Tuesday, 15 May 2012

json - Parse aws cli output security groups with JQ -



json - Parse aws cli output security groups with JQ -

im gettin' crazy using "jq" parse json output aws cli.

maybe have not yet understand how utilize jq properly, id parse 2 (or more) security groups having 1 string formatted every rule, both inbound , outbound

the command aws cli this:

aws ec2 describe-security-groups --group-ids sg-0000001 sg-0000002

and output json (i have random edited infos privacy):

{ "securitygroups": [ { "ippermissionsegress": [ { "ipprotocol": "-1", "ipranges": [ { "cidrip": "0.0.0.0/0" } ], "useridgrouppairs": [] } ], "description": "server-db", "tags": [ { "value": "server-db", "key": "client" }, { "value": "server-db", "key": "name" } ], "ippermissions": [ { "toport": 3389, "ipprotocol": "tcp", "ipranges": [ { "cidrip": "10.12.0.0/16" }, { "cidrip": "192.168.10.10/32" } ], "useridgrouppairs": [], "fromport": 3389 }, { "toport": 5666, "ipprotocol": "tcp", "ipranges": [ { "cidrip": "192.168.10.10/32" } ], "useridgrouppairs": [], "fromport": 5666 }, { "ipprotocol": "-1", "ipranges": [], "useridgrouppairs": [ { "userid": "121211212121", "groupid": "sg-00000001" } ] }, { "ipprotocol": "-1", "ipranges": [], "useridgrouppairs": [ { "userid": "121211212121", "groupid": "sg-000000001" } ] }, { "toport": -1, "ipprotocol": "icmp", "ipranges": [ { "cidrip": "10.12.0.0/16" }, { "cidrip": "192.168.10.10/32" } ], "useridgrouppairs": [], "fromport": -1 } ], "groupname": "server-db", "vpcid": "vpc-0000001", "ownerid": "121211212121", "groupid": "sg-000000001" }, { "ippermissionsegress": [ { "ipprotocol": "-1", "ipranges": [ { "cidrip": "0.0.0.0/0" } ], "useridgrouppairs": [] } ], "description": "server-as", "tags": [ { "value": "server-as", "key": "name" }, { "value": "server", "key": "client" } ], "ippermissions": [ { "ipprotocol": "-1", "ipranges": [], "useridgrouppairs": [ { "userid": "121211212121", "groupid": "sg-00000001" } ] }, { "toport": 22, "ipprotocol": "tcp", "ipranges": [ { "cidrip": "10.12.0.0/16" }, { "cidrip": "192.168.10.10/32" } ], "useridgrouppairs": [], "fromport": 22 }, { "toport": 443, "ipprotocol": "tcp", "ipranges": [ { "cidrip": "10.12.0.0/16" }, { "cidrip": "192.168.60.10/32" }, { "cidrip": "192.168.160.10/32" }, { "cidrip": "192.168.130.10/32" }, { "cidrip": "192.168.130.50/32" }, { "cidrip": "192.168.130.150/32" }, { "cidrip": "192.168.10.10/32" }, { "cidrip": "192.168.80.150/32" }, { "cidrip": "192.168.80.152/32" }, { "cidrip": "192.168.80.155/32" }, { "cidrip": "192.168.80.158/32" } ], "useridgrouppairs": [], "fromport": 443 }, { "ipprotocol": "-1", "ipranges": [], "useridgrouppairs": [ { "userid": "121211212121", "groupid": "sg-00000002" } ] }, { "toport": -1, "ipprotocol": "icmp", "ipranges": [ { "cidrip": "10.12.0.0/16" }, { "cidrip": "192.168.10.10/32" } ], "useridgrouppairs": [], "fromport": -1 } ], "groupname": "server-as", "vpcid": "vpc-00000001", "ownerid": "121211212121", "groupid": "sg-00000001" } ] }

the format id have as:

securitygroupid - groupname - inbound/outbound - ipprotocol - port - sourceranges/destinationranges

anyone help me? thanks

resolved perl:

use json qw( decode_json ); sub creatab{ $json = $dump; #dump aws cli $decoded = decode_json($json); @secgrp = @{ $decoded->{'securitygroups'} }; foreach $f ( @secgrp ) { $description=$f->{"description"}; $groupname=$f->{"groupname"}; $vpcid=$f->{"vpcid"}; if ($vpcid eq "") {$vpcid = "ec2"} $groupid=$f->{"groupid"}; #------inbound rules------------------------ @ipperm = @{ $f->{'ippermissions'} }; foreach $g ( @ipperm ) { $toport=$g->{'toport'}; $fromport=$g->{'fromport'}; $proto=$g->{'ipprotocol'}; @cidr = @{ $g->{'ipranges'} }; foreach $h ( @cidr ) { $cidr=$h->{'cidrip'}; if ($proto==-1) {$fromport="allports"; $toport="allports"; $proto="allproto";} $tabella .= "$groupid|$groupname|$description|$vpcid|inbound|$cidr|$fromport|$toport|$proto\n"; } @useridgrouppairs = @{ $g->{'useridgrouppairs'} }; foreach $h ( @useridgrouppairs ) { $useridgrouppairs=$h->{'groupid'}; if ($proto==-1) {$fromport="allports"; $toport="allports"; $proto="allproto";} $tabella .= "$groupid|$groupname|$description|$vpcid|inbound|$useridgrouppairs|$fromport|$toport|$proto\n"; } } #------------------------------------------- #-------------outbound rules---------------- @ipperm = @{ $f->{'ippermissionsegress'} }; foreach $g ( @ipperm ) { $toport=$g->{'toport'}; $fromport=$g->{'fromport'}; $proto=$g->{'ipprotocol'}; @cidr = @{ $g->{'ipranges'} }; foreach $h ( @cidr ) { $cidr=$h->{'cidrip'}; if ($proto==-1) {$fromport="allports"; $toport="allports"; $proto="allproto";} $tabella .= "$groupid|$groupname|$description|$vpcid|outbound|$cidr|$fromport|$toport|$proto\n"; } @useridgrouppairs = @{ $g->{'useridgrouppairs'} }; foreach $h ( @useridgrouppairs ) { $useridgrouppairs=$h->{'groupid'}; if ($proto==-1) {$fromport="allports"; $toport="allports"; $proto="allproto";} $tabella .= "$groupid|$groupname|$description|$vpcid|outbound|$useridgrouppairs|$fromport|$toport|$proto\n"; } } #------------------------------------------ } homecoming $tabella; }

json amazon-web-services jq

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)