reconfigured AWS IAM detection as per @cloudowski pull request, reduc…

…e initial aws cli calls to one for all variables
catalinpan · Apr 9, 2017 · d8a709b · d8a709b
1 parent 448f985
commit d8a709b
Showing 1 changed file with 32 additions and 20 deletions.
diff --git a/configs/entrypoint.sh b/configs/entrypoint.sh
@@ -2,32 +2,44 @@
 
 nx_conf=/etc/nginx/nginx.conf
 
-MYREGION=$(wget -q -O- http://169.254.169.254/latest/dynamic/instance-identity/document|grep 'region'|cut -d'"' -f4)
-
-REGION=${REGION:-$MYREGION}
-
-# create aws directory
-mkdir -p /root/.aws
-
-cat << EOF > /root/.aws/config
-[default]
-region = $REGION
-EOF
-
-if [[ "$AWS_KEY" != "" && "$AWS_SECRET" != "" ]]; then
-	cat << EOF >> /root/.aws/config
-	aws_access_key_id = $AWS_KEY
-	aws_secret_access_key = $AWS_SECRET"
-EOF
+AWS_IAM='http://169.254.169.254/latest/dynamic/instance-identity/document'
+AWS_FOLDER='/root/.aws'
+
+region_config() {
+  echo  "region = $@" >> /root/.aws/config
+}
+
+if [[ "$AWS_KEY" != "" && "$AWS_SECRET" != "" ]]
+then
+  mkdir -p ${AWS_FOLDER}
+  echo "[default]
+aws_access_key_id = $AWS_KEY
+aws_secret_access_key = $AWS_SECRET" > ${AWS_FOLDER}/config
+
+	if [[ "$REGION" != "" ]]
+	then
+	  region_config $REGION
+# check if the region can be pulled from AWS IAM
+	elif wget -q -O- ${AWS_IAM} | grep -q 'region'
+	then
+		REGION=$(wget -q -O- ${AWS_IAM} | grep 'region'|cut -d'"' -f4)
+		region_config $REGION
+# error exit
+	else
+		echo "No region detected"
+		exit 1
+	fi
+# fix the permissions
+chmod 600 -R ${AWS_FOLDER}
 fi
 
-chmod 600 -R /root/.aws
 
 # update the auth token
+aws_cli_exec=$(aws ecr get-login)
 auth=$(grep  X-Forwarded-User ${nx_conf} | awk '{print $4}'| uniq|tr -d "\n\r")
-token=$(aws ecr get-login | awk '{print $6}')
+token=$(echo "${aws_cli_exec}" | awk '{print $6}')
 auth_n=$(echo AWS:${token}  | base64 |tr -d "[:space:]")
-reg_url=$(aws ecr get-login | awk '{print $9}')
+reg_url=$(echo "${aws_cli_exec}" | awk '{print $9}')
 
 sed -i "s|${auth%??}|${auth_n}|g" ${nx_conf}
 sed -i "s|REGISTRY_URL|$reg_url|g" ${nx_conf}