With AWS cli how do I get the CloudFront OAI ID for one record with a specific name/comment?-CodePudding

In the below output I only want to get the Id of the CloudFront Origin Access ID with the comment Created for Nackle Shared CF in pprd.

Therefore I want the output to be ``E1P6ZIBDB6I6FZ```.

Here is the command I used to get everything so far:

aws cloudfront list-cloud-front-origin-access-identities

I have played with jq and grep and can not get it to pull what I want out. I also tried to use --filter but I do not think that works with this CloudFront command.

Here is the output of the command:

{
    "CloudFrontOriginAccessIdentityList": {
        "Items": [
            {
                "Id": "E3IQ5CFYM436DX",
                "S3CanonicalUserId": "0301338e0173a8fa18a117f8234f7f30ddf87fcf45fcf70412a374414d592bee3eea9697f41d06b284617232122dd",
                "Comment": "Created for Nackle Shared CF in qa"
            },
            {
                "Id": "E1P6ZIBDB6I6FZ",
                "S3CanonicalUserId": "c21bc4e37661a49846db7dd6798b25a71ce81decb4f6403b5c6602da6e49f6a831ca3a0f682f87fc4b15285785b9c",
                "Comment": "Created for Nackle Shared CF in pprd"
            },
            {
                "Id": "EMLFRR2NYMLFT",
                "S3CanonicalUserId": "5123661394e931636d038d3370399d6cb110844505f4058aa2ee0aab21e52d09ced60fffa2fb438d2872366821eb1",
                "Comment": "Created for Nackle Shared CF in prod"
            },
            {
                "Id": "E1EXEX5YNA4N51",
                "S3CanonicalUserId": "e5c969d27e56434c73c3b7509ffa51c8a29cf690eeb1f3c85db8c6f85b09f5efb3c5d3f891ea5b9f6c5729af2f5c3",
                "Comment": "Do Not Want"
            },
            {
                "Id": "E1RDNKSTCZ8CTF",
                "S3CanonicalUserId": "d5a6931f306807e37ec245f87a4f8ef247fbc362ab016f9b02e5136029ce8b7a79e1d1d5e4fe4b751cf0fa66832ad",
                "Comment": "Also do not want"
            }
        ]
    }
}

I also just tried with --query and I think i got closer :

aws cloudfront list-cloud-front-origin-access-identities --query "CloudFrontOriginAccessIdentityList.Items[]"

Gave me :

[
    {
        "Id": "E3IQ5CFYM436DX",
        "S3CanonicalUserId": "57b0301338e0173a8fa18a117f8234f7f30ddf87fcf45fcf70412a374414d592bee3eea9697f41d06b284617232122dd",
        "Comment": "Created for Nackle Shared CF in qa"
    },
    {
        "Id": "E1P6ZIBDB6I6FZ",
        "S3CanonicalUserId": "7fbc21bc4e37661a49846db7dd6798b25a71ce81decb4f6403b5c6602da6e49f6a831ca3a0f682f87fc4b15285785b9c",
        "Comment": "Created for Nackle Shared CF in pprd"
    },
    {
        "Id": "EMLFRR2NYMLFT",
        "S3CanonicalUserId": "02d5123661394e931636d038d3370399d6cb110844505f4058aa2ee0aab21e52d09ced60fffa2fb438d2872366821eb1",
        "Comment": "Created for Nackle Shared CF in prod"
    },
    {
        "Id": "E1EXEX5YNA4N51",
        "S3CanonicalUserId": "49de5c969d27e56434c73c3b7509ffa51c8a29cf690eeb1f3c85db8c6f85b09f5efb3c5d3f891ea5b9f6c5729af2f5c3",
        "Comment": "Do Not Want"
    },
    {
        "Id": "E1RDNKSTCZ8CTF",
        "S3CanonicalUserId": "0a1d5a6931f306807e37ec245f87a4f8ef247fbc362ab016f9b02e5136029ce8b7a79e1d1d5e4fe4b751cf0fa66832ad",
        "Comment": "Also do not want"
    }
]

CodePudding user response：

Navigate to the items using .CloudFrontOriginAccessIdentityList.Items[], then choose only the matching ones using select and output the part you're interested in. Using the -r flag turns the output into raw text (rather than JSON).

… | jq -r '
    .CloudFrontOriginAccessIdentityList.Items[]
    | select(.Comment == "Created for Nackle Shared CF in pprd").Id
  '

E1P6ZIBDB6I6FZ

Demo

To import the query string into the filter, use the --arg option:

… | jq -r --arg q "Created for Nackle Shared CF in pprd" '
    .CloudFrontOriginAccessIdentityList.Items[]
    | select(.Comment == $q).Id
  '