runbooks security baselineΒΆ
Auto-generated from
runbooks security baseline --helpon 2026-05-21. Source of truth: runbooks PyPI package v1.3.22
Usage: runbooks security baseline [OPTIONS]
Security baseline assessment and configuration validation with universal
profile support.
Baseline Security Checks: β’ IAM policy analysis and least privilege
validation β’ S3 bucket public access and encryption assessment β’ VPC
security group and NACL configuration review β’ CloudTrail and logging
configuration verification β’ Encryption at rest and in transit validation
Examples: runbooks security baseline --check-type enterprise
runbooks security baseline --include-remediation --auto-fix runbooks
security baseline --all --check-type enterprise # Multi-account assessment
Options:
--profile TEXT AWS profile for single-account operations.
π Profile Selection Guide: βββββββββββββββββ
ββββββββββββββββββββββββββββββ
Single Account β Use --profile YOUR_PROFILE
Example: --profile dev-account When:
Developer/operator working in one AWS
account
Multi-Account LZ β Use --all-profiles (see
inventory commands) Example: --all-
profiles When: Platform team discovering
across organization
π Enrichment Profiles (Automatic): β’
Organizations: MANAGEMENT_PROFILE β’ Costs:
BILLING_PROFILE Note: Separate from
discovery profile
Decision: Single account = --profile |
Multi-account = --all-profiles
--region TEXT AWS region override (default: ap-
southeast-2)
--dry-run Safe analysis mode - no resource
modifications (enterprise default)
-f, --format, --output-format [json|csv|table|pdf|markdown]
Output format for results display
(-f/--format preferred, --output-format
legacy)
--output-dir PATH Directory for generated files and evidence
packages
--all-outputs Generate all output formats (JSON, CSV, PDF,
Markdown) - use with --output-dir
--csv Export to CSV format (convenience flag,
activates --all-outputs)
--json Export to JSON format (convenience flag,
activates --all-outputs)
--markdown Export to Markdown format (convenience flag,
activates --all-outputs)
--check-type [baseline|advanced|enterprise]
Security check depth level
--include-remediation Include remediation recommendations
--auto-fix Automatically fix low-risk issues (with
approval)
--all Use all available AWS profiles for multi-
account baseline assessment
--output-dir PATH Output directory for exported files
--help Show this message and exit.