terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "eu-west-1"
}

# Create a VPC
resource "aws_vpc" "vpc_standout" {
  cidr_block = "10.0.0.0/16"
}

# create an s3 bucket for data
resource "aws_s3_bucket" "s3_standout" {
  bucket = "standout-data"
  force_destroy = true
}

resource "aws_s3_bucket_ownership_controls" "s3_standout_ownership" {
  bucket = aws_s3_bucket.s3_standout.id
  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}

resource "aws_s3_bucket_public_access_block" "s3_standout_public_access" {
  bucket = aws_s3_bucket.s3_standout.id

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

resource "aws_s3_bucket_acl" "s3_standout_public_acl" {
  depends_on = [
    aws_s3_bucket_ownership_controls.s3_standout_ownership,
    aws_s3_bucket_public_access_block.s3_standout_public_access,
  ]

  bucket = aws_s3_bucket.s3_standout.id
  acl    = "public-read"
}

resource "aws_s3_bucket_policy" "s3_standout_policy" {
  bucket = aws_s3_bucket.s3_standout.id
  policy = data.aws_iam_policy_document.s3_standout_allow_lambda.json
}

data "aws_iam_policy_document" "s3_standout_allow_lambda" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    actions = [
      "s3:Get*",
      "s3:List*",
      "s3:Put*"
    ]

    resources = [
      "${aws_s3_bucket.s3_standout.arn}/*",
    ]
  }
}

# create a redirect lambda function

data "aws_iam_policy_document" "lambda_role" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }

    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "iam_for_lambda" {
  name               = "iam_for_lambda"
  assume_role_policy = data.aws_iam_policy_document.lambda_role.json
}

data "archive_file" "lambda_standout_code" {
  type        = "zip"
  source_file = "./lambda_redirect/lambda_redirect.py"
  output_path = "standout_lambda_function.zip"
}

resource "aws_lambda_function" "lambda_standout_redirect" {
  # If the file is not in the current working directory you will need to include a
  # path.module in the filename.
  filename      = "standout_lambda_function.zip"
  function_name = "standout-redirect"
  role          = aws_iam_role.iam_for_lambda.arn
  handler       = "lambda_handler"

  source_code_hash = data.archive_file.lambda_standout_code.output_base64sha256

  runtime = "python3.10"

  #environment {
  #  variables = {
  #    foo = "bar"
  #  }
  #}
}

# create a route 53 configuration