====== jq - json parser ======
jq tutorial:- [[https://cameronnokes.com/blog/working-with-json-in-bash-using-jq/]]
====== AWS Policy - get ARN ======
$ CREATEPOLICY=`aws iam create-policy --profile sandbox --policy-name iam-key-age-test-policy --policy-document file://lambdaPolicy-iam-key-age.json`
{
"Policy": {
"PolicyName": "iam-key-age-test-policy",
"PolicyId": "ANPAYJCO7BT6GMCF63B2L",
"Arn": "arn:aws:iam::569248779516:policy/iam-key-age-test-policy",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2021-09-27T11:04:21Z",
"UpdateDate": "2021-09-27T11:04:21Z"
}
}
POLICYARN=$(echo $CREATEPOLICY | jq '.Policy.Arn')
====== AWS Keys ======
{
"Version": 1,
"AccessKeyId": "ASIA6DGFDFAccessID",
"SecretAccessKey": "asdads-accesssecret",
"SessionToken": "SecretSession==",
"Expiration": "2023-09-19T11:30:06Z"
}
jq -r prints raw output, no quotes. Useful to pipe to variables etc.
$ cat aws.json | jq ".AccessKeyId"
"ASIA6DGFDFAccessID"
$ cat aws.json | jq -r ".AccessKeyId"
ASIA6DGFDFAccessID
$ cat aws.json | jq -r ".SecretAccessKey"
asdads-accesssecret
$ cat aws.json | jq -r ".SessionToken"
SecretSession==
====== Parameter Store ======
$ aws ssm describe-parameters --parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains"
{
"Parameters": [
{
"Name": "/repo/testpar1",
"Type": "String",
"LastModifiedDate": 1701778211.029,
"LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
"Description": "repo_backup",
"Version": 2,
"Tier": "Standard",
"Policies": [],
"DataType": "text"
},
{
"Name": "/repo/testpar2",
"Type": "String",
"LastModifiedDate": 1701778219.313,
"LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
"Description": "repo_backup",
"Version": 2,
"Tier": "Standard",
"Policies": [],
"DataType": "text"
}
]
}
$ aws ssm describe-parameters \
--parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains" \
| jq '.[] | .[] | .Name'
"/repo/testpar1"
"/repo/testpar2"
Or:-
| jq '.[] | .[].Name'
| jq '.Parameters | .[].Name'
====== aws sts assume-role ======
This is different because it provides two keys:-
file1.txt
{
"Credentials": {
"AccessKeyId": "AKIATEST",
"SecretAccessKey": "r3allys3cret",
"SessionToken": "verrrrryLongTokenString",
"Expiration": "2023-02-20T12:20:30+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "interestingRole",
"Arn": "arn:aws:sts::234567890:assumed-role/IAM_FullAccess/delete-iam-stuff"
}
}
This extracts the AccessKeyId or Secret or Token as appropriate:-
$ cat file1.txt | jq --raw-output '.["Credentials"] | .SessionToken'
verrrrryLongTokenString
$