[INIT] Terraform project - cloud infrastructure (#1)

Author: devandreacarratta

.gitignore

@@ -35,3 +35,6 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+# Ignore zip files
+/src/lambda-function-python-zip/*.zip

README.md

@@ -1,2 +1,51 @@
-# aws-terraform-static-hosting-cloudfront
+# Terraform AWS Serverless Project: S3 + CloudFront + Lambda + DynamoDB
+
 Terraform project to provision static hosting on AWS S3 and deliver content securely via CloudFront CDN.
+
+## 📌 Infrastructure Overview
+
+This project provisions the following resources on AWS:
+
+- **S3 Bucket**: static website hosting
+- **CloudFront Distribution**: global CDN with HTTPS support
+- **DynamoDB Table**: to store product data
+- **Lambda Function**: `get_products`: read items from DynamoDB  
+- **Lambda Function**: `post_products`: write items into DynamoDB  
+
+### Architecture Diagram
+![Infrastructure Diagram](src/infra/graph.png)
+
+## Project structure:
+
+The project is under the src folder.
+
+- **infra**: contains all Terraform files; run `terraform` commands from here  
+- **infra-modules**: reusable Terraform modules for resources  
+- **lambda-function-python**: Python source code for Lambda functions  
+- **lambda-function-python-zip**: folder used by Terraform to generate Lambda ZIPs  
+- **web-template**: static web templates to be uploaded to S3  
+
+## 🚀 Commands
+
+Initialize, plan and apply:
+
+```bash
+terraform init
+terraform plan -var-file=variables/dev.tfvars
+terraform apply -var-file=variables/dev.tfvars
+```
+
+Destroy infrastructure:
+
+```bash
+terraform destroy -var-file=variables/dev.tfvars
+```
+
+## Future Enhancements  
+Stay tuned! This project will be extended with new features and improvements, making it an even more complete serverless case study. 🚀  
+
+## License
+This project is licensed under the **MIT License**. Use at your own risk. If something breaks, **it's your problem!** 😆
+
+---
+🚀 Happy Coding!

src/infra-modules/dynamodb_table/main.tf

@@ -0,0 +1,17 @@
+resource "aws_dynamodb_table" "dynamodb_table" {
+  name         = var.table_name
+  billing_mode = var.table_billing_mode
+  hash_key     = var.table_hash_key
+
+  attribute {
+    name = var.table_attribute_name
+    type = var.table_attribute_type
+  }
+
+  tags = var.tags
+
+  lifecycle {
+    ignore_changes = [tags]
+  }
+}
+

src/infra-modules/dynamodb_table/output.tf

@@ -0,0 +1,7 @@
+output "arn_value" {
+  value = aws_dynamodb_table.dynamodb_table.arn
+}
+
+output "name_value" {
+  value = aws_dynamodb_table.dynamodb_table.name
+}

src/infra-modules/dynamodb_table/variables.tf

@@ -0,0 +1,34 @@
+variable "table_name" {
+  type     = string
+  nullable = false
+}
+
+variable "table_billing_mode" {
+  type     = string
+  nullable = false
+  default  = "PAY_PER_REQUEST"
+}
+
+variable "table_hash_key" {
+  type     = string
+  nullable = false
+  default  = "Id"
+}
+
+variable "table_attribute_name" {
+  type     = string
+  nullable = false
+  default  = "Id"
+}
+
+variable "table_attribute_type" {
+  type     = string
+  nullable = false
+  default  = "S"
+}
+
+variable "tags" {
+  type     = map(string)
+  default  = {}
+  nullable = true
+}

src/infra-modules/iam_role_policy/main.tf

@@ -0,0 +1,26 @@
+
+resource "aws_iam_role" "iam_roles" {
+  for_each = var.roles
+
+  name               = each.value.name
+  assume_role_policy = each.value.assume_role_policy
+}
+
+resource "aws_iam_policy" "iam_policies" {
+  for_each = merge([
+    for role_key, role in var.roles : {
+      for idx, policy in role.policies : "${role_key}-${idx}" => policy
+    } if length(role.policies) > 0
+  ]...)
+
+  name        = each.value.name
+  description = each.value.description
+  policy      = each.value.policy
+}
+
+resource "aws_iam_role_policy_attachment" "iam_role_attachments" {
+  for_each = { for key, policy in aws_iam_policy.iam_policies : key => policy }
+
+  role       = var.roles[split("-", each.key)[0]].name
+  policy_arn = each.value.arn
+}

src/infra-modules/iam_role_policy/output.tf

@@ -0,0 +1,8 @@
+
+output "iam_role_arns" {
+  value = { for role_key, role in aws_iam_role.iam_roles : role_key => role.arn }
+}
+
+output "iam_policy_arns" {
+  value = { for role_key, policy in aws_iam_policy.iam_policies : role_key => policy.arn }
+}

src/infra-modules/iam_role_policy/variables.tf

@@ -0,0 +1,12 @@
+variable "roles" {
+  description = "Map of IAM roles with policies."
+  type = map(object({
+    name               = string
+    assume_role_policy = string
+    policies = list(object({
+      name        = string
+      description = string
+      policy      = string
+    }))
+  }))
+}

src/infra-modules/lambda_function/main.tf

@@ -0,0 +1,23 @@
+resource "aws_lambda_function" "lambda_function" {
+  function_name    = var.lambda_function_name
+  role             = var.lambda_role_arn
+  handler          = var.lambda_handler
+  runtime          = var.lambda_runtime
+  filename         = var.lambda_filename
+  source_code_hash = filebase64sha256(var.lambda_filename)
+  timeout          = var.lambda_timeout
+  tags             = var.tags
+
+  lifecycle {
+    # ignore_changes = [source_code_hash]
+    ignore_changes = [tags]
+  }
+
+  logging_config {
+    log_format = "Text"
+  }
+
+  environment {
+    variables = var.lambda_environment_variables
+  }
+}

src/infra-modules/lambda_function/output.tf

@@ -0,0 +1,11 @@
+output "function_name_value" {
+  value = aws_lambda_function.lambda_function.function_name
+}
+
+output "arn_value" {
+  value = aws_lambda_function.lambda_function.arn
+}
+
+output "invoke_arn_value" {
+  value = aws_lambda_function.lambda_function.invoke_arn
+}