INIT_DEV_IAM_STACK_NAME := init-dev-iam

# Use a known profile to ensure account ID is correct
DEV_ACCOUNT_ID := $(shell \
	aws --profile ${AWS_CLI_DEV_PROFILE} sts get-caller-identity | jq -r .Account \
)

CFN := aws cloudformation --profile ${AWS_CLI_DEV_PROFILE}
CFN_START_DRIFT_DETECTION := $(CFN) detect-stack-drift --stack-name
CFN_STATUS_DRIFT_DETECTION := $(CFN) describe-stack-drift-detection-status \
	--stack-drift-detection-id

define wait_cfn_drift_detect_job
	@while [[ \
		"$$($(CFN_STATUS_DRIFT_DETECTION) $(1) | jq -r .DetectionStatus)" == \
		"DETECTION_IN_PROGRESS" \
	]]; do \
		echo "Detection in progress. Waiting 3 seconds..."; \
		sleep 3; \
	done
endef

define show_cfn_drift
	$(eval DRIFT_ID=$(shell $(CFN_START_DRIFT_DETECTION) $(1) \
		| jq -r .StackDriftDetectionId))
	$(call wait_cfn_drift_detect_job,${DRIFT_ID})
	@$(CFN_STATUS_DRIFT_DETECTION) $(DRIFT_ID) | jq '{ \
		DetectionStatus, \
		StackDriftStatus, \
		DriftedStackResourceCount \
	}'
endef

.PHONY: init-dev-iam
init-dev-iam:
	aws cloudformation deploy \
		--profile ${AWS_CLI_DEV_PROFILE} \
		--template-file init-iam.cf.yml \
		--stack-name ${INIT_DEV_IAM_STACK_NAME} \
		--capabilities CAPABILITY_NAMED_IAM \
		--parameter-overrides \
			TargetAccountId=${DEV_ACCOUNT_ID} \
			SecurityAccountId=${SEC_ACCOUNT_ID}
	aws cloudformation update-termination-protection \
		--profile ${AWS_CLI_DEV_PROFILE} \
		--stack-name ${INIT_DEV_IAM_STACK_NAME} \
		--enable-termination-protection

.PHONY: check-init-dev-iam-drift
check-init-dev-iam-drift:
	$(call show_cfn_drift,${INIT_DEV_IAM_STACK_NAME})
