runbooks finops check-config-complianceΒΆ
Auto-generated from
runbooks finops check-config-compliance --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Usage: runbooks finops check-config-compliance [OPTIONS]
Check AWS Config compliance and map to cost impact.
Implements Cost Optimization Playbook Phase 2 (AWS Config integration).
Config Rules: - ebs-inuse: Detect unattached EBS volumes - eip-attached:
Detect unallocated Elastic IPs - cw-retention: CloudWatch log retention
compliance
Integration: - Cross-module with security/config module - Maps compliance
violations to cost impact - Correlates with orphan detection
Business Impact: Typical savings of $20K-$80K annually
Options:
--profile TEXT AWS profile for single-account operations.
π Profile Selection Guide: βββββββββββββββββ
ββββββββββββββββββββββββββββββ
Single Account β Use --profile YOUR_PROFILE
Example: --profile dev-account When:
Developer/operator working in one AWS
account
Multi-Account LZ β Use --all-profiles (see
inventory commands) Example: --all-
profiles When: Platform team discovering
across organization
π Enrichment Profiles (Automatic): β’
Organizations: MANAGEMENT_PROFILE β’ Costs:
BILLING_PROFILE Note: Separate from
discovery profile
Decision: Single account = --profile |
Multi-account = --all-profiles
--region TEXT AWS region override (default: ap-
southeast-2)
--dry-run Safe analysis mode - no resource
modifications (enterprise default)
--regions TEXT AWS regions to analyze
--config-rules [ebs-inuse|eip-attached|cw-retention|all]
AWS Config rules to check (default: all)
--help Show this message and exit.