# jq ### Install {% code overflow="wrap" %} ```bash brew install jq ``` {% endcode %} ### Example output ```bash aws ec2 describe-security-groups { "SecurityGroups": [ { "Description": "default VPC security group", "GroupName": "default", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [ { "GroupId": "sg-0494280510832e7b2", [snip] ``` ### View All Elements for a Key * Returns all the top keys under `SecurityGroups` {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | keys_unsorted[]' Description GroupName IpPermissions OwnerId GroupId IpPermissionsEgress VpcId ``` {% endcode %} * If, in this case, there are multiple Security Groups returned the above would return the same Keys multiple times, one set per security group. * We can alter the query to only return the Keys for one set of data by adding a `0` {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[0] | keys_unsorted[]' ``` {% endcode %} ### View All Elements for a Sub-Key * Returns all the top sub-keys under `SecurityGroups.IpPermissions` {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissions[] | keys_unsorted[]' IpProtocol IpRanges Ipv6Ranges PrefixListIds UserIdGroupPairs ``` {% endcode %} ### Convert Output into Colorized JSON * Makes the returned output pretty JSON and in color. ```bash ec2 describe-security-groups | jq ``` ### View Certain Keys * Only return data for a specific key. ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[].Description' default VPC security group testing jq ``` ### Key is Exactly * Only return data matching the condition, in this case, where `GroupId` equals `"sg-0021f1e76215c0548"` {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq '.SecurityGroups[] | select(.GroupId == "sg-0021f1e76215c0548")' { "Description": "testing jq", "GroupName": "testing", "IpPermissions": [], "OwnerId": "024318953427", "GroupId": "sg-0021f1e76215c0548", "IpPermissionsEgress": [ { "IpProtocol": "-1", "IpRanges": [ { "CidrIp": "0.0.0.0/0" } ], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [] } ], "VpcId": "vpc-0f69e3f015d5c2b7a" } ``` {% endcode %} ### Key Contains * Only return data matching the condition, in this case, where `IpProtocol` contains `-1` {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[].IpPermissionsEgress[] | select(.IpProtocol | contains("-1"))' { "IpProtocol": "-1", "IpRanges": [ { "CidrIp": "0.0.0.0/0" } ], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [] } { "IpProtocol": "-1", "IpRanges": [ { "CidrIp": "0.0.0.0/0" } ], "Ipv6Ranges": [], "PrefixListIds": [], "UserIdGroupPairs": [] } ``` {% endcode %} ### Return Keys After Filtering * Return certain keys for the data matching the condition, in this case, return the `GroupName` and `GroupId` for all Security Groups containing a rule allowing all protocols, `-1` * Also, customize the formatting for the output. {% code overflow="wrap" %} ```bash aws ec2 describe-security-groups | jq -r '.SecurityGroups[] | select(.IpPermissionsEgress[].IpProtocol | contains("-1")) | "\nGroup Name: \(.GroupName)\nGroup Id: \(.GroupId)"' Group Name: default Group Id: sg-0494280510832e7b2 Group Name: testing Group Id: sg-0021f1e76215c0548 ``` {% endcode %}