Cloud Foundations¶
AWS Cloud Foundations provide a prescriptive set of baseline controls for security, cost optimization, and operational resilience across AWS accounts. The solution covers identity governance, data protection, cost allocation, and compliance monitoring.
Authoritative reference: AWS Cloud Foundations
How runbooks Implements Cloud Foundations¶
The runbooks cfat (Cloud Foundations Assessment Tool) group delivers foundational AWS compliance checks aligned to Cloud Foundations guardrails:
cfat Command Group¶
| Command | Capability | Purpose |
|---|---|---|
runbooks cfat assess |
Full foundation assessment | Evaluate account compliance against Cloud Foundations baseline |
runbooks cfat compliance |
Compliance gate checks | Verify security controls, cost controls, and resilience baselines |
runbooks cfat risk-score |
Risk quantification | Score account readiness (0–100) with prioritized remediation |
runbooks cfat report |
Executive summary | Generate HTML/PDF compliance report with findings + remediation steps |
Code Paths¶
- Assessment engine:
runbooks/src/runbooks/cfat/cloud_foundations_assessment.py - Compliance checks:
runbooks/src/runbooks/cfat/assessment/compliance.py - Risk scoring:
runbooks/src/runbooks/cfat/assessment/runners.py
See the cfat CLI Reference for complete command documentation and examples.
Quality Gate¶
Cloud Foundations MCP cross-validation accuracy: ≥99.5%
The cfat assess output is validated against AWS Control Tower guardrails using deterministic MCP checklist comparison. Every control evaluated by runbooks cfat is cross-checked against the authoritative Cloud Foundations spec from AWS.
Measured via: runbooks validate mcp --suite cfat (requires $AWS_OPERATIONS_PROFILE)
Related Solutions¶
- Landing Zone Accelerator — builds on Cloud Foundations baselines to establish multi-account organization structure (landing-zone-accelerator.md)
- Security Baseline — runbooks CLI security group implements defense-in-depth controls that extend Cloud Foundations (/runbooks/cli/security/)
Last checked¶
2026-05-21 — AWS Cloud Foundations URL verified live (HTTP 200)