We Keep Coding

Attempting to update AWS secret isn't saving in AWS

I’m on Mac Monterrey. Using the AWS CLI, I want to update a secret's value, so I did this
aws secretsmanager update-secret --secret-id 'development/database' --description '{"adapter": "mysql2", "encoding": "utf8", "host": "host.docker.internal"}'
And I get back
{
"ARN": "arn:aws:secretsmanager:us-east-1:1234678901234:secret:development/database-4walfE",
"Name": "development/database"
}
However, when I go to see the value of my secret, it is unchanged
$ aws secretsmanager get-secret-value --secret-id 'development/database'
{
"ARN": "arn:aws:secretsmanager:us-east-1:1234678901234:secret:development/database-4abcdE",
"Name": "development/database",
"VersionId": "378861d2-c5f0-48a4-a965-13877321da62",
"SecretString": "{\"adapter\": \"mysql2\", \"encoding\": \"utf8\", \"host\": \"127.0.0.1\"}",
"VersionStages": [
"AWSCURRENT"
],
"CreatedDate": "2022-04-11T12:00:43.029000-05:00"
}
What gives? What am I missing?

If you're updating the value of the secret, you should use --secret-string
aws secretsmanager update-secret --secret-id 'development/database' --secret-string '{"adapter": "mysql2", "encoding": "utf8", "host": "host.docker.internal"}'

How to query AWS Stack Outputs?

My Stack Outputs:
"Outputs": [
{
"OutputKey": "InstanceId",
"OutputValue": "i-0ed2834d95ae5bb98",
"Description": "Instance Id"
},
{
"OutputKey": "PrivateIp",
"OutputValue": "10.176.66.46",
"Description": "Private IP address"
},
{
"OutputKey": "EbsVolumeId",
"OutputValue": "vol-03837489a20032881",
"Description": "EbsVolume"
}
I tried to query the PrivateIp of stack by using the command below but the command doesn't return anything.
aws cloudformation describe-stacks --stack-name my-stack-01 --query "Stacks[0].Outputs[?OutputKey=="PrivateIp"].OutputValue" --output text
What did I do wrong?
Thx in advance!

You must use single-quotes in the filter part ?OutputKey=="PrivateIp" of your query. So, change your whole query to:
aws cloudformation describe-stacks --stack-name my-stack-01 --query "Stacks[0].Outputs[?OutputKey=='PrivateIp'].OutputValue" --output text
This will work.

pipe output from aws cli as input to another aws cli command

Hi I would like to pipe an instance output to start/stop ec2 instances. Here is the beginning of the code:
aws ec2 describe-instances \
--query "Reservations[*].Instances[*].{Instance:InstanceId,Subnet:SubnetId}" \
--filters "Name=tag-value,Values=<INSTANCE NAME TAG>" \
--output text | \
How do I pipe this output to AWS ec2 start-instances command in Windows?

Output format can be JSON,YAML, TEXT or Table.It depends on your requirements.
Sample command for JSON output:
$ aws iam list-users --output json
Sample output:
{
"Users": [
{
"Path": "/",
"UserName": "Admin",
"UserId": "AIDA1111111111EXAMPLE",
"Arn": "arn:aws:iam::123456789012:user/Admin",
"CreateDate": "2014-10-16T16:03:09+00:00",
"PasswordLastUsed": "2016-06-03T18:37:29+00:00"
},
{
"Path": "/backup/",
"UserName": "backup-user",
"UserId": "AIDA2222222222EXAMPLE",
"Arn": "arn:aws:iam::123456789012:user/backup/backup-user",
"CreateDate": "2019-09-17T19:30:40+00:00"
},
{
"Path": "/",
"UserName": "cli-user",
"UserId": "AIDA3333333333EXAMPLE",
"Arn": "arn:aws:iam::123456789012:user/cli-user",
"CreateDate": "2019-09-17T19:11:39+00:00"
}
]
}
Now if you want to use this output for input of another command, one easy way is to read the json file, extract the value and use that as input to other command.
Please read https://www.business.com/articles/using-powershell-with-json-data/ for some details.

I found a PowerShell solution which suits my needs better:
$InstanceId = aws ec2 describe-instances --query "Reservations[*].Instances[*].{Instance:InstanceId}" --filters "Name=tag-value,Values=<INSTANCE NAME TAG>" --output text aws ec2 start-instances --instance-ids $InstanceId

Parsing AWS JSON with JQ

I'm trying to parse JSON output from the AWS CLI. What I'm looking for are security group names with specific tags below them. The two commands that work are
$aws ec2 describe-security-groups | jq -r '.SecurityGroups[].GroupName'
default
mysqlsg
apachesg
default
Then I run
$ aws ec2 describe-security-groups | jq -r '.SecurityGroups[].Tags[]|select(.Key == "Service")'
{
"Key": "Service",
"Value": "default"
}
{
"Key": "Service",
"Value": "MySQL"
}
{
"Key": "Service",
"Value": "Apache"
}
{
"Key": "Service",
"Value": "default"
}
I'd like each group to have the Service Tag below it so I tried this but it didn't work.
$ aws ec2 describe-security-groups | jq -r '.SecurityGroups[].GroupName,.SecurityGroups[].Tags[]|select(.Key == "Service")'
jq: error (at <stdin>:225): Cannot index string with string "Key"

You can do this with aws-cli query parameters, try the below and it should work.
aws ec2 describe-security-groups --query 'SecurityGroups[].{Tags:Tags[?Key==`Name`].Value|[0],GroupName:GroupName}'
output
{
"Tags": "demo",
"GroupName": "demo"
}

AWS CLI S3 get object tags

I need to get object tags by AWS CLI. Is it possible to display all object tags? Or even display the value of a specific key from tags.

You can do this with the command aws s3api get-object-tagging --bucket bucketname --key objectkey. For example
➜ ~ aws s3 ls helloworld-20181029141519-deployment
2018-11-24 07:19:11 0 hello.world
➜ ~ aws s3api get-object-tagging --bucket helloworld-20181029141519-deployment --key hello.world
{
"TagSet": [
{
"Value": "1",
"Key": "tagged"
},
{
"Value": "bar",
"Key": "foo"
}
]
}
You can use a JMESPath expression to filter the result set.
➜ ~ aws s3api get-object-tagging --bucket helloworld-20181029141519-deployment --key hello.world --query "TagSet[?Key=='foo']"
[
{
"Value": "bar",
"Key": "foo"
}
]