Differences

This shows you the differences between two versions of the page.

--- aws:aws-cli [07/12/2023 15:39] – created - external edit 127.0.0.1
+++ aws:aws-cli [17/04/2025 11:26] (current) – [Explanation of "StandardsArn": "'"${STANDARD}"'"] andrew
@@ Line 273: / Line 273: @@
 me (ajs/cpe-1806) $
 </code>
+==== Get repos ====
+Used ''jq'' to process output, this requires json, so the export forces json format. ''-r'' gives a raw output, ie, no quotes round variables.
+get_repos.sh:-
+<code bash>
+#!/bin/bash
+# List repos from AWS codecommit
+export AWS_DEFAULT_OUTPUT="json"
+aws codecommit list-repositories | jq -r '.repositories | .[].repositoryName'
+</code>
+<code>
+credential-age-check
+pyside6-stuff
+</code>
 ===== AWS NTP Time =====
@@ Line 530: / Line 551: @@
 </code>
+===== Embedding a BASH variable in JSON =====
+<code bash>
+STANDARD='arn:aws:securityhub:::ruleset/nist-800-53/v/5.0.0'
+aws securityhub  batch-update-standards-control-associations \
+    --standards-control-association-updates \
+    --profile OrgDeployRole \
+    '[
+    {
+    "SecurityControlId": "IAM.9",
+    "StandardsArn": "'"${STANDARD}"'",
+    "AssociationStatus": "DISABLED",
+    "UpdatedReason": "Not applicable to environment"
+    }
+    ]'
+</code>
+==== Explanation of "StandardsArn": "'"${STANDARD}"'" ====
+JSON keys and values need to be quoted, so that's the outside double quotes, STANDARD cannot be expnded by the aws command so it is single quoted, but lastly as BASH sees it, it is double quoted so BASH can expand the variable "${var}" to the value it represents.
+I think.... Not 100% sure on the single quotes usage