Account Assessment for AWS Organizations¶
AWS Account Assessment provides a comprehensive evaluation of your AWS organization's resource inventory, security posture, and operational readiness. The solution performs account-level discovery across all member accounts and surfaces recommendations for compliance, cost optimization, and security.
Authoritative reference: Account Assessment for AWS Organizations
How runbooks Implements Account Assessment¶
The runbooks inventory group delivers full organizational discovery aligned to Account Assessment patterns:
inventory Command Group¶
| Command | Capability | Purpose |
|---|---|---|
runbooks inventory organizations |
Organizations enumeration | List all accounts in the organization with metadata (name, status, email, ARN, enrollment date) |
runbooks inventory collect |
Cross-account resource discovery | Collect resources (EC2, RDS, Lambda, S3, etc.) from all organization accounts in parallel |
runbooks inventory resource-explorer |
Unified resource search | Query the AWS Resource Explorer aggregator for comprehensive resource visibility across accounts |
runbooks inventory report |
Assessment summary | Generate organization-wide inventory report with resource counts, regional distribution, and tag compliance |
Code Paths¶
- Organizations API client:
runbooks/src/runbooks/inventory/organizations_discovery.py - Organizations utilities:
runbooks/src/runbooks/inventory/organizations_utils.py - Collector framework:
runbooks/src/runbooks/inventory/collectors/ - Resource Explorer integration:
runbooks/src/runbooks/inventory/resource_explorer.py
See the inventory CLI Reference for complete command documentation.
Quality Gate¶
Account enumeration completeness: 100% of organization accounts discovered
The Organizations API provides the authoritative membership list. runbooks inventory organizations must enumerate all accounts without pagination gaps, ensuring no accounts are orphaned or missed during assessment.
Measured via: runbooks inventory organizations --profile $AWS_MANAGEMENT_PROFILE --validate paginated-results — confirms all accounts from Organizations API match the full list count.
Related Solutions¶
- Landing Zone Accelerator — Account Assessment provides readiness input before LZA enrollment (landing-zone-accelerator.md)
- Workload Discovery — Account inventory is the foundation for application-to-infrastructure mapping (workload-discovery.md)
- Cloud Foundations — uses assessment findings to prioritize compliance remediation (cloud-foundations.md)
Last checked¶
2026-05-21 — Account Assessment URL verified live (HTTP 200)