survey-extraction/deployment/lambda/lambda_example/lambda_example_and_config.tf

# SQS queue for lambda_example
resource "aws_sqs_queue" "lambda_example_queue" {
  name = "lambda-example-queue"
}



# Custom IAM policy specific to lambda_example
resource "aws_iam_policy" "lambda_example_policy" {
  name = "lambda-example-policy"

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect = "Allow",
        Action = [
          "sqs:ReceiveMessage",
          "sqs:DeleteMessage",
          "sqs:GetQueueAttributes"
        ],
        Resource = aws_sqs_queue.lambda_example_queue.arn
      },
      {
        Effect = "Allow",
        Action = [
          "ecr:GetDownloadUrlForLayer",
          "ecr:BatchGetImage",
          "ecr:BatchCheckLayerAvailability"
        ],
        Resource = aws_ecr_repository.lambda_example.arn
      },
      {
        Effect = "Allow",
        Action = ["ecr:GetAuthorizationToken"],
        Resource = "*"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "lambda_example_policy_attach" {
  role       = aws_iam_role.lambda_exec_role.name
  policy_arn = aws_iam_policy.lambda_example_policy.arn
}

# Lambda function
resource "aws_lambda_function" "lambda_example" {
  function_name = "lambda-example"
  role          = aws_iam_role.lambda_exec_role.arn
  package_type  = "Image"
  image_uri     = "${aws_ecr_repository.lambda_example.repository_url}:latest"
  timeout       = 10
}

# SQS trigger
resource "aws_lambda_event_source_mapping" "lambda_example_trigger" {
  event_source_arn = aws_sqs_queue.lambda_example_queue.arn
  function_name    = aws_lambda_function.lambda_example.arn
  batch_size       = 1
}