From 996d536f8859fb30e294aa3dee393ba079330daa Mon Sep 17 00:00:00 2001 From: Harsh Mishra Date: Mon, 21 Oct 2024 12:57:14 +0530 Subject: [PATCH] refactor the policies in a separate folder --- bin/deploy.sh | 35 +++++++++---------- .../create_quiz_policy.json | 0 .../distribution-config.json | 0 .../get_leaderboard_policy.json | 0 .../get_quiz_policy.json | 0 .../get_submission_policy.json | 0 .../lambda_trust_policy.json | 0 .../list_quizzes_policy.json | 0 .../pipe_role_policy.json | 0 .../pipe_role_trust_policy.json | 0 .../retry_quizzes_writes_policy.json | 0 .../scoring_policy.json | 0 .../sqs_queue_policy.json | 0 .../state_machine_policy.json | 0 .../state_machine_trust_policy.json | 0 .../statemachine.json | 0 .../submit_quiz_policy.json | 0 17 files changed, 16 insertions(+), 19 deletions(-) rename create_quiz_policy.json => configurations/create_quiz_policy.json (100%) rename distribution-config.json => configurations/distribution-config.json (100%) rename get_leaderboard_policy.json => configurations/get_leaderboard_policy.json (100%) rename get_quiz_policy.json => configurations/get_quiz_policy.json (100%) rename get_submission_policy.json => configurations/get_submission_policy.json (100%) rename lambda_trust_policy.json => configurations/lambda_trust_policy.json (100%) rename list_quizzes_policy.json => configurations/list_quizzes_policy.json (100%) rename pipe_role_policy.json => configurations/pipe_role_policy.json (100%) rename pipe_role_trust_policy.json => configurations/pipe_role_trust_policy.json (100%) rename retry_quizzes_writes_policy.json => configurations/retry_quizzes_writes_policy.json (100%) rename scoring_policy.json => configurations/scoring_policy.json (100%) rename sqs_queue_policy.json => configurations/sqs_queue_policy.json (100%) rename state_machine_policy.json => configurations/state_machine_policy.json (100%) rename state_machine_trust_policy.json => configurations/state_machine_trust_policy.json (100%) rename statemachine.json => configurations/statemachine.json (100%) rename submit_quiz_policy.json => configurations/submit_quiz_policy.json (100%) diff --git a/bin/deploy.sh b/bin/deploy.sh index bfa0819..922b4db 100644 --- a/bin/deploy.sh +++ b/bin/deploy.sh @@ -45,14 +45,14 @@ zip -j retry_quizzes_writes_function.zip lambdas/retry_quizzes_writes/handler.py # Function names and their policy files FUNCTIONS=( - "CreateQuizFunction create_quiz_policy.json CreateQuizRole" - "GetQuizFunction get_quiz_policy.json GetQuizRole" - "SubmitQuizFunction submit_quiz_policy.json SubmitQuizRole" - "ScoringFunction scoring_policy.json ScoringRole" - "GetSubmissionFunction get_submission_policy.json GetSubmissionRole" - "GetLeaderboardFunction get_leaderboard_policy.json GetLeaderboardRole" - "ListPublicQuizzesFunction list_quizzes_policy.json ListQuizzesRole" - "RetryQuizzesWritesFunction retry_quizzes_writes_policy.json RetryQuizzesWritesRole" + "CreateQuizFunction configurations/create_quiz_policy.json CreateQuizRole" + "GetQuizFunction configurations/get_quiz_policy.json GetQuizRole" + "SubmitQuizFunction configurations/submit_quiz_policy.json SubmitQuizRole" + "ScoringFunction configurations/scoring_policy.json ScoringRole" + "GetSubmissionFunction configurations/get_submission_policy.json GetSubmissionRole" + "GetLeaderboardFunction configurations/get_leaderboard_policy.json GetLeaderboardRole" + "ListPublicQuizzesFunction configurations/list_quizzes_policy.json ListQuizzesRole" + "RetryQuizzesWritesFunction configurations/retry_quizzes_writes_policy.json RetryQuizzesWritesRole" ) # Create IAM policies and roles @@ -67,7 +67,7 @@ for FUNCTION_INFO in "${FUNCTIONS[@]}"; do # Create IAM Role ROLE_ARN=$(awslocal iam create-role \ --role-name ${ROLE_NAME} \ - --assume-role-policy-document file://lambda_trust_policy.json \ + --assume-role-policy-document file://configurations/lambda_trust_policy.json \ --query 'Role.Arn' --output text) # Attach Policy to Role @@ -79,12 +79,12 @@ done # Create IAM Policy for State Machine awslocal iam create-policy \ --policy-name SendEmailStateMachinePolicy \ - --policy-document file://state_machine_policy.json + --policy-document file://configurations/state_machine_policy.json # Create IAM Role for State Machine awslocal iam create-role \ --role-name SendEmailStateMachineRole \ - --assume-role-policy-document file://state_machine_trust_policy.json + --assume-role-policy-document file://configurations/state_machine_trust_policy.json # Attach Policy to Role awslocal iam attach-role-policy \ @@ -362,13 +362,13 @@ awslocal sns subscribe \ # Create IAM Role for Pipe awslocal iam create-role \ --role-name PipeRole \ - --assume-role-policy-document file://pipe_role_trust_policy.json + --assume-role-policy-document file://configurations/pipe_role_trust_policy.json # Attach Policy to Role awslocal iam put-role-policy \ --role-name PipeRole \ --policy-name PipePolicy \ - --policy-document file://pipe_role_policy.json + --policy-document file://configurations/pipe_role_policy.json # Create EventBridge Pipe awslocal pipes create-pipe \ @@ -380,7 +380,7 @@ awslocal pipes create-pipe \ # Create State Machine awslocal stepfunctions create-state-machine \ --name SendEmailStateMachine \ - --definition file://statemachine.json \ + --definition file://configurations/statemachine.json \ --role-arn arn:aws:iam::000000000000:role/SendEmailStateMachineRole echo $API_ENDPOINT @@ -395,8 +395,7 @@ awslocal s3 website s3://webapp --index-document index.html --error-document ind popd # Create CloudFront Distribution -awslocal cloudfront create-distribution --distribution-config file://distribution-config.json --output text -DISTRIBUTION=$(awslocal cloudfront create-distribution --distribution-config file://distribution-config.json) +DISTRIBUTION=$(awslocal cloudfront create-distribution --distribution-config file://configurations/distribution-config.json) DOMAIN_NAME=$(echo "$DISTRIBUTION" | jq -r '.Distribution.DomainName') echo $DOMAIN_NAME @@ -441,8 +440,6 @@ awslocal lambda add-permission \ --principal apigateway.amazonaws.com \ --source-arn "arn:aws:execute-api:us-east-1:000000000000:${API_ID}/*/POST/submitquiz" -# Doesn't work - awslocal lambda add-permission \ --function-name GetQuizFunction \ --statement-id AllowAPIGatewayInvoke \ @@ -473,7 +470,7 @@ awslocal lambda add-permission \ QUEUE_URL=$(awslocal sqs get-queue-url --queue-name QuizzesWriteFailuresQueue --output text --query QueueUrl) -policy_json=$(cat sqs_queue_policy.json | jq -c . | jq -R .) +policy_json=$(cat configurations/sqs_queue_policy.json | jq -c . | jq -R .) awslocal sqs set-queue-attributes --queue-url "$QUEUE_URL" --attributes "{\"Policy\":$policy_json}" diff --git a/create_quiz_policy.json b/configurations/create_quiz_policy.json similarity index 100% rename from create_quiz_policy.json rename to configurations/create_quiz_policy.json diff --git a/distribution-config.json b/configurations/distribution-config.json similarity index 100% rename from distribution-config.json rename to configurations/distribution-config.json diff --git a/get_leaderboard_policy.json b/configurations/get_leaderboard_policy.json similarity index 100% rename from get_leaderboard_policy.json rename to configurations/get_leaderboard_policy.json diff --git a/get_quiz_policy.json b/configurations/get_quiz_policy.json similarity index 100% rename from get_quiz_policy.json rename to configurations/get_quiz_policy.json diff --git a/get_submission_policy.json b/configurations/get_submission_policy.json similarity index 100% rename from get_submission_policy.json rename to configurations/get_submission_policy.json diff --git a/lambda_trust_policy.json b/configurations/lambda_trust_policy.json similarity index 100% rename from lambda_trust_policy.json rename to configurations/lambda_trust_policy.json diff --git a/list_quizzes_policy.json b/configurations/list_quizzes_policy.json similarity index 100% rename from list_quizzes_policy.json rename to configurations/list_quizzes_policy.json diff --git a/pipe_role_policy.json b/configurations/pipe_role_policy.json similarity index 100% rename from pipe_role_policy.json rename to configurations/pipe_role_policy.json diff --git a/pipe_role_trust_policy.json b/configurations/pipe_role_trust_policy.json similarity index 100% rename from pipe_role_trust_policy.json rename to configurations/pipe_role_trust_policy.json diff --git a/retry_quizzes_writes_policy.json b/configurations/retry_quizzes_writes_policy.json similarity index 100% rename from retry_quizzes_writes_policy.json rename to configurations/retry_quizzes_writes_policy.json diff --git a/scoring_policy.json b/configurations/scoring_policy.json similarity index 100% rename from scoring_policy.json rename to configurations/scoring_policy.json diff --git a/sqs_queue_policy.json b/configurations/sqs_queue_policy.json similarity index 100% rename from sqs_queue_policy.json rename to configurations/sqs_queue_policy.json diff --git a/state_machine_policy.json b/configurations/state_machine_policy.json similarity index 100% rename from state_machine_policy.json rename to configurations/state_machine_policy.json diff --git a/state_machine_trust_policy.json b/configurations/state_machine_trust_policy.json similarity index 100% rename from state_machine_trust_policy.json rename to configurations/state_machine_trust_policy.json diff --git a/statemachine.json b/configurations/statemachine.json similarity index 100% rename from statemachine.json rename to configurations/statemachine.json diff --git a/submit_quiz_policy.json b/configurations/submit_quiz_policy.json similarity index 100% rename from submit_quiz_policy.json rename to configurations/submit_quiz_policy.json