`runbooks inventory ec2-investigate`¶

Auto-generated from runbooks inventory ec2-investigate --help on 2026-05-21. Source of truth: runbooks PyPI package v1.3.22

Usage: runbooks inventory ec2-investigate [OPTIONS]

  6-phase EC2 host investigation: discovery, EBS, security, network,
  compliance, summary.

  Chains existing runbooks modules into a single investigation workflow: Phase
  1: ec2:DescribeInstances -- instance metadata, VPC, subnet, tags Phase 2:
  EBS layout and encryption audit (ebs-health module) Phase 3: SecurityHub +
  GuardDuty + Inspector2 findings (host-findings module) Phase 4: VPC flow log
  traffic analysis (flow-log-query module) Phase 5: SSM patch compliance (ssm-
  status module) Phase 6: Risk score aggregation and executive summary panel

  Each phase degrades gracefully -- if one fails the investigation continues.

  READONLY -- no mutations.

  Examples:     runbooks inventory ec2-investigate --instance-id i-0abc123
  --profile ops-profile     runbooks inventory ec2-investigate --instance-id
  i-0abc123 --profile ops --days 14 --output json

Options:
  -p, --profile TEXT         AWS profile name (default: from AWS_PROFILE env
                             var)
  --instance-id INSTANCE_ID  EC2 instance ID to investigate (e.g.
                             i-0abc123def456)  [required]
  --region TEXT              AWS region (default: ap-southeast-2)
  --days INTEGER             Flow log lookback window in days  [default: 7]
  --output [table|json]      Output format (default: table)
  --help                     Show this message and exit.

runbooks inventory ec2-investigate¶

Examples¶

`runbooks inventory ec2-investigate`¶