version: '3'

vars:
  SERVICE_ID: vpce-svc-08c9a7a8c06159a36  # the USE1 service ID for Pyrenees, override using -v SERVICE_ID=<>

tasks:
  list-tgws:
    desc: list transits gateways with tag Name=ets-cloudops-pyrenees
    cmd: |
      aws ec2 describe-transit-gateways --filters Name=tag:Name,Values=ets-cloudops-pyrenees
      # aws ec2 describe-transit-gateways --filters Name=tag:Name,Values=ets-cloudops-pyrenees | jq -r '.TransitGateways[] | {TransitGatewayId,State}'
  list-services:
    desc: list all Pyrenees endpoint services
    cmd: |
      aws ec2 describe-vpc-endpoint-services | jq -r '.ServiceDetails[] | select(.Tags[] | select(.Key == "Service" and .Value == "pyrenees-endpoint-service")) | .ServiceId'
  list-principals:
    desc: List principals for a regional endpoint service
    cmd: |
      aws ec2 describe-vpc-endpoint-service-permissions --service-id {{ .SERVICE_ID }} \
        | jq -r '[.AllowedPrincipals[] | {Principal,Tags}]'
  list-azs:
    desc: list the availability zones for a regional endpoint service (works to validate that an account is an allowed principal)
    cmd: |
      aws ec2 describe-vpc-endpoint-services --service-ids {{ .SERVICE_ID }} | jq -r '.ServiceDetails.AvailabilityZones[]'