Question 19417 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

How to filter with value only regardless the name in AWS CLI

My EC2 instance has many tags with a desired value EBM. The thing that this value could be in a different Name, sometimes under tag:Name and sometimes tag:XXX, I tried the below query and it didn’t work:

 aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*,Values=*EBM*'

An error occurred (InvalidParameterValue) when calling the DescribeSecurityGroups operation: The filter ‘*’ is invalid

any idea how to make the Name as wild card just match the value?

I tried this and it didn’t work:

 aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*,Values=*EBM*'

An error occurred (InvalidParameterValue) when calling the DescribeSecurityGroups operation: The filter ‘*’ is invalid

I also tried this and didn’t work:

aws --region sa-east-1 ec2 describe-security-groups --filters 'Name=*.*,Values=*EBM*'
Tags:

2

Answers


  1. 0

    Its not possible. You have to get all rules first, then then do filtering yourself.

    Login or Signup to reply.
  2. 0

    Latest Edit:

    I have tested that in my lab environment and its possible to get what you are looking for combining --filter & -query altogether!

    Alternatively, you can use the contains function with the Tag[] in the query to match tag values that contain SecGrp anywhere in the value, Keep in mind that the --query option uses the JMESPath query language, which has its own syntax and rules. You can find more information on using JMESPath queries in the AWS CLI documentation.

    Further, to get the tag values for security groups in a hash form (i.e., a dictionary or associative array), you can combine that with your --query to get a nicer readable format, below is how you can get that …

     $ aws ec2 describe-security-groups --filters Name=tag-key,Values="*" --query 'SecurityGroups[*].Tags[?contains(Value, `EBM`)][].{Key: Key, Value: Value}' --profile dev
[
    {
        "Key": "mylabtest",
        "Value": "EBMSecGrpec2"
    },
    {
        "Key": "mylabtest",
        "Value": "EBMSecGrpfsxontap"
    },
    {
        "Key": "mylabtest",
        "Value": "EBMSecGrpfsxlustre"
    },
    {
        "Key": "mylabtest",
        "Value": "EBMSecGrpPostConfigAWSCodeBuild"
    }
]

    You can get into into tablular form as well..

     aws ec2 describe-security-groups --filters Name=tag-key,Values="*" --query 'SecurityGroups[*].Tags[?contains(Value, `EBM`)][].{Key: Key, Value: Value}' --profile dev  --output table

    Use describe-tags

    To --filter with a value only regardless of the name in the AWS CLI, you simply can use "Name=value,Values=*tg*".

    • Keep Name=value so as to look at the value fields only.
    • use Value=*EBM* it will fetch all values having EBM regardless of prefix or suffix.

    However, You can combine --filters with the --query option to filter the output and only display specific fields. For example, to only display the tag names and values, you can use the following command:

    $ aws ec2 describe-tags --filters "Name=value,Values=*tg*" --query 'Tags[*].{Key_Name: Key, VauleOfKey: Value}' --profile dev
[
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    },
    {
        "Key_Name": "SSM_Managed",
        "VauleOfKey": "Stg"
    }
]

    OR

    You can get it as a table to be more readable ..

     $ aws ec2 describe-tags --filters "Name=value,Values=*tg*" --query 'Tags[*].{Key_Name: Key, VauleOfKey: Value}' --profile dev --output table
-------------------------------
|        DescribeTags         |
+--------------+--------------+
|   Key_Name   | VauleOfKey   |
+--------------+--------------+
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
|  SSM_Managed |  Stg         |
+--------------+--------------+

    To make it more explicit before you use above, you can use the following command to be more simplistic. it will return all tags with a value of "VALUE", regardless of the tag name.:

    aws ec2 describe-tags --filters "Name=value,Values=VALUE"

    If you want to filter the results further, you can include additional filters by adding them to the list in the –filters flag, separated by a comma. For example, to only return tags with a value of "VALUE" that are associated with security groups, you can use the following command:

    aws ec2 describe-tags --filters "Name=value,Values=VALUE","Name=resource-type,Values=security-group"

    EDIT:

    Using describe-security-groups with all values *SecGrpec2* and then get the name of Security group these value belongs to.

    $ aws ec2 describe-security-groups --filters "Name=tag-value,Values=*SecGrpec2*" --profile dev | jq -r '.SecurityGroups[].GroupName'
EC2 - SC101
EC2 - SD102
EC2 - ST101
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search