Random query recipes of JMESPath for the AWS CLI tools that I might have written or stumbled upon.
- Examples
- List available AWS regions
- List Lambda functions within AWS account region
- Test if specific Lambda function exists
- List Route 53 record names and their type for a zone
- List CloudWatch log groups
- List CloudWatch log groups with event expiry
- List SQS queue names
- Status of CloudFormation stack
- List logical resource IDs of CloudFormation stack
- EC2 system and instance reachability status as string pair
- EC2 terminate instance ID and return current state
- EC2 instance availability zone and public IP address
- EC2 instance get autoscale group name by tag
- EC2 instance get autoscale group name via auto scaling API
- EC2 marketplace AMI ID's for a given product ID
- ECR list repositories
- RDS list engine versions auto upgrade
- VPC network interfaces associated to a security group ID
- Verify ARN identity of current API credentials
- List CodeBuild build IDs
- Reference
Lists enabled regions for the current AWS account. One per each line.
aws ec2 describe-regions \
--output text
--query "Regions[].[RegionName]"
# ap-south-1
# eu-west-2
# eu-west-1
# ap-northeast-2
# ap-northeast-1
# etc.
aws lambda list-functions \
--output text \
--query "Functions[].[FunctionName]"
aws lambda list-functions \
--output text \
--query "Functions[?FunctionName=='MY_FUNCTION_NAME'].CodeSha256"
aws route53 list-resource-record-sets \
--hosted-zone-id HOSTED_ZONE_ID \
--output text \
--query "ResourceRecordSets[].[join(': ',[Name,Type])]"
aws logs describe-log-groups \
--output text \
--query "logGroups[].[logGroupName]"
aws logs describe-log-groups \
--output text \
--query "logGroups[].[join(': ',[logGroupName,to_string(retentionInDays || 'Never Expire')])]"
aws sqs list-queues \
--output text \
--query 'QueueUrls.join(`\n`,@)'
aws cloudformation describe-stacks \
--stack-name STACK_NAME \
--output text \
--query "Stacks[0].StackStatus"
aws cloudformation describe-stack-resources \
--stack-name STACK_NAME \
--output text \
--query "StackResources[].[LogicalResourceId]"
aws ec2 describe-instance-status \
--instance-ids INSTANCE_ID \
--output text \
--query "join(':',InstanceStatuses[0].[InstanceStatus,SystemStatus][].Details[0].Status)"
Returns a value in the form of passed:passed
.
aws ec2 terminate-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "TerminatingInstances[0].join(':',[InstanceId,CurrentState.Name])"
aws ec2 describe-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "Reservations[0].Instances[0].join(':',[Placement.AvailabilityZone,PublicIpAddress || ''])"
aws ec2 describe-tags \
--filters "Name=resource-id,Values=INSTANCE_ID" \
--output text \
--query "Tags[?Key=='aws:autoscaling:groupName'].Value"
aws autoscaling describe-auto-scaling-instances \
--instance-ids INSTANCE_ID \
--output text \
--query "AutoScalingInstances[*].AutoScalingGroupName"
aws ec2 describe-images \
--filters "Name=name,Values=*-PRODUCT_ID-*" \
--output text \
--query "reverse(sort_by(Images,&CreationDate))[].[join(':',[ImageId,CreationDate,Description])]"
aws ecr describe-repositories \
--output text \
--query "repositories[].[repositoryName]"
aws rds describe-db-engine-versions \
--engine postgres \
--engine-version ENGINE_VERSION \
--output table \
--query "DBEngineVersions[*].ValidUpgradeTarget[*].{AutoUpgrade:AutoUpgrade,EngineVersion:EngineVersion}"
aws ec2 describe-network-interfaces \
--filters "Name=group-id,Values=SECURITY_GROUP_ID" \
--output text \
--query "NetworkInterfaces[].[NetworkInterfaceId]"
Tip
Handy trick to ensure a script is run against the expected IAM identity/AWS account.
Will return true
if identity prefix matches that of expected, otherwise false
.
aws sts get-caller-identity \
--query "starts_with(Arn,'arn:aws:ARN_IDENTITY_PREFIX/')"
aws codebuild list-builds \
--output text \
--query 'ids.join(`\n`,@)' \
Thanks for the cheatsheet! I'm trying to incorporate a bash variable into
starts_with
and cant seem to figure it out. Wondering if you have some insight into the following:It's the same as if I hard coded the value in the query
Now flipping the quotes and stuff from the last line...
It's the same as if I hard coded the value in the query
And of course it doesnt work without the quotes around
hello-world
Appreciate if there is any other hack that can address this use case.