runbooks security assessΒΆ
Auto-generated from
runbooks security assess --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Usage: runbooks security assess [OPTIONS]
Comprehensive security assessment with multi-framework compliance and
universal profile support.
Enterprise Features: β’ 15+ security checks across multiple frameworks β’
Multi-language reporting (EN/JP/KR/VN) β’ Risk scoring and prioritization β’
Remediation recommendations with business impact β’ Multi-account security
assessment with --all flag
Examples: runbooks security assess --framework soc2 runbooks
security assess --all-checks --format pdf runbooks security assess
--severity critical --language ja runbooks security assess --all
--framework soc2 # Multi-account assessment runbooks security assess
--resource-id i-04adf4d7eb2320218 # Per-instance SecurityHub findings
Options:
--profile TEXT AWS profile for single-account operations.
π Profile Selection Guide: βββββββββββββββββ
ββββββββββββββββββββββββββββββ
Single Account β Use --profile YOUR_PROFILE
Example: --profile dev-account When:
Developer/operator working in one AWS
account
Multi-Account LZ β Use --all-profiles (see
inventory commands) Example: --all-
profiles When: Platform team discovering
across organization
π Enrichment Profiles (Automatic): β’
Organizations: MANAGEMENT_PROFILE β’ Costs:
BILLING_PROFILE Note: Separate from
discovery profile
Decision: Single account = --profile |
Multi-account = --all-profiles
--region TEXT AWS region override (default: ap-
southeast-2)
--dry-run Safe analysis mode - no resource
modifications (enterprise default)
-f, --format, --output-format [json|csv|table|pdf|markdown]
Output format for results display
(-f/--format preferred, --output-format
legacy)
--output-dir PATH Directory for generated files and evidence
packages
--all-outputs Generate all output formats (JSON, CSV, PDF,
Markdown) - use with --output-dir
--csv Export to CSV format (convenience flag,
activates --all-outputs)
--json Export to JSON format (convenience flag,
activates --all-outputs)
--markdown Export to Markdown format (convenience flag,
activates --all-outputs)
--framework [soc2|pci-dss|hipaa|iso27001|well-architected]
Compliance frameworks to assess
--all-checks Run all available security checks
--severity [critical|high|medium|low]
Filter by minimum severity level
--language [en|ja|ko|vi] Report language (English, Japanese, Korean,
Vietnamese)
--all Use all available AWS profiles for multi-
account security assessment
--output-dir PATH Output directory for exported files
--resource-id RESOURCE_ID Filter SecurityHub findings for a specific
resource. Accepts EC2 instance ID (i-xxx) or
full resource ARN. When provided, runs
SecurityHub finding lookup instead of full
assessment.
--help Show this message and exit.