_api_key: ${{ secrets.TF_VAR_google_solar_api_key }}
           TF_VAR_ordnance_survey_api_key: ${{ secrets.TF_VAR_ordnance_survey_api_key}}
         run: |
+          ECR_REPO_URL_VAR=""
+          if [[ -n "${{ inputs.ecr_repo }}" ]]; then
+            ECR_REPO_URL_VAR="-var=ecr_repo_url=${{ steps.repo.outputs.ecr_repo_url }}"
+          fi
+
+          IMAGE_DIGEST_VAR=""
+          if [[ -n "${{ inputs.ecr_repo }}" ]]; then
+            IMAGE_DIGEST_VAR="-var=image_digest=${{ inputs.image_digest }}"
+          fi
+
           terraform plan \
             -var="stage=${{ inputs.stage }}" \
             -var="lambda_name=${{ inputs.lambda_name }}" \
-            -var="ecr_repo_url=${{ steps.repo.outputs.ecr_repo_url }}" \
-            -var="image_digest=${{ inputs.image_digest }}" \
+            $ECR_REPO_URL_VAR \
+            $IMAGE_DIGEST_VAR \
             -out=lambdaplan
 
       - name: Terraform Apply
@@ -145,8 +157,12 @@ jobs:
           TF_VAR_google_solar_api_key: ${{ secrets.TF_VAR_google_solar_api_key }}
           TF_VAR_ordnance_survey_api_key: ${{ secrets.TF_VAR_ordnance_survey_api_key}}
         run: |
+          EXTRA_VARS=""
+          if [[ -n "${{ inputs.ecr_repo }}" ]]; then
+            EXTRA_VARS="-var=ecr_repo_url=${{ steps.repo.outputs.ecr_repo_url }} -var=image_digest=${{ inputs.image_digest }}"
+          fi
+
           terraform destroy -auto-approve \
             -var="stage=${{ inputs.stage }}" \
             -var="lambda_name=${{ inputs.lambda_name }}" \
-            -var="ecr_repo_url=${{ steps.repo.outputs.ecr_repo_url }}" \
-            -var="image_digest=${{ inputs.image_digest }}"
+            $EXTRA_VARS
diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml
index 596ab82d..6291dd2a 100644
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@@ -41,7 +41,7 @@ jobs:
           fi
 
   # ============================================================
-  # 1️⃣ Shared Terraform (infra)
+  # Shared Terraform (infra)
   # ============================================================
   shared_terraform:
     needs: determine_stage
@@ -77,9 +77,74 @@ jobs:
         if: env.TERRAFORM_APPLY == 'true'
         working-directory: infrastructure/terraform/shared
         run: terraform apply -auto-approve tfplan
+
+  # ============================================================
+  # Ara Engine image and Push
+  # ============================================================
+  ara_engine_image:
+    needs: [determine_stage, shared_terraform]
+    uses: ./.github/workflows/_build_image.yml
+    with:
+      ecr_repo: engine-${{ needs.determine_stage.outputs.stage }}
+      dockerfile_path: backend/docker/engine.Dockerfile
+      build_context: .
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+
+  # ============================================================
+  # Deploy Ara Engine Lambda
+  # ============================================================
+  ara_engine_lambda:
+    needs: [ara_engine_image, determine_stage]
+    uses: ./.github/workflows/_deploy_lambda.yml
+    with:
+      lambda_name: ara_engine
+      lambda_path: infrastructure/terraform/lambda/engine
+      stage: ${{ needs.determine_stage.outputs.stage }}
+      ecr_repo: engine-${{ needs.determine_stage.outputs.stage }}
+      image_digest: ${{ needs.ara_engine_image.outputs.image_digest }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      TF_VAR_db_host: ${{ secrets.DEV_DB_HOST }}
+      TF_VAR_db_name: ${{ secrets.DEV_DB_NAME }}
+      TF_VAR_db_port: ${{ secrets.DEV_DB_PORT }}
+      TF_VAR_api_key: ${{ secrets.DEV_API_KEY }}
+      TF_VAR_secret_key: ${{ secrets.DEV_SECRET_KEY }}
+      TF_VAR_domain_name: ${{ secrets.DEV_DOMAIN_NAME }}
+      TF_VAR_epc_auth_token: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
+      TF_VAR_google_solar_api_key: ${{ secrets.DEV_GOOGLE_SOLAR_API_KEY }}
+
+  # ============================================================
+  # Deploy FastAPI Lambda
+  # ============================================================
+  fast_api_lambda:
+    needs: [determine_stage]
+    uses: ./.github/workflows/_deploy_lambda.yml
+    with:
+      lambda_name: ara_fast_api
+      lambda_path: infrastructure/terraform/lambda/fast-api
+      stage: ${{ needs.determine_stage.outputs.stage }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      TF_VAR_db_host: ${{ secrets.DEV_DB_HOST }}
+      TF_VAR_db_name: ${{ secrets.DEV_DB_NAME }}
+      TF_VAR_db_port: ${{ secrets.DEV_DB_PORT }}
+      TF_VAR_api_key: ${{ secrets.DEV_API_KEY }}
+      TF_VAR_secret_key: ${{ secrets.DEV_SECRET_KEY }}
+      TF_VAR_domain_name: ${{ secrets.DEV_DOMAIN_NAME }}
+      TF_VAR_epc_auth_token: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
+      TF_VAR_google_solar_api_key: ${{ secrets.DEV_GOOGLE_SOLAR_API_KEY }}
  
   # ============================================================
-  # 2️⃣ Build Address 2 UPRN image and Push
+  # Build Address 2 UPRN image and Push
   # ============================================================
   address2uprn_image:
     needs: [determine_stage, shared_terraform]
@@ -103,7 +168,7 @@ jobs:
       EPC_AUTH_TOKEN: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
 
   # ============================================================
-  # 3️⃣ Deploy Address 2 UPRN Lambda
+  # Deploy Address 2 UPRN Lambda
   # ============================================================
   address2uprn_lambda:
     needs: [address2uprn_image, determine_stage]
@@ -122,7 +187,7 @@ jobs:
 
 
   # ============================================================
-  # 2️⃣ Build Postcode Splitter image and Push
+  # Build Postcode Splitter image and Push
   # ============================================================
   postcodeSplitter_image:
     needs: [determine_stage, shared_terraform]
@@ -144,7 +209,7 @@ jobs:
       DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
 
   # ============================================================
-  # 3️⃣ Deploy Postcode Splitter Lambda
+  # Deploy Postcode Splitter Lambda
   # ============================================================
   postcodeSplitter_lambda:
     needs: [postcodeSplitter_image, determine_stage, address2uprn_lambda]
@@ -242,48 +307,7 @@ jobs:
       AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
 
   # ============================================================
-  # Ara Engine image and Push
-  # ============================================================
-  ara_engine_image:
-    needs: [determine_stage, shared_terraform]
-    uses: ./.github/workflows/_build_image.yml
-    with:
-      ecr_repo: engine-${{ needs.determine_stage.outputs.stage }}
-      dockerfile_path: backend/docker/engine.Dockerfile
-      build_context: .
-    secrets:
-      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
-
-  # ============================================================
-  # Deploy Ara Engine Lambda
-  # ============================================================
-  ara_engine_lambda:
-    needs: [ara_engine_image, determine_stage]
-    uses: ./.github/workflows/_deploy_lambda.yml
-    with:
-      lambda_name: ara_engine
-      lambda_path: infrastructure/terraform/lambda/engine
-      stage: ${{ needs.determine_stage.outputs.stage }}
-      ecr_repo: engine-${{ needs.determine_stage.outputs.stage }}
-      image_digest: ${{ needs.ara_engine_image.outputs.image_digest }}
-      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
-    secrets:
-      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
-      TF_VAR_db_host: ${{ secrets.DEV_DB_HOST }}
-      TF_VAR_db_name: ${{ secrets.DEV_DB_NAME }}
-      TF_VAR_db_port: ${{ secrets.DEV_DB_PORT }}
-      TF_VAR_api_key: ${{ secrets.DEV_API_KEY }}
-      TF_VAR_secret_key: ${{ secrets.DEV_SECRET_KEY }}
-      TF_VAR_domain_name: ${{ secrets.DEV_DOMAIN_NAME }}
-      TF_VAR_epc_auth_token: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
-      TF_VAR_google_solar_api_key: ${{ secrets.DEV_GOOGLE_SOLAR_API_KEY }}
-
-  # ============================================================
-  # 2️⃣ Build OrdanceSurvey image and Push
+  # Build OrdanceSurvey image and Push
   # ============================================================
   ordnanceSurvey_image:
     needs: [determine_stage, shared_terraform]
@@ -305,7 +329,7 @@ jobs:
       DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
 
   # ============================================================
-  # 3️⃣ Deploy OrdanceSurvey Lambda
+  # Deploy OrdanceSurvey Lambda
   # ============================================================
   ordnanceSurvey_lambda:
     needs: [ordnanceSurvey_image, determine_stage]
@@ -322,3 +346,5 @@ jobs:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
       AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
       TF_VAR_ORDNANCE_SURVEY_API_KEY: ${{ secrets.ORDNANCE_SURVEY_API_KEY }}
+
+
diff --git a/infrastructure/terraform/lambda/categorisation/outputs.tf b/infrastructure/terraform/lambda/categorisation/outputs.tf
new file mode 100644
index 00000000..be1ac118
--- /dev/null
+++ b/infrastructure/terraform/lambda/categorisation/outputs.tf
@@ -0,0 +1,9 @@
+output "categorisation_queue_url" {
+    value       = module.lambda.queu_url
+    description = "URL of the Categorisation SQS queue"
+}
+
+output "categorisation_queue_arn" {
+    value       = module.lambda.queu_arn
+    description = "ARN of the Categorisation SQS queue"
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/lambda/engine/outputs.tf b/infrastructure/terraform/lambda/engine/outputs.tf
new file mode 100644
index 00000000..bba2046b
--- /dev/null
+++ b/infrastructure/terraform/lambda/engine/outputs.tf
@@ -0,0 +1,9 @@
+output "ara_engine_queue_url" {
+    value       = module.lambda.queu_url
+    description = "URL of the Engine SQS queue"
+}
+
+output "ara_engine_queue_arn" {
+    value       = module.lambda.queu_arn
+    description = "ARN of the Engine SQS queue"
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/lambda/fast-api/main.tf b/infrastructure/terraform/lambda/fast-api/main.tf
index 104d4a4d..0a40b14c 100644
--- a/infrastructure/terraform/lambda/fast-api/main.tf
+++ b/infrastructure/terraform/lambda/fast-api/main.tf
@@ -1,3 +1,6 @@
+############################################
+# Load Terraform State
+############################################
 data "terraform_remote_state" "shared" {
   backend = "s3"
   config = {
@@ -7,43 +10,144 @@ data "terraform_remote_state" "shared" {
   }
 }
 
-module "lambda" {
-  source = "../../modules/lambda_with_sqs"
-
-  name  = REPLACE ME #"address2uprn" for example
-  stage = var.stage
-
-  image_uri = local.image_uri
-
-  # Optional: Set maximum_concurrency to limit concurrent SQS-triggered invocations (2-1000)
-  maximum_concurrency = var.maximum_concurrency
-
-  batch_size = var.batch_size
-
-  environment = {
-    STAGE = var.stage
-    LOG_LEVEL = "info"
+data "terraform_remote_state" "engine" {
+  backend = "s3"
+  config = {
+    bucket = "ara-engine-terraform-state",
+    key = "env:/${var.stage}/teraform.tfstate"
+    region = "eu-west-2"
   }
 }
 
-# ======================================================================
-# OPTIONAL: Attach S3 IAM policy to Lambda execution role
-# ======================================================================
-# Uncomment and configure the resource below to attach S3 permissions
-#
-# Example 1: Attach existing policy from shared state
-# resource "aws_iam_role_policy_attachment" "lambda_s3_policy" {
-#   role       = module.lambda.role_name
-#   policy_arn = data.terraform_remote_state.shared.outputs.YOUR_POLICY_OUTPUT_NAME_arn
+data "terraform_remote_state" "categorisation" {
+  backend = "s3"
+  config = {
+    bucket = "categorisation-terraform-state",
+    key = "env:/${var.stage}/teraform.tfstate"
+    region = "eu-west-2"
+  }
+}
+
+############################################
+# Load Credentials
+############################################
+data "aws_secretsmanager_secret_version" "db_credentials" {
+  secret_id = "${var.stage}/assessment_model/db_credentials"
+}
+
+locals {
+  db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)
+}
+
+# data "aws_ssm_parameter" "certificate_arn" {
+#   name = "/ssl_certificate_arn"
 # }
-#
-# Example 2: Attach multiple policies
-# resource "aws_iam_role_policy_attachment" "lambda_read_policy" {
-#   role       = module.lambda.role_name
-#   policy_arn = data.terraform_remote_state.shared.outputs.postcode_splitter_s3_read_arn
-# }
-#
-# resource "aws_iam_role_policy_attachment" "lambda_write_policy" {
-#   role       = module.lambda.role_name
-#   policy_arn = data.terraform_remote_state.shared.outputs.another_policy_arn
+
+# data "aws_route53_zone" "this" {
+#   name = var.domain_name
 # }
+
+############################################
+# Install Python requirements
+############################################
+resource "null_resource" "pip_install" {
+  triggers = {
+    requirements_hash = filemd5("${path.root}/../../../../backend/app/requirements/requirements.txt")
+  }
+
+  provisioner "local-exec" {
+    command = <<EOT
+      pip install \
+        -r ${path.root}/../../../../backend/app/requirements/requirements.txt \
+        -t ${path.root}/../../../../backend/app/packages \
+        --platform manylinux2014_x86_64 \
+        --implementation cp \
+        --python-version 3.11 \
+        --only-binary=:all: \
+    EOT
+  }
+}
+
+############################################
+# FastAPI Lambda + API Gateway
+############################################
+module "fastapi" {
+  depends_on = [null_resource.pip_install]
+  source     = "../../modules/lambda_with_api_gateway"
+
+  name        = "fastapi"
+  stage       = var.stage
+  source_dir  = "${path.root}/../../../../backend"
+  handler     = "app.main.handler"
+  runtime     = "python3.11"
+  timeout     = 600
+  memory_size = 512
+
+  # domain_name     = "api.${var.domain_name}"
+  # certificate_arn = data.aws_ssm_parameter.certificate_arn.value
+  # route53_zone_id = data.aws_route53_zone.this.zone_id
+
+  environment = {
+    ENVIRONMENT    = var.stage
+    API_KEY        = var.api_key
+    SECRET_KEY     = var.secret_key
+    # DOMAIN_NAME    = var.domain_name
+    EPC_AUTH_TOKEN = var.epc_auth_token
+    GOOGLE_SOLAR_API_KEY = var.google_solar_api_key
+
+    DB_HOST     = var.db_host
+    DB_NAME     = var.db_name
+    DB_PORT     = var.db_port
+    DB_USERNAME = local.db_credentials.db_assessment_model_username
+    DB_PASSWORD = local.db_credentials.db_assessment_model_password
+
+    PLAN_TRIGGER_BUCKET             = data.terraform_remote_state.shared.outputs.retrofit_plan_trigger_bucket_name
+    DATA_BUCKET                     = data.terraform_remote_state.shared.outputs.retrofit_sap_data_bucket_name
+    SAP_PREDICTIONS_BUCKET          = data.terraform_remote_state.shared.outputs.retrofit_sap_predictions_bucket_name
+    CARBON_PREDICTIONS_BUCKET       = data.terraform_remote_state.shared.outputs.retrofit_carbon_predictions_bucket_name
+    HEAT_PREDICTIONS_BUCKET         = data.terraform_remote_state.shared.outputs.retrofit_heat_predictions_bucket_name
+    HEATING_KWH_PREDICTIONS_BUCKET  = data.terraform_remote_state.shared.outputs.retrofit_heating_kwh_predictions_bucket_name
+    HOTWATER_KWH_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_hotwater_kwh_predictions_bucket_name
+    ENERGY_ASSESSMENTS_BUCKET       = data.terraform_remote_state.shared.outputs.retrofit_energy_assessments_bucket_name
+
+    ENGINE_SQS_URL         = data.terraform_remote_state.engine.ara_engine_queue_url
+    CATEGORISATION_SQS_URL = data.terraform_remote_state.categorisation.categorisation_queue_url
+  }
+}
+
+############################################
+# IAM policy attachments
+############################################
+resource "aws_iam_role_policy_attachment" "fast_api_s3_read" {
+  role       = module.fastapi.role_name
+  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_arn
+}
+
+module "fastapi_sqs_policy" {
+  source = "../../modules/generic_iam_policy"
+
+  policy_name        = "fastapi-sqs-send-${var.stage}"
+  policy_description = "Allow FastAPI to send messages to engine & categorisation queues"
+
+  actions = [
+    "sqs:SendMessage"
+  ]
+
+  resources = [
+    data.terraform_remote_state.engine.outputs.ara_engine_queue_arn,
+    data.terraform_remote_state.categorisation.outputs.categorisation_queue_arn
+  ]
+
+  conditions = null
+
+  tags = {
+    Service = "fastapi"
+    Stage   = var.stage
+  }
+}
+
+
+resource "aws_iam_role_policy_attachment" "fastapi_sqs_read_and_write" {
+  role       = module.fastapi.role_name
+  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_and_write_arn
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/lambda/fast-api/provider.tf b/infrastructure/terraform/lambda/fast-api/provider.tf
index 37c412ce..607f4bcf 100644
--- a/infrastructure/terraform/lambda/fast-api/provider.tf
+++ b/infrastructure/terraform/lambda/fast-api/provider.tf
@@ -7,7 +7,7 @@ terraform {
   }
 
   backend "s3" {
-    bucket = REPLACE_ME
+    bucket = "ara-fast-api-terraform-state"
     key    = "terraform.tfstate"
     region = "eu-west-2"
   }
diff --git a/infrastructure/terraform/lambda/fast-api/variables.tf b/infrastructure/terraform/lambda/fast-api/variables.tf
index e7646811..d329e0ca 100644
--- a/infrastructure/terraform/lambda/fast-api/variables.tf
+++ b/infrastructure/terraform/lambda/fast-api/variables.tf
@@ -4,34 +4,41 @@ variable "lambda_name" {
 }
 
 variable "stage" {
-  description = "Deployment stage (e.g. dev, prod)"
-  type        = string
-}
-variable "ecr_repo_url" {
-  type        = string
-  description = "ECR repository URL (no tag, no digest)"
+  type = string
 }
 
-variable "image_digest" {
-  type        = string
-  description = "Image digest (sha256:...)"
+variable "db_host" {
+  type = string
 }
 
-variable "maximum_concurrency" {
-  type        = number
-  default     = null
-  description = "Maximum number of concurrent Lambda invocations from SQS (2-1000). null = no limit."
+variable "db_name" {
+  type = string
 }
 
-variable "batch_size" {
-  type    = number
-  default = 1
+variable "db_port" {
+  type = string
 }
 
-locals {
-  image_uri = "${var.ecr_repo_url}@${var.image_digest}"
+variable "api_key" {
+  type      = string
+  sensitive = true
 }
 
-output "resolved_image_uri" {
-  value = local.image_uri
+variable "secret_key" {
+  type      = string
+  sensitive = true
 }
+
+# variable "domain_name" {
+#   type = string
+# }
+
+variable "epc_auth_token" {
+  type      = string
+  sensitive = true
+}
+
+variable "google_solar_api_key" {
+  type      = string
+  sensitive = true
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_service_zip/main.tf b/infrastructure/terraform/modules/lambda_service_zip/main.tf
new file mode 100644
index 00000000..285aa9d4
--- /dev/null
+++ b/infrastructure/terraform/modules/lambda_service_zip/main.tf
@@ -0,0 +1,24 @@
+resource "aws_lambda_function" "this" {
+  function_name    = var.name
+  role             = var.role_arn
+  package_type     = "Zip"
+  filename         = var.filename
+  source_code_hash = var.source_code_hash
+  handler          = var.handler
+  runtime          = var.runtime
+  timeout          = var.timeout
+  memory_size      = var.memory_size
+  publish          = true
+
+  environment {
+    variables = var.environment
+  }
+}
+
+output "lambda_arn" {
+  value = aws_lambda_function.this.arn
+}
+
+output "function_name" {
+  value = aws_lambda_function.this.function_name
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_service_zip/variables.tf b/infrastructure/terraform/modules/lambda_service_zip/variables.tf
new file mode 100644
index 00000000..3a243c49
--- /dev/null
+++ b/infrastructure/terraform/modules/lambda_service_zip/variables.tf
@@ -0,0 +1,9 @@
+variable "name"             { type = string }
+variable "role_arn"         { type = string }
+variable "filename"         { type = string }
+variable "source_code_hash" { type = string }
+variable "handler"          { type = string }
+variable "runtime"          { type = string }
+variable "timeout"          { type = number  default = 30 }
+variable "memory_size"      { type = number  default = 128 }
+variable "environment"      { type = map(string) default = {} }
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_with_api_gateway/main.tf b/infrastructure/terraform/modules/lambda_with_api_gateway/main.tf
new file mode 100644
index 00000000..61e24c32
--- /dev/null
+++ b/infrastructure/terraform/modules/lambda_with_api_gateway/main.tf
@@ -0,0 +1,103 @@
+############################################
+# IAM role
+############################################
+module "role" {
+  source = "../lambda_execution_role"
+  name   = "${var.name}-lambda-${var.stage}"
+}
+
+############################################
+# Zip the source code
+############################################
+data "archive_file" "this" {
+  type        = "zip"
+  source_dir  = var.source_dir
+  output_path = "${path.module}/lambda_package.zip"
+  excludes    = var.zip_excludes
+}
+
+############################################
+# Lambda
+############################################
+module "lambda" {
+  source = "../lambda_service_zip"
+
+  name             = "${var.name}-${var.stage}"
+  role_arn         = module.role.role_arn
+  filename         = data.archive_file.this.output_path
+  source_code_hash = data.archive_file.this.output_base64sha256
+  handler          = var.handler
+  runtime          = var.runtime
+  timeout          = var.timeout
+  memory_size      = var.memory_size
+  environment      = var.environment
+}
+
+############################################
+# API Gateway
+############################################
+resource "aws_apigatewayv2_api" "this" {
+  name          = "${var.name}-api-${var.stage}"
+  protocol_type = "HTTP"
+}
+
+resource "aws_apigatewayv2_stage" "this" {
+  api_id      = aws_apigatewayv2_api.this.id
+  name        = "$default"
+  auto_deploy = true
+}
+
+resource "aws_apigatewayv2_integration" "this" {
+  api_id                 = aws_apigatewayv2_api.this.id
+  integration_type       = "AWS_PROXY"
+  integration_uri        = module.lambda.lambda_arn
+  payload_format_version = "2.0"
+}
+
+resource "aws_apigatewayv2_route" "catch_all" {
+  api_id    = aws_apigatewayv2_api.this.id
+  route_key = "$default"
+  target    = "integrations/${aws_apigatewayv2_integration.this.id}"
+}
+
+resource "aws_lambda_permission" "apigw_invoke" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = module.lambda.lambda_arn
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_apigatewayv2_api.this.execution_arn}/*/*"
+}
+
+############################################
+# Custom domain
+############################################
+# resource "aws_apigatewayv2_domain_name" "this" {
+#   count       = var.domain_name != null ? 1 : 0
+#   domain_name = var.domain_name
+
+#   domain_name_configuration {
+#     certificate_arn = var.certificate_arn
+#     endpoint_type   = "REGIONAL"
+#     security_policy = "TLS_1_2"
+#   }
+# }
+
+# resource "aws_apigatewayv2_api_mapping" "this" {
+#   count       = var.domain_name != null ? 1 : 0
+#   api_id      = aws_apigatewayv2_api.this.id
+#   domain_name = aws_apigatewayv2_domain_name.this[0].id
+#   stage       = aws_apigatewayv2_stage.this.id
+# }
+
+# resource "aws_route53_record" "this" {
+#   count   = var.domain_name != null ? 1 : 0
+#   name    = aws_apigatewayv2_domain_name.this[0].domain_name
+#   type    = "A"
+#   zone_id = var.route53_zone_id
+
+#   alias {
+#     name                   = aws_apigatewayv2_domain_name.this[0].domain_name_configuration[0].target_domain_name
+#     zone_id                = aws_apigatewayv2_domain_name.this[0].domain_name_configuration[0].hosted_zone_id
+#     evaluate_target_health = false
+#   }
+# }
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_with_api_gateway/outputs.tf b/infrastructure/terraform/modules/lambda_with_api_gateway/outputs.tf
new file mode 100644
index 00000000..9ced7c8b
--- /dev/null
+++ b/infrastructure/terraform/modules/lambda_with_api_gateway/outputs.tf
@@ -0,0 +1,11 @@
+output "role_name" {
+  value = module.role.role_name
+}
+
+output "api_endpoint" {
+  value = aws_apigatewayv2_stage.this.invoke_url
+}
+
+# output "custom_domain_endpoint" {
+#   value = var.domain_name != null ? "https://${var.domain_name}" : null
+# }
\ No newline at end of file
diff --git a/infrastructure/terraform/modules/lambda_with_api_gateway/variables.tf b/infrastructure/terraform/modules/lambda_with_api_gateway/variables.tf
new file mode 100644
index 00000000..1a08ff2e
--- /dev/null
+++ b/infrastructure/terraform/modules/lambda_with_api_gateway/variables.tf
@@ -0,0 +1,18 @@
+variable "name"       { type = string }
+variable "stage"      { type = string }
+variable "source_dir" { type = string }
+variable "handler"    { type = string }
+variable "runtime"    { type = string }
+
+variable "zip_excludes" {
+  type    = list(string)
+  default = ["**/__pycache__/**", "**/*.pyc", "**/.pytest_cache/**"]
+}
+
+variable "timeout"     { type = number default = 600 }
+variable "memory_size" { type = number default = 512 }
+variable "environment" { type = map(string) default = {} }
+
+variable "domain_name"     { type = string default = null }
+variable "certificate_arn" { type = string default = null }
+variable "route53_zone_id" { type = string default = null }
\ No newline at end of file
diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf
index eaacddec..f4b2cd3f 100644
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@@ -535,3 +535,29 @@ module "ara_fastapi_registry" {
   name   = "ara-fastapi"
   stage = var.stage
 }
+
+# S3 policy for FastAPI app to read and write from various S3 buckets
+module "fast_api_s3_read_and_write" {
+  source = "../modules/s3_iam_policy"
+
+  policy_name        = "FastAPIReadandWriteS3"
+  policy_description = "Allow FastAPI Lambda to read from and write to various S3 buckets"
+  bucket_arns        = [
+    "arn:aws:s3:::${module.s3_presignable_bucket.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_data.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_sap_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_carbon_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heat_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_heating_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_hotwater_kwh_predictions.bucket_name}",
+    "arn:aws:s3:::${module.retrofit_energy_assessments.bucket_name}"
+  ]
+  actions            = ["s3:GetObject", "s3:ListBucket"]
+  resource_paths     = ["/*"]
+}
+
+output "fast_api_s3_read_and_write_arn" {
+  value = module.fast_api_s3_read_and_write.policy_arn
+}
+
+