diff --git a/checklist.md b/checklist.md
index 2644375..4fbd021 100644
--- a/checklist.md
+++ b/checklist.md
@@ -13,10 +13,14 @@
             - [ ] Only Athena can read objects
             - [ ] ????
 - [ ] Database of my choice
-    - [ ] Athena?
+    - [X] Athena?
+        - Less up-front configuration involved. I hope.
+        - AWS wants to lock you into their ecosystem so it'll be cheaper.
     - [ ] Aurora (Postgresql)
     - [ ] Aurora (Mysql)
 - [ ] API to interact with the data
+    - [ ] API Gateway
+        - [ ] Policy that grants it lambda invocation rights
     - [ ] `/load` endpoint
         - [ ] Python lambda to upload data to bucket
             - [ ] Example data: https://zenodo.org/records/5377831
diff --git a/frontend.tf b/frontend.tf
new file mode 100644
index 0000000..bb88455
--- /dev/null
+++ b/frontend.tf
@@ -0,0 +1,17 @@
+data "aws_iam_policy_document" "lambda-frontend-role" {
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+module "frontend-lambda" {
+  source  = "./modules/lambda"
+  name    = "frontend"
+  handler = "frontend"
+  policy  = data.aws_iam_policy_document.lambda-frontend-role.json
+}
diff --git a/load.tf b/load.tf
index fefc36d..52f2186 100644
--- a/load.tf
+++ b/load.tf
@@ -9,25 +9,9 @@ data "aws_iam_policy_document" "lambda-load-role" {
   }
 }
 
-resource "aws_iam_role" "lambda-load-role" {
-  name               = "lambda-load-role"
-  assume_role_policy = data.aws_iam_policy_document.lambda-load-role.json
+module "load-lambda" {
+  source  = "./modules/lambda"
+  name    = "load"
+  handler = "load"
+  policy  = data.aws_iam_policy_document.lambda-load-role.json
 }
-
-data "archive_file" "lambda-load-role" {
-  type        = "zip"
-  source_file = "src/load.py"
-  output_path = "src/load.zip"
-}
-
-resource "aws_lambda_function" "load" {
-  function_name = "transponder-tracker-load"
-  runtime       = "python3.11"
-
-  role = aws_iam_role.lambda-load-role.arn
-
-  handler          = "load"
-  filename         = "src/load.zip"
-  source_code_hash = data.archive_file.lambda-load-role.output_base64sha256
-}
-
diff --git a/metrics.tf b/metrics.tf
index c9a8e5c..13184df 100644
--- a/metrics.tf
+++ b/metrics.tf
@@ -9,25 +9,9 @@ data "aws_iam_policy_document" "lambda-metrics-role" {
   }
 }
 
-resource "aws_iam_role" "lambda-metrics-role" {
-  name               = "lambda-metrics-role"
-  assume_role_policy = data.aws_iam_policy_document.lambda-metrics-role.json
+module "metrics-lambda" {
+  source  = "./modules/lambda"
+  name    = "metrics"
+  handler = "metrics"
+  policy  = data.aws_iam_policy_document.lambda-metrics-role.json
 }
-
-data "archive_file" "lambda-metrics-role" {
-  type        = "zip"
-  source_file = "src/metrics.py"
-  output_path = "src/metrics.zip"
-}
-
-resource "aws_lambda_function" "metrics" {
-  function_name = "transponder-tracker-metrics"
-  runtime       = "python3.11"
-
-  role = aws_iam_role.lambda-metrics-role.arn
-
-  handler          = "metrics"
-  filename         = "src/metrics.zip"
-  source_code_hash = data.archive_file.lambda-metrics-role.output_base64sha256
-}
-
diff --git a/modules/lambda/lambda.tf b/modules/lambda/lambda.tf
new file mode 100644
index 0000000..508a10e
--- /dev/null
+++ b/modules/lambda/lambda.tf
@@ -0,0 +1,22 @@
+resource "aws_iam_role" "lambda-role" {
+  name               = "lambda-role"
+  assume_role_policy = var.policy
+}
+
+data "archive_file" "lambda-role" {
+  type        = "zip"
+  source_file = "src/${var.name}.py"
+  output_path = "src/${var.name}.zip"
+}
+
+resource "aws_lambda_function" "lambda" {
+  function_name = var.name
+  runtime       = "python3.11"
+
+  role = aws_iam_role.lambda-role.arn
+
+  handler          = var.handler
+  filename         = "src/${var.name}.zip"
+  source_code_hash = data.archive_file.lambda-role.output_base64sha256
+}
+
diff --git a/modules/lambda/outputs.tf b/modules/lambda/outputs.tf
new file mode 100644
index 0000000..d2fea50
--- /dev/null
+++ b/modules/lambda/outputs.tf
@@ -0,0 +1,3 @@
+output "arn" {
+  value = aws_lambda_function.lambda.arn
+}
diff --git a/modules/lambda/variables.tf b/modules/lambda/variables.tf
new file mode 100644
index 0000000..1c0c63f
--- /dev/null
+++ b/modules/lambda/variables.tf
@@ -0,0 +1,11 @@
+variable "name" {
+  type = string
+}
+
+variable "handler" {
+  type = string
+}
+
+variable "policy" {
+  type = string
+}
diff --git a/s3.tf b/s3.tf
index 7b85b70..2906b05 100644
--- a/s3.tf
+++ b/s3.tf
@@ -32,7 +32,7 @@ data "aws_iam_policy_document" "transponder-data-policy" {
     effect = "Allow"
     principals {
       type        = "AWS"
-      identifiers = [aws_lambda_function.metrics.arn]
+      identifiers = [module.metrics-lambda.arn]
     }
     actions = [
       "s3:PutObject",
diff --git a/src/frontend.py b/src/frontend.py
new file mode 100644
index 0000000..2ae2839
--- /dev/null
+++ b/src/frontend.py
@@ -0,0 +1 @@
+pass