#!/bin/bash

set +u

if [[ -z ${AWS_SECRET_ACCESS_KEY} ]]
then
  IAM_ROLE=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)
  JSON=$(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/${IAM_ROLE})
  export AWS_ACCESS_KEY_ID=$(echo ${JSON} | jq -r '.AccessKeyId')
  export AWS_SECRET_ACCESS_KEY=$(echo ${JSON} | jq -r '.SecretAccessKey')
fi

set -euo pipefail
: ${S3_BUCKET_NAME:?"S3_BUCKET_NAME must be set"}
: ${AWS_ACCESS_KEY_ID:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"}
: ${AWS_SECRET_ACCESS_KEY:?"AWS_ACCESS_KEY_ID must be set or be possible to fetch from meta-data service on AWS"}

exec nginx -g 'daemon off;'