# TWAICE AWS Credential Management for FiSH

# TODO change your user
set AWS_IAM_USER ""

# TODO setup your aws-mfa credential keys in the credentials file

# AWS Account details
set DEV_ACCOUNT_ID ""
set STG_ACCOUNT_ID ""
set PROD_ACCOUNT_ID ""
set OPS_ACCOUNT_ID ""

export AWS_REGION=eu-west-1
export AWS_DEFAULT_REGION=eu-west-1


function envAWS --description 'switch to different aws account environments (-) with MFA'
	if test (count $argv) -lt 1
		echo "Provide an AWS Environment: dev, staging, prod, ops"
		return
	end

	switch $argv[1]
	case dev
		echo "switching to /refreshing dev"
		aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/Administrators --duration 43200 --role-session-name $AWS_IAM_USER
		getAWSenv
	case stg
		echo "switching to /refreshing staging"
		aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/Administrators --duration 43200 --role-session-name $AWS_IAM_USER
		getAWSenv
	case prod
		echo "switching to /refreshing prod"
		aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/Administrators --duration 3600 --role-session-name $AWS_IAM_USER
		getAWSenv
	case ops
		echo "switching to /refreshing ops"
		aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/Administrators --duration 3600 --role-session-name $AWS_IAM_USER
		getAWSenv
	case '*'
		echo "Wrong / Invalid Environment provided"
		return 1
	end
end

function getAWSenv --description 'verify and set environment'
	set aws_account_id (aws sts get-caller-identity | jq -r '.Account')

	if not test -n "$aws_account_id"
		echo "aws sts could not get identify. Are you logged in ?"
		set -ge env # clear env
		return 1
	end
	if [ $aws_account_id = $DEV_ACCOUNT_ID ]
		set -g env dev
	else if [ $aws_account_id = $STG_ACCOUNT_ID]
		set -g env stg
	else if [ $aws_account_id = $PROD_ACCOUNT_ID]
		set -g env prod
	else if [ $aws_account_id = $OPS_ACCOUNT_ID]
		set -g env ops
	else
		set -ge env
		return 1
	end
end