====== jq - json parser ======

jq tutorial:- [[https://cameronnokes.com/blog/working-with-json-in-bash-using-jq/]]

====== AWS Policy - get ARN ======

<code bash>
$ CREATEPOLICY=`aws iam create-policy --profile sandbox --policy-name iam-key-age-test-policy --policy-document file://lambdaPolicy-iam-key-age.json`
</code>

<code JavaScript>
{
    "Policy": {
        "PolicyName": "iam-key-age-test-policy",
        "PolicyId": "ANPAYJCO7BT6GMCF63B2L",
        "Arn": "arn:aws:iam::569248779516:policy/iam-key-age-test-policy",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "PermissionsBoundaryUsageCount": 0,
        "IsAttachable": true,
        "CreateDate": "2021-09-27T11:04:21Z",
        "UpdateDate": "2021-09-27T11:04:21Z"
    }
}
</code>

<code bash>
POLICYARN=$(echo $CREATEPOLICY | jq '.Policy.Arn')
</code>

====== AWS Keys ======

<code JavaScript>
{
	"Version": 1,
	"AccessKeyId": "ASIA6DGFDFAccessID",
	"SecretAccessKey": "asdads-accesssecret",
	"SessionToken": "SecretSession==",
	"Expiration": "2023-09-19T11:30:06Z"
}
</code>

jq -r prints raw output, no quotes. Useful to pipe to variables etc.

<code bash>
$ cat aws.json | jq ".AccessKeyId"
"ASIA6DGFDFAccessID"

$ cat aws.json | jq -r ".AccessKeyId"
ASIA6DGFDFAccessID

$ cat aws.json | jq -r ".SecretAccessKey"
asdads-accesssecret

$ cat aws.json | jq -r ".SessionToken"
SecretSession==
</code>


====== Parameter Store ======

<code JavaScript>
$ aws ssm describe-parameters --parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains"
{
    "Parameters": [
        {
            "Name": "/repo/testpar1",
            "Type": "String",
            "LastModifiedDate": 1701778211.029,
            "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
            "Description": "repo_backup",
            "Version": 2,
            "Tier": "Standard",
            "Policies": [],
            "DataType": "text"
        },
        {
            "Name": "/repo/testpar2",
            "Type": "String",
            "LastModifiedDate": 1701778219.313,
            "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
            "Description": "repo_backup",
            "Version": 2,
            "Tier": "Standard",
            "Policies": [],
            "DataType": "text"
        }
    ]
}
</code>

<code bash>
$ aws ssm describe-parameters \ 
--parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains" \
| jq '.[] | .[] | .Name'

"/repo/testpar1"
"/repo/testpar2"
</code>

Or:-
<code bash>
| jq '.[] | .[].Name'
| jq '.Parameters | .[].Name'
</code>


====== aws sts assume-role ======

This is different because it provides two keys:-

file1.txt
<code JavaScript>
{
"Credentials": {
        "AccessKeyId": "AKIATEST",
        "SecretAccessKey": "r3allys3cret",
        "SessionToken": "verrrrryLongTokenString",
        "Expiration": "2023-02-20T12:20:30+00:00"
    },
"AssumedRoleUser": {
        "AssumedRoleId": "interestingRole",
        "Arn": "arn:aws:sts::234567890:assumed-role/IAM_FullAccess/delete-iam-stuff"
    }
}
</code>


This extracts the AccessKeyId or Secret or Token as appropriate:-
<code bash>
$ cat file1.txt | jq --raw-output '.["Credentials"] | .SessionToken'
verrrrryLongTokenString
$
</code>