Fix production environment variables

- Remove old Confluence variables
- Add NEXT_PUBLIC_API_URL for API access

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

terraform/lambda.tf

@@ -0,0 +1,110 @@
+# IAM role for Lambda functions
+resource "aws_iam_role" "lambda_role" {
+  name = "${var.app_name}-lambda-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+# IAM policy for Lambda to access DynamoDB
+resource "aws_iam_role_policy" "lambda_dynamodb_policy" {
+  name = "${var.app_name}-lambda-dynamodb-policy"
+  role = aws_iam_role.lambda_role.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "dynamodb:GetItem",
+          "dynamodb:PutItem",
+          "dynamodb:UpdateItem",
+          "dynamodb:DeleteItem",
+          "dynamodb:Scan",
+          "dynamodb:Query"
+        ]
+        Resource = [
+          aws_dynamodb_table.filaments.arn,
+          "${aws_dynamodb_table.filaments.arn}/index/*"
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "arn:aws:logs:*:*:*"
+      }
+    ]
+  })
+}
+
+# Lambda function for filaments CRUD
+resource "aws_lambda_function" "filaments_api" {
+  filename         = data.archive_file.filaments_lambda_zip.output_path
+  function_name    = "${var.app_name}-filaments-api"
+  role            = aws_iam_role.lambda_role.arn
+  handler         = "index.handler"
+  runtime         = "nodejs18.x"
+  timeout         = 30
+  memory_size     = 256
+  source_code_hash = data.archive_file.filaments_lambda_zip.output_base64sha256
+
+  environment {
+    variables = {
+      TABLE_NAME   = aws_dynamodb_table.filaments.name
+      CORS_ORIGIN  = var.domain_name != "" ? "https://${var.domain_name}" : "*"
+    }
+  }
+
+  depends_on = [aws_iam_role_policy.lambda_dynamodb_policy]
+}
+
+# Lambda function for authentication
+resource "aws_lambda_function" "auth_api" {
+  filename         = data.archive_file.auth_lambda_zip.output_path
+  function_name    = "${var.app_name}-auth-api"
+  role            = aws_iam_role.lambda_role.arn
+  handler         = "index.handler"
+  runtime         = "nodejs18.x"
+  timeout         = 10
+  memory_size     = 128
+  source_code_hash = data.archive_file.auth_lambda_zip.output_base64sha256
+
+  environment {
+    variables = {
+      JWT_SECRET          = var.jwt_secret
+      ADMIN_USERNAME      = var.admin_username
+      ADMIN_PASSWORD_HASH = var.admin_password_hash
+      CORS_ORIGIN         = var.domain_name != "" ? "https://${var.domain_name}" : "*"
+    }
+  }
+
+  depends_on = [aws_iam_role_policy.lambda_dynamodb_policy]
+}
+
+# Archive files for Lambda deployment
+data "archive_file" "filaments_lambda_zip" {
+  type        = "zip"
+  source_dir  = "${path.module}/../lambda/filaments"
+  output_path = "${path.module}/../lambda/filaments.zip"
+}
+
+data "archive_file" "auth_lambda_zip" {
+  type        = "zip"
+  source_dir  = "${path.module}/../lambda/auth"
+  output_path = "${path.module}/../lambda/auth.zip"
+}