π CloudOps/FinOps Runbooks - Enterprise AWS Automation β‘ΒΆ
π° Quick Value: Discover, analyze, and optimize AWS resources across multi-account AWS environments with production-validated automation patterns.
π§° Runbooks CloudOps/FinOps & AWS MCP ServersΒΆ
The hybrid approach (Runbooks CloudOps/FinOps & AWS MCPs) leverages the strengths of both solutions: AWS MCPs for real-time accuracy data access and Runbooks for cloud foundation, business intelligence and visualization, ensuring optimal cost optimization results for your enterprise environment.
π― Why CloudOps Runbooks?ΒΆ
| Feature | Benefit | Status |
|---|---|---|
| π€ AI-Agents Orchestration | AI-Agents SDLC coordination + MCP-Servers + CI/CD | β Enterprise-grade Production-ready with 3-Modes Testing & 3-Ways Validations |
| β‘ Blazing Performance | Sub-second CLI responses + Jupyter-Notebooks UX/UI | β Seconds execution with rust/uv/python/wolfi |
| π° Cost Analysis | Multi-account cost monitoring | β Real-time analysis |
| π Enterprise Security | Zero-trust, compliance ready | β SOC2, PCI-DSS, HIPAA |
| ποΈ Multi-Account Ready | AWS Cloud Foundation + Universal AWS integration | β Multi-account LZ supported |
| π Rich Reporting | Executive + technical dashboards | β .csv/.md/.pdf/.json/.xlsx/.html/.png output formats |
β©οΈ Core ModulesΒΆ
| Module | Purpose | Key Commands | Business Value |
|---|---|---|---|
| π Inventory | Multi-account LZ resource discovery | runbooks inventory collect |
Complete visibility across 50+ services |
| π VPC | Network analysis & optimization | runbooks vpc analyze |
Network cost optimization |
| π° FinOps [PLANNED] | Multi-account cost analysis | runbooks finops |
Real-time cost optimization |
| ποΈ CFAT [PLANNED] | Cloud Foundations Assessment | runbooks cfat assess |
Executive-ready compliance reports |
| π Security [PLANNED] | Compliance & baseline testing | runbooks security assess |
15+ security checks, 4 languages |
| π οΈ Remediation [PLANNED] | Automated security fixes | Coming in v1.2 | 50+ security playbooks |
| βοΈ Operate [PLANNED] | Resource lifecycle management | runbooks operate ec2 start |
Safe resource operations |
111ΒΆ
π 5-Minute Success PathΒΆ
Step 1: Installation (30 seconds)ΒΆ
Step 2: Cost Discovery (3 minutes)ΒΆ
# Replace with your billing profile
export AWS_BILLING_PROFILE="your-billing-readonly-profile"
runbooks finops --dry-run --profile $AWS_BILLING_PROFILE
# Expected output: Cost optimization opportunities across multiple categories
Step 3: Executive Reports (90 seconds)ΒΆ
runbooks finops --export pdf --report-name executive-summary
runbooks finops --export csv --detailed-analysis
π° Strategic Value FrameworkΒΆ
Business Impact MatrixΒΆ
# Enterprise cost optimization suite
pip install runbooks
# Business scenario analysis
runbooks finops --scenario workspaces --dry-run
runbooks finops --scenario nat-gateway --dry-run
runbooks finops --scenario elastic-ip --dry-run
runbooks finops --scenario rds-snapshots --dry-run
runbooks finops --scenario ebs-volumes --dry-run
# Strategic analysis modes
runbooks finops --profile $AWS_BILLING_PROFILE # Cost visibility
runbooks finops --trend --profile $AWS_BILLING_PROFILE # Trend analysis
runbooks finops --audit --profile $AWS_BILLING_PROFILE # Audit compliance
Executive-Ready DeliverablesΒΆ
| Scenario | Time to Value | Deliverable |
|---|---|---|
| π’ WorkSpaces Optimization | 2 minutes | Executive PDF report |
| π Network Cost Reduction | 3 minutes | Cost analysis dashboard |
| π Storage Efficiency | 2 minutes | Optimization roadmap |
| π― Complete Cost Audit | 5 minutes | Comprehensive analysis |
π¦ Installation & Quick StartΒΆ
Production InstallationΒΆ
ConfigurationΒΆ
AWS Profile Selection (TESTED)ΒΆ
# Set up your AWS profiles
export AWS_BILLING_PROFILE="your-billing-readonly-profile"
export AWS_MANAGEMENT_PROFILE="your-management-readonly-profile"
export AWS_OPERATIONS_PROFILE="your-operations-readonly-profile"
# Profile capability matrix (ACTUAL tested results):
# - BILLING: Cost Explorer β
, Organizations β
, Multi-account discovery β
# - MANAGEMENT: Organizations β
, Cost Explorer β
, Account management β
# - CENTRALISED_OPS: Single-account resources β
, Limited multi-account β οΈ
# - TEST_SRE: Workload-specific β
, NO Organizations access β
Multi-Account Discovery (PROVEN PATTERN)ΒΆ
# For organization-wide resource discovery with cost data:
runbooks finops analyze-ec2 \
--input data/resources.xlsx \
--billing-profile $BILLING_PROFILE \
--management-profile $MANAGEMENT_PROFILE \
--operational-profile $CENTRALISED_OPS_PROFILE \
--enable-cost \
--include-12month-cost
# Single-account operations:
runbooks inventory collect --profile $CENTRALISED_OPS_PROFILE --regions ap-southeast-2
β‘ Essential Commands ReferenceΒΆ
π Discovery & InventoryΒΆ
# Multi-service resource discovery
runbooks inventory collect -r ec2,s3,rds --profile production
# Cross-account organization scan
runbooks scan --all-accounts --include-cost-analysis
# Specialized discovery operations
runbooks inventory collect -r lambda --include-code-analysis
π° Cost ManagementΒΆ
# Interactive cost dashboard
runbooks finops --profile your-billing-profile
# Cost optimization analysis
runbooks finops --optimize --target-savings 30
# Multi-account cost aggregation
runbooks finops --all-accounts --breakdown-by service,account,region
π Security & ComplianceΒΆ
# Security baseline assessment
runbooks security assess --profile production --language EN
# Multi-framework compliance check
runbooks cfat assess --compliance-framework "AWS Well-Architected"
# Specialized security operations
runbooks security check root_mfa --profile management
βοΈ Resource OperationsΒΆ
# Safe EC2 operations (dry-run by default)
runbooks operate ec2 stop --instance-ids i-1234567890abcdef0 --dry-run
# S3 security hardening
runbooks operate s3 set-public-access-block --account-id 123456789012
# CloudFormation operations
runbooks operate cloudformation move-stack-instances \
--source-stackset old-baseline --target-stackset new-baseline --dry-run
π¨ CLI Parameter Flexibility (v1.1.10+)ΒΆ
Enhanced UX: All commands now support flexible format specification with short flag support
Triple Alias PatternΒΆ
Choose your preferred parameter style - all forms work identically:
| Style | Example | Use Case |
|---|---|---|
| Short β¨ | -f json |
Interactive CLI (save keystrokes) |
| Standard | --format json |
Scripts & automation |
| Legacy | --export-format json |
Backward compatibility |
Examples - All Three Forms WorkΒΆ
Organization Visualization:
# All three commands produce identical output
runbooks inventory draw-org -f graphviz --profile $MANAGEMENT_PROFILE
runbooks inventory draw-org --format graphviz --profile $MANAGEMENT_PROFILE
runbooks inventory draw-org --export-format graphviz --profile $MANAGEMENT_PROFILE
Cost Analysis Export:
# Choose your preferred style
runbooks finops analyze -f csv --profile $BILLING_PROFILE
runbooks finops analyze --format csv --profile $BILLING_PROFILE
runbooks finops analyze --export-format csv --profile $BILLING_PROFILE
Account Inventory:
# Short form for interactive use (NEW in v1.1.10)
runbooks inventory list-org-accounts -f json --output accounts.json
# Standard form for scripts
runbooks inventory list-org-accounts --format csv --output accounts.csv
# Legacy form (fully supported)
runbooks inventory list-org-accounts --export-format markdown --output accounts.md
Supported Commands (13 Total)ΒΆ
| Module | Command | Formats | v1.1.10 |
|---|---|---|---|
| Inventory | draw-org |
graphviz, mermaid, diagrams | β |
| Inventory | list-org-accounts |
json, csv, markdown, table | β |
| Inventory | list-org-users |
json, csv, markdown, table | β |
| Inventory | find-lz-versions |
json, csv, markdown, table | β |
| Inventory | check-landingzone |
json, markdown, table | β |
| Inventory | check-controltower |
json, markdown, table | β |
| FinOps | infrastructure analyze |
json, csv, markdown | β |
| FinOps | elastic-ip |
json, csv, markdown | β |
| FinOps | ebs |
json, csv, markdown | β |
| FinOps | vpc-endpoint |
json, csv, markdown | β |
| FinOps | nat-gateway |
json, csv, markdown | β |
| FinOps | load-balancer |
json, csv, markdown | β |
Migration GuideΒΆ
Zero Breaking Changes: All existing scripts continue working without modification
Adoption Path:
- β
Now: All parameter forms work (choose preferred style)
- π‘ Recommended: Adopt -f for interactive CLI usage (faster typing)
- π Scripts: Update at your convenience (no urgency)
- π Future: v1.2.0 will show deprecation warnings for legacy parameters
ποΈ Architecture HighlightsΒΆ
Modern StackΒΆ
- π Python 3.11+: Modern async capabilities
- β‘ UV + Ruff: 10x faster dependency resolution & linting
- π¨ Rich CLI: Beautiful terminal interfaces
- π Pydantic V2: Type-safe data models
- π boto3: Native AWS SDK integration
- π€ MCP Servers: Real-time AWS API access (MCP Specification)
Enterprise FeaturesΒΆ
- π Multi-Profile AWS: Seamless account switching
- π Multi-Language Reports: EN/JP/KR/VN support
- π DORA Metrics: DevOps performance tracking
- π¨ Safety Controls: Dry-run defaults, approval workflows
- π Executive Dashboards: Business-ready reporting
π DocumentationΒΆ
Quick LinksΒΆ
- π Homepage - Official project website
- π Documentation - Complete guides
- π Issues - Bug reports & features
- π¬ Discussions - Community support
Enterprise Module DocumentationΒΆ
| Module | Documentation Hub | Key Business Value | Technical Implementation |
|---|---|---|---|
| π° FinOps | π Module Hub | 20-40% cost optimization | Code |
| π° EC2 Analysis | π Enhancements | CloudFormation tracking + Decommission planning | v1.1.11 |
| π Security | π‘οΈ Module Hub | 15+ security checks, 4 languages | Code |
| π Inventory | π Module Hub | 50+ AWS services discovery | Code |
| βοΈ Operations | π§ Module Hub | Resource lifecycle management | Code |
π§ ConfigurationΒΆ
AWS Profiles SetupΒΆ
# Environment variables for enterprise setup
export AWS_BILLING_PROFILE="your-billing-readonly-profile"
export AWS_MANAGEMENT_PROFILE="your-management-readonly-profile"
export AWS_OPERATIONS_PROFILE="your-operations-readonly-profile"
# Universal profile usage patterns
runbooks finops --profile $AWS_BILLING_PROFILE # Cost analysis
runbooks inventory collect --profile $AWS_MANAGEMENT_PROFILE # Discovery
runbooks operate --profile $AWS_OPERATIONS_PROFILE # Operations
Advanced ConfigurationΒΆ
# Custom configuration directory
export RUNBOOKS_CONFIG_DIR="/path/to/config"
# Performance tuning
export RUNBOOKS_PARALLEL_WORKERS=10
export RUNBOOKS_TIMEOUT=300
π‘οΈ Security & ComplianceΒΆ
| Framework | Status | Coverage |
|---|---|---|
| AWS Well-Architected | β Full | 5 pillars |
| SOC2 | β Compliant | Type II ready |
| PCI-DSS | β Validated | Level 1 |
| HIPAA | β Ready | Healthcare compliant |
| ISO 27001 | β Aligned | Security management |
π¦ RoadmapΒΆ
| Version | Timeline | Key Features |
|---|---|---|
| v1.1.x | Current | β
Enterprise Production - inventory Cloud Foundation |
| v1.2 | Q1 2026 | finops enterprise features and expanded service coverage |
| v1.3 | Q2 2026 | Enhanced AI orchestration & ADLC |
| v1.5 | Q3 2026 | Self-healing infrastructure across any AWS setup |
| v2.0 | Q4 2026 | Multi-Cloud support (Azure, GCP) |
π Support OptionsΒΆ
Community Support (Free)ΒΆ
- π GitHub Issues - Bug reports & feature requests
- π¬ GitHub Discussions - Community Q&A
Enterprise SupportΒΆ
- π’ Professional Services - Custom deployment assistance
- π Training Programs - Team enablement workshops
- π οΈ Custom Development - Tailored collector modules
- π§ Email: https://www.linkedin.com/in/nnthanh/
π LicenseΒΆ
Apache License 2.0 - See LICENSE file for details.
ποΈ Built with β€οΈ by the xOps team at OceanSoft
Transform your AWS operations from reactive to proactive with enterprise-grade automation π