[[linux:jq]]
 
Trace: jq

Table of Contents

jq - json parser

jq tutorial:- https://cameronnokes.com/blog/working-with-json-in-bash-using-jq/

AWS Policy - get ARN

$ CREATEPOLICY=`aws iam create-policy --profile sandbox --policy-name iam-key-age-test-policy --policy-document file://lambdaPolicy-iam-key-age.json`
{
    "Policy": {
        "PolicyName": "iam-key-age-test-policy",
        "PolicyId": "ANPAYJCO7BT6GMCF63B2L",
        "Arn": "arn:aws:iam::569248779516:policy/iam-key-age-test-policy",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "PermissionsBoundaryUsageCount": 0,
        "IsAttachable": true,
        "CreateDate": "2021-09-27T11:04:21Z",
        "UpdateDate": "2021-09-27T11:04:21Z"
    }
}
POLICYARN=$(echo $CREATEPOLICY | jq '.Policy.Arn')

AWS Keys

{
	"Version": 1,
	"AccessKeyId": "ASIA6DGFDFAccessID",
	"SecretAccessKey": "asdads-accesssecret",
	"SessionToken": "SecretSession==",
	"Expiration": "2023-09-19T11:30:06Z"
}

jq -r prints raw output, no quotes. Useful to pipe to variables etc. 

$ cat aws.json | jq ".AccessKeyId"
"ASIA6DGFDFAccessID"
 
$ cat aws.json | jq -r ".AccessKeyId"
ASIA6DGFDFAccessID
 
$ cat aws.json | jq -r ".SecretAccessKey"
asdads-accesssecret
 
$ cat aws.json | jq -r ".SessionToken"
SecretSession==

Parameter Store

$ aws ssm describe-parameters --parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains"
{
    "Parameters": [
        {
            "Name": "/repo/testpar1",
            "Type": "String",
            "LastModifiedDate": 1701778211.029,
            "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
            "Description": "repo_backup",
            "Version": 2,
            "Tier": "Standard",
            "Policies": [],
            "DataType": "text"
        },
        {
            "Name": "/repo/testpar2",
            "Type": "String",
            "LastModifiedDate": 1701778219.313,
            "LastModifiedUser": "arn:aws:iam::121235658337:user/sysadmin",
            "Description": "repo_backup",
            "Version": 2,
            "Tier": "Standard",
            "Policies": [],
            "DataType": "text"
        }
    ]
}
$ aws ssm describe-parameters \ 
--parameter-filters "Key=Name,Values=/repo/testpar,Option=Contains" \
| jq '.[] | .[] | .Name'
 
"/repo/testpar1"
"/repo/testpar2"

Or:- 

| jq '.[] | .[].Name'
| jq '.Parameters | .[].Name'

aws sts assume-role

This is different because it provides two keys:-

file1.txt 

{
"Credentials": {
        "AccessKeyId": "AKIATEST",
        "SecretAccessKey": "r3allys3cret",
        "SessionToken": "verrrrryLongTokenString",
        "Expiration": "2023-02-20T12:20:30+00:00"
    },
"AssumedRoleUser": {
        "AssumedRoleId": "interestingRole",
        "Arn": "arn:aws:sts::234567890:assumed-role/IAM_FullAccess/delete-iam-stuff"
    }
}

This extracts the AccessKeyId or Secret or Token as appropriate:- 

$ cat file1.txt | jq --raw-output '.["Credentials"] | .SessionToken'
verrrrryLongTokenString
$
 
linux/jq.txt · Last modified: 20/02/2024 17:01 by andrew