runbooks inventory enrich-activityΒΆ
Auto-generated from
runbooks inventory enrich-activity --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Usage: runbooks inventory enrich-activity [OPTIONS]
Enrich with CloudTrail/CloudWatch/SSM/Compute Optimizer activity data.
Adds 11 activity columns for E1-E7 decommissioning signals:
CloudTrail (E3: 8 points) - configurable via --activity-lookback-days: -
last_activity_date: Most recent CloudTrail event timestamp -
days_since_activity: Days since last event (999 if no events) -
activity_count_90d: Total events in lookback window
CloudWatch (E2: 10 points) - configurable via --cloudwatch-period: -
p95_cpu_utilization: P95 CPU utilization over period -
p95_network_bytes: P95 network bytes over period - user_connected_sum:
Total user connection minutes (WorkSpaces only)
SSM (E4: 8 points - EC2 only): - ssm_ping_status: Online, Offline,
ConnectionLost, Not SSM managed - ssm_last_ping_date: Timestamp of last
SSM heartbeat - ssm_days_since_ping: Days since last heartbeat
Compute Optimizer (E1: 60 points - EC2 only): -
compute_optimizer_finding: Idle, Underprovisioned, Optimized -
compute_optimizer_cpu_max: Maximum CPU utilization over 14 days -
compute_optimizer_recommendation: Right-sizing recommendation
Performance Tuning: - --skip-cloudtrail: Skip E3 signal (8 points) for
faster execution - --skip-cloudwatch: Skip E2 signal (10 points) for
faster execution - --skip-ssm: Skip E4 signal (8 points) for faster
execution - --skip-compute-optimizer: Skip E1 signal (60 points) for
faster execution - --ssm-timeout: Control SSM API timeout (default: 30
seconds)
Examples: # Standard enrichment with all signals runbooks inventory
enrich-activity \ --input data/ec2-discovery.csv \ --profile
${CENTRALISED_OPS_PROFILE} \ --resource-type ec2 \ --output
data/ec2-activity-enriched.csv
# Fast enrichment (skip CloudTrail and SSM) runbooks inventory
enrich-activity \ --input data/ec2-discovery.csv \
--profile ${CENTRALISED_OPS_PROFILE} \ --resource-type ec2 \
--skip-cloudtrail --skip-ssm \ --output data/ec2-activity-
fast.csv
# Custom activity window (30 days for faster API calls) runbooks
inventory enrich-activity \ --input data/ec2-discovery.csv \
--profile ${CENTRALISED_OPS_PROFILE} \ --resource-type ec2 \
--activity-lookback-days 30 --cloudwatch-period 7 \ --output
data/ec2-activity-short-window.csv
Requirements: - Input CSV must have resource_id column (instance_id for
EC2, workspace_id for WorkSpaces) - Profile must have CloudTrail,
CloudWatch, SSM, Compute Optimizer read permissions - Multi-API
operation with graceful degradation on errors
Options:
--tags TEXT Filter by tags (key=value format)
--accounts TEXT Filter by specific account IDs
--all Multi-account discovery
(CENTRALISED_OPS_PROFILE as aggregator).
π Behavior: ββββββββββββββββββββββββββββββββ
βββββββββββββββ
β’ Queries AWS Resource Explorer aggregator
index β’ Discovers resources across ALL
accounts in Landing Zone β’ Requires
CENTRALISED_OPS_PROFILE with cross-account
permissions
π Enrichment Layers (Automatic): β’
Organizations metadata: MANAGEMENT_PROFILE
β’ Cost data: BILLING_PROFILE Note:
Enrichment uses separate profiles regardless
of discovery mode
Use Case: Enterprise platform teams managing
67+ account Landing Zones
--profiles TEXT Specific AWS profiles (comma-separated,
e.g., "billing,security,audit")
--regions TEXT Specific AWS regions (space-separated)
--all-regions Process all enabled AWS regions
-f, --format, --output-format [json|csv|table|pdf|markdown]
Output format for results display
(-f/--format preferred, --output-format
legacy)
--output-dir PATH Directory for generated files and evidence
packages
--all-outputs Generate all output formats (JSON, CSV, PDF,
Markdown) - use with --output-dir
--csv Export to CSV format (convenience flag,
activates --all-outputs)
--json Export to JSON format (convenience flag,
activates --all-outputs)
--markdown Export to Markdown format (convenience flag,
activates --all-outputs)
--profile TEXT AWS profile for single-account operations.
π Profile Selection Guide: βββββββββββββββββ
ββββββββββββββββββββββββββββββ
Single Account β Use --profile YOUR_PROFILE
Example: --profile dev-account When:
Developer/operator working in one AWS
account
Multi-Account LZ β Use --all-profiles (see
inventory commands) Example: --all-
profiles When: Platform team discovering
across organization
π Enrichment Profiles (Automatic): β’
Organizations: MANAGEMENT_PROFILE β’ Costs:
BILLING_PROFILE Note: Separate from
discovery profile
Decision: Single account = --profile |
Multi-account = --all-profiles
--region TEXT AWS region override (default: ap-
southeast-2)
--dry-run Safe analysis mode - no resource
modifications (enterprise default)
--input PATH Input CSV file with resource discovery data
[required]
--resource-type [ec2|workspaces]
Resource type to enrich (ec2 or workspaces)
[required]
--activity-lookback-days INTEGER
CloudTrail activity window in days (default:
90)
--cloudwatch-period INTEGER CloudWatch metrics period in days (default:
14)
--skip-cloudtrail Skip CloudTrail enrichment (E3 signal) for
faster execution
--skip-cloudwatch Skip CloudWatch metrics enrichment (E2
signal) for faster execution
--skip-ssm Skip SSM enrichment (E4 signal, EC2 only)
for faster execution
--skip-compute-optimizer Skip Compute Optimizer enrichment (E1
signal, EC2 only) for faster execution
--ssm-timeout INTEGER SSM API timeout in seconds (default: 30)
--output PATH Output CSV file path [required]
--console-format Display Rich table to console AND export CSV
(dual output)
-v, --verbose Show detailed execution logs
--format-output [compact|table|json]
Output format
--help Show this message and exit.