linux:jq
Table of Contents
jq - json parser
AWS Policy - get ARN
$ CREATEPOLICY=`aws iam create-policy --profile sandbox --policy-name iam-key-age-test-policy --policy-document file://lambdaPolicy-iam-key-age.json`
{ "Policy": { "PolicyName": "iam-key-age-test-policy", "PolicyId": "ANPAYJCO7BT6GMCF63B2L", "Arn": "arn:aws:iam::569248779516:policy/iam-key-age-test-policy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-09-27T11:04:21Z", "UpdateDate": "2021-09-27T11:04:21Z" } }
POLICYARN=$(echo $CREATEPOLICY | jq '.Policy.Arn')
AWS Keys
{ "Version": 1, "AccessKeyId": "ASIA6DGFDFAccessID", "SecretAccessKey": "asdads-accesssecret", "SessionToken": "SecretSession==", "Expiration": "2023-09-19T11:30:06Z" }
jq -r prints raw output, no quotes. Useful to pipe to variables etc.
$ cat aws.json | jq ".AccessKeyId" "ASIA6DGFDFAccessID" $ cat aws.json | jq -r ".AccessKeyId" ASIA6DGFDFAccessID $ cat aws.json | jq -r ".SecretAccessKey" asdads-accesssecret $ cat aws.json | jq -r ".SessionToken" SecretSession==
Extracting multiple values in one pass
Use a comma to separate multiple fields to extract:-
Raw outpput for NAT gateways
$ aws ec2 describe-nat-gateways
{
"NatGateways": [
{
"CreateTime": "2024-02-10T14:30:57+00:00",
"NatGatewayAddresses": [
{
"AllocationId": "eipalloc-abcd1234987658428",
"NetworkInterfaceId": "eni-dcbaabcd12348765b",
"PrivateIp": "10.10.10.60",
"PublicIp": "32.231.232.69",
"AssociationId": "eipassoc-abcddcba123427a41",
"IsPrimary": true,
"Status": "succeeded"
}
],
"NatGatewayId": "nat-abcddcba123467dea",
"State": "available",
"SubnetId": "subnet-abcddcba12349399f",
"VpcId": "vpc-abcddcba12345b91c",
"Tags": [
{
"Key": "Name",
"Value": "poc-nat-public1-eu-west-1a-v2"
}
],
"ConnectivityType": "public"
}
]
}
Code to extract just NAT id, state and Elastic ip in use:-
$ aws ec2 describe-nat-gateways | jq ".NatGateways | .[] | .NatGatewayId, .State, .NatGatewayAddresses[].NetworkInterfaceId" "nat-abcddcba123467dea" "available" "eni-abcddcba1234f5f0b" $
Parameter Store
$ aws ssm describe-parameters --parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains" { "Parameters": [ { "Name": "/repo/testpar1", "Type": "String", "LastModifiedDate": 1701778211.029, "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin", "Description": "repo_backup", "Version": 2, "Tier": "Standard", "Policies": [], "DataType": "text" }, { "Name": "/repo/testpar2", "Type": "String", "LastModifiedDate": 1701778219.313, "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin", "Description": "repo_backup", "Version": 2, "Tier": "Standard", "Policies": [], "DataType": "text" } ] }
$ aws ssm describe-parameters \ --parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains" \ | jq '.[] | .[] | .Name' "/repo/testpar1" "/repo/testpar2"
Or:-
| jq '.[] | .[].Name' | jq '.Parameters | .[].Name'
aws sts assume-role
This is different because it provides two keys:-
file1.txt
{ "Credentials": { "AccessKeyId": "AKIATEST", "SecretAccessKey": "r3allys3cret", "SessionToken": "verrrrryLongTokenString", "Expiration": "2023-02-20T12:20:30+00:00" }, "AssumedRoleUser": { "AssumedRoleId": "interestingRole", "Arn": "arn:aws:sts::234567890:assumed-role/IAM_FullAccess/delete-iam-stuff" } }
This extracts the AccessKeyId or Secret or Token as appropriate:-
$ cat file1.txt | jq --raw-output '.["Credentials"] | .SessionToken' verrrrryLongTokenString $
linux/jq.txt · Last modified: by andrew