JSONファイル:
"UserDetailList": [
{
"UserName": "ec2-provisioning",
"GroupList": [],
"CreateDate": "2017-11-07T14:20:14Z",
"UserId": "1234556",
"Path": "/",
"AttachedManagedPolicies": [
{
"PolicyName": "EC2FullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
},
{
"PolicyName": "AmazonS3FullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}
],
"Arn": "arn:aws:iam::1234567890:user/citrix-xendesktop-ec2-provisioning"
},
{
"UserName": "read-only-iam-permissions",
"GroupList": [],
"CreateDate": "2018-03-09T11:13:38Z",
"UserId": "AABCDEFGHG6EQ",
"Path": "/",
"AttachedManagedPolicies": [
{
"PolicyName": "IAMReadOnlyAccess",
"PolicyArn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
}
],
"Arn": "arn:aws:iam::123456789:user/rundeck-read-only-iam-permissions"
}]
そしてjq -r '.UserDetailList[] | [.UserName] | @csv' output.json > fileout2.csv
私は得ることができますか?
xendesktop-ec2-provisioning"
"rundeck-read-only-iam-permissions"
この2人のユーザーのIAMポリシーを取得するにはどうすればよいですか? AttachedManagedPoliciesからAmazonEC2FullAccessとAmazonS3FullAccessを抽出する必要がありますか?
したがって、出力は次のようになります。
xendesktop-ec2-provisioning",AmazonEC2FullAccess
xendesktop-ec2-provisioning",AmazonS3FullAccess
read-only-iam-permissions,IAMReadOnlyAccess
答え1
jq
解決策:
jq -r '.UserDetailList[] | .UserName as $u
| .AttachedManagedPolicies[] | ([$u, .PolicyName] | @csv)' input.json
出力:
"citrix-xendesktop-ec2-provisioning","AmazonEC2FullAccess"
"citrix-xendesktop-ec2-provisioning","AmazonS3FullAccess"
"rundeck-read-only-iam-permissions","IAMReadOnlyAccess"