resource "aws_s3_bucket" "transponder-data" {
  bucket_prefix = "transponder-data"
}

resource "aws_s3_bucket_versioning" "transponder-data-versioning" {
  bucket = aws_s3_bucket.transponder-data.id
  versioning_configuration {
    status = "Enabled"
  }
}

data "aws_iam_policy_document" "transponder-data-policy" {
  statement {
    sid    = "athena-read"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = ["athena.amazonaws.com"]
    }
    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]
    resources = [
      aws_s3_bucket.transponder-data.arn,
      "${aws_s3_bucket.transponder-data.arn}/*",
    ]
  }

  statement {
    sid    = "lambda-write"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = [module.metrics-lambda.arn]
    }
    actions = [
      "s3:PutObject",
    ]
    resources = [
      aws_s3_bucket.transponder-data.arn,
      "${aws_s3_bucket.transponder-data.arn}/*",
    ]
  }
}

resource "aws_s3_bucket_policy" "transponder-data" {
  bucket = aws_s3_bucket.transponder-data.id
  policy = data.aws_iam_policy_document.transponder-data-policy.json
}