Can anyone of you please help me in identifying the issue with the CLI commands /JMESPATH queries in the Section - "What's Not Working? below
P.S. JSON output given below is valid and you can use the output to test the JMESPATH query part of it out on JMESPATH.org
1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[]
2) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].FromPort
3) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].IpProtocol
1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol
2) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort
{
"SecurityGroups": [
{
"Description": "default VPC security group",
"GroupName": "default",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-06d7c8d3300000000",
"UserId": "400000000000"
}
]
}
],
"OwnerId": "400000000000",
"GroupId": "sg-06d7c000000000000",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0d26c7ba200000000"
},
{
"Description": "BastionSG",
"GroupName": "BastionSG",
"IpPermissions": [
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
}
],
"OwnerId": "400000000000",
"GroupId": "sg-0a26abc0a00000000",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-0d26c7ba200000000"
}
]
}
aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol
Expected - tcp, Actual - Returns no result
aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort
Expected - 22, Actual - Returns no result
Here are the ones I tried and got expected data back. Let me know if this works for you.
aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?IpProtocol==`tcp`] | [0].IpProtocol]' --output text
//tcp
aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?FromPort==`22`] | [0].FromPort]' --output text
//22
Note -