WIP: Added AWS account check and updated make commands

Author: robbailiff2

Makefile

@@ -53,58 +53,67 @@ config:: # Configure development environment (main) @Configuration
 #### Proxygen ####
 ##################
 
-retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment)
-	mkdir -p ~/.proxygen && \
-	aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \
-	> ~/.proxygen/eligibility-signposting-api.pem
+# retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment)
+# 	mkdir -p ~/.proxygen && \
+# 	aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption | jq ".Parameter.Value" --raw-output \
+# 	> ~/.proxygen/eligibility-signposting-api.pem
 
 # retrieve-proxygen-key: # Obtain the 'machine user' credentials from AWS SSM (Development environment)
 # 	mkdir -p ~/.proxygen && \
 # 	aws ssm get-parameter --name /proxygen/private_key_temp_$(ENV) --with-decryption | jq ".Parameter.Value" --raw-output \
 # 	> ~/.proxygen/eligibility-signposting-api-$(ENV).pem
-
-retrieve-proxygen-key-ptl:
-	$(MAKE) retrieve-proxygen-key ENV=ptl
-
-retrieve-proxygen-key-prod:
-	$(MAKE) retrieve-proxygen-key ENV=prod
-
-setup-proxygen-credentials:
-	cd specification && \
+#
+# retrieve-proxygen-key-ptl:
+# 	$(MAKE) retrieve-proxygen-key ENV=ptl
+#
+# retrieve-proxygen-key-prod:
+# 	$(MAKE) retrieve-proxygen-key ENV=prod
+
+# Verify current AWS account login and retrieve the proxygen key
+# from AWS SSM for the specified environment
+retrieve-proxygen-key: guard-ENV
+	@ ./scripts/check-aws-account.sh $(ENV)
+	mkdir -p ~/.proxygen
+	aws ssm get-parameter --name /proxygen/private_key_temp --with-decryption \
+	| jq -r ".Parameter.Value" \
+	> ~/.proxygen/eligibility-signposting-api-$(ENV).pem && \
+	echo "Retrieved proxygen key for '$(ENV)' environment"
+
+# Copy proxygen credentials for the specified environment to `~/.proxygen/`
+# This location required location for local proxygen usage
+setup-proxygen-credentials: guard-ENV
+	@ cd specification && \
 	cp .proxygen/credentials-$(ENV).yaml ~/.proxygen/credentials.yaml && \
-	cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml
-
-setup-proxygen-credentials-ptl:
-	$(MAKE) setup-proxygen-credentials ENV=ptl
-
-setup-proxygen-credentials-prod:
-	$(MAKE) setup-proxygen-credentials ENV=prod
+	cp .proxygen/settings-$(ENV).yaml ~/.proxygen/settings.yaml && \
+	echo "Set up proxygen credentials for the '$(ENV)' environment"
 
 get-spec: # Get the most recent specification live in proxygen
-	$(MAKE) setup-proxygen-credentials-prod
+	$(MAKE) setup-proxygen-credentials ENV=prod
 	proxygen spec get
 
 get-spec-uat: # Get the most recent specification live in proxygen
-	$(MAKE) setup-proxygen-credentials-ptl
+	$(MAKE) setup-proxygen-credentials ENV=ptl
 	proxygen spec get --uat
 
 publish-spec: # Publish the specification to proxygen
-	$(MAKE) setup-proxygen-credentials-prod
+	$(MAKE) setup-proxygen-credentials ENV=prod
 	proxygen spec publish build/specification/prod/eligibility-signposting-api.yaml
 
 publish-spec-uat: # Publish the specification to proxygen
-	$(MAKE) setup-proxygen-credentials-ptl
+	$(MAKE) setup-proxygen-credentials ENV=ptl
 	proxygen spec publish build/specification/preprod/eligibility-signposting-api.yaml --uat
 
 delete-spec: # Delete the specification from proxygen
-	$(MAKE) setup-proxygen-credentials-prod
+	$(MAKE) setup-proxygen-credentials ENV=prod
 	proxygen spec delete
 
 delete-spec-uat: # Delete the specification from proxygen
-	$(MAKE) setup-proxygen-credentials-ptl
+	$(MAKE) setup-proxygen-credentials ENV=ptl
 	proxygen spec delete --uat
 
-# Specification
+#####################
+### Specification ###
+#####################
 
 guard-%:
 	@ if [ "${${*}}" = "" ]; then \

scripts/check-aws-account.sh

@@ -0,0 +1,47 @@
+
+#!/usr/bin/env bash
+set -e
+
+APIM_ENV_NAME="$1"
+
+# Map APIM environment names to AWS account ID and environment name
+case "$APIM_ENV_NAME" in
+  dev)
+    AWS_ENV_NAME="dev"
+    EXPECTED_ACCOUNT="448049830832"
+    ;;
+  ptl)
+    AWS_ENV_NAME="preprod" # Called 'preprod' in AWS and `ptl` in APIM
+    EXPECTED_ACCOUNT="203918864209"
+    ;;
+  prod)
+    AWS_ENV_NAME="prod"
+    EXPECTED_ACCOUNT="333333333333"
+    ;;
+  *)
+    echo "Unknown APIM environment: $APIM_ENV_NAME"
+    exit 1
+    ;;
+esac
+
+# Read the currently authenticated AWS account
+CURRENT_ACCOUNT=$(aws sts get-caller-identity --query "Account" --output text)
+
+# Compare the current account with the expected account
+if [ "$CURRENT_ACCOUNT" != "$EXPECTED_ACCOUNT" ]; then
+  echo "AWS account mismatch!"
+#  MSG="The 'ENV' arg '$APIM_ENV_NAME' for APIM maps to the AWS env '$AWS_ENV_NAME' and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT."
+#  echo "$MSG"
+#  echo "The 'ENV' arg $APIM_ENV_NAME for APIM maps to the AWS env $AWS_ENV_NAME and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT."
+#  echo "APIM environment : $APIM_ENV_NAME"
+#  echo "Expected AWS environment: $AWS_ENV_NAME"
+#  echo "Expected account: $EXPECTED_ACCOUNT"
+#  echo "Actual account :  $CURRENT_ACCOUNT"
+#  echo "The APIM '$APIM_ENV_NAME' environment is mapped to the AWS '$AWS_ENV_NAME' environment and account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT."
+  echo "The expected mapping for the argument 'ENV=$APIM_ENV_NAME' is AWS '$AWS_ENV_NAME' account $EXPECTED_ACCOUNT, but the current AWS account is $CURRENT_ACCOUNT."
+  echo "Please switch to the correct AWS account and try again."
+  echo "Exiting script..."
+  exit 1
+fi
+
+echo "Active login to AWS '$AWS_ENV_NAME' account $CURRENT_ACCOUNT verified."