#!/usr/bin/env bash

# tell bash to exit if any subcommand fails
set -eo pipefail

# Validate required commands
if ! [ -x "$(command -v aws)" ]; then
  echo 'Error: aws is not installed.' >&2
  exit 1
fi
if ! [ -x "$(command -v jq)" ]; then
  echo 'Error: jq is not installed.' >&2
  exit 1
fi

# Get the query
TERRAFORM_QUERY=$(jq -Mc .)

# Extract the query attributes
ASSUME_ROLE_ARN=$(echo "${TERRAFORM_QUERY}" | jq -r '.assume_role_arn')
ROLE_SESSION_NAME=$(echo "${TERRAFORM_QUERY}" | jq -r '.role_session_name')

aws sts assume-role --output json \
--role-arn "${ASSUME_ROLE_ARN}" \
--role-session-name "${ROLE_SESSION_NAME}" \
--query Credentials