# ==============================================================================
# TEMPLATE: Lambda Configuration with Optional S3 IAM Policy
# ==============================================================================
# Instructions:
# 1. Replace "REPLACE ME" with your lambda name (e.g., "my-lambda-name")
# 2. Add any additional environment variables as needed
# 3. To attach S3 IAM policies from shared state:
#    - Uncomment the S3 policy attachment section below
#    - Update the policy_arn to match the output from shared/main.tf
#    - Available shared outputs (examples):
#      - data.terraform_remote_state.shared.outputs.condition_etl_s3_read_arn
#      - data.terraform_remote_state.shared.outputs.postcode_splitter_s3_read_arn
# 4. To create a NEW S3 policy:
#    - Add a new module "lambda_s3_policy" in shared/main.tf using the
#      s3_iam_policy module (see examples in shared/main.tf)
#    - Then reference it here using data.terraform_remote_state.shared.outputs
# ==============================================================================

data "terraform_remote_state" "shared" {
  backend = "s3"
  config = {
    bucket = "assessment-model-terraform-state"
    key = "env:/${var.stage}/terraform.tfstate"
    region = "eu-west-2"
  }
}

module "lambda" {
  source = "../modules/lambda_with_sqs"

  name  = REPLACE ME #"address2uprn" for example
  stage = var.stage

  image_uri = local.image_uri


  environment = {
    STAGE = var.stage
    LOG_LEVEL = "info"
  }
}

# ======================================================================
# OPTIONAL: Attach S3 IAM policy to Lambda execution role
# ======================================================================
# Uncomment and configure the resource below to attach S3 permissions
#
# Example 1: Attach existing policy from shared state
# resource "aws_iam_role_policy_attachment" "lambda_s3_policy" {
#   role       = module.lambda.role_name
#   policy_arn = data.terraform_remote_state.shared.outputs.YOUR_POLICY_OUTPUT_NAME_arn
# }
#
# Example 2: Attach multiple policies
# resource "aws_iam_role_policy_attachment" "lambda_read_policy" {
#   role       = module.lambda.role_name
#   policy_arn = data.terraform_remote_state.shared.outputs.postcode_splitter_s3_read_arn
# }
#
# resource "aws_iam_role_policy_attachment" "lambda_write_policy" {
#   role       = module.lambda.role_name
#   policy_arn = data.terraform_remote_state.shared.outputs.another_policy_arn
# }