provider "aws" {
  region = var.aws_region
}

resource "aws_s3_bucket" "personal_measure" {
  bucket = "${var.app_root_url}"
  acl    = "log-delivery-write"
}

resource "aws_dynamodb_table" "dynamodb_terraform-state-lock" {
  name = "terraform-state-lock.${var.app_root_url}"
  hash_key = "LockID"
  read_capacity = 20
  write_capacity = 20

  attribute {
    name = "LockID"
    type = "S"
  }

  tags = {
    Name = "Terraform DynamoDB State Lock Table"
  }
}

module "dev_env" {
  source = "./deployed_env"
  
  environment = "dev"
  artifact_bucket = aws_s3_bucket.personal_measure
  cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
}

module "prod_env" {
  source = "./deployed_env"
  
  environment = "prod"
  artifact_bucket = aws_s3_bucket.personal_measure
  cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c"
}

data "aws_iam_policy_document" "cloudfront_access_policy" {
  source_json   = "${module.dev_env.oai_access_policy.json}"
  override_json = "${module.prod_env.oai_access_policy.json}"
}

resource "aws_s3_bucket_policy" "personal_measure" {
  bucket = "${aws_s3_bucket.personal_measure.id}"
  policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}"
}