• jq is a swiss army knife for working with JSON. It is especially handy for piping output of CLI tools, such as curling JSON APIs, or aws and az CLIs.

    I wanted to get a nice list of public IP addresses of my EC2 instances, together with instance names. I could have used boto for this, but the combo of AWS CLI and jq turned to be a simple and effective one-liner (split for better wrapping).

    aws ec2 describe-instances | jq '.Reservations[].Instances[] |
      {(.Tags[] | select (.Key == "Name") | .Value): .PublicIpAddress}' |
      jq -s add
    

    produces:

    {
      "foo": "54.131.121.177",
      "bar": "52.75.8.58",
      "baz": "34.228.156.28"
    }
    
  • Accidentally discovered that EC2 security groups do not terminate an open connection (like SSH) when the security group rules or membership change. New connections will be prevented, but this will not terminate established ones.

    See for yourself:

    • create an EC2 instance and give it a security group
    • add an ingress rule on port 22
    • SSH into it
    • change the security group; remove the instance from that group altogether, or just change ingress rule.
    • Observe how the SSH connection remains open

    Tested this for N hours and SSH connection did not get terminated. So if someone is in your boxen, you can’t kick them out that way.

    Heed the warning and plan accordingly.


    update 2017-11:

    Apparently Azure NSGs have the same flaw. Not even surprised.

Hosting AWS Docker Microservices Tooling Automation