How to check via aws cli if a Security Group description contains a secific string?

Question

Using aws cli, I would like to be able to fuzzy search for a part of a string in the 'description' of a Security Group.

For example let's say Security Group sd-afafaf00 contains "Hey there kaipee" in the Description field.

The following works but only for a complete match, not partial

aws ec2 describe-security-groups --query "SecurityGroups[?IpPermissions[?contains(IpRanges[].Description, 'Hey there kaipee')]]"

I would like to be able to display all Security Groups that contain 'kaipee' in the description, like:

aws ec2 describe-security-groups --query "SecurityGroups[?IpPermissions[?contains(IpRanges[].Description, 'kaipee')]]"

EDIT : I require returning the GroupId, CirdIp and details of the Description field which all match the results of the queried string.

score 0 · Answer 1 · answered Jan 08 '21 at 22:28

0

Do you mind using jq?

jq '.[][].IpPermissions[].IpRanges[] | select(.Description) | select(.Description | contains("kaipee"))'

answered Jan 08 '21 at 22:28

Mark Wagner

17,764
2
30
47

Using jq seems fine. However for more clarity, I actually require returning the GroupId, CidrIp and Description for each value that matches the queried string. – kaipee Jan 12 '21 at 17:05

score 0 · Answer 2 · answered Feb 13 '21 at 11:08

Have you tried using a JMESPath query to filter the SG you're looking for. I've done some testing on my own and can't find the way to get contains to work, but I find that > seems to work even when the search string is not at the start of the description.

aws ec2 describe-security-groups --query "SecurityGroups[?Description > 'kaipee'].{Description: Description, GroupId: GroupId, IpRanges: IpPermissions[].IpRanges}"

Hope that helps.

How to check via aws cli if a Security Group description contains a secific string?

2 Answers2