AWS CLI JMESPath cheatsheet
Random query recipes of JMESPath for the AWS CLI tools that I might have written or stumbled upon.
- Examples
- Return listing of all available AWS regions
- List all Lambda functions within AWS account region
- Test if specific Lambda function exists
- List all Route 53 record names and their type for a zone
- List all CloudWatch log groups
- List all CloudWatch log groups with event expiry
- Status of CloudFormation stack
- List all logical resource IDs of CloudFormation stack
- EC2 system and instance reachability status as string pair
- EC2 terminate instance ID and return current state
- EC2 instance availability zone and public IP address
- EC2 instance get autoscale group name by tag
- EC2 instance get autoscale group name by auto scaling API
- EC2 marketplace AMI ID's for a given product ID
- ECR list all repositories
- VPC network interfaces associated to a security group ID
- Verify ARN identity of current API credentials
- Reference
Examples
Return listing of all available AWS regions
Lists all enabled regions for the current account. One per each line.
aws ec2 describe-regions \
--output text
--query "Regions[].[RegionName]"
# ap-south-1
# eu-west-2
# eu-west-1
# ap-northeast-2
# ap-northeast-1
# etc.
List all Lambda functions within AWS account region
aws lambda list-functions \
--output text \
--query "Functions[].[FunctionName]"
Test if specific Lambda function exists
aws lambda list-functions \
--output text \
--query "Functions[?FunctionName=='MY_FUNCTION_NAME'].CodeSha256"
List all Route 53 record names and their type for a zone
aws route53 list-resource-record-sets \
--hosted-zone-id HOSTED_ZONE_ID \
--output text \
--query "ResourceRecordSets[].[join(': ',[Name,Type])]"
List all CloudWatch log groups
aws logs describe-log-groups \
--output text \
--query "logGroups[].[logGroupName]"
List all CloudWatch log groups with event expiry
aws logs describe-log-groups \
--output text \
--query "logGroups[].[join(': ',[logGroupName,to_string(retentionInDays || 'Never Expire')])]"
Status of CloudFormation stack
aws cloudformation describe-stacks \
--stack-name STACK_NAME \
--output text \
--query "Stacks[0].StackStatus"
List all logical resource IDs of CloudFormation stack
aws cloudformation describe-stack-resources \
--stack-name STACK_NAME \
--output text \
--query "StackResources[].[LogicalResourceId]"
EC2 system and instance reachability status as string pair
aws ec2 describe-instance-status \
--instance-ids INSTANCE_ID \
--output text \
--query "join(':',InstanceStatuses[0].[InstanceStatus,SystemStatus][].Details[0].Status)"
Returns a value in the form of passed:passed
.
EC2 terminate instance ID and return current state
aws ec2 terminate-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "TerminatingInstances[0].join(':',[InstanceId,CurrentState.Name])"
EC2 instance availability zone and public IP address
aws ec2 describe-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "Reservations[0].Instances[0].join(':',[Placement.AvailabilityZone,PublicIpAddress || ''])"
EC2 instance get autoscale group name by tag
aws ec2 describe-tags \
--filters "Name=resource-id,Values=INSTANCE_ID" \
--output text \
--query "Tags[?Key=='aws:autoscaling:groupName'].Value"
EC2 instance get autoscale group name by auto scaling API
aws autoscaling describe-auto-scaling-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "AutoScalingInstances[*].AutoScalingGroupName"
EC2 marketplace AMI ID's for a given product ID
aws ec2 describe-images \
--filters "Name=name,Values=*-PRODUCT_ID-*" \
--output text \
--query "reverse(sort_by(Images,&CreationDate))[].[join(':',[ImageId,CreationDate,Description])]"
ECR list all repositories
aws ecr describe-repositories \
--output text \
--query "repositories[].[repositoryName]"
VPC network interfaces associated to a security group ID
aws ec2 describe-network-interfaces \
--filters "Name=group-id,Values=SECURITY_GROUP_ID" \
--output text \
--query "NetworkInterfaces[].[NetworkInterfaceId]"
Verify ARN identity of current API credentials
Will return true
if identity prefix matches that of expected, otherwise false
. Useful to ensure a script is run against the correct identity/AWS account.
aws sts get-caller-identity \
--query "starts_with(Arn,'arn:aws:ARN_IDENTITY_PREFIX/')"
Thanks for the cheatsheet! I'm trying to incorporate a bash variable into
starts_with
and cant seem to figure it out. Wondering if you have some insight into the following:It's the same as if I hard coded the value in the query
Now flipping the quotes and stuff from the last line...
It's the same as if I hard coded the value in the query
And of course it doesnt work without the quotes around
hello-world
Appreciate if there is any other hack that can address this use case.