get tests working against IAM enforcement

bin/deploy.sh

@@ -443,16 +443,38 @@ awslocal lambda add-permission \
 
 # Doesn't work
 
-# awslocal lambda add-permission \
-#     --function-name GetQuizFunction \
-#     --statement-id AllowAPIGatewayInvoke \
-#     --action lambda:InvokeFunction \
-#     --principal apigateway.amazonaws.com \
-#     --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/getquiz"
-
-# awslocal lambda add-permission \
-#     --function-name GetSubmissionFunction \
-#     --statement-id AllowAPIGatewayInvoke \
-#     --action lambda:InvokeFunction \
-#     --principal apigateway.amazonaws.com \
-#     --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/getsubmission"
+awslocal lambda add-permission \
+    --function-name GetQuizFunction \
+    --statement-id AllowAPIGatewayInvoke \
+    --action lambda:InvokeFunction \
+    --principal apigateway.amazonaws.com \
+    --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/getquiz"
+
+awslocal lambda add-permission \
+    --function-name GetSubmissionFunction \
+    --statement-id AllowAPIGatewayInvoke \
+    --action lambda:InvokeFunction \
+    --principal apigateway.amazonaws.com \
+    --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/getsubmission"
+
+awslocal lambda add-permission \
+    --function-name GetLeaderboardFunction \
+    --statement-id AllowAPIGatewayInvoke \
+    --action lambda:InvokeFunction \
+    --principal apigateway.amazonaws.com \
+    --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/getleaderboard"
+
+awslocal lambda add-permission \
+    --function-name ListPublicQuizzesFunction \
+    --statement-id AllowAPIGatewayInvoke \
+    --action lambda:InvokeFunction \
+    --principal apigateway.amazonaws.com \
+    --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/GET/listquizzes"
+
+QUEUE_URL=$(awslocal sqs get-queue-url --queue-name QuizzesWriteFailuresQueue --output text --query QueueUrl)
+
+policy_json=$(cat sqs_queue_policy.json | jq -c . | jq -R .)
+
+awslocal sqs set-queue-attributes --queue-url "$QUEUE_URL" --attributes "{\"Policy\":$policy_json}"
+
+awslocal sqs get-queue-attributes --queue-url "$QUEUE_URL" --attribute-names All

sqs_queue_policy.json

@@ -0,0 +1,20 @@
+{
+    "Version": "2012-10-17",
+    "Id": "QueuePolicy",
+    "Statement": [
+        {
+            "Sid": "Allow-SNS-SendMessage",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sns.amazonaws.com"
+            },
+            "Action": "sqs:SendMessage",
+            "Resource": "arn:aws:sqs:us-east-1:000000000000:QuizzesWriteFailuresQueue",
+            "Condition": {
+                "ArnEquals": {
+                    "aws:SourceArn": "arn:aws:sns:us-east-1:000000000000:QuizzesWriteFailures"
+                }
+            }
+        }
+    ]
+}

tests/run.sh

@@ -58,7 +58,7 @@ curl -X GET "$API_ENDPOINT/listquizzes"
 
 # Get the quiz; Change the ID below
 
-curl -X GET "$API_ENDPOINT/getquiz?quiz_id=flashy-hippopotamus-skipped"
+curl -X GET "$API_ENDPOINT/getquiz?quiz_id=astonishing-dinosaurs-glided"
 
 # Submit responses
 
@@ -78,7 +78,7 @@ curl -X POST "$API_ENDPOINT/submitquiz" \
 -d '{
     "Username": "user2",
     "Email": "[email protected]",
-    "QuizID": "pretty-sloths-pranced",
+    "QuizID": "astonishing-dinosaurs-glided",
     "Answers": {
         "0": {"Answer": "D. Paris", "TimeTaken": 7},
         "1": {"Answer": "B. Shakespeare", "TimeTaken": 6}
@@ -102,7 +102,7 @@ curl -X GET "$API_ENDPOINT/getsubmission?submission_id=2c5cb81f-7b21-4ef0-a4a5-6
 
 # Get leaderboard
 
-curl -X GET "$API_ENDPOINT/getleaderboard?quiz_id=flashy-hippopotamus-skipped&top=3"
+curl -X GET "$API_ENDPOINT/getleaderboard?quiz_id=astonishing-dinosaurs-glided&top=3"
 
 # Check SES
 curl -s http://localhost.localstack.cloud:4566/_aws/ses