AWS CLI 命令/JMESPATH 查询问题

Issue with AWS CLI commands / JMESPATH query

你们中的任何人都可以帮助我确定部分中的 CLI 命令 /JMESPATH 查询的问题 - “什么不工作?”下面

P.S。 JSON 下面给出的输出是有效的,您可以使用输出在 JMESPATH.org

上测试它的 JMESPATH 查询部分

什么有效?

1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[]
2) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].FromPort
3) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[].IpProtocol

什么不起作用?

1) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol
2) aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort

JSON 输出

{
    "SecurityGroups": [
        {
            "Description": "default VPC security group",
            "GroupName": "default",
            "IpPermissions": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": [
                        {
                            "GroupId": "sg-06d7c8d3300000000",
                            "UserId": "400000000000"
                        }
                    ]
                }
            ],
            "OwnerId": "400000000000",
            "GroupId": "sg-06d7c000000000000",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0d26c7ba200000000"
        },
        {
            "Description": "BastionSG",
            "GroupName": "BastionSG",
            "IpPermissions": [
                {
                    "FromPort": 22,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 22,
                    "UserIdGroupPairs": []
                }
            ],
            "OwnerId": "400000000000",
            "GroupId": "sg-0a26abc0a00000000",
            "IpPermissionsEgress": [
                {
                    "IpProtocol": "-1",
 "IpRanges": [
                        {
                            "CidrIp": "0.0.0.0/0"
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "UserIdGroupPairs": []
                }
            ],
            "VpcId": "vpc-0d26c7ba200000000"
        }
    ]
}

Expected/Actual 结果

aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?IpProtocol=='tcp'].IpProtocol

结果

预期 - tcp,实际 - Returns 无结果

aws ec2 describe-security-groups --query SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[?FromPort=='22'].FromPort

结果

预期 - 22,实际 - Returns 无结果

SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[] | [?IpProtocol=='tcp'].IpProtocol | [0]

SecurityGroups[?GroupId=='sg-0a26abc0a00000000'].IpPermissions[] | [?FromPort==`22`].FromPort | [0]

或者,quoted/adjusted 对于 bash:

'SecurityGroups[?GroupId==`"sg-0a26abc0a00000000"`].IpPermissions[] | [?IpProtocol==`"tcp"`].IpProtocol | [0]'

'SecurityGroups[?GroupId==`"sg-0a26abc0a00000000`"].IpPermissions[] | [?FromPort==`22`].FromPort | [0]'

您会注意到 IpPermissions 末尾的 [],它使列表变平。如果您不这样做(或 SecurityGroups[?GroupId=='sg-0a26abc0a00000000'][]),过滤器将应用于列表的顶层,其中不存在 IpPermissions。

我不清楚为什么这是真的。这似乎是错误的,因为没有较早的过滤器,较晚的过滤器适用于子列表。

以下是我尝试过并得到预期数据的方法。让我知道这是否适合你。

aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?IpProtocol==`tcp`] | [0].IpProtocol]' --output text
//tcp
aws ec2 describe-security-groups --query 'SecurityGroups[?GroupId==`sg-xxxxxx`].[IpPermissions[?FromPort==`22`] | [0].FromPort]' --output text
//22

备注 -

  1. 最好将您的查询括在单引号内,以便 CLI 可以正确解析整个查询。
  2. 您可以用反引号 (`) 填充条件。