#!/usr/bin/env sh

# Validate required commands
if ! [ -x "$(command -v aws)" ]; then
  echo 'Error: aws is not installed.' >&2
  exit 1
fi
if ! [ -x "$(command -v jq)" ]; then
  echo 'Error: jq is not installed.' >&2
  exit 1
fi

# Get the query
TERRAFORM_QUERY=$(jq -Mc .)

# Extract the query attributes
AWS_CLI_COMMANDS=$(echo "${TERRAFORM_QUERY}" | jq -r '.aws_cli_commands')
AWS_CLI_QUERY=$(echo "${TERRAFORM_QUERY}" | jq -r '.aws_cli_query')
access_key=$(echo "${TERRAFORM_QUERY}" | jq -r '.access_key')
secret_key=$(echo "${TERRAFORM_QUERY}" | jq -r '.secret_key')
session_token=$(echo "${TERRAFORM_QUERY}" | jq -r '.session_token')

# Do we need to assume a role?
if [ -n "${access_key}" ]; then
  export AWS_ACCESS_KEY_ID=$access_key
  export AWS_SECRET_ACCESS_KEY=$secret_key
  export AWS_SESSION_TOKEN=$session_token
fi

# Disable any assigned pager
export AWS_PAGER=""

# Configure adaptive retry mode
# export AWS_RETRY_MODE=adaptive
export AWS_RETRY_MODE=standard
export AWS_MAX_ATTEMPTS=3

# Run the AWS_CLI command
aws sts get-caller-identity --query Arn > /tmp/awscli.log
echo '{"awscliout" : "'$(aws ${AWS_CLI_COMMANDS}  | base64 -w0)'"}' | tee -a /tmp/awscli.log