provider "aws" {
  region = var.aws_region
}

resource "aws_s3_bucket" "hff_entry_forms" {
  bucket = var.app_root_url
  acl    = "log-delivery-write"
}

module "dev_env" {
  source = "./deployed_env"

  environment                 = "dev"
  api_certificate_arn         = var.api_certificate_arn
  artifact_bucket             = aws_s3_bucket.hff_entry_forms
  cloudfront_certificate_arn  = var.cloudfront_certificate_arn
  ecr_repo                    = aws_ecr_repository.hff_entry_forms_api
  target_port                 = 6005
}

module "prod_env" {
  source = "./deployed_env"

  environment                 = "prod"
  api_certificate_arn         = var.api_certificate_arn
  artifact_bucket             = aws_s3_bucket.hff_entry_forms
  cloudfront_certificate_arn  = var.cloudfront_certificate_arn
  ecr_repo                    = aws_ecr_repository.hff_entry_forms_api
  target_port                 = 6006
}

data "aws_iam_policy_document" "cloudfront_access_policy" {
  source_policy_documents = [
    module.dev_env.oai_access_policy.json,
    module.prod_env.oai_access_policy.json
  ]
}

resource "aws_s3_bucket_policy" "hff_entry_forms" {
  bucket = aws_s3_bucket.hff_entry_forms.id
  policy = data.aws_iam_policy_document.cloudfront_access_policy.json
}