From cedca9d1ac34de3d1ad69cc496f5eeddcbb53abb Mon Sep 17 00:00:00 2001
From: emmy-github-webdev <ogahemmanuel75@gmail.com>
Date: Sat, 13 Dec 2025 08:47:11 +0100
Subject: [PATCH 1/4] Tested and fixed tfstate store

---
 terraform/apigw.tf                          |  37 ++++++++++
 terraform/backend-prod.tfvars               |   4 ++
 terraform/backend-staging.tfvars            |   4 ++
 terraform/backend.tfvars                    |   5 --
 terraform/iam.tf                            |  45 +++++++++++++
 terraform/lambda.tf                         |  28 ++++++++
 terraform/lambda_package/staging-lambda.zip | Bin 0 -> 745 bytes
 terraform/main.tf                           |  71 +++-----------------
 terraform/modules/api-gateway/main.tf       |  62 -----------------
 terraform/modules/api-gateway/outputs.tf    |  14 ----
 terraform/modules/api-gateway/variables.tf  |  14 ----
 terraform/modules/dynamodb/main.tf          |  17 -----
 terraform/modules/dynamodb/outputs.tf       |   9 ---
 terraform/modules/dynamodb/variables.tf     |   9 ---
 terraform/modules/iam/main.tf               |  58 ----------------
 terraform/modules/iam/outputs.tf            |   9 ---
 terraform/modules/iam/variables.tf          |  14 ----
 terraform/modules/lambda/main.tf            |  33 ---------
 terraform/modules/lambda/outputs.tf         |  14 ----
 terraform/modules/lambda/variables.tf       |  29 --------
 terraform/outputs.tf                        |  19 ++----
 terraform/prod.tfvars                       |   5 +-
 terraform/provider.tf                       |  14 ++++
 terraform/staging.tfvars                    |   5 +-
 terraform/variables.tf                      |  34 ++++------
 25 files changed, 165 insertions(+), 388 deletions(-)
 create mode 100644 terraform/apigw.tf
 create mode 100644 terraform/backend-prod.tfvars
 create mode 100644 terraform/backend-staging.tfvars
 delete mode 100644 terraform/backend.tfvars
 create mode 100644 terraform/iam.tf
 create mode 100644 terraform/lambda.tf
 create mode 100644 terraform/lambda_package/staging-lambda.zip
 delete mode 100644 terraform/modules/api-gateway/main.tf
 delete mode 100644 terraform/modules/api-gateway/outputs.tf
 delete mode 100644 terraform/modules/api-gateway/variables.tf
 delete mode 100644 terraform/modules/dynamodb/main.tf
 delete mode 100644 terraform/modules/dynamodb/outputs.tf
 delete mode 100644 terraform/modules/dynamodb/variables.tf
 delete mode 100644 terraform/modules/iam/main.tf
 delete mode 100644 terraform/modules/iam/outputs.tf
 delete mode 100644 terraform/modules/iam/variables.tf
 delete mode 100644 terraform/modules/lambda/main.tf
 delete mode 100644 terraform/modules/lambda/outputs.tf
 delete mode 100644 terraform/modules/lambda/variables.tf
 create mode 100644 terraform/provider.tf

diff --git a/terraform/apigw.tf b/terraform/apigw.tf
new file mode 100644
index 0000000..cdab2ce
--- /dev/null
+++ b/terraform/apigw.tf
@@ -0,0 +1,37 @@
+resource "aws_apigatewayv2_api" "http_api" {
+  name          = "${var.env}-health-check-api"
+  protocol_type = "HTTP"
+}
+
+resource "aws_apigatewayv2_integration" "lambda_integration" {
+  api_id           = aws_apigatewayv2_api.http_api.id
+  integration_type = "AWS_PROXY"
+  integration_uri  = aws_lambda_function.health_check.arn
+  payload_format_version = "2.0"
+}
+
+resource "aws_apigatewayv2_route" "health_route" {
+  api_id    = aws_apigatewayv2_api.http_api.id
+  route_key = "GET /health"
+  target    = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
+}
+
+resource "aws_apigatewayv2_route" "health_route_post" {
+  api_id    = aws_apigatewayv2_api.http_api.id
+  route_key = "POST /health"
+  target    = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
+}
+
+resource "aws_apigatewayv2_stage" "default_stage" {
+  api_id      = aws_apigatewayv2_api.http_api.id
+  name        = "$default"
+  auto_deploy = true
+}
+
+resource "aws_lambda_permission" "allow_apigw" {
+  statement_id  = "${var.env}-allow-apigw"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.health_check.function_name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_apigatewayv2_api.http_api.execution_arn}/*/*"
+}
diff --git a/terraform/backend-prod.tfvars b/terraform/backend-prod.tfvars
new file mode 100644
index 0000000..15f092c
--- /dev/null
+++ b/terraform/backend-prod.tfvars
@@ -0,0 +1,4 @@
+bucket         = "serverlesshealthcheckapi"
+key            = "serverless-health-check-api/prod/tfstate"
+region         = "us-east-1"
+encrypt        = true
diff --git a/terraform/backend-staging.tfvars b/terraform/backend-staging.tfvars
new file mode 100644
index 0000000..edb423e
--- /dev/null
+++ b/terraform/backend-staging.tfvars
@@ -0,0 +1,4 @@
+bucket         = "serverlesshealthcheckapi"
+key            = "serverless-health-check-api/staging/tfstate"
+region         = "us-east-1"
+encrypt        = true
diff --git a/terraform/backend.tfvars b/terraform/backend.tfvars
deleted file mode 100644
index 71aaf90..0000000
--- a/terraform/backend.tfvars
+++ /dev/null
@@ -1,5 +0,0 @@
-# bucket         = "serverlesshealthcheckapi"
-# key            = "health-check-app/terraform.tfstate"
-# region         = "us-east-1"
-# encrypt        = true
-# dynamodb_table = "terraform-locks"
\ No newline at end of file
diff --git a/terraform/iam.tf b/terraform/iam.tf
new file mode 100644
index 0000000..ec28e5b
--- /dev/null
+++ b/terraform/iam.tf
@@ -0,0 +1,45 @@
+data "aws_iam_policy_document" "lambda_assume_role" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "${var.env}-health-check-lambda-role"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+  tags = {
+    Environment = var.env
+  }
+}
+
+resource "aws_iam_role_policy" "lambda_policy" {
+  name = "${var.env}-health-check-lambda-policy"
+  role = aws_iam_role.lambda_role.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "dynamodb:PutItem"
+        ]
+        Resource = aws_dynamodb_table.requests.arn
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "arn:aws:logs:*:*:*"
+      }
+    ]
+  })
+}
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
new file mode 100644
index 0000000..9c7261f
--- /dev/null
+++ b/terraform/lambda.tf
@@ -0,0 +1,28 @@
+data "archive_file" "lambda_zip" {
+  type        = "zip"
+  output_path = "${path.module}/lambda_package/${var.env}-lambda.zip"
+
+  source {
+    content  = file("${path.module}/../lambda/lambda_function.py")
+    filename = "lambda_function.py"
+  }
+}
+
+resource "aws_lambda_function" "health_check" {
+  function_name = "${var.env}-health-check-function"
+  filename      = data.archive_file.lambda_zip.output_path
+  handler       = var.lambda_handler
+  runtime       = var.lambda_runtime
+  role          = aws_iam_role.lambda_role.arn
+  source_code_hash = data.archive_file.lambda_zip.output_base64sha256
+
+  environment {
+    variables = {
+      REQUESTS_TABLE = aws_dynamodb_table.requests.name
+    }
+  }
+
+  tags = {
+    Environment = var.env
+  }
+}
diff --git a/terraform/lambda_package/staging-lambda.zip b/terraform/lambda_package/staging-lambda.zip
new file mode 100644
index 0000000000000000000000000000000000000000..fade2416ba888ddc40276bc2e72a4927272bebbe
GIT binary patch
literal 745
zcmWIWW@Zs#-~d8&AOsZ1Nz6@3NsLb`%}XxH%+J#+sGJk*pMBd;V6XHa*|xue5g&`M
zT(B2!<p25DLBV(B<G3or?6)`Wh207*clY!8P_DmulFm(A5v}I6H)mFUzPE3qruK8r
zSGQh#T)|t%lHPyt)WqKfJuw#h#PT*9mKn>f-K*`W?PR3tH2dwNj~({iuV){>`RV1a
z&pgW>ICYh!@7es4&9m$0o7dZKetuLbx%vo;OKyGC_auGKwOk^c$}jeYF1@Th!>lK$
z|KL?Scg<ZQ;>Y-AIF(P+`{D5Iv$906JO5=r=Fb&9=|(R%Wja(HkrmsdT~)E`|D}S1
zrXs6iGPmB*TFw1Ms5~Q+Y3Jsa^;1$F3o;z2|Bz4|F15Qc;=+B&^xKxl*3A_uK6CL+
zfO)HA42xl>+mc;+t1s|)Jo>@*^V(u1mj3-&JS;i#>bEK~O?(t5On;MeDqdc7dvUL#
zP9j&n?~#6ksFdb=Cl!wBu?3~7Zd$y0WvRZAr*A>_b8lCp#{Z5r;)nO0h)C&O@a)fp
z%k^Qq=h;~9=x)1v*QD~(?=|gR%a(=udZ+2hbDY-PuUdQZWUSG)ypT8+w*Kjs0qp9(
z5B&WxE7{ec+x}Q&0HeWgX8GNFM82OASt0rNsPv(QZP#pNK797ry8W>Bb9a`YkoM^1
zfhiwezRD_^7H_#%{AL0Fy<2h<8y()yeg5COQ*i}va><saTOY4&ofTZ@ac<%E6(&{3
zDuuW2*)~m2{I^!qid9-Z>mpuQ&(r0r{e0kXrLxwQ%09)C-{pE=LZ18<o>(uq!!`6m
zS-o1}y*%HivgciSPq`gk5v*r>`>F8D|0=%?<o@z8F#P`?;LXl4)8Ly=FcSlVIx7Q1
mfHxzP2m>NfBFljiB`Uy7q5<BlY#=p^K<EIZCj-r8U;qHAkv<{-

literal 0
HcmV?d00001

diff --git a/terraform/main.tf b/terraform/main.tf
index 60f09a3..38f8f5c 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,64 +1,15 @@
-terraform {
-  required_version = ">= 1.0"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-  }
-}
-
-provider "aws" {
-  region = var.aws_region
-
-  default_tags {
-    tags = local.common_tags
+resource "aws_dynamodb_table" "requests" {
+  name         = "${var.env}-requests-db"
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "id"
+
+  attribute {
+    name = "id"
+    type = "S"
   }
-}
 
-locals {
-  common_tags = {
-    Environment = var.environment
-    Project     = var.project_name
-    ManagedBy   = "Terraform"
-    CreatedAt   = timestamp()
+  tags = {
+    Environment = var.env
+    Name        = "${var.env}-requests-db"
   }
 }
-
-# DynamoDB Module
-module "dynamodb" {
-  source      = "./modules/dynamodb"
-  environment = var.environment
-  common_tags = local.common_tags
-}
-
-# IAM Module
-module "iam" {
-  source = "./modules/iam"
-
-  environment        = var.environment
-  dynamodb_table_arn = module.dynamodb.table_arn
-  common_tags        = local.common_tags
-}
-
-# API Gateway Module
-module "api_gateway" {
-  source            = "./modules/api-gateway"
-  environment       = var.environment
-  lambda_invoke_arn = module.lambda.function_invoke_arn
-  common_tags       = local.common_tags
-}
-
-# Lambda Module
-module "lambda" {
-  source                    = "./modules/lambda"
-  environment               = var.environment
-  lambda_role_arn           = module.iam.lambda_role_arn
-  dynamodb_table_name       = module.dynamodb.table_name
-  api_gateway_execution_arn = module.api_gateway.execution_arn
-  lambda_funtion_dir        = var.lambda_funtion_dir
-  common_tags               = local.common_tags
-  # depends_on = [module.api_gateway]
-}
-
diff --git a/terraform/modules/api-gateway/main.tf b/terraform/modules/api-gateway/main.tf
deleted file mode 100644
index 8152db3..0000000
--- a/terraform/modules/api-gateway/main.tf
+++ /dev/null
@@ -1,62 +0,0 @@
-resource "aws_apigatewayv2_api" "health_api" {
-  name          = "${var.environment}-serverless-health-check-api"
-  protocol_type = "HTTP"
-
-  cors_configuration {
-    allow_origins = ["*"]
-    allow_methods = ["GET", "POST", "OPTIONS"]
-    allow_headers = ["*"]
-  }
-
-  tags = var.common_tags
-}
-
-resource "aws_apigatewayv2_integration" "lambda_integration" {
-  api_id           = aws_apigatewayv2_api.health_api.id
-  integration_type = "AWS_PROXY"
-  integration_method = "POST"
-  payload_format_version = "2.0"
-  integration_uri  = var.lambda_invoke_arn
-  depends_on = []
-}
-
-resource "aws_apigatewayv2_route" "health_route_get" {
-  api_id    = aws_apigatewayv2_api.health_api.id
-  route_key = "GET /health"
-  target    = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
-}
-
-resource "aws_apigatewayv2_route" "health_route_post" {
-  api_id    = aws_apigatewayv2_api.health_api.id
-  route_key = "POST /health"
-  target    = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
-}
-
-resource "aws_apigatewayv2_stage" "default" {
-  api_id      = aws_apigatewayv2_api.health_api.id
-  name        = "$default"
-  auto_deploy = true
-
-  access_log_settings {
-    destination_arn = aws_cloudwatch_log_group.api_gateway_logs.arn
-    format = jsonencode({
-      requestId      = "$context.requestId"
-      ip             = "$context.identity.sourceIp"
-      requestTime    = "$context.requestTime"
-      httpMethod     = "$context.httpMethod"
-      resourcePath   = "$context.resourcePath"
-      status         = "$context.status"
-      protocol       = "$context.protocol"
-      responseLength = "$context.responseLength"
-    })
-  }
-
-  tags = var.common_tags
-}
-
-resource "aws_cloudwatch_log_group" "api_gateway_logs" {
-  name              = "/aws/apigateway/${var.environment}-serverless-health-check-api"
-  retention_in_days = 7
-
-  tags = var.common_tags
-}
diff --git a/terraform/modules/api-gateway/outputs.tf b/terraform/modules/api-gateway/outputs.tf
deleted file mode 100644
index fc6da1c..0000000
--- a/terraform/modules/api-gateway/outputs.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-output "api_endpoint" {
-  description = "The endpoint URL of the API Gateway"
-  value       = "${aws_apigatewayv2_api.health_api.api_endpoint}/"
-}
-
-output "api_id" {
-  description = "The ID of the API Gateway"
-  value       = aws_apigatewayv2_api.health_api.id
-}
-
-output "execution_arn" {
-  description = "The execution ARN of the API Gateway"
-  value       = aws_apigatewayv2_api.health_api.execution_arn
-}
diff --git a/terraform/modules/api-gateway/variables.tf b/terraform/modules/api-gateway/variables.tf
deleted file mode 100644
index af84d72..0000000
--- a/terraform/modules/api-gateway/variables.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-variable "environment" {
-  description = "Environment name"
-  type        = string
-}
-
-variable "lambda_invoke_arn" {
-  description = "Invoke ARN of the Lambda function"
-  type        = string
-}
-
-variable "common_tags" {
-  description = "Common tags for all resources"
-  type        = map(string)
-}
diff --git a/terraform/modules/dynamodb/main.tf b/terraform/modules/dynamodb/main.tf
deleted file mode 100644
index b606585..0000000
--- a/terraform/modules/dynamodb/main.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-resource "aws_dynamodb_table" "requests" {
-  name           = "${var.environment}-requests-db"
-  billing_mode   = "PAY_PER_REQUEST"
-  hash_key       = "request_id"
-
-  attribute {
-    name = "request_id"
-    type = "S"
-  }
-
-  ttl {
-    attribute_name = "expiration_time"
-    enabled        = true
-  }
-
-  tags = var.common_tags
-}
diff --git a/terraform/modules/dynamodb/outputs.tf b/terraform/modules/dynamodb/outputs.tf
deleted file mode 100644
index 0d5bc73..0000000
--- a/terraform/modules/dynamodb/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "table_name" {
-  description = "Name of the DynamoDB"
-  value       = aws_dynamodb_table.requests.name
-}
-
-output "table_arn" {
-  description = "ARN of the DynamoDB"
-  value       = aws_dynamodb_table.requests.arn
-}
\ No newline at end of file
diff --git a/terraform/modules/dynamodb/variables.tf b/terraform/modules/dynamodb/variables.tf
deleted file mode 100644
index 705b670..0000000
--- a/terraform/modules/dynamodb/variables.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-variable "environment" {
-  description = "Environment name"
-  type        = string
-}
-
-variable "common_tags" {
-  description = "Common tags for all resources"
-  type        = map(string)
-}
diff --git a/terraform/modules/iam/main.tf b/terraform/modules/iam/main.tf
deleted file mode 100644
index f837f7a..0000000
--- a/terraform/modules/iam/main.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-# IAM Role for Lambda function
-resource "aws_iam_role" "lambda_role" {
-  name = "${var.environment}-serverless-health-check-api-lambda-role"
-
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Action = "sts:AssumeRole"
-        Effect = "Allow"
-        Principal = {
-          Service = "lambda.amazonaws.com"
-        }
-      }
-    ]
-  })
-
-  tags = var.common_tags
-}
-
-# IAM Policy for CloudWatch Logs
-resource "aws_iam_role_policy" "lambda_cloudwatch_policy" {
-  name   = "${var.environment}-serverless-health-check-api-lambda-cloudwatch-policy"
-  role   = aws_iam_role.lambda_role.id
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "logs:CreateLogGroup",
-          "logs:CreateLogStream",
-          "logs:PutLogEvents"
-        ]
-        Resource = "arn:aws:logs:*:*:*"
-      }
-    ]
-  })
-}
-
-# IAM Policy for DynamoDB
-resource "aws_iam_role_policy" "lambda_dynamodb_policy" {
-  name = "${var.environment}-serverless-health-check-api-lambda-dynamodb-policy"
-  role = aws_iam_role.lambda_role.id
-
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "dynamodb:PutItem"
-        ]
-        Resource = var.dynamodb_table_arn
-      }
-    ]
-  })
-}
diff --git a/terraform/modules/iam/outputs.tf b/terraform/modules/iam/outputs.tf
deleted file mode 100644
index b63be17..0000000
--- a/terraform/modules/iam/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "lambda_role_arn" {
-  description = "ARN of the Lambda execution role"
-  value       = aws_iam_role.lambda_role.arn
-}
-
-output "lambda_role_name" {
-  description = "Name of the Lambda execution role"
-  value       = aws_iam_role.lambda_role.name
-}
diff --git a/terraform/modules/iam/variables.tf b/terraform/modules/iam/variables.tf
deleted file mode 100644
index a688f79..0000000
--- a/terraform/modules/iam/variables.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-variable "environment" {
-  description = "Environment name"
-  type        = string
-}
-
-variable "dynamodb_table_arn" {
-  description = "ARN of the DynamoDB"
-  type        = string
-}
-
-variable "common_tags" {
-  description = "Common tags for all resources"
-  type        = map(string)
-}
diff --git a/terraform/modules/lambda/main.tf b/terraform/modules/lambda/main.tf
deleted file mode 100644
index 054e2aa..0000000
--- a/terraform/modules/lambda/main.tf
+++ /dev/null
@@ -1,33 +0,0 @@
-data "archive_file" "lambda_zip" {
-  type        = "zip"
-  source_dir  = var.lambda_funtion_dir
-  output_path = "${path.module}/${var.environment}_lambda_function.zip"
-}
-
-resource "aws_lambda_function" "health_check" {
-  function_name    = "${var.environment}-serverless-health-check-api"
-  role             = var.lambda_role_arn
-  handler          = "lambda_function.lambda_handler"
-  source_code_hash = data.archive_file.lambda_zip.output_base64sha256
-  runtime          = "python3.11"
-  filename         = data.archive_file.lambda_zip.output_path
-
-  environment {
-    variables = {
-      DYNAMODB_TABLE_NAME = var.dynamodb_table_name
-      ENVIRONMENT         = var.environment
-    }
-  }
-
-  tags = var.common_tags
-
-  depends_on = [data.archive_file.lambda_zip]
-}
-
-resource "aws_lambda_permission" "api_gateway" {
-  statement_id  = "AllowAPIGatewayInvoke"
-  action        = "lambda:InvokeFunction"
-  function_name = aws_lambda_function.health_check.function_name
-  principal     = "apigateway.amazonaws.com"
-  source_arn    = "${var.api_gateway_execution_arn}/*/*"
-}
diff --git a/terraform/modules/lambda/outputs.tf b/terraform/modules/lambda/outputs.tf
deleted file mode 100644
index c8b0bb7..0000000
--- a/terraform/modules/lambda/outputs.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-output "function_arn" {
-  description = "ARN of the Lambda function"
-  value       = aws_lambda_function.health_check.arn
-}
-
-output "function_name" {
-  description = "Name of the Lambda function"
-  value       = aws_lambda_function.health_check.function_name
-}
-
-output "function_invoke_arn" {
-  description = "Invoke ARN of the Lambda function"
-  value       = aws_lambda_function.health_check.invoke_arn
-}
diff --git a/terraform/modules/lambda/variables.tf b/terraform/modules/lambda/variables.tf
deleted file mode 100644
index b595507..0000000
--- a/terraform/modules/lambda/variables.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-variable "environment" {
-  description = "Environment name"
-  type        = string
-}
-
-variable "lambda_role_arn" {
-  description = "ARN of the IAM role for Lambda"
-  type        = string
-}
-
-variable "dynamodb_table_name" {
-  description = "Name of the DynamoDB table"
-  type        = string
-}
-
-variable "api_gateway_execution_arn" {
-  description = "Execution ARN of the API Gateway"
-  type        = string
-}
-
-variable "lambda_funtion_dir" {
-  description = "Path to the Lambda function source code directory"
-  type        = string
-}
-
-variable "common_tags" {
-  description = "Common tags for all resources"
-  type        = map(string)
-}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
index 8b3a508..355b119 100644
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -1,19 +1,12 @@
 output "api_endpoint" {
-  description = "The endpoint URL of the API Gateway"
-  value       = module.api_gateway.api_endpoint
+  description = "HTTP API endpoint"
+  value       = aws_apigatewayv2_api.http_api.api_endpoint
 }
 
-output "dynamodb_table_name" {
-  description = "The name of the DynamoDB table"
-  value       = module.dynamodb.table_name
+output "lambda_name" {
+  value = aws_lambda_function.health_check.function_name
 }
 
-output "lambda_function_name" {
-  description = "The name of the Lambda function"
-  value       = module.lambda.function_name
-}
-
-output "environment" {
-  description = "The environment name"
-  value       = var.environment
+output "dynamodb_table" {
+  value = aws_dynamodb_table.requests.name
 }
diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars
index 26f4f3d..242682d 100644
--- a/terraform/prod.tfvars
+++ b/terraform/prod.tfvars
@@ -1,3 +1,2 @@
-environment  = "prod"
-aws_region   = "us-east-1"
-project_name = "serverless-health-check-api"
\ No newline at end of file
+env = "prod"
+aws_region = "us-east-1"
diff --git a/terraform/provider.tf b/terraform/provider.tf
new file mode 100644
index 0000000..2df72a9
--- /dev/null
+++ b/terraform/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.2.0"
+  backend "s3" {}
+}
+
+provider "aws" {
+  region = var.aws_region
+}
diff --git a/terraform/staging.tfvars b/terraform/staging.tfvars
index 9b0a55c..47cdc26 100644
--- a/terraform/staging.tfvars
+++ b/terraform/staging.tfvars
@@ -1,3 +1,2 @@
-environment  = "staging"
-aws_region   = "us-east-1"
-project_name = "serverless-health-check-api"
\ No newline at end of file
+env = "staging"
+aws_region = "us-east-1"
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 0754d5d..8cbeac6 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,31 +1,21 @@
-variable "aws_region" {
-  default     = "us-east-1"
-  description = "AWS region"
+variable "env" {
+  description = "Environment name (staging or prod)"
   type        = string
 }
 
-variable "terraform_backend_bucket" {
-  default     = "serverlesshealthcheckapi"
-  description = "AWS S3 Bucket for Terraform backend"
+variable "aws_region" {
+  description = "AWS region"
   type        = string
+  default     = "us-east-1"
 }
 
-variable "environment" {
-  validation {
-    condition     = contains(["staging", "prod"], var.environment)
-    error_message = "Environment must be either staging or prod"
-  }
-  description = "Deployment environment name (staging or prod)"
-  type        = string
+# Lambda settings
+variable "lambda_handler" {
+  type    = string
+  default = "lambda_function.lambda_handler"
 }
 
-variable "lambda_funtion_dir" {
-  default     = "../lambda"
-  description = "Directory containing Lambda function source code"
-  type        = string
+variable "lambda_runtime" {
+  type    = string
+  default = "python3.9"
 }
-variable "project_name" {
-  default     = "serverless-health-check-api"
-  description = "Project name for tagging and resource naming"
-  type        = string
-}
\ No newline at end of file

From a695739c4f93088f1f9f025ec0938985b8f053a9 Mon Sep 17 00:00:00 2001
From: emmy-github-webdev <ogahemmanuel75@gmail.com>
Date: Sat, 13 Dec 2025 08:53:52 +0100
Subject: [PATCH 2/4] Fixed terraform director

---
 .github/workflows/deploy.yaml  | 17 ++++++++++++-----
 .github/workflows/destroy.yaml | 13 ++++++++++++-
 README.md                      | 10 +++++++++-
 3 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 7e0ace5..4a9fbb6 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -8,13 +8,14 @@ on:
   workflow_dispatch:
 
 env:
-  TF_WORKING_DIR: terraform/
+  TF_WORKING_DIR: terraform
 
 jobs:
   terraform:
     name: Terraform (plan & apply)
     runs-on: ubuntu-latest
     environment: ${{ github.ref == 'refs/heads/main' && 'prod' || 'staging' }}
+
     permissions:
       contents: read
 
@@ -34,9 +35,15 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
+      # Backend selection based on branch
       - name: Terraform Init
         working-directory: ${{ env.TF_WORKING_DIR }}
-        run: terraform init -input=false
+        run: |
+          if [ "${{ github.ref }}" = "refs/heads/staging" ]; then
+            terraform init -reconfigure -backend-config=backend-staging.tfvars -input=false
+          else
+            terraform init -reconfigure -backend-config=backend-prod.tfvars -input=false
+          fi
 
       - name: Terraform Validate & Format
         working-directory: ${{ env.TF_WORKING_DIR }}
@@ -54,17 +61,17 @@ jobs:
             terraform plan -var-file="prod.tfvars" -out=tfplan
           fi
 
-      - name: Terraform Apply
+      - name: Terraform Apply (staging)
         if: github.ref == 'refs/heads/staging'
         working-directory: ${{ env.TF_WORKING_DIR }}
         run: terraform apply -input=false -auto-approve tfplan
 
-      - name: Terraform Apply (prod) - requires env approval
+      - name: Terraform Apply (prod)
         if: github.ref == 'refs/heads/main'
         working-directory: ${{ env.TF_WORKING_DIR }}
         run: terraform apply -input=false -auto-approve tfplan
 
-      - name: Show outputs
+      - name: Show Outputs
         if: success()
         working-directory: ${{ env.TF_WORKING_DIR }}
         run: terraform output -json
diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
index 6836253..464e2a8 100644
--- a/.github/workflows/destroy.yaml
+++ b/.github/workflows/destroy.yaml
@@ -16,7 +16,12 @@ env:
 
 jobs:
   destroy:
+    name: Terraform Destroy
     runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment }}
+
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout
@@ -34,9 +39,15 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_REGION }}
 
+      # Backend selection based on input
       - name: Terraform Init
         working-directory: ${{ env.TF_WORKING_DIR }}
-        run: terraform init -input=false
+        run: |
+          if [ "${{ github.event.inputs.environment }}" = "staging" ]; then
+            terraform init -reconfigure -backend-config=backend-staging.tfvars -input=false
+          else
+            terraform init -reconfigure -backend-config=backend-prod.tfvars -input=false
+          fi
 
       - name: Terraform Destroy
         working-directory: ${{ env.TF_WORKING_DIR }}
diff --git a/README.md b/README.md
index 34aae76..27915ba 100644
--- a/README.md
+++ b/README.md
@@ -31,4 +31,12 @@ Run the python funtion locally using VS Code Run Button
 
 - Create the terraform folder structure
 
-- Deploy with: terraform init then terraform apply -var-file="staging.tfvars" (or prod.tfvars)
\ No newline at end of file
+- Deploy with: terraform init then terraform apply -var-file="staging.tfvars" (or prod.tfvars)
+
+
+endpoint - https://nrbefv9bcj.execute-api.us-east-1.amazonaws.com/health
+
+
+terraform init -backend-config=backend-staging.tfvars for staging environment
+
+terraform init -backend-config=backend-prod.tfvars for prod environment

From 83c7128926680722ddc493637312f6f85b21ece3 Mon Sep 17 00:00:00 2001
From: emmy-github-webdev <ogahemmanuel75@gmail.com>
Date: Sat, 13 Dec 2025 08:55:54 +0100
Subject: [PATCH 3/4] Fixed terraform fmt error

---
 terraform/apigw.tf               |  6 +++---
 terraform/backend-prod.tfvars    |  8 ++++----
 terraform/backend-staging.tfvars |  8 ++++----
 terraform/iam.tf                 |  2 +-
 terraform/lambda.tf              | 10 +++++-----
 terraform/prod.tfvars            |  2 +-
 terraform/staging.tfvars         |  2 +-
 7 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/terraform/apigw.tf b/terraform/apigw.tf
index cdab2ce..1e15a77 100644
--- a/terraform/apigw.tf
+++ b/terraform/apigw.tf
@@ -4,9 +4,9 @@ resource "aws_apigatewayv2_api" "http_api" {
 }
 
 resource "aws_apigatewayv2_integration" "lambda_integration" {
-  api_id           = aws_apigatewayv2_api.http_api.id
-  integration_type = "AWS_PROXY"
-  integration_uri  = aws_lambda_function.health_check.arn
+  api_id                 = aws_apigatewayv2_api.http_api.id
+  integration_type       = "AWS_PROXY"
+  integration_uri        = aws_lambda_function.health_check.arn
   payload_format_version = "2.0"
 }
 
diff --git a/terraform/backend-prod.tfvars b/terraform/backend-prod.tfvars
index 15f092c..35a5adc 100644
--- a/terraform/backend-prod.tfvars
+++ b/terraform/backend-prod.tfvars
@@ -1,4 +1,4 @@
-bucket         = "serverlesshealthcheckapi"
-key            = "serverless-health-check-api/prod/tfstate"
-region         = "us-east-1"
-encrypt        = true
+bucket  = "serverlesshealthcheckapi"
+key     = "serverless-health-check-api/prod/tfstate"
+region  = "us-east-1"
+encrypt = true
diff --git a/terraform/backend-staging.tfvars b/terraform/backend-staging.tfvars
index edb423e..f306603 100644
--- a/terraform/backend-staging.tfvars
+++ b/terraform/backend-staging.tfvars
@@ -1,4 +1,4 @@
-bucket         = "serverlesshealthcheckapi"
-key            = "serverless-health-check-api/staging/tfstate"
-region         = "us-east-1"
-encrypt        = true
+bucket  = "serverlesshealthcheckapi"
+key     = "serverless-health-check-api/staging/tfstate"
+region  = "us-east-1"
+encrypt = true
diff --git a/terraform/iam.tf b/terraform/iam.tf
index ec28e5b..638aff5 100644
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -2,7 +2,7 @@ data "aws_iam_policy_document" "lambda_assume_role" {
   statement {
     effect = "Allow"
     principals {
-      type = "Service"
+      type        = "Service"
       identifiers = ["lambda.amazonaws.com"]
     }
     actions = ["sts:AssumeRole"]
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
index 9c7261f..bc4b63c 100644
--- a/terraform/lambda.tf
+++ b/terraform/lambda.tf
@@ -9,11 +9,11 @@ data "archive_file" "lambda_zip" {
 }
 
 resource "aws_lambda_function" "health_check" {
-  function_name = "${var.env}-health-check-function"
-  filename      = data.archive_file.lambda_zip.output_path
-  handler       = var.lambda_handler
-  runtime       = var.lambda_runtime
-  role          = aws_iam_role.lambda_role.arn
+  function_name    = "${var.env}-health-check-function"
+  filename         = data.archive_file.lambda_zip.output_path
+  handler          = var.lambda_handler
+  runtime          = var.lambda_runtime
+  role             = aws_iam_role.lambda_role.arn
   source_code_hash = data.archive_file.lambda_zip.output_base64sha256
 
   environment {
diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars
index 242682d..012a7f5 100644
--- a/terraform/prod.tfvars
+++ b/terraform/prod.tfvars
@@ -1,2 +1,2 @@
-env = "prod"
+env        = "prod"
 aws_region = "us-east-1"
diff --git a/terraform/staging.tfvars b/terraform/staging.tfvars
index 47cdc26..da3c370 100644
--- a/terraform/staging.tfvars
+++ b/terraform/staging.tfvars
@@ -1,2 +1,2 @@
-env = "staging"
+env        = "staging"
 aws_region = "us-east-1"

From c8d5c3535ac78f7ef7464f9d19a60118c54757ce Mon Sep 17 00:00:00 2001
From: emmy-github-webdev <ogahemmanuel75@gmail.com>
Date: Sat, 13 Dec 2025 09:38:36 +0100
Subject: [PATCH 4/4] Added README content

---
 .github/workflows/destroy.yaml |  2 +-
 README.md                      | 87 ++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
index 464e2a8..52361b1 100644
--- a/.github/workflows/destroy.yaml
+++ b/.github/workflows/destroy.yaml
@@ -12,7 +12,7 @@ on:
           - prod
 
 env:
-  TF_WORKING_DIR: terraform/
+  TF_WORKING_DIR: terraform
 
 jobs:
   destroy:
diff --git a/README.md b/README.md
index 27915ba..658bc54 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,91 @@
 # Serverless Health Check API with CI/CD
 
+The goal of this project is to build, configure, and automate the deployment of a simple serverless application on AWS. Created a health check endpoint that logs requests and stores them in a database, with a CI/CD pipeline to manage deployments for both staging and production environments, fully provisioned via Terraform and deployed automatically using GitHub Actions.
+
+## Architectural desig
+
+### Core Components
+
+- Amazon API Gateway (HTTP API)
+- AWS Lambda (Python)
+- Amazon DynamoDB
+- AWS IAM
+- Amazon CloudWatch Logs
+
+Each environment (staging, prod) is isolated by naming convention and Terraform variables.
+
+### Runtime Request Flow
+
+1. _Client_: sends a GET or POST request to:
+
+```
+https://<api-id>.execute-api.<region>.amazonaws.com/health
+```
+2. _API Gateway_: 
+- Matches the /health route
+- Forwards the request using AWS_PROXY integration
+3. _Lambda Function (env-health-check-function)_:
+- Logs the full request event to CloudWatch Logs
+- Generates a UUID
+- Stores request metadata in DynamoDB (env-requests-db)
+- Returns a JSON response
+4. _DynamoDB_:
+- Stores the request record (ID, timestamp, request payload)
+
+### Pipeline Flow
+1. Developer pushes code
+- staging branch → auto deploy
+- main branch → production deploy
+2. GitHub Actions workflow: The GitHub action workflow contain both terraform deploy and terraform destroy.
+- Configures AWS credentials (GitHub Secrets)
+- Terraform deploy - deploy.yaml
+    - Checks out code
+    - Runs:
+        - terraform fmt
+        - terraform validate
+        - terraform plan
+        - terraform apply
+
+- Terraform destroy - destroy.yaml
+    - On GitHub console, manually trigger the destroy pipeline from the actions
+    - Runs:
+        - terraform int
+        - terraform destroy
+
+### Environment separation
+
+| Aspect         | Staging                         | Production                   |
+| -------------- | ------------------------------- | ---------------------------- |
+| Branch         | `staging`                       | `main`                       |
+| Terraform vars | `staging.tfvars`                | `prod.tfvars`                |
+| Lambda         | `staging-health-check-function` | `prod-health-check-function` |
+| DynamoDB       | `staging-requests-db`           | `prod-requests-db`           |
+| API Gateway    | `staging-health-check-api`      | `prod-health-check-api`      |
+| Approval       |  None                           |  Required                   |
+
+
+### Security and IAM Role
+Each Lambda function has one dedicated IAM role with:
+- _Allowed permissions_
+    - dynamodb:PutItem → specific DynamoDB table ARN
+    - logs:CreateLogGroup
+    - logs:CreateLogStream
+    - logs:PutLogEvents
+- Denied by default
+    - No read access to DynamoDB
+    - No access to other AWS services
+    - No wildcard write permissions
+- secrets Handling
+    - AWS credentials stored in GitHub Secrets
+    - No credentials committed to repository
+
+
+
+
+
+
+
+
 create hello lambda funtion using Python
 
 ```
@@ -37,6 +123,7 @@ Run the python funtion locally using VS Code Run Button
 endpoint - https://nrbefv9bcj.execute-api.us-east-1.amazonaws.com/health
 
 
+
 terraform init -backend-config=backend-staging.tfvars for staging environment
 
 terraform init -backend-config=backend-prod.tfvars for prod environment