survey-extraction/deployment/extractor_and_loader_lambda.tf

# SQS queue for extractor_and_loader
resource "aws_sqs_queue" "extractor_and_loader_queue" {
  name = "extractor-loader-queue"
}

# ECR repo
resource "aws_ecr_repository" "extractor_and_loader" {
  name = "extractor_and_loader"
}

# IAM policy specific to this Lambda
resource "aws_iam_policy" "extractor_loader_policy" {
  name = "extractor-loader-policy"

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Effect = "Allow",
        Action = [
          "sqs:ReceiveMessage",
          "sqs:DeleteMessage",
          "sqs:GetQueueAttributes"
        ],
        Resource = aws_sqs_queue.extractor_and_loader_queue.arn
      },
      {
        Effect = "Allow",
        Action = [
          "ecr:GetDownloadUrlForLayer",
          "ecr:BatchGetImage",
          "ecr:BatchCheckLayerAvailability"
        ],
        Resource = aws_ecr_repository.extractor_and_loader.arn
      },
      {
        Effect = "Allow",
        Action = ["ecr:GetAuthorizationToken"],
        Resource = "*"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "extractor_loader_policy_attach" {
  role       = aws_iam_role.lambda_exec_role.name
  policy_arn = aws_iam_policy.extractor_loader_policy.arn
}

# Lambda function
resource "aws_lambda_function" "extractor_and_loader" {
  function_name = "extractor-and-loader"
  role          = aws_iam_role.lambda_exec_role.arn
  package_type  = "Image"
  image_uri     = "${aws_ecr_repository.extractor_and_loader.repository_url}:latest2"
  timeout       = 30
}

# SQS trigger
resource "aws_lambda_event_source_mapping" "extractor_and_loader_trigger" {
  event_source_arn = aws_sqs_queue.extractor_and_loader_queue.arn
  function_name    = aws_lambda_function.extractor_and_loader.arn
  batch_size       = 1
}

# ECR policy to allow Lambda access
resource "aws_ecr_repository_policy" "extractor_loader_ecr_access" {
  repository = aws_ecr_repository.extractor_and_loader.name

  policy = jsonencode({
    Version = "2008-10-17",
    Statement = [{
      Sid       = "AllowLambdaPull",
      Effect    = "Allow",
      Principal = {
        Service = "lambda.amazonaws.com"
      },
      Action = [
        "ecr:GetDownloadUrlForLayer",
        "ecr:BatchGetImage",
        "ecr:BatchCheckLayerAvailability"
      ]
    }]
  })
}


# TODO: Seperate lambda jobs from ecr creation. This is because we need to
# Create the ecr, then push images, then lambda jobs can be made