aws cloudformation describe-stacks --query - amazon-web-services

I am trying to write a query for a specific stack. It looks like this:
$ aws cloudformation describe-stacks --region $AWS_REGION --profile $AWS_PROFILE --stack-name MyStack --query 'Stacks[?StackName == "MyStack"]'
[]
As you can see the output is an empty array. On the other hand:
$ aws cloudformation describe-stacks --region $AWS_REGION --profile $AWS_PROFILE --stack-name MyStack --query 'Stacks[0]'
{
// the output
}
What am I missing in my query version? How do I fix it?

Enclose the value in backquotes:
--query 'Stacks[?StackName == `MyStack`]'
Filtering AWS CLI output - AWS Command Line Interface

Related

AWS CLI query and filter for Step Functions

I would like to get Step Function ARN using AWS CLI by name with wildcard strig or get Step Function ARN by Step Function name
Here is an example:
aws stepfunctions list-state-machines --region us-east-1
I got this:
{
"stateMachines": [
{
"stateMachineArn": "arn:aws:states:us-east-1:012345678912:stateMachine:firstStepFunc",
"name": "firstStepFunc",
"type": "STANDARD",
"creationDate": "2022-12-01T14:43:09.577000+01:00"
}
]
}
I tried this one:
aws stepfunctions list-state-machines --query 'stateMachines[*].stateMachineArn' --region us-east-1 --output text
And get expected result:
arn:aws:states:us-east-1:012345678912:stateMachine:firstStepFunc
But if Step Functions will be more than one, it won't work.
I need something like that, but I have no idea how to write query in proper way:
aws stepfunctions list-state-machines --query 'stateMachines[*].stateMachineArn[?stateMachineArn==`*`]' --region us-east-1
aws stepfunctions list-state-machines --query 'stateMachines[*].stateMachineArn[?name==`*`]' --region us-east-1
Thanks in advance!
You could use contains functions for this, for example:
aws stepfunctions list-state-machines --query 'stateMachines[?contains(name,`dev`)]|[*].stateMachineArn' --region us-east-1 --output text
The expression above returns the ARN of all stepfunctions which have the dev keyword in their name. If you want to get only one (the first one, for example), you can do the following:
aws stepfunctions list-state-machines --query 'stateMachines[?contains(name,`dev`)]|[0].stateMachineArn' --region us-east-1 --output text

How to stop xargs command if the input is empty

My GitLab-ci.yml file consists of the below stage-
.deploy_cloudformation_template:
extends: .deployment_job_template
when: on_success
script:
# Deploy the template.
aws cloudformation deploy --profile $AWS_PROFILE --region us-east-1
--stack-name "pa-pa-${ENVIRONMENT_NAME}"
--template-file ./cfn/stack-template.yml
--capabilities CAPABILITY_IAM
--no-fail-on-empty-changeset
--parameter-overrides $(cat ./cfn/params-${ENVIRONMENT_NAME}.ini | tr "\n" " ")
# Delete any failed changesets in the stack, which are created when there's no change in the template.
aws cloudformation list-change-sets --profile $AWS_PROFILE --region us-east-1
--stack-name "pa-pa-${ENVIRONMENT_NAME}"
--query Summaries[][ChangeSetName,Status]
--output text | grep FAILED | awk '{print $1}' | xargs -I {} aws cloudformation delete-change-set
--profile $AWS_PROFILE --region us-east-1
--change-set-name {} --stack-name "pa-zappa-${ENVIRONMENT_NAME}"
If there are no failed changeset then the xargs should not run anything. I tried -r, --no-run-if-empty but that is not supported.
Anything else that i can use to achieve this?

AWS CLI Query for pulling image from ecs describe-task-definition?

So I'm trying to pull just the image from a task-definition. I'm running:
aws ecs describe-task-definition --task-definition nameoftaskdefinition --output text
And I'm trying add in the --query option so that result will look like
VAR = $(aws ecs describe-task-definition --task-definition nameoftaskdefinition --output text)
where echo $VAR would return image
Based on the output from the docs, you'll want something like this (untested)
aws ecs describe-task-definition \
--task-definition nameoftaskdefinition \
--query 'taskDefinition.containerDefinitions[].image' \
--output text
Note that depending on your task, you may have multiple containerDefinitions, so the output from that command ($VAR in your example) could be a space separated string

Given a role ARN, how do you find out which stack and region created the role?

Can anyone please provide CLI command to get the stack name and region that created a particular IAM role?
you will have to write a small looping script that goes through all the region and all the stack (with let's say 'CREATE_COMPLETE' status) and use the describe-stack-resources CLI command.
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-stack-resources.html
Here is a small example:
#!/bin/bash
for region in us-east-2 us-east-1 us-west-1 us-west-2 ap-east-1 ap-south-1 ap-northeast-3 ap-northeast-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 ca-central-1 cn-north-1 cn-northwest-1 eu-central-1 eu-west-1 eu-west-2 eu-west-3 eu-north-1 me-south-1 sa-east-1
do
echo "Processing region $region ..."
for stack in $(aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --output json --region $region | jq '.StackSummaries[] | .StackId' | sed -e 's/^"//' -e 's/"$//')
do
echo "Processing stack $stack ..."
aws cloudformation describe-stack-resources --stack-name $stack --output json --region $region | jq '.StackResources[] | select(.ResourceType=="AWS::IAM::Role") | select(.PhysicalResourceId=="PUT_YOUR_ROLE_NAME_HERE")'
done
done
Don't forget that if you have your role ARN you can easily get your account number and you role name. The format being
arn:aws:iam::account-id:role/role-name
I hope that helps, sorry about the oneliner, it's less readable.
aws cloudformation describe-stacks --stack-name myteststack

AWS SSM Parameters Store

Is there anyway to just nuke / remove all items in AWS Parameters Store?
All the command line I found are to remove it either one by one or remove it given a list of names.
I also tried using
aws ssm delete-parameters --cli-input-json test.json
with test.json file looks like this
{
"Names": [
"test1",
"test2"
]
}
still does not work..
Ideally if I can use --query and use it as is, that'd be great.
I'm using --query like so
aws ssm get-parameters-by-path --path / --max-items 2 --query 'Parameters[*].[Name]'
When you need to delete all parameters by path in AWS Systems Manager Parameter Store and there are more than 10 parameters you have to deal with pagination.
Otherwise, an the command will fail with the error:
An error occurred (ValidationException) when calling the DeleteParameters operation: 1 validation error detected: Value '[/config/application/prop1, ...]' at 'names' failed to satisfy constraint: Member must have length less than or equal to 10
The following Bash script using AWS CLI pagination options deletes any number of parameters from AWS SSM Parameter Store by path:
#!/bin/bash
path=/config/application_dev/
while : ; do
aws ssm delete-parameters --names $(aws ssm get-parameters-by-path --path "$path" --query "Parameters[*].Name" --output text --max-items 10 $starting_token | grep -v None)
next_token=$(aws ssm get-parameters-by-path --path "$path" --query NextToken --output text --max-items 10 | grep -v None)
if [ -z "$next_token" ]; then
starting_token=""
break
else
starting_token="--starting-token $next_token"
fi
done
You can combine get-parameters-by-path with delete-parameters:
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --query Parameters[].Name --output text`
I tested it by creating two parameters, then running the above command. It successfully deleted by parameters.
try this and execute multiple times
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`
Adding to the above. I had to delete around 400 params from the parameter store. Ran the below in command line and it did it! (Change 45 in for loop to whatever number you like);
for ((n=0;n<**45**;n++)); do
aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`
done
This is my one line solution for this:
$ for key in $(aws ssm get-parameters-by-path --path "/" --recursive | jq -r '.Parameters[] | .Name' | tr '\r\n' ' '); do aws ssm delete-parameter --name ${key}; done
NOTE: Be careful if you copy & paste this as it will remove everything under "/"