JSON 文件:
"UserDetailList": [
{
"UserName": "ec2-provisioning",
"GroupList": [],
"CreateDate": "2017-11-07T14:20:14Z",
"UserId": "1234556",
"Path": "/",
"AttachedManagedPolicies": [
{
"PolicyName": "EC2FullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
},
{
"PolicyName": "AmazonS3FullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonS3FullAccess"
}
],
"Arn": "arn:aws:iam::1234567890:user/citrix-xendesktop-ec2-provisioning"
},
{
"UserName": "read-only-iam-permissions",
"GroupList": [],
"CreateDate": "2018-03-09T11:13:38Z",
"UserId": "AABCDEFGHG6EQ",
"Path": "/",
"AttachedManagedPolicies": [
{
"PolicyName": "IAMReadOnlyAccess",
"PolicyArn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
}
],
"Arn": "arn:aws:iam::123456789:user/rundeck-read-only-iam-permissions"
}]
和jq -r '.UserDetailList[] | [.UserName] | @csv' output.json > fileout2.csv
我可以得到
xendesktop-ec2-provisioning"
"rundeck-read-only-iam-permissions"
如何获取这 2 个用户的 IAM 策略,我需要在 AttachedManagedPolicies 下提取 AmazonEC2FullAccess 和 AmazonS3FullAccess ?
所以输出可以是
xendesktop-ec2-provisioning",AmazonEC2FullAccess
xendesktop-ec2-provisioning",AmazonS3FullAccess
read-only-iam-permissions,IAMReadOnlyAccess
答案1
jq
解决方案:
jq -r '.UserDetailList[] | .UserName as $u
| .AttachedManagedPolicies[] | ([$u, .PolicyName] | @csv)' input.json
输出:
"citrix-xendesktop-ec2-provisioning","AmazonEC2FullAccess"
"citrix-xendesktop-ec2-provisioning","AmazonS3FullAccess"
"rundeck-read-only-iam-permissions","IAMReadOnlyAccess"