AWK / Grep and Print All Matching Record

Question

I have this command which displays all the record from the search. But I would like to filter only the record that matches the search word.

For e.g.

for user in $(aws iam list-users |grep -i UserName|sed -e 's/.*: \"//' -e 's/\",//'); do 
    echo USER: $user; 
    echo TAGS:
    aws iam list-user-tags --user-name $user --output text | awk '{print $2,$3}'
    echo GROUPS:
    aws iam list-groups-for-user  --user-name $user --output text|awk {'print $5'};  done > users.txt

The above command displays the following results.

User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod

User: black.smith@abc.com
TAGS:
Team green
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod

etc.

I would like get all the user where tag Team == red.

I tried with search string in line 4 like,

aws iam list-user-tags --user-name $user --output text | awk '/red/{print $2,$3}'

but it displays only one line

Team red

But I would like to display full record like

User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod

Could you please help how I can display all the record where tag Team == red.

You can use `aws iam list-users --output text --query "Users[].UserName"` to get a list of names. — jarmod, Jan 23 '23 at 14:21

score 4 · Answer 1 · answered Jan 23 '23 at 14:40

4

For awk, you can use the paragraph mode. This will display all "records" that contain Team red.

awk -v RS= '/Team red/'

answered Jan 23 '23 at 14:40

steffen

16,138
4
42
81

I was doing the same with `awk 'BEGIN{RS="\n\n"} /Team red/{print}' file` but I like yours better. – Paul Hodges Jan 23 '23 at 14:53
I tried both of your command but it not give the expected result. `for user in $(aws iam list-users |grep -i UserName|sed -e 's/.*: \"//' -e 's/\",//'); do echo USER: $user; echo TAGS: aws iam list-user-tags --user-name $user --output text | awk -v RS= '/Team red/' echo GROUPS: aws iam list-groups-for-user --user-name $user --output text|awk {'print $5'}; done > users.txt ` I get all the results not just team red but also the result is missing the Tags `User: joe.blogs@abc.com TAGS: GROUPS: iam-nonprod iam-prod` – xtonehari Jan 23 '23 at 15:24
2

@PaulHodges FYI `RS="\n\n"` requires GNU awk or a couple of other variants that support multi-char RS, otherwise it'll be treated as `RS="\n"` per POSIX, while `RS=""` will work in any awk. – Ed Morton Jan 23 '23 at 16:39
Exactly. While it might not matter on my system, it's really not the best option in general. – Paul Hodges Jan 23 '23 at 16:48

jarmod · Accepted Answer · 2023-01-23T16:40:56.483

You can solve this with various awscli commands and the use of the --query option which allows you to perform conditional client-side filtering.

Here is an example:

#!/bin/bash

USERS=$(aws iam list-users --query "Users[*].UserName" --output text)

for user in $USERS; do
    TAG=$(aws iam list-user-tags --user-name $user --query 'Tags[?(Key==`Team` && Value==`red`)]' --output text)

    if [ "$TAG" != "" ]; then
        echo "User:" $user

        echo "Tags:"
        aws iam list-user-tags --user-name $user --query 'Tags[*].[Key,Value]' --output text | tr "\t" "="

        echo "Groups:"
        aws iam list-groups-for-user --user-name $user --query "Groups[*].GroupName" --output text | tr "\t" "\n"
    fi
done

Sample output:

User: jason
Tags:
Team=red
Role=development
Groups:
dev
User: mary
Tags:
Team=red
Role=test
Groups:
qa
ut
fv

Jarmod, Thank you very much. A new requirement. How can I include to show the policies attached to each group and then the each policy details. For e.g. the first cmd will show the policies attached to each group, list-group-policies --group-name, then 2nd cmd will show the policy details for each policy, get-group-policy --group-name --policy-name. — xtonehari, Jan 25 '23 at 16:37

score 0 · Answer 3 · edited Jan 23 '23 at 20:10

0

It's super easy with AWK. First put your data in a file and this command will do whole job:

awk '/Team red/{c=4} c-->-2' < file

$ cat myfile
User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod

User: black.smith@abc.com
TAGS:
Team green
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod

etc.
$ awk '/Team red/{c=4} c-->-2' < file
User: joe.blogs@abc.com
TAGS:
Team red
Status active
Environment: nonprod
GROUPS:
iam-nonprod
iam-prod
[brhosh@scp-3-scripting(enm2) test]$

edited Jan 23 '23 at 20:10

steffen

16,138
4
42
81

answered Jan 23 '23 at 19:14

Shahbazi

1

it is not working. I created 4 sample users with tags. Only the 4th user had tags 'Team red'. When I ran your cmd, it showed the first User email ID and then tag values of 4th user. – xtonehari Jan 23 '23 at 22:51

AWK / Grep and Print All Matching Record

3 Answers3