jq

Tips and tricks for working with the jq command line utility

Install

brew install jq

Example output

aws ec2 describe-security-groups

{
    "SecurityGroups": [
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-0494280510832e7b2",
[snip]

View All Elements for a Key

Returns all the top keys under SecurityGroups

aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | keys_unsorted[]'

Description
GroupName
IpPermissions
OwnerId
GroupId
IpPermissionsEgress
VpcId

If, in this case, there are multiple Security Groups returned the above would return the same Keys multiple times, one set per security group.
We can alter the query to only return the Keys for one set of data by adding a 0

aws ec2 describe-security-groups | jq -r '.SecurityGroups[0] | keys_unsorted[]'

View All Elements for a Sub-Key

Returns all the top sub-keys under SecurityGroups.IpPermissions

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissions[] | keys_unsorted[]'

IpProtocol
IpRanges
Ipv6Ranges
PrefixListIds
UserIdGroupPairs

Convert Output into Colorized JSON

Makes the returned output pretty JSON and in color.

ec2 describe-security-groups | jq

View Certain Keys

Only return data for a specific key.

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].Description'

default VPC security group
testing jq

Key is Exactly

Only return data matching the condition, in this case, where GroupId equals "sg-0021f1e76215c0548"

aws ec2 describe-security-groups | jq '.SecurityGroups[] | select(.GroupId == "sg-0021f1e76215c0548")'

{
  "Description": "testing jq",
  "GroupName": "testing",
  "IpPermissions": [],
  "OwnerId": "024318953427",
  "GroupId": "sg-0021f1e76215c0548",
  "IpPermissionsEgress": [
    {
      "IpProtocol": "-1",
      "IpRanges": [
        {
          "CidrIp": "0.0.0.0/0"
        }
      ],
      "Ipv6Ranges": [],
      "PrefixListIds": [],
      "UserIdGroupPairs": []
    }
  ],
  "VpcId": "vpc-0f69e3f015d5c2b7a"
}

Key Contains

Only return data matching the condition, in this case, where IpProtocol contains -1

aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissionsEgress[] | select(.IpProtocol | contains("-1"))'

{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "0.0.0.0/0"
    }
  ],
  "Ipv6Ranges": [],
  "PrefixListIds": [],
  "UserIdGroupPairs": []
}
{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "0.0.0.0/0"
    }
  ],
  "Ipv6Ranges": [],
  "PrefixListIds": [],
  "UserIdGroupPairs": []
}

Return Keys After Filtering

Return certain keys for the data matching the condition, in this case, return the GroupName and GroupId for all Security Groups containing a rule allowing all protocols, -1
Also, customize the formatting for the output.

aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | select(.IpPermissionsEgress[].IpProtocol | contains("-1")) | "\nGroup Name: \(.GroupName)\nGroup Id: \(.GroupId)"'

Group Name: default
Group Id: sg-0494280510832e7b2

Group Name: testing
Group Id: sg-0021f1e76215c0548

PreviousHomebrew Nextngrok

Last updated 1 year ago

Was this helpful?