runbooks inventoryΒΆ
Auto-generated from
runbooks inventory --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Runbooks Inventory - Multi-account AWS resource discovery
π Command Categories (40 operations across 9 categories):
1οΈβ£ Discovery: resource-explorer (88 AWS resource types)
2οΈβ£ Organizations: org-*, accounts-* (multi-account management)
3οΈβ£ VPC/Network: vpc-*, nat-*, elb-* (network architecture)
4οΈβ£ CloudFormation: cfn-*, stack-* (IaC drift detection)
5οΈβ£ Activity/Scoring: enrich-*, score-* (decommission analysis)
6οΈβ£ Security/Compliance: security-*, audit-*, check-*
7οΈβ£ Workflows: workflow-*, pipeline-* (automated pipelines)
8οΈβ£ Validation: validate-*, verify-* (MCP cross-validation)
9οΈβ£ Utilities: export-*, clean-*, show-* (helper commands)
Inventory Commands (59 commands)
βββ π Multi-Account Discovery (6 commands)
β βββ Command Description
β collect Multi-account resource
β discovery via Resource Explorer
β resource-explorer Discover resources by friendly
β alias (88 types)
β resource-types List all 88 supported resource
β types
β discover-rds RDS database discovery
β discover-lambda Lambda function discovery
β collect-containers Container discovery (ECS
β clusters, tasks, services)
βββ π’ Organizations (14 commands)
β βββ Command Description
β list-org-accounts List AWS accounts in
β organization
β list-org-users List IAM users across
β organization
β draw-org Visualize organization
β hierarchy
β check-landingzone Validate Landing Zone
β configuration
β check-controltower Validate Control Tower setup
β find-lz-versions Discover Landing Zone versions
β collect-ram-shares Discover AWS RAM shares
β list-enabled-services List Organizations-enabled
β service principals
β list-delegated-administrators List Organizations delegated
β administrators
β list-org-policies List Organizations policies
β (SCP/Tag/Backup/AI)
β list-resource-groups List AWS Resource Groups in
β region
β list-app-registry-applications List Service Catalog
β AppRegistry applications
β describe-delegated-admin-policy Describe Organization
β resource-based (trust) policy
β org-governance-report AWS Organizations governance
β dashboard β accounts, SCPs,
β services, delegated admins
βββ π Enrichment Layers (5 commands)
β βββ Command Description
β enrich-accounts Add Organizations metadata
β enrich-costs Add cost data from Cost
β Explorer
β enrich-activity Add CloudTrail activity signals
β enrich-ec2 EC2-specific enrichment
β score-decommission Score decommission candidates
β (E1-E7/W1-W6)
βββ π VPC & Network (via `inventory vpc` subgroup) (7 commands)
β βββ Command Description
β vpc flow-logs VPC Flow Logs discovery and
β analysis
β vpc nat-traffic NAT Gateway traffic analysis
β vpc security-groups Security group validation
β vpc validate VPC architecture assessment
β vpc dependencies Cross-VPC dependency analysis
β list-elbs Load balancer discovery
β (ELB/ALB/NLB)
β list-enis Network interface discovery
β (ENI)
βββ βοΈ CloudFormation (6 commands)
β βββ Command Description
β find-cfn-drift CloudFormation drift detection
β find-cfn-orphaned-stacks Orphaned stack discovery
β list-cfn-stacks List CloudFormation stacks
β list-cfn-stacksets List CloudFormation StackSets
β find-cfn-stackset-drift StackSet drift detection
β recover-cfn-stack-ids Recover CloudFormation stack
β IDs
βββ π Security & Compliance (6 commands)
β βββ Command Description
β check-cloudtrail-compliance CloudTrail compliance
β validation
β list-guardduty-detectors GuardDuty detector discovery
β tag-coverage Tag coverage analysis
β drift-detection Comprehensive drift detection
β ssm-status SSM Agent status for EC2
β instance (ssm_agent_status,
β ssm_ping_status)
β ebs-health EBS volume health and
β attachment status for EC2
β instance
βββ π‘ Other Services (3 commands)
β βββ Command Description
β list-sns-topics SNS topic discovery
β collect-messaging Messaging resources (SQS
β queues, SNS topics)
β collect-analytics Analytics resources (Athena,
β Glue databases/tables)
βββ π Workflows (3 commands)
β βββ Command Description
β workflow-single-account 4-layer pipeline (single
β account)
β workflow-multi-account 5-layer pipeline (multi-account
β LZ)
β pipeline-summary Display pipeline execution
β summary
βββ β
Validation (3 commands)
β βββ Command Description
β validate-mcp MCP cross-validation (β₯99.5%
β accuracy)
β validate-costs Cost data accuracy validation
β cross-validate 4-way cross-validation
β (MCP/CLI/Console/AWS)
βββ π οΈ Utilities (1 commands)
β βββ Command Description
β clean-outputs Clean output directory
βββ π Resource Investigation (5 commands)
βββ Command Description
ec2-investigate 6-phase EC2 host investigation
(security, network, compliance)
rds-investigate 6-phase RDS instance
investigation (security,
network, compliance)
s3-investigate 6-phase S3 bucket investigation
(public access, encryption,
compliance)
workspaces-investigate 6-phase WorkSpaces
investigation (cost, security,
compliance)
vpc-investigate 6-phase VPC/TGW investigation
(topology, security, flow logs)
π‘ Common Workflows:
Quick discovery: runbooks inventory resource-explorer --resource-type ec2
--profile $AWS_PROFILE
With cost data: Add --enrich-costs --billing-profile BILLING
Full 5-layer: runbooks inventory workflow-multi-account
π Profile Requirements:
CENTRALISED_OPS: Resource Explorer aggregator access
BILLING: Cost Explorer API access (enrich-costs)
MANAGEMENT: Organizations API access (enrich-accounts)