From 80d53e84839a08c18db28e613a75028641f1cb0e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 21 Mar 2023 16:16:21 -0400
Subject: [PATCH] change

---
 .../bin/assume_role_wrapper.sh                | 46 ++++++++++++++++++-
 tag-shared-vpc-resources/tag-network-acls.tf  |  2 +-
 2 files changed, 46 insertions(+), 2 deletions(-)
 mode change 120000 => 100755 tag-shared-vpc-resources/bin/assume_role_wrapper.sh

diff --git a/tag-shared-vpc-resources/bin/assume_role_wrapper.sh b/tag-shared-vpc-resources/bin/assume_role_wrapper.sh
deleted file mode 120000
index e8a1994..0000000
--- a/tag-shared-vpc-resources/bin/assume_role_wrapper.sh
+++ /dev/null
@@ -1 +0,0 @@
-../../bin/assume_role_wrapper.sh
\ No newline at end of file
diff --git a/tag-shared-vpc-resources/bin/assume_role_wrapper.sh b/tag-shared-vpc-resources/bin/assume_role_wrapper.sh
new file mode 100755
index 0000000..dd80bd3
--- /dev/null
+++ b/tag-shared-vpc-resources/bin/assume_role_wrapper.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# wrapper of assume role to then call AWS commands
+
+# AWS_PROFILE set to the profile of the caller
+# AWS_REGION set to the region of the caller (and target)
+# ROLE_ARN set to the role ARN in the target
+
+if [ -z "$AWS_PROFILE" ]
+then
+  echo "# missing AWS_PROFILE"
+  exit 1
+fi
+if [ -z "$AWS_REGION" ]
+then
+  echo "# missing AWS_REGION"
+  exit 1
+fi
+if [ -z "$ROLE_ARN" ]
+then
+  echo "# missing ROLE_ARN"
+  exit 1
+fi
+if [ ! -z "$USER" ]
+then
+  SESSION_NAME=$USER
+else
+  SESSION_NAME=$(basename $0 .sh)
+fi
+AWS=$(which aws >/dev/null 2>&1)
+if [ $? != 0 ]
+then
+  echo "# unable to find aws cli"
+  exit 1
+fi
+
+# this user assume role, gets the access key, secret, and token
+set -e
+$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $USER --query 'Credentials.[`export#AWS_ACCESS_KEY_ID=`,AccessKeyId,`#AWS_SECRET_ACCESS_KEY=`,SecretAccessKey,`#AWS_SESSION_TOKEN=`,SessionToken]' --output text | sed $'s/\t//g' | sed 's/#/ /g')
+
+# now run commands (hopefully, it is aws ...)
+$@
+
+status=$?
+exit $status
diff --git a/tag-shared-vpc-resources/tag-network-acls.tf b/tag-shared-vpc-resources/tag-network-acls.tf
index 699bb9d..f15c6eb 100644
--- a/tag-shared-vpc-resources/tag-network-acls.tf
+++ b/tag-shared-vpc-resources/tag-network-acls.tf
@@ -36,7 +36,7 @@ resource "null_resource" "network_acl" {
 
   provisioner "local-exec" {
     working_dir = "${path.root}/${self.triggers.directory}"
-    command     = "${path.module}/bin/assume_role_wrapper.sh aws ec2 describe-network-acls --network-acl-id ${each.key} --output json > ${self.triggers.filename}"
+    command     = "/bin/bash ${path.module}/bin/assume_role_wrapper.sh aws ec2 describe-network-acls --network-acl-id ${each.key} --output json > ${self.triggers.filename}"
     environment = {
       AWS_PROFILE = var.profile
       AWS_REGION  = local.region