provider "aws" {
  region = var.aws_region
}

resource "aws_s3_bucket" "personal_measure" {
  bucket = var.app_root_url
  acl    = "log-delivery-write"
}

module "dev_env" {
  source = "./deployed_env"

  environment     = "dev"
  artifact_bucket = aws_s3_bucket.personal_measure
  ecr_repo        = aws_ecr_repository.personal_measure_api
}

module "prod_env" {
  source = "./deployed_env"

  environment     = "prod"
  artifact_bucket = aws_s3_bucket.personal_measure
  ecr_repo        = aws_ecr_repository.personal_measure_api
}

data "aws_iam_policy_document" "cloudfront_access_policy" {
  source_json   = "${module.dev_env.oai_access_policy.json}"
  override_json = "${module.prod_env.oai_access_policy.json}"
}

resource "aws_s3_bucket_policy" "personal_measure" {
  bucket = aws_s3_bucket.personal_measure.id
  policy = data.aws_iam_policy_document.cloudfront_access_policy.json
}