IM开始疯狂地使用“JQ”解析来自AWS CLI的json输出。
也许我还没有理解如何正确使用JQ,但是我喜欢解析2个(或更多)安全组,其中每个规则都有一个字符串,包括入站和出站
AWS CLI命令是这样的:
aws ec2 describe-security-groups --group-ids sg-0000001 sg-0000002
输出json就是这个(我随机编辑了一些隐私信息):
{
"SecurityGroups": [
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "server-db",
"Tags": [
{
"Value": "server-db",
"Key": "Client"
},
{
"Value": "server-db",
"Key": "Name"
}
],
"IpPermissions": [
{
"ToPort": 3389,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.12.0.0/16"
},
{
"CidrIp": "192.168.10.10/32"
}
],
"UserIdGroupPairs": [],
"FromPort": 3389
},
{
"ToPort": 5666,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "192.168.10.10/32"
}
],
"UserIdGroupPairs": [],
"FromPort": 5666
},
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "121211212121",
"GroupId": "sg-00000001"
}
]
},
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "121211212121",
"GroupId": "sg-000000001"
}
]
},
{
"ToPort": -1,
"IpProtocol": "icmp",
"IpRanges": [
{
"CidrIp": "10.12.0.0/16"
},
{
"CidrIp": "192.168.10.10/32"
}
],
"UserIdGroupPairs": [],
"FromPort": -1
}
],
"GroupName": "server-db",
"VpcId": "vpc-0000001",
"OwnerId": "121211212121",
"GroupId": "sg-000000001"
},
{
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"UserIdGroupPairs": []
}
],
"Description": "server-as",
"Tags": [
{
"Value": "server-as",
"Key": "Name"
},
{
"Value": "server",
"Key": "Client"
}
],
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "121211212121",
"GroupId": "sg-00000001"
}
]
},
{
"ToPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.12.0.0/16"
},
{
"CidrIp": "192.168.10.10/32"
}
],
"UserIdGroupPairs": [],
"FromPort": 22
},
{
"ToPort": 443,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "10.12.0.0/16"
},
{
"CidrIp": "192.168.60.10/32"
},
{
"CidrIp": "192.168.160.10/32"
},
{
"CidrIp": "192.168.130.10/32"
},
{
"CidrIp": "192.168.130.50/32"
},
{
"CidrIp": "192.168.130.150/32"
},
{
"CidrIp": "192.168.10.10/32"
},
{
"CidrIp": "192.168.80.150/32"
},
{
"CidrIp": "192.168.80.152/32"
},
{
"CidrIp": "192.168.80.155/32"
},
{
"CidrIp": "192.168.80.158/32"
}
],
"UserIdGroupPairs": [],
"FromPort": 443
},
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "121211212121",
"GroupId": "sg-00000002"
}
]
},
{
"ToPort": -1,
"IpProtocol": "icmp",
"IpRanges": [
{
"CidrIp": "10.12.0.0/16"
},
{
"CidrIp": "192.168.10.10/32"
}
],
"UserIdGroupPairs": [],
"FromPort": -1
}
],
"GroupName": "server-as",
"VpcId": "vpc-00000001",
"OwnerId": "121211212121",
"GroupId": "sg-00000001"
}
]
}
id喜欢的格式可以是:
SecurityGroupId - GroupName - InBound/OutBound - IpProtocol - Port - SourceRanges/DestinationRanges
AnyOne可以帮助我吗? 感谢
答案 0 :(得分:0)
解决了PERL:
use JSON qw( decode_json );
sub creatab{
my $json = $dump; #dump from the AWS CLI
my $decoded = decode_json($json);
my @secgrp = @{ $decoded->{'SecurityGroups'} };
foreach my $f ( @secgrp ) {
$description=$f->{"Description"};
$groupname=$f->{"GroupName"};
$vpcid=$f->{"VpcId"}; if ($vpcid eq "") {$vpcid = "EC2"}
$groupid=$f->{"GroupId"};
#------INBOUND RULES------------------------
my @ipperm = @{ $f->{'IpPermissions'} };
foreach my $g ( @ipperm ) {
$toport=$g->{'ToPort'};
$fromport=$g->{'FromPort'};
$proto=$g->{'IpProtocol'};
my @cidr = @{ $g->{'IpRanges'} };
foreach my $h ( @cidr ) {
$cidr=$h->{'CidrIp'};
if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
$tabella .= "$groupid|$groupname|$description|$vpcid|INBOUND|$cidr|$fromport|$toport|$proto\n";
}
my @useridgrouppairs = @{ $g->{'UserIdGroupPairs'} };
foreach my $h ( @useridgrouppairs ) {
$useridgrouppairs=$h->{'GroupId'};
if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
$tabella .= "$groupid|$groupname|$description|$vpcid|INBOUND|$useridgrouppairs|$fromport|$toport|$proto\n";
}
}
#-------------------------------------------
#-------------OUTBOUND RULES----------------
my @ipperm = @{ $f->{'IpPermissionsEgress'} };
foreach my $g ( @ipperm ) {
$toport=$g->{'ToPort'};
$fromport=$g->{'FromPort'};
$proto=$g->{'IpProtocol'};
my @cidr = @{ $g->{'IpRanges'} };
foreach my $h ( @cidr ) {
$cidr=$h->{'CidrIp'};
if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
$tabella .= "$groupid|$groupname|$description|$vpcid|OUTBOUND|$cidr|$fromport|$toport|$proto\n";
}
my @useridgrouppairs = @{ $g->{'UserIdGroupPairs'} };
foreach my $h ( @useridgrouppairs ) {
$useridgrouppairs=$h->{'GroupId'};
if ($proto==-1) {$fromport="ALLPORTS"; $toport="ALLPORTS"; $proto="ALLPROTO";}
$tabella .= "$groupid|$groupname|$description|$vpcid|OUTBOUND|$useridgrouppairs|$fromport|$toport|$proto\n";
}
}
#------------------------------------------
}
return $tabella;
}
答案 1 :(得分:0)
这是一个jq解决方案
def ports:
if .IpProtocol == "-1"
then {FromPort:"ALLPORTS", ToPort:"ALLPORTS", IpProtocol:"ALLPROTO"}
else {FromPort, ToPort, IpProtocol}
end
;
def tabella($g; $p; $dir; $ip):
[ $g.GroupId, $g.GroupName, $g.Description, $g.VpcId, $dir, $ip,
$p.FromPort, $p.ToPort, $p.IpProtocol ]
;
def creatab:
.SecurityGroups[]
| { GroupId, GroupName, Description, VpcId } as $g
| (
.IpPermissions[]
| ports as $p
| ( .IpRanges[] | tabella($g; $p; "INBOUND"; .CidrIp) ),
( .UserIdGroupPairs[] | tabella($g; $p; "INBOUND"; .GroupId) )
),
(
.IpPermissionsEgress[]
| ports as $p
| ( .IpRanges[] | tabella($g; $p; "OUTBOUND"; .CidrIp) ),
( .UserIdGroupPairs[] | tabella($g; $p; "OUTBOUND"; .GroupId) )
)
;
creatab
| map(tostring)
| join("|")
以
运行时jq -M -r -f filter.jq data.json
相同的输出
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|10.12.0.0/16|3389|3389|tcp
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|192.168.10.10/32|3389|3389|tcp
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|192.168.10.10/32|5666|5666|tcp
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|sg-00000001|ALLPORTS|ALLPORTS|ALLPROTO
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|sg-000000001|ALLPORTS|ALLPORTS|ALLPROTO
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|10.12.0.0/16|-1|-1|icmp
sg-000000001|server-db|server-db|vpc-0000001|INBOUND|192.168.10.10/32|-1|-1|icmp
sg-000000001|server-db|server-db|vpc-0000001|OUTBOUND|0.0.0.0/0|ALLPORTS|ALLPORTS|ALLPROTO
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|sg-00000001|ALLPORTS|ALLPORTS|ALLPROTO
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|10.12.0.0/16|22|22|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.10.10/32|22|22|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|10.12.0.0/16|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.60.10/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.160.10/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.130.10/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.130.50/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.130.150/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.10.10/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.80.150/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.80.152/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.80.155/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.80.158/32|443|443|tcp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|sg-00000002|ALLPORTS|ALLPORTS|ALLPROTO
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|10.12.0.0/16|-1|-1|icmp
sg-00000001|server-as|server-as|vpc-00000001|INBOUND|192.168.10.10/32|-1|-1|icmp
sg-00000001|server-as|server-as|vpc-00000001|OUTBOUND|0.0.0.0/0|ALLPORTS|ALLPORTS|ALLPROTO