This is a project to demonstrate how to protect an AWS API Gateway HTTP API using IAM. This is a pattern for M2M where the client is either owned by the same team as the server, or has a similarly "high-trust"1 relationship.
The project includes two APIs: one to act as our System Under Test (SUT) and the other to act as our test client. The SUT API has a route that uses iam_auth
. The Test API has two routes: one that has permissions to invoke the SUT and one that does not. The e2e tests ensure that the routes succeed/fail as expected.
First, do whatever is necessary to have CLI access to your AWS account (you can quickly verify this with aws s3 ls
or similar).
$ npm ci
$ npm run deploy:sut
$ npm run deploy:test.stack
$ npm run test:e2e
1: This is my current assessment. It may change as I continue to work on this