I have this command which displays all the record from the search. But I would like to filter only the record that matches the search word.
For e.g.
for user in $(aws iam list-users |grep -i UserName|sed -e 's/.*: \"//' -e 's/\",//'); do
echo USER: $user;
echo TAGS:
aws iam list-user-tags --user-name $user --output text | awk '{print $2,$3}'
echo GROUPS:
aws iam list-groups-for-user --user-name $user --output text|awk {'print $5'}; done > users.txt
The above command displays the following results.
User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod
User: black.smith@abc.com
TAGS:
Team green
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod
etc.
I would like get all the user where tag Team == red.
I tried with search string in line 4 like,
aws iam list-user-tags --user-name $user --output text | awk '/red/{print $2,$3}'
but it displays only one line
Team red
But I would like to display full record like
User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod
Could you please help how I can display all the record where tag Team == red.
You can solve this with various awscli commands and the use of the --query option which allows you to perform conditional client-side filtering.
Here is an example:
#!/bin/bash
USERS=$(aws iam list-users --query "Users[*].UserName" --output text)
for user in $USERS; do
TAG=$(aws iam list-user-tags --user-name $user --query 'Tags[?(Key==`Team` && Value==`red`)]' --output text)
if [ "$TAG" != "" ]; then
echo "User:" $user
echo "Tags:"
aws iam list-user-tags --user-name $user --query 'Tags[*].[Key,Value]' --output text | tr "\t" "="
echo "Groups:"
aws iam list-groups-for-user --user-name $user --query "Groups[*].GroupName" --output text | tr "\t" "\n"
fi
done
Sample output:
User: jason
Tags:
Team=red
Role=development
Groups:
dev
User: mary
Tags:
Team=red
Role=test
Groups:
qa
ut
fv