From f061b0dc8df99972b04f7fc4082acbed80103dbf Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Mon, 3 Jul 2023 08:24:24 +0800
Subject: [PATCH] UPD: updated shell script output and readme file

---
 modules/util/awscli/README.md            | 26 ++++++++++++++++++++----
 modules/util/awscli/awsWithAssumeRole.sh |  6 ++++--
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/modules/util/awscli/README.md b/modules/util/awscli/README.md
index 5244779..5c72be8 100644
--- a/modules/util/awscli/README.md
+++ b/modules/util/awscli/README.md
@@ -1,8 +1,26 @@
 # awscli module
-This module executes awscli. Json output goes through base64 encode and decode to work around 
-terraform map of string requirements for external data.
+This module executes awscli and returns the output.
 
-## Example root module
+# input variables
+Set the temp credentials if role switching is needed. Otherwise, leave them alone.
+
+| variable         | type    | required | description                         |
+|------------------|---------|----------|-------------------------------------|
+| access_key       | string  | no       | for role switching                  |
+| secret_key       | string  | no       | for role switching                  |
+| session_token    | string  | no       | for role switching                  |
+| aws_cli_commands | string  | yes      | command and parameters after `aws`  |
+
+# output variable
+Normally terraform only produces a simple map of string in output. To work
+around this, awscli outout are base64 encoded. The output variable is then
+base64decoded back to the original text.
+
+| variable      | type   | description        |
+|:--------------|:-------|:-------------------|
+| awscli_output | string | output from awscli |
+
+## Usage example
 ```hcl
 module "awscli_exec" {
   source = "../../modules/util/awscli"
@@ -18,7 +36,7 @@ output awscli_output {
 }
 ```
 
-Sample output
+Output
 ```
 Outputs:
 
diff --git a/modules/util/awscli/awsWithAssumeRole.sh b/modules/util/awscli/awsWithAssumeRole.sh
index f1d16c7..8e95483 100755
--- a/modules/util/awscli/awsWithAssumeRole.sh
+++ b/modules/util/awscli/awsWithAssumeRole.sh
@@ -36,5 +36,7 @@ export AWS_RETRY_MODE=standard
 export AWS_MAX_ATTEMPTS=3
 
 # Run the AWS_CLI command
-aws sts get-caller-identity --query Arn > /tmp/awscli.log
-echo '{"awscliout" : "'$(aws ${AWS_CLI_COMMANDS}  | base64 -w0)'"}' | tee -a /tmp/awscli.log
+# aws sts get-caller-identity --query Arn > /tmp/awscli.log
+# echo '{"awscliout" : "'$(aws ${AWS_CLI_COMMANDS}  | base64 -w0)'"}' | tee -a /tmp/awscli.log
+
+jq -n --arg jqarg1 $(aws ${AWS_CLI_COMMANDS}  | base64 -w0) '{ "awscliout" : $jqarg1 }'