runbooks finopsΒΆ
35 commands for cost optimization and FinOps analytics across AWS accounts.
AWS Profile ConfigurationΒΆ
All runbooks commands support these common options for AWS authentication:
| Option | Scope | When to Use |
|---|---|---|
--profile PROFILE |
Single account | Developer/operator targeting one AWS account |
--all-profiles |
All accounts (Landing Zone) | Platform team β discovers across all SSO profiles |
--region REGION |
Override region | Non-default region (default: ap-southeast-2) |
--dry-run |
Safe mode | Analysis only, no mutations (recommended for first run) |
--output-dir DIR |
Output path | Directory for generated reports (default: output/) |
--format FORMAT |
Output format | table, json, csv, markdown (varies by command) |
Single Account SetupΒΆ
Copy and configure:
# =============================================================
# AWS Single Account Configuration
# =============================================================
export AWS_REGION="ap-southeast-2"
export AWS_PROFILE="your-account-profile"
# Authenticate via SSO
aws sso login --profile $AWS_PROFILE
# Verify
aws sts get-caller-identity --profile $AWS_PROFILE
# Run any command
runbooks finops dashboard --profile $AWS_PROFILE
Multi-Account Landing Zone SetupΒΆ
Copy and configure all 4 environment variables:
# =============================================================
# AWS Multi-Account Landing Zone Configuration
# =============================================================
export AWS_REGION="ap-southeast-2"
## Single account (default fallback)
export AWS_PROFILE="your-default-profile"
## FinOps/Billing profile (READ-ONLY access to Cost Explorer)
export AWS_BILLING_PROFILE="your-billing-readonly-profile"
## Management account profile (Organizations, Control Tower)
export AWS_MANAGEMENT_PROFILE="your-management-readonly-profile"
## Centralized Operations account profile (for shared resources)
export AWS_OPERATIONS_PROFILE="your-operations-readonly-profile"
# =============================================================
# Authenticate all profiles
# =============================================================
aws sso login --profile $AWS_BILLING_PROFILE
aws sso login --profile $AWS_MANAGEMENT_PROFILE
aws sso login --profile $AWS_OPERATIONS_PROFILE
# =============================================================
# Verify connectivity
# =============================================================
aws sts get-caller-identity --profile $AWS_BILLING_PROFILE
aws sts get-caller-identity --profile $AWS_MANAGEMENT_PROFILE
# =============================================================
# Run org-wide commands
# =============================================================
runbooks inventory collect --all-profiles --region $AWS_REGION
runbooks finops dashboard --all-profiles --format table
Environment Variables ReferenceΒΆ
| Variable | Required | Purpose |
|---|---|---|
AWS_REGION |
Yes | Target AWS region (default: ap-southeast-2) |
AWS_PROFILE |
Yes | Default profile when --profile is omitted |
AWS_BILLING_PROFILE |
LZ only | Cost Explorer data enrichment |
AWS_MANAGEMENT_PROFILE |
LZ only | Organizations metadata enrichment |
AWS_OPERATIONS_PROFILE |
LZ only | Centralized Operations shared resources |
RUNBOOKS_TEST_MODE |
No | Set to 1 for offline/mock mode (no AWS calls) |
CommandsΒΆ
| Command | Description | API Type |
|---|---|---|
analyze-ec2 |
EC2 instance cost and utilization analysis | read-only |
analyze-graviton-eligibility |
Graviton migration eligibility assessment | read-only |
analyze-s3-storage-lens |
S3 Storage Lens analytics | read-only |
analyze-workspaces |
WorkSpaces cost and usage analysis | read-only |
appstream-decommission-analysis |
AppStream decommission candidates | read-only |
azure |
Azure FinOps subgroup | read-only |
azure anomaly |
Azure spending anomaly detection | read-only |
azure daily |
Azure daily cost breakdown | read-only |
azure monthly |
Azure monthly cost report | read-only |
azure validate |
Azure cost data validation | read-only |
check-config-compliance |
AWS Config compliance check | read-only |
cost-drops |
Detect cost reduction opportunities | read-only |
dashboard |
Cost dashboard with multi-format export | read-only |
detect-orphans |
Detect orphaned resources (EBS, EIP, ENI) | read-only |
detect-rds-idle |
Detect idle RDS instances | read-only |
ec2-decommission-analysis |
EC2 decommission candidate analysis | read-only |
ec2-snapshots |
EC2 snapshot cost analysis | read-only |
enrich-workspaces |
Enrich WorkSpaces with cost data | read-only |
export |
Export cost data in multiple formats | read-only |
infrastructure |
Infrastructure optimization (Epic 2) | read-only |
infrastructure analyze |
Cross-service infrastructure analysis | read-only |
infrastructure elastic-ip |
Elastic IP optimization | read-only |
infrastructure load-balancer |
Load Balancer optimization | read-only |
infrastructure nat-gateway |
NAT Gateway optimization | read-only |
infrastructure vpc-endpoint |
VPC Endpoint optimization | read-only |
lambda-analysis |
Lambda function cost analysis | read-only |
optimize |
General cost optimization recommendations | read-only |
optimize-cloudwatch-costs |
CloudWatch cost optimization | read-only |
optimize-s3-lifecycle |
S3 lifecycle policy recommendations | read-only |
optimize-savings-plans |
Savings Plans optimization | read-only |
scenario |
What-if cost scenario modeling | read-only |
sprint1 |
Sprint 1 cost analysis report | read-only |
validate |
Cost data cross-validation | read-only |
validate-with-mcp |
MCP vs native API cost validation | read-only |
workspaces-decommission-analysis |
WorkSpaces decommission candidates | read-only |
Usage ExamplesΒΆ
# Cost dashboard for one account
runbooks finops dashboard \
--profile $AWS_BILLING_PROFILE \
--output-format table
# Detect orphaned resources (EBS volumes, EIPs, ENIs)
runbooks finops detect-orphans \
--profile $AWS_PROFILE \
--dry-run
# Infrastructure optimization analysis
runbooks finops infrastructure analyze \
--profile $AWS_BILLING_PROFILE