#!/bin/bash

# This is a service that fetches SSM token from parameter store
# Note that in this scenario token is written to the file.
# Script does not attempt to fetch token during boot, because the tokens are published after
# Auth servers are started.

set -e

# Source variables set up by cloudformation template
. /etc/teleport.d/conf

# Fetch token published by Auth server to SSM parameter store to join the cluster
aws ssm get-parameter --with-decryption --name /teleport/${TELEPORT_CLUSTER_NAME}/tokens/${TELEPORT_ROLE} --region ${EC2_REGION} --query Parameter.Value --output text > /var/lib/teleport/token

# Fetch Auth server CA certificate to validate the identity of the auth server
aws ssm get-parameter --name /teleport/${TELEPORT_CLUSTER_NAME}/ca --region=${EC2_REGION} --query=Parameter.Value --output text > /var/lib/teleport/ca.cert
