A few days ago we were wondering were to keep the credentials of our Google Developers project allowing us to connect our React App with Cognito and Google API.
As I explained here we ended up putting a JSON configuration in AWS Parameter Store.

In our current project we needed to access this configuration within a hook after deploy (basically, just a shell script executed at the end of sls deploy).
By simply runningaws

ssm get-parameters --name auth-google-config

we where getting the entire thing:

{
    "Parameters": [
        {
            "Name": "auth-google-config",
            "Type": "String",
            "Value": "\"{\"client_id\":\"123_your_client_id_666.apps.googleusercontent.com\",\"client_secret\":\"aBc_your_secret_666_XYZ\",\"authorize_scopes\":\"profile email openid\"}\"",
            "Version": 3,
            "LastModifiedDate": 1562138784.993,
            "ARN": "arn:aws:ssm:your_region:your_account_id:parameter/auth-google-config"
        }
    ],
    "InvalidParameters": []
}

as you can see the values are contain escaped quotes

If reading the parameter store with node, we would simply parse that into an object:

const value = JSON.parse(Value)

but how to achieve the same within a shell script?

JQ to the rescue!

aws ssm get-parameters --name auth-google-config --query "Parameters[0].Value" 
| jq '.|fromjson'

Basically, we feed the result of the aws query directly into JQ and let it parse the string into an object (see the manual here)

If you want you can play around with the fromjson ( and all the other functions and operators from JQ in their playground)

Photo by Stefan Steinbauer on Unsplash