Differences

This shows you the differences between two versions of the page.

--- aws:aws-cli [10/02/2025 11:31] – [403 error with git push] andrew
+++ aws:aws-cli [17/04/2025 11:26] (current) – [Explanation of "StandardsArn": "'"${STANDARD}"'"] andrew
@@ Line 276: / Line 276: @@
 ==== Get repos ====
+Used ''jq'' to process output, this requires json, so the export forces json format. ''-r'' gives a raw output, ie, no quotes round variables.
 get_repos.sh:-
@@ Line 549: / Line 551: @@
 </code>
+===== Embedding a BASH variable in JSON =====
+<code bash>
+STANDARD='arn:aws:securityhub:::ruleset/nist-800-53/v/5.0.0'
+aws securityhub  batch-update-standards-control-associations \
+    --standards-control-association-updates \
+    --profile OrgDeployRole \
+    '[
+    {
+    "SecurityControlId": "IAM.9",
+    "StandardsArn": "'"${STANDARD}"'",
+    "AssociationStatus": "DISABLED",
+    "UpdatedReason": "Not applicable to environment"
+    }
+    ]'
+</code>
+==== Explanation of "StandardsArn": "'"${STANDARD}"'" ====
+JSON keys and values need to be quoted, so that's the outside double quotes, STANDARD cannot be expnded by the aws command so it is single quoted, but lastly as BASH sees it, it is double quoted so BASH can expand the variable "${var}" to the value it represents.
+I think.... Not 100% sure on the single quotes usage