Skip to content


Created: 2018-10-23 13:08:34 -0700 Modified: 2018-11-23 09:28:02 -0800

  • The search for the API documentation is terrible. It’s usually easier to drill down into categories than to search for something (e.g. as of 10/26/2018, searching “create-service” returns nothing).
  • The CLI is installed using Python.
  • To get help, type something like “aws route53 help” or “aws route53 get-hosted-zone help”.
  • Some exit codes to the shell will be successful even though you may think that the command didn’t really succeed. For example, in Lambda, I was calling “aws lambda invoke” with a function that would fail. So the CLI reported success because it did properly invoke the function, it’s just that the function happened to not work. For cases like this, you’ll typically end up using a parser like JQ to check the resulting JSON, e.g. cat output.json | jq -r “.FunctionError” | grep -v -e “Handled” -e “Unhandled”

This just wasn’t obvious enough for me to leave it to the documentation. First of all, the “name” property that you see below is just a tag. The “group name” property probably needs to be unique (whereas tags don’t have to be).

To fetch by name (which remember—it’s just a tag)

aws ec2 describe-security-groups --filters "Name=tag-key,Values=Name" "Name=tag-value,Values=create-database-lambda"

Note: the “Name” tag is capitalized, so if you want to add it yourself, just make sure to respect the casing.

To fetch by group-name (which is unique)

aws ec2 describe-security-groups --filters Name=group-name,Values="Create database Lambda"

Just saving this somewhere too, which is how I saved the output of the above into the Bash environment that I had:

echo 'export CREATE_DATABASE_LAMBDA_SG=$(aws ec2 describe-security-groups --filters "Name=tag-key,Values=Name" "Name=tag-value,Values=$TF_VAR_CREATE_DATABASE_LAMBDA_SECURITY_GROUP_NAME" | jq .SecurityGroups[0].GroupId)' >> $BASH_ENV