AWS CLI JMESPath Guide
Learn how to shape AWS CLI JSON output with JMESPath. Copy-paste patterns for EC2, S3, Lambda, IAM, RDS, CloudFormation, CloudWatch, and more—plus direct links to test online and export CSV.
Quick start
Drop these into your terminal with --query. They work with aws --output json or --output table.
First item
aws ec2 describe-instances --query Reservations[0].Instances[0]Filter running
aws ec2 describe-instances --query "Reservations[].Instances[?State.Name=='running'].[InstanceId,InstanceType]" --output tableCount
aws s3api list-buckets --query "length(Buckets)"Projection
aws lambda list-functions --query "Functions[].{Name:FunctionName,Runtime:Runtime}"Service patterns
Try in playground →EC2
Instance IDs and states
--query "Reservations[].Instances[].{Id:InstanceId,State:State.Name,Type:InstanceType}"Filter running in a VPC
--query "Reservations[].Instances[?State.Name=='running' && VpcId=='vpc-123'].InstanceId"Latest launch time
--query "max_by(Reservations[].Instances[], &LaunchTime).LaunchTime"S3
Bucket names
--query "Buckets[].Name"Creation dates
--query "Buckets[].{Name:Name,Created:CreationDate}"Count buckets
--query "length(Buckets)"Lambda
Runtime inventory
--query "Functions[].{Name:FunctionName,Runtime:Runtime,Memory:MemorySize}"Filter by runtime
--query "Functions[?Runtime=='python3.11'].FunctionName"Sort by last modified
--query "sort_by(Functions, &LastModified)[].FunctionName"IAM
User report
--query "Users[].{User:UserName,Created:CreateDate}"Users without password
--query "Users[?PasswordLastUsed==null].UserName"Count users
--query "length(Users)"RDS
DB inventory
--query "DBInstances[].{Id:DBInstanceIdentifier,Engine:Engine,Status:DBInstanceStatus}"Filter PostgreSQL
--query "DBInstances[?Engine=='aurora-postgresql'].DBInstanceIdentifier"Storage overview
--query "DBInstances[].{Id:DBInstanceIdentifier,Storage:AllocatedStorage}"CloudFormation
Stacks summary
--query "StackSummaries[].{Name:StackName,Status:StackStatus}"Filter failed stacks
--query "StackSummaries[?contains(StackStatus, 'FAILED')].StackName"Latest stack
--query "max_by(StackSummaries, &CreationTime).StackName"CloudWatch
Alarms in ALARM state
--query "MetricAlarms[?StateValue=='ALARM'].{Name:AlarmName,Metric:MetricName}"Namespaces used
--query "MetricAlarms[].Namespace | unique(@)"Count alarms
--query "length(MetricAlarms)"VPC
VPC overview
--query "Vpcs[].{VpcId:VpcId,Cidr:CidrBlock,State:State}"VPC names via tags
--query "Vpcs[].{VpcId:VpcId,Name:Tags[?Key=='Name'].Value|[0]}"Count subnets
--query "length(Subnets)"Advanced techniques
- Chain pipes for multi-step transforms:
Reservations[].Instances[] | [?State.Name=='running'] | [].InstanceId - Use functions:
sort_by(Functions, &MemorySize)[].FunctionName - Normalize tags:
Tags[?Key=='Name'].Value | [0] || 'n/a' - Convert booleans/flags:
{Id: InstanceId, IsRunning: State.Name=='running'} - Limit results:
Functions[:5]
Troubleshooting
- Invalid JSON? Re-run the CLI without pipes to ensure valid JSON before adding --query.
- Empty result? Confirm key casing; AWS outputs often use PascalCase.
- Large payloads? Add server-side filters (e.g., --filters for EC2) before JMESPath.
- Need CSV? Keep --output json and use the JMESPath create CSV page for clean downloads.
FAQ
▶Do I need a $ prefix in AWS CLI JMESPath?
No. JMESPath expressions in AWS CLI start directly with keys, e.g., Reservations[].Instances[].InstanceId.
▶How do I sort AWS CLI results?
Use sort_by(collection, &key). Example: sort_by(Reservations[].Instances[], &LaunchTime)[].InstanceId.
▶Can I join strings in JMESPath?
Yes. Use join to combine values, e.g., join('-', [InstanceId, State.Name]).
▶How do I handle missing fields?
Use default values or filters, e.g., {Name: Tags[?Key=='Name'].Value | [0] || 'n/a'}.
▶Is this compatible with --output table?
JMESPath works regardless of the final renderer. For CSV, keep --output json and use this converter for clean exports.
▶Can I chain expressions?
Yes. Use pipes like Reservations[].Instances[] | [?State.Name=='running'] | [].InstanceId.