simkam
diff --git a/‎go.mod‎
Lines changed: 21 additions & 0 deletions b/‎go.mod‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 42 additions & 0 deletions b/‎go.sum‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎test/rekt/README.md‎
Lines changed: 291 additions & 0 deletions b/‎test/rekt/README.md‎
Lines changed: 291 additions & 0 deletions
@@ -4,6 +4,12 @@ go 1.24.0
 
 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.1-0.20210420163308-c1402a70e2f1
+	github.com/aws/aws-sdk-go-v2 v1.41.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.36
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.34
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.42.20
 	github.com/cert-manager/cert-manager v1.16.3
 	github.com/cloudevents/conformance v0.4.1
 	github.com/cloudevents/sdk-go/observability/opentelemetry/v2 v2.16.1
@@ -59,6 +65,21 @@ require (
 
 require (
 	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.0 // indirect
+	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/blendle/zapdriver v1.3.1 // indirect
 
@@ -64,6 +64,48 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/aws/aws-sdk-go-v2 v1.41.0 h1:tNvqh1s+v0vFYdA1xq0aOJH+Y5cRyZ5upu6roPgPKd4=
+github.com/aws/aws-sdk-go-v2 v1.41.0/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4=
+github.com/aws/aws-sdk-go-v2/config v1.27.36 h1:4IlvHh6Olc7+61O1ktesh0jOcqmq/4WG6C2Aj5SKXy0=
+github.com/aws/aws-sdk-go-v2/config v1.27.36/go.mod h1:IiBpC0HPAGq9Le0Xxb1wpAKzEfAQ3XlYgJLYKEVYcfw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.34 h1:gmkk1l/cDGSowPRzkdxYi8edw+gN4HmVK151D/pqGNc=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.34/go.mod h1:4R9OEV3tgFMsok4ZeFpExn7zQaZRa9MRGFYnI/xC/vs=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16 h1:rgGwPzb82iBYSvHMHXc8h9mRoOUBZIGFgKb9qniaZZc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.16/go.mod h1:L/UxsGeKpGoIj6DxfhOWHWQ/kGKcd4I1VncE4++IyKA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16 h1:1jtGzuV7c82xnqOVfx2F0xmJcOw5374L7N6juGW6x6U=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.16/go.mod h1:M2E5OQf+XLe+SZGmmpaI2yy+J326aFf6/+54PoxSANc=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16 h1:CjMzUs78RDDv4ROu3JnJn/Ig1r6ZD7/T2DXLLRpejic=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.16/go.mod h1:uVW4OLBqbJXSHJYA9svT9BluSvvwbzLQ2Crf6UPzR3c=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5 h1:mSBrQCXMjEvLHsYyJVbN8QQlcITXwHEuu+8mX9e2bSo=
+github.com/aws/aws-sdk-go-v2/service/dynamodb v1.53.5/go.mod h1:eEuD0vTf9mIzsSjGBFWIaNQwtH5/mzViJOVQfnMY5DE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7 h1:DIBqIrJ7hv+e4CmIk2z3pyKT+3B6qVMgRsawHiR3qso=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.7/go.mod h1:vLm00xmBke75UmpNvOcZQ/Q30ZFjbczeLFqGx5urmGo=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16 h1:8g4OLy3zfNzLV20wXmZgx+QumI9WhWHnd4GCdvETxs4=
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.11.16/go.mod h1:5a78jwLMs7BaesU0UIhLfVy2ZmOEgOy6ewYQXKTD37Q=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16 h1:oHjJHeUy0ImIV0bsrX0X91GkV5nJAyv1l1CC9lnO0TI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.16/go.mod h1:iRSNGgOYmiYwSCXxXaKb9HfOEj40+oTKn8pTxMlYkRM=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16 h1:NSbvS17MlI2lurYgXnCOLvCFX38sBW4eiVER7+kkgsU=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.16/go.mod h1:SwT8Tmqd4sA6G1qaGdzWCJN99bUmPGHfRwwq3G5Qb+A=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0 h1:MIWra+MSq53CFaXXAywB2qg9YvVZifkk6vEGl/1Qor0=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.95.0/go.mod h1:79S2BdqCJpScXZA2y+cpZuocWsjGjJINyXnOsf5DTz8=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.42.20 h1:qa+1W+Kon3WDwO+8ugco4D9KvO0Pf0KBTn1hN7opIFw=
+github.com/aws/aws-sdk-go-v2/service/sqs v1.42.20/go.mod h1:OG0Y3TgC+IeM++ngh+IcEkN24ruGsmRiAP8GUsOhMW8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.0 h1:fHySkG0IGj2nepgGJPmmhZYL9ndnsq1Tvc6MeuVQCaQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.0/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0 h1:cU/OeQPNReyMj1JEBgjE29aclYZYtXcsPMXbTkVGMFk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.0/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.0 h1:GNVxIHBTi2EgwCxpNiozhNasMOK+ROUA2Z3X+cSBX58=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.0/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
+github.com/aws/smithy-go v1.24.0 h1:LpilSUItNPFr1eY85RYgTIg5eIEPtvFbskaFcmmIUnk=
+github.com/aws/smithy-go v1.24.0/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 
@@ -15,6 +15,297 @@ To run just one test:
 SYSTEM_NAMESPACE=knative-eventing go test -count=1 -v -tags=e2e -run Smoke_PingSource ./test/rekt/...
 ```
 
+## AWS Integration tests
+
+AWS integration tests validate IntegrationSource and IntegrationSink resources
+that interact with AWS services (S3, SQS, SNS, DynamoDB Streams). These tests
+use the `e2e_aws` build tag to separate them from regular e2e tests.
+
+To run only AWS integration tests:
+
+```bash
+SYSTEM_NAMESPACE=knative-eventing \
+  AWS_ACCESS_KEY_ID=<your-access-key> \
+  AWS_SECRET_ACCESS_KEY=<your-secret-key> \
+  go test -count=1 -v -tags=e2e_aws ./test/rekt/...
+```
+
+To run a specific AWS integration test:
+
+```bash
+SYSTEM_NAMESPACE=knative-eventing \
+  AWS_ACCESS_KEY_ID=<your-access-key> \
+  AWS_SECRET_ACCESS_KEY=<your-secret-key> \
+  go test -count=1 -v -tags=e2e_aws -run TestIntegrationSinkS3Success ./test/rekt/...
+```
+
+### Required environment variables
+
+- `AWS_ACCESS_KEY_ID` - AWS access key with permissions for S3, SQS, SNS, and DynamoDB
+- `AWS_SECRET_ACCESS_KEY` - AWS secret key
+
+### Optional environment variables
+
+- `AWS_REGION` - AWS region (default: `us-west-1`)
+
+#### IntegrationSource specific
+
+- `AWS_S3_SOURCE_ARN` - S3 bucket ARN for source tests (default: `arn:aws:s3:::eventing-e2e-source`)
+- `AWS_SQS_SOURCE_ARN` - SQS queue ARN for source tests (default: `arn:aws:sqs:us-west-1::eventing-e2e-sqs-source`)
+- `AWS_DDB_STREAMS_TABLE` - DynamoDB table name for stream tests (default: `eventing-e2e-source`)
+
+#### IntegrationSink specific
+
+- `AWS_S3_SINK_ARN` - S3 bucket ARN for sink tests (default: `arn:aws:s3:::eventing-e2e-sink`)
+- `AWS_SQS_QUEUE_NAME` - SQS queue name for sink tests (default: `eventing-e2e-sqs-sink`)
+- `AWS_SNS_TOPIC_NAME` - SNS topic name for sink tests (default: `eventing-e2e-sns-sink`)
+- `AWS_SNS_VERIFICATION_QUEUE_NAME` - SQS queue name for SNS message verification (default: `eventing-e2e-sns-verification`)
+
+**Note:** The AWS resources (S3 buckets, SQS queues, SNS topics, DynamoDB tables)
+must be created before running the tests. The tests will clean up objects/messages
+created during test execution, but will not create or delete the AWS resources themselves.
+
+### Setting up AWS resources
+
+You can use the following script to create all required AWS resources:
+
+```bash
+#!/bin/bash
+# setup-aws-resources.sh - Create AWS resources for integration tests
+
+set -e
+
+# Configuration
+AWS_REGION="${AWS_REGION:-us-west-1}"
+S3_SOURCE_BUCKET="eventing-e2e-source"
+S3_SINK_BUCKET="eventing-e2e-sink"
+SQS_SOURCE_QUEUE="eventing-e2e-sqs-source"
+SQS_SINK_QUEUE="eventing-e2e-sqs-sink"
+SNS_VERIFICATION_QUEUE="eventing-e2e-sns-verification"
+SNS_TOPIC="eventing-e2e-sns-sink"
+DDB_TABLE="eventing-e2e-source"
+
+echo "Creating AWS resources in region: $AWS_REGION"
+
+# Create S3 buckets
+echo "Creating S3 buckets..."
+aws s3api create-bucket \
+  --bucket "$S3_SOURCE_BUCKET" \
+  --region "$AWS_REGION" \
+  --create-bucket-configuration LocationConstraint="$AWS_REGION" 2>/dev/null || echo "Bucket $S3_SOURCE_BUCKET already exists"
+
+aws s3api create-bucket \
+  --bucket "$S3_SINK_BUCKET" \
+  --region "$AWS_REGION" \
+  --create-bucket-configuration LocationConstraint="$AWS_REGION" 2>/dev/null || echo "Bucket $S3_SINK_BUCKET already exists"
+
+# Create SQS queues
+echo "Creating SQS queues..."
+aws sqs create-queue \
+  --queue-name "$SQS_SOURCE_QUEUE" \
+  --region "$AWS_REGION" >/dev/null || echo "Queue $SQS_SOURCE_QUEUE already exists"
+
+aws sqs create-queue \
+  --queue-name "$SQS_SINK_QUEUE" \
+  --region "$AWS_REGION" >/dev/null || echo "Queue $SQS_SINK_QUEUE already exists"
+
+aws sqs create-queue \
+  --queue-name "$SNS_VERIFICATION_QUEUE" \
+  --region "$AWS_REGION" >/dev/null || echo "Queue $SNS_VERIFICATION_QUEUE already exists"
+
+# Get queue ARN for SNS subscription
+VERIFICATION_QUEUE_URL=$(aws sqs get-queue-url \
+  --queue-name "$SNS_VERIFICATION_QUEUE" \
+  --region "$AWS_REGION" \
+  --query 'QueueUrl' \
+  --output text)
+
+VERIFICATION_QUEUE_ARN=$(aws sqs get-queue-attributes \
+  --queue-url "$VERIFICATION_QUEUE_URL" \
+  --attribute-names QueueArn \
+  --region "$AWS_REGION" \
+  --query 'Attributes.QueueArn' \
+  --output text)
+
+# Create SNS topic
+echo "Creating SNS topic..."
+SNS_TOPIC_ARN=$(aws sns create-topic \
+  --name "$SNS_TOPIC" \
+  --region "$AWS_REGION" \
+  --query 'TopicArn' \
+  --output text)
+
+echo "SNS Topic ARN: $SNS_TOPIC_ARN"
+
+# Set SQS queue policy to allow SNS to send messages
+echo "Setting SQS queue policy for SNS..."
+ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+
+QUEUE_POLICY=$(cat <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "sns.amazonaws.com"
+      },
+      "Action": "SQS:SendMessage",
+      "Resource": "$VERIFICATION_QUEUE_ARN",
+      "Condition": {
+        "ArnEquals": {
+          "aws:SourceArn": "$SNS_TOPIC_ARN"
+        }
+      }
+    }
+  ]
+}
+EOF
+)
+
+POLICY_STRING=$(echo "$QUEUE_POLICY" | jq -c . | jq -R .)
+aws sqs set-queue-attributes \
+  --queue-url "$VERIFICATION_QUEUE_URL" \
+  --attributes "{\"Policy\":$POLICY_STRING}" \
+  --region "$AWS_REGION"
+
+# Subscribe SQS queue to SNS topic
+echo "Subscribing SQS queue to SNS topic..."
+SUBSCRIPTION_ARN=$(aws sns subscribe \
+  --topic-arn "$SNS_TOPIC_ARN" \
+  --protocol sqs \
+  --notification-endpoint "$VERIFICATION_QUEUE_ARN" \
+  --region "$AWS_REGION" \
+  --query 'SubscriptionArn' \
+  --output text)
+
+echo "Subscription ARN: $SUBSCRIPTION_ARN"
+
+# Create DynamoDB table with streams enabled
+echo "Creating DynamoDB table with streams..."
+aws dynamodb create-table \
+  --table-name "$DDB_TABLE" \
+  --attribute-definitions AttributeName=id,AttributeType=S \
+  --key-schema AttributeName=id,KeyType=HASH \
+  --billing-mode PAY_PER_REQUEST \
+  --stream-specification StreamEnabled=true,StreamViewType=NEW_AND_OLD_IMAGES \
+  --region "$AWS_REGION" >/dev/null 2>&1 || echo "Table $DDB_TABLE already exists"
+
+# Wait for DynamoDB table to be active
+echo "Waiting for DynamoDB table to be active..."
+aws dynamodb wait table-exists \
+  --table-name "$DDB_TABLE" \
+  --region "$AWS_REGION"
+
+echo "All AWS resources created successfully!"
+echo ""
+echo "Environment variables for tests:"
+echo "export AWS_REGION=$AWS_REGION"
+echo "export AWS_S3_SOURCE_ARN=arn:aws:s3:::$S3_SOURCE_BUCKET"
+echo "export AWS_S3_SINK_ARN=arn:aws:s3:::$S3_SINK_BUCKET"
+echo "export AWS_SQS_SOURCE_ARN=arn:aws:sqs:$AWS_REGION:$ACCOUNT_ID:$SQS_SOURCE_QUEUE"
+echo "export AWS_SQS_QUEUE_NAME=$SQS_SINK_QUEUE"
+echo "export AWS_SNS_TOPIC_NAME=$SNS_TOPIC"
+echo "export AWS_SNS_VERIFICATION_QUEUE_NAME=$SNS_VERIFICATION_QUEUE"
+echo "export AWS_DDB_STREAMS_TABLE=$DDB_TABLE"
+```
+
+### Tearing down AWS resources
+
+You can use the following script to delete all AWS resources created for testing:
+
+```bash
+#!/bin/bash
+# teardown-aws-resources.sh - Delete AWS resources for integration tests
+
+set -e
+
+# Configuration
+AWS_REGION="${AWS_REGION:-us-west-1}"
+S3_SOURCE_BUCKET="eventing-e2e-source"
+S3_SINK_BUCKET="eventing-e2e-sink"
+SQS_SOURCE_QUEUE="eventing-e2e-sqs-source"
+SQS_SINK_QUEUE="eventing-e2e-sqs-sink"
+SNS_VERIFICATION_QUEUE="eventing-e2e-sns-verification"
+SNS_TOPIC="eventing-e2e-sns-sink"
+DDB_TABLE="eventing-e2e-source"
+
+echo "Deleting AWS resources in region: $AWS_REGION"
+
+# Delete S3 buckets (must empty first)
+echo "Deleting S3 buckets..."
+aws s3 rm "s3://$S3_SOURCE_BUCKET" --recursive --region "$AWS_REGION" 2>/dev/null || true
+aws s3api delete-bucket \
+  --bucket "$S3_SOURCE_BUCKET" \
+  --region "$AWS_REGION" 2>/dev/null || echo "Bucket $S3_SOURCE_BUCKET not found"
+
+aws s3 rm "s3://$S3_SINK_BUCKET" --recursive --region "$AWS_REGION" 2>/dev/null || true
+aws s3api delete-bucket \
+  --bucket "$S3_SINK_BUCKET" \
+  --region "$AWS_REGION" 2>/dev/null || echo "Bucket $S3_SINK_BUCKET not found"
+
+# Get SNS topic ARN and unsubscribe SQS queue
+echo "Unsubscribing SQS from SNS..."
+SNS_TOPIC_ARN=$(aws sns list-topics \
+  --region "$AWS_REGION" \
+  --query "Topics[?contains(TopicArn, '$SNS_TOPIC')].TopicArn" \
+  --output text 2>/dev/null || true)
+
+if [ -n "$SNS_TOPIC_ARN" ]; then
+  SUBSCRIPTIONS=$(aws sns list-subscriptions-by-topic \
+    --topic-arn "$SNS_TOPIC_ARN" \
+    --region "$AWS_REGION" \
+    --query 'Subscriptions[].SubscriptionArn' \
+    --output text 2>/dev/null || true)
+
+  for SUB_ARN in $SUBSCRIPTIONS; do
+    if [ "$SUB_ARN" != "PendingConfirmation" ]; then
+      aws sns unsubscribe \
+        --subscription-arn "$SUB_ARN" \
+        --region "$AWS_REGION" 2>/dev/null || true
+    fi
+  done
+fi
+
+# Delete SNS topic
+echo "Deleting SNS topic..."
+if [ -n "$SNS_TOPIC_ARN" ]; then
+  aws sns delete-topic \
+    --topic-arn "$SNS_TOPIC_ARN" \
+    --region "$AWS_REGION" 2>/dev/null || echo "SNS topic $SNS_TOPIC not found"
+fi
+
+# Delete SQS queues
+echo "Deleting SQS queues..."
+for QUEUE in "$SQS_SOURCE_QUEUE" "$SQS_SINK_QUEUE" "$SNS_VERIFICATION_QUEUE"; do
+  QUEUE_URL=$(aws sqs get-queue-url \
+    --queue-name "$QUEUE" \
+    --region "$AWS_REGION" \
+    --query 'QueueUrl' \
+    --output text 2>/dev/null || true)
+
+  if [ -n "$QUEUE_URL" ]; then
+    aws sqs delete-queue \
+      --queue-url "$QUEUE_URL" \
+      --region "$AWS_REGION" 2>/dev/null || echo "Queue $QUEUE not found"
+  fi
+done
+
+# Delete DynamoDB table
+echo "Deleting DynamoDB table..."
+aws dynamodb delete-table \
+  --table-name "$DDB_TABLE" \
+  --region "$AWS_REGION" >/dev/null 2>&1 || echo "Table $DDB_TABLE not found"
+
+# Wait for DynamoDB table to be deleted
+echo "Waiting for DynamoDB table deletion..."
+aws dynamodb wait table-not-exists \
+  --table-name "$DDB_TABLE" \
+  --region "$AWS_REGION" 2>/dev/null || true
+
+echo "All AWS resources deleted successfully!"
+```
+
 ## Broker tests.
 
 The Broker class can be overridden by using the envvar `BROKER_CLASS`. By