Workload Discovery on AWS¶
AWS Workload Discovery automates the identification and mapping of applications to their underlying infrastructure components. The solution uses tagging, metadata, and topology analysis to create an authoritative CMDB (Configuration Management Database) and supports CI/CD, cost allocation, and compliance workflows.
Authoritative reference: Workload Discovery on AWS
How runbooks Implements Workload Discovery¶
The runbooks inventory and runbooks vpc groups provide resource collection and topology discovery that feed workload mapping workflows:
inventory Command Group (Resource Collection)¶
| Command | Capability | Purpose |
|---|---|---|
runbooks inventory collect |
Automated resource discovery | Gather compute, database, storage, and network resources from all organization accounts |
runbooks inventory resource-explorer |
Unified resource search | Query AWS Resource Explorer aggregator for cross-account resource lookup and filtering |
runbooks inventory tag-compliance |
Tagging validation | Audit resource tags against FOCUS/CSDM standards and flag missing mandatory tags |
runbooks inventory export-cmdb |
CMDB export | Generate YAML/CSV CI (Configuration Item) contracts ready for ServiceNow/Atlassian import |
vpc Command Group (Topology Discovery)¶
| Command | Capability | Purpose |
|---|---|---|
runbooks vpc topology |
Network topology discovery | Map VPC/subnet/security group relationships across accounts |
runbooks vpc dependency-graph |
Workload dependencies | Identify which compute instances, containers, and databases are connected |
runbooks vpc resource-analyzer |
Reachability validation | Verify which resources can communicate based on security group and NACL rules |
Code Paths¶
- Resource collectors:
runbooks/src/runbooks/inventory/collectors/ - Tagging validation:
runbooks/src/runbooks/inventory/tag_compliance.py - CMDB export:
runbooks/src/runbooks/inventory/csdm_export.py - VPC topology:
runbooks/src/runbooks/vpc/topology_discovery.py
See the inventory CLI Reference and vpc CLI Reference for complete command documentation.
Quality Gate¶
Workload-to-infrastructure binding completeness: FOCUS-compatible tagging attribution
Resource collection must attach FOCUS (FinOps Open Cost and Usage Specification) standard tags and enable cost allocation workflows. Every discovered resource is tagged with:
- Owner (person or team responsible)
- Environment (production, staging, development)
- CostCenter (for chargeback)
- Application (for dependency mapping)
- Workload (for workload discovery aggregation)
Measured via: runbooks inventory validate-focus --profile $AWS_OPERATIONS_PROFILE — confirms all resources have FOCUS-compliant tags for cost allocation.
Related Solutions¶
- Account Assessment — account enumeration feeds workload discovery (account-assessment.md)
- Network Orchestration — VPC topology enriches workload dependency graphs (network-orchestration-tgw.md)
- Cloud Foundations — tagging governance ensures workload discovery is reliable (cloud-foundations.md)
Last checked¶
2026-05-21 — Workload Discovery URL verified live (HTTP 200)