LinkedInGitHubYouTube

jq

Tips and tricks for working with the jq command line utility.

Install

brew install jq

Example output

aws ec2 describe-security-groups

{
    "SecurityGroups": [
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-0494280510832e7b2",
[snip]

View All Elements for a Key

  • Returns all the top keys under SecurityGroups

aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | keys_unsorted[]'

Description
GroupName
IpPermissions
OwnerId
GroupId
IpPermissionsEgress
VpcId

  • If, in this case, there are multiple Security Groups returned the above would return the same Keys multiple times, one set per security group.

  • We can alter the query to only return the Keys for one set of data by adding a 0 

aws ec2 describe-security-groups | jq -r '.SecurityGroups[0] | keys_unsorted[]'

View All Elements for a Sub-Key

  • Returns all the top sub-keys under SecurityGroups.IpPermissions

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissions[] | keys_unsorted[]'

IpProtocol
IpRanges
Ipv6Ranges
PrefixListIds
UserIdGroupPairs

Convert Output into Colorized JSON

  • Makes the returned output pretty JSON and in color.

ec2 describe-security-groups | jq

View Certain Keys

  • Only return data for a specific key.

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].Description'

default VPC security group
testing jq

Key is Exactly

  • Only return data matching the condition, in this case, where GroupId equals "sg-0021f1e76215c0548"

aws ec2 describe-security-groups | jq '.SecurityGroups[] | select(.GroupId == "sg-0021f1e76215c0548")'

{
  "Description": "testing jq",
  "GroupName": "testing",
  "IpPermissions": [],
  "OwnerId": "024318953427",
  "GroupId": "sg-0021f1e76215c0548",
  "IpPermissionsEgress": [
    {
      "IpProtocol": "-1",
      "IpRanges": [
        {
          "CidrIp": "0.0.0.0/0"
        }
      ],
      "Ipv6Ranges": [],
      "PrefixListIds": [],
      "UserIdGroupPairs": []
    }
  ],
  "VpcId": "vpc-0f69e3f015d5c2b7a"
}

Key Contains

  • Only return data matching the condition, in this case, where IpProtocol contains -1

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissionsEgress[] | select(.IpProtocol | contains("-1"))'

{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "0.0.0.0/0"
    }
  ],
  "Ipv6Ranges": [],
  "PrefixListIds": [],
  "UserIdGroupPairs": []
}
{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "0.0.0.0/0"
    }
  ],
  "Ipv6Ranges": [],
  "PrefixListIds": [],
  "UserIdGroupPairs": []
}

Return Keys After Filtering

  • Return certain keys for the data matching the condition, in this case, return the GroupName and GroupId for all Security Groups containing a rule allowing all protocols, -1

  • Also, customize the formatting for the output.

aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | select(.IpPermissionsEgress[].IpProtocol | contains("-1")) | "\nGroup Name: \(.GroupName)\nGroup Id: \(.GroupId)"'

Group Name: default
Group Id: sg-0494280510832e7b2

Group Name: testing
Group Id: sg-0021f1e76215c0548
PreviousHomebrewNextngrok

Last updated