Filter results
You can use filter rules both to describe resources and to ignore resources. You can use both inclusion and exclusion logic.
Filter rules allow you to build a complex include and exclude expression to include and exclude a set of resources in your workflow. This capability is powered by the expression language JMESPath.
Filters are applied on a normalized struct that contains the following fields:
  • Type: Type of the resource, for example, aws_s3_bucket
  • Id: Id of the resource, for example, my-bucket-name
  • Attr: Every resource attribute (See this terraform attributes reference for a full list of supported attributes of a bucket.)
Note: If you want to filter on Attr, enable deep mode in order to have access to the details of a resource.
​Examples
1
# Will include only S3 bucket in the search
2
$ snyk iac describe --only-unmanaged --filter="Type=='aws_s3_bucket'"
3
# OR (beware of escape your shell special chars between double quotes)
4
$ snyk iac describe --only-unmanaged --filter=#x27;Type==\'aws_s3_bucket\''
5
# Excludes only s3 bucket named 'my-bucket-name'
6
$ snyk iac describe --only-unmanaged --filter=#x27;Type==\'aws_s3_bucket\' && Id!=\'my-bucket-name\''
7
# Ignore buckets that have tags terraform equal to 'false'
8
$ snyk iac describe --all --deep --filter=#x27;!(Type==\'aws_s3_bucket\' && Attr.tags.terraform==\'false\')'
9
# Ignore buckets that don't have tag terraform
10
$ snyk iac describe --all --deep --filter=#x27;!(Type==\'aws_s3_bucket\' && Attr.tags != null && !contains(keys(Attr.tags), \'terraform\'))'
11
# Ignore buckets with an ID prefix of 'terraform-'
12
$ snyk iac describe --filter=#x27;!(Type==\'aws_s3_bucket\' && starts_with(Id, \'terraform-\'))'
13
# Ignore buckets with an ID suffix of '-test'
14
$ snyk iac describe --filter=#x27;!(Type==\'aws_s3_bucket\' && ends_with(Id, \'-test\'))'
15
# Ignore GitHub archived repositories
16
$ snyk iac describe --to="github+tf" --deep --filter='!(Attr.Archived)'
Copied!
Export as PDF
Copy link
Edit on GitHub