diff --git a/bin/prep.sh b/bin/prep.sh
index 105764a..72ae3c2 100755
--- a/bin/prep.sh
+++ b/bin/prep.sh
@@ -4,8 +4,8 @@
 # Set bash unofficial strict mode http://redsymbol.net/articles/unofficial-bash-strict-mode/
 set -euo pipefail
 
-# Enable for enhanced debugging
-#set -vx
+# Set DEBUG to true for enhanced debugging: run prefixed with "DEBUG=true"
+${DEBUG:-false} && set -vx
 # Credit to https://stackoverflow.com/a/17805088
 # and http://wiki.bash-hackers.org/scripting/debuggingtips
 export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
diff --git a/bin/terraform.sh b/bin/terraform.sh
index 7f26314..8bcbe12 100755
--- a/bin/terraform.sh
+++ b/bin/terraform.sh
@@ -11,8 +11,8 @@
 set -euo pipefail
 #IFS=$'\n\t'
 
-# Enable for enhanced debugging
-#set -vx
+# Set DEBUG to true for enhanced debugging: run prefixed with "DEBUG=true"
+${DEBUG:-false} && set -vx
 # Credit to https://stackoverflow.com/a/17805088
 # and http://wiki.bash-hackers.org/scripting/debuggingtips
 export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
@@ -61,7 +61,11 @@ function plan() {
         > "$output"
     retcode="$?"
     set -e
-    $DOCKER_LANDSCAPE - < "$output"
+    if [[ "$retcode" = 0 ]]; then
+        $DOCKER_LANDSCAPE - < "$output"
+    else
+        cat "$output"
+    fi
     rm -f "$output"
     return "$retcode"
 }
@@ -84,6 +88,10 @@ function apply() {
     $DOCKER_TERRAFORM apply \
         -lock=true \
         "$TF_PLAN"
+    $DOCKER_TERRAFORM output 
+}
+
+function output() {
 }
 
 case "$verb" in
diff --git a/bin/validate.sh b/bin/validate.sh
index 2e5eedb..ee94cdf 100755
--- a/bin/validate.sh
+++ b/bin/validate.sh
@@ -2,9 +2,9 @@
 
 # Set bash unofficial strict mode http://redsymbol.net/articles/unofficial-bash-strict-mode/
 set -euo pipefail
-
-# Enable for enhanced debugging
-#set -vx
+ 
+# Set DEBUG to true for enhanced debugging: run prefixed with "DEBUG=true"
+${DEBUG:-false} && set -vx
 
 # Credit to http://stackoverflow.com/a/246128/424301
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
diff --git a/terraform/aws.tf b/terraform/aws.tf
new file mode 100644
index 0000000..e26c33f
--- /dev/null
+++ b/terraform/aws.tf
@@ -0,0 +1,20 @@
+# Thanks @marcosdiez for the suggestion
+# This makes it super-clear which AWS account, arn, and user_id are in use
+# in a way that can be conveniently tracked in the output of CI tools
+provider "aws" {
+  region = "${var.aws_region}"
+}
+
+data "aws_caller_identity" "current" {}
+
+output "account_id" {
+  value = "${data.aws_caller_identity.current.account_id}"
+}
+
+output "arn" {
+  value = "${data.aws_caller_identity.current.arn}"
+}
+
+output "user_id" {
+  value = "${data.aws_caller_identity.current.user_id}"
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 97af0a0..7ffae03 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -43,12 +43,6 @@ variable "public_key_file" {
   default     = "~/.ssh/id_rsa.pub"
 }
 
-data "aws_caller_identity" "current" {}
-
-output "account_id" {
-  value = "${data.aws_caller_identity.current.account_id}"
-}
-
 variable "aws_account_id_for_ami" {
   description = "AWS Account ID where AMIs live, if not the default"
   default     = ""