AWS CLI

Tips and tricks for working with the AWS CLI

Assume a Role

With the correct permissions, we can assume an IAM role.
The session name doesn't matter

aws sts assume-role --role-arn <role-arn> --role-session-name <session-name>

Configure Role Credentials

After setting up the associated access keys with aws configure we can run this command to set up the session token associated with the role.

aws --profile myIamRole configure set aws_session_token <sessionToken>

--query

Provides a way to search a command's output for certain things.
jq is another tool that can be used for this.

Example output

aws ec2 describe-security-groups

{
    "SecurityGroups": [
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-0494280510832e7b2",
[snip]

Attribute Contains

Query the GroupName attribute that contains VPC

aws ec2 describe-security-groups --query 'SecurityGroups[?contains(GroupName, `VPC`)]'

Query the nested IpProtocols attribute that contains -1

aws ec2 describe-security-groups --query "SecurityGroups[?IpPermissions[?contains(IpProtocol,'-1')]]"

Attribute is Exactly

Query the Description attribute that is exactly default VPC security group

aws ec2 describe-security-groups --query "SecurityGroups[?Description=='default VPC security group']"

Query the nested GroupId attribute that is exactly sg-0494280510832e7b2

aws ec2 describe-security-groups --query "SecurityGroups[?IpPermissions[?UserIdGroupPairs[?GroupId=='sg-0494280510832e7b2']]]"

PreviousCLI Tools NextGit

Last updated 9 months ago

Was this helpful?