#!/usr/bin/env bash

# tell bash to exit if any subcommand fails
set -eo pipefail

# Validate required commands
if ! [ -x "$(command -v aws)" ]; then
  echo 'Error: aws is not installed.' >&2
  exit 1
fi
if ! [ -x "$(command -v jq)" ]; then
  echo 'Error: jq is not installed.' >&2
  exit 1
fi

# Process inputs
TERRAFORM_QUERY=$(jq -Mc .)
AWS_CLI_COMMANDS=$(echo "${TERRAFORM_QUERY}" | jq -r '.aws_cli_commands')
access_key=$(echo "${TERRAFORM_QUERY}" | jq -r '.access_key')
secret_key=$(echo "${TERRAFORM_QUERY}" | jq -r '.secret_key')
session_token=$(echo "${TERRAFORM_QUERY}" | jq -r '.session_token')

# Set temp credentials if provided
if [ -n "${access_key}" ]; then
  export AWS_ACCESS_KEY_ID=$access_key
  export AWS_SECRET_ACCESS_KEY=$secret_key
  export AWS_SESSION_TOKEN=$session_token
fi

# awscli options
export AWS_PAGER="" # disable pager
export AWS_RETRY_MODE=standard # adaptive causes throttling, use standard for now
export AWS_MAX_ATTEMPTS=3 # default is 2

# Run the awscli command, encapsulate output in base64
jq -n --arg jqarg1 "$(aws ${AWS_CLI_COMMANDS})" '{ "awscliout" : $jqarg1 | @base64 }'