[Runbooks] Inventory Module User GuideΒΆ
π― Mission: Get productive with AWS resource discovery in 5-20 minutes β‘
π Executive SummaryΒΆ
Strategic AWS Resource Intelligence Platform
Delivering 10-20% annual cost savings through data-driven decommission recommendations with 99.5%+ MCP-validated accuracy
Business Value Proposition & Deliverables
- Cost Optimization: Identify 10-20% infrastructure waste worth $50K/month
- Risk Mitigation: 99.5%+ accuracy prevents costly decommission mistakes
- Audit Compliance: Complete SOC2/PCI-DSS/HIPAA audit trails
- Time Savings: 10-20Γ faster than manual spreadsheet analysis
Real-World Impact - Enterprise Customer Case Study
Key Differentiators
- β Multi-Signal Intelligence: 7-signal framework (E1-E7) vs single-metric tools
- β Enterprise Scale: 60+ account support with Organizations integration
- β MCP Validation: Cross-validation with AWS Cost Explorer API (β₯99.5% accuracy)
- β Professional Exports: CSV, Markdown, PDF, JSON for all stakeholder types
Business Value Overview
Immediate Capabilities:
- π Multi-account resource discovery: Find EC2, RDS, S3, Lambda, WorkSpaces across your entire AWS Organizations
- π° Cost intelligence: 12-month cost trends with decommissioning ROI calculations
- π Activity analysis: CloudTrail, CloudWatch, SSM, and Compute Optimizer insights
- π― Decommission prioritization: MUST/SHOULD/COULD/KEEP tiers for idle resource cleanup
Expected Results:
| Resource Type | Discovery Scope | Sample Results | Financial Impact |
|---|---|---|---|
| EC2 | Multi-account | Variable instances | Savings potential varies (MUST/SHOULD tiers identify idle resources) |
| WorkSpaces | Multi-account | Variable instances | Savings potential varies (MUST/SHOULD tiers identify idle resources) |
| RDS | Multi-account | Variable by deployment | Cost optimization via right-sizing recommendations |
| S3 | Multi-account | Variable by usage | Lifecycle policy recommendations |
Time to Value:
- β‘ 5 minutes: Single account discovery with cost data
- β‘ 10-20 minutes: Multi-account complete 5-layer enrichment pipeline
- β‘ < 30 seconds: Individual layer execution (optimized performance)
2. CLI Commands & Classification (9 Categories)ΒΆ
| Category | Commands | Use Cases | Personas |
|---|---|---|---|
| 1οΈβ£ Discovery | collect, resource-explorer, resource-types, discover-rds, discover-lambda, discover-workspaces, discover-ec2, discover-s3 |
Multi-account resource enumeration, inventory creation | πΌ Cloud/SRE Engineers |
| 2οΈβ£ Organizations | list-org-accounts, list-org-users, draw-org, check-landingzone, check-controltower, find-lz-versions, collect-ram-shares |
Organization governance, Landing Zone validation | π― CTO, VP Engineering, Compliance Teams |
| 3οΈβ£ Enrichment | enrich (unified), enrich-accounts, enrich-costs, enrich-activity, enrich-ec2, score-decommission |
Add business context (costs, activity, organizations) | π° FinOps Analysts, Cloud/SRE Engineers |
| 4οΈβ£ VPC/Network | vpc topology, vpc validate, vpc dependencies, vpc flow, vpc nat-traffic, vpc security-groups |
Network operations, NAT optimization, security group audits | π Network Engineers, Security Teams |
| 5οΈβ£ CloudFormation | cfn drift, cfn stackset-drift, cfn orphaned, cfn stacks, cfn stacksets, cfn recover-ids |
Infrastructure compliance, drift detection | ποΈ Platform Teams, DevOps Engineers |
| 6οΈβ£ Security/Compliance | check-cloudtrail-compliance, list-guardduty-detectors, tag-coverage, drift-detection |
Compliance audits, security baselines | π Security Engineers, Compliance Officers |
| 7οΈβ£ Workflows | workflow-single-account, workflow-multi-account, pipeline-summary |
End-to-end automation, scheduled operations | β‘ All personas (complete pipelines) |
| 8οΈβ£ Validation | validate-mcp, validate-costs |
Accuracy validation, quality assurance | π FinOps, QA, Audit Teams |
| 9οΈβ£ Utilities | clean-outputs, show-profiles, list-outputs, list-sns-topics |
Housekeeping, debugging, environment verification | π οΈ All personas (operational utilities) |
Total Commands: 40+ operations across 9 categories supporting 7 user personas.
3. Business ScenariosΒΆ
3.1 Persona-Driven Workflow ReferenceΒΆ
The following table maps common operational scenarios to specific personas, showing daily/weekly workflows with expected time savings and business value.
| Scenario | Persona | Frequency | Workflow | Commands | Business Value |
|---|---|---|---|---|---|
| πΌ Multi-Account EC2 Discovery & Cost Enrichment | Cloud/SRE Engineer | Daily | Discover EC2 β Enrich Organizations β Enrich Costs β Score Decommission | runbooks inventory collect --resource-type ec2runbooks inventory enrich --layers organizations,costs,scoring |
3-hour manual audit β 15-minute automated workflow (91% time savings) |
| π VPC Cleanup Planning & NAT Optimization | Network Engineer | Weekly | VPC Topology β NAT Traffic Analysis β Security Group Audit | runbooks inventory vpc topologyrunbooks inventory vpc nat-trafficrunbooks inventory vpc security-groups |
$18K annual NAT Gateway cost savings + 60% faster network audits |
| π― Organization Structure Visibility | CTO/VP Engineering | Quarterly | Draw Organization Hierarchy β Landing Zone Health β Account Compliance | runbooks inventory draw-orgrunbooks inventory check-landingzonerunbooks inventory tag-coverage |
Executive visibility into 67-account AWS organization (2-day manual β 30-minute automated) |
| π° Idle Resource Identification & Decommission Scoring | FinOps Analyst | Weekly | Multi-Resource Discovery β Cost Enrichment β Activity Signals β Scoring | runbooks inventory workflow-multi-account |
$50K+ annual savings through E1-E7 decommission scoring with 99.5%+ accuracy |
| π Security Baseline Validation | Security Engineer | Monthly | CloudTrail Compliance β GuardDuty Status β Tag Coverage β Drift Detection | runbooks inventory check-cloudtrail-compliancerunbooks inventory tag-coveragerunbooks inventory cfn drift |
SOC2/PCI-DSS audit readiness (80% faster compliance validation) |
| ποΈ Multi-Account CloudFormation Drift Analysis | Platform/DevOps Engineer | Weekly | CFN Stacks Discovery β Drift Detection β Orphaned Resources β Stack Recovery | runbooks inventory cfn stacksrunbooks inventory cfn driftrunbooks inventory cfn orphaned |
Infrastructure integrity monitoring (prevents config drift incidents) |
| π Executive Cost & Compliance Reporting | Finance/Compliance Officers | Monthly | Complete 5-Layer Pipeline β MCP Validation β Multi-Format Exports | runbooks inventory workflow-multi-accountrunbooks inventory validate-mcprunbooks inventory export --format pdf,csv |
Board-ready reports with 99.5%+ MCP validation (C-level decision confidence) |
Time Savings Summary:
- Daily Operations: 3 hours β 15 minutes (91% reduction)
- Weekly Audits: 8 hours β 2 hours (75% reduction)
- Monthly Reports: 5 days β 4 hours (95% reduction)
- Quarterly Reviews: 3 weeks β 2 days (90% reduction)
Financial Impact: 10-20% annual cost savings across 7 persona workflows.
3.2 Emergency Cost Reduction ($50K/month in 24 hours)ΒΆ
Situation: CFO demands immediate 20% infrastructure cost reduction
Workflow:
# 1. Rapid organization-wide discovery (10 minutes)
task -t Taskfile.inventory.yaml workflow-multi-account
# 2. High-confidence targets (MUST tier: 90-100 points)
runbooks inventory score-decommission \
--threshold 90 \
--min-monthly-cost 100.0 \
--output /tmp/emergency-high-value.csv
# 3. MCP validation for board confidence
task -t Taskfile.inventory.yaml validate-mcp
# 4. Executive reporting
runbooks inventory export --format pdf --executive-summary
Expected Results:
- Discovery: 500+ resources across 65 accounts (12 minutes)
- Targets: 45 high-value idle instances ($47K/month savings)
- Validation: 99.8% MCP accuracy (board-ready evidence)
- Implementation: 2 engineers Γ 8 hours = quota achieved
Business Value: $564K annual savings, <$200 implementation cost
3.3 Quarterly Cost Review ($15K/month ongoing)ΒΆ
Situation: Regular quarterly optimization to prevent cost creep
Workflow:
# 1. Complete 5-layer enrichment
task -t Taskfile.inventory.yaml pipeline-5-layer
# 2. Medium-confidence targets (SHOULD tier: 70-89 points)
runbooks inventory score-decommission \
--threshold 70 \
--output /tmp/quarterly-targets.csv
# 3. Trend analysis
runbooks inventory analyze-trends --timeframe quarterly
# 4. Stakeholder reports
runbooks inventory export --format csv,pdf
Expected Results:
- Comprehensive analysis: 137 EC2 + 122 WorkSpaces + 50 RDS
- Cleanup targets: 18 resources ($8.2K/month savings)
- Trend detection: 5 cost anomalies flagged for investigation
- Prevention: Catch sprawl early before major cost burden
Business Value: $98K annual savings, recurring quarterly benefit
3.4 Audit Compliance (SOC2/PCI-DSS/HIPAA)ΒΆ
Situation: Annual security audit requires complete inventory with activity proof
Workflow:
# 1. Organization-wide discovery with audit mode
runbooks inventory resource-explorer \
--all-profiles management-profile \
--audit-mode \
--evidence-collection
# 2. 90-day activity documentation
runbooks inventory enrich-activity \
--lookback-days 90 \
--audit-trail
# 3. Compliance reporting
runbooks inventory export \
--format pdf \
--compliance-framework SOC2 \
--include-activity-logs
Expected Results:
- 100% resource discovery across organization
- Complete 90-day CloudTrail/CloudWatch audit trail
- SOC2-compliant documentation with timestamps
- Pass compliance review with comprehensive evidence
Business Value: Avoid audit failure ($500K+ risk), accelerate review (2 weeks β 2 days)
3.5 M&A Due Diligence (2-week infrastructure assessment)ΒΆ
Situation: Acquiring company needs complete AWS infrastructure valuation
Workflow:
# 1. Cross-account discovery (assume role)
runbooks inventory resource-explorer \
--assume-role arn:aws:iam::TARGET:role/AuditRole \
--all-regions \
--resources ALL
# 2. 12-month cost analysis with forecasts
runbooks inventory enrich-costs \
--months 12 \
--include-forecasts
# 3. Technical debt assessment
runbooks inventory assess-technical-debt \
--age-analysis \
--optimization-potential
# 4. Executive M&A report
runbooks inventory export \
--format pdf \
--executive-summary \
--financial-analysis
Expected Results:
- Assessment time: 2 days (vs 2-3 weeks manual)
- Cost discovery: $180K/month spend, $65K optimization (36%)
- Technical debt: 45 outdated instances, 12 compliance gaps
- Deal impact: Justify $500K purchase price adjustment
Business Value: Informed M&A decision, negotiate better terms, accelerate close
4. Cost & PerformanceΒΆ
4.1 AWS API Cost BreakdownΒΆ
Per-Operation Costs:
| Operation | AWS API | Calls | Cost/Run | Monthly (Daily) |
|---|---|---|---|---|
| Discovery | Resource Explorer | 3 regions | $0.06 | $1.80 |
| Organizations | Organizations API | 1 call | $0.00 | $0.00 (free) |
| Cost Enrichment | Cost Explorer | 5 requests | $0.05 | $1.50 |
| Activity Analysis | CloudTrail + CW + SSM + CO | 10+ calls | $0.12 | $3.60 |
| Scoring | Local processing | N/A | $0.00 | $0.00 |
| MCP Validation | Cost Explorer | 2 requests | $0.02 | $0.60 |
| TOTAL | Complete 5-layer pipeline | - | $0.25 | $7.50 |
ROI Analysis:
- Tool Cost: $7.50/month (daily execution)
- Typical Savings: $5K-$15K/month identified
- ROI: 667-2,000Γ return on investment
- Break-Even: Find β₯1 idle t3.medium ($35/month) = 4.7Γ cost recovery
Enterprise Scale (65 accounts, 500+ resources):
- Tool Cost: $12.50/month (daily multi-account execution)
- Typical Savings: $25K-$50K/month identified
- ROI: 2,000-4,000Γ return on investment
- Break-Even: Immediate (first run covers annual costs)
4.2 Performance BenchmarksΒΆ
Single-Account Environment (137 EC2, 3 regions):
Layer 1 (Discovery): 32s ββββββββββββββββββββββ 15%
Layer 2 (Organizations): 0s ββββββββββββββββββββββ 0% (skipped)
Layer 3 (Cost Enrichment): 48s ββββββββββββββββββββββ 23%
Layer 4 (Activity): 127s ββββββββββββββββββββββ 60%
Layer 5 (Scoring): 3s ββββββββββββββββββββββ 2%
βββββ ββββββββββββββββββββββ
Total: 210s (3.5 minutes) β
Target: <5 min
Multi-Account Enterprise (65 accounts, 500+ resources, 5 regions):
Layer 1 (Discovery): 94s ββββββββββββββββββββββ 12%
Layer 2 (Organizations): 15s ββββββββββββββββββββββ 2%
Layer 3 (Cost Enrichment):156s ββββββββββββββββββββββ 21%
Layer 4 (Activity): 487s ββββββββββββββββββββββ 64%
Layer 5 (Scoring): 8s ββββββββββββββββββββββ 1%
βββββ ββββββββββββββββββββββ
Total: 760s (12.7 minutes) β
Target: <15 min
Optimization Techniques:
# Technique 1: Skip expensive APIs (50% faster)
runbooks inventory enrich-activity \
--skip-cloudtrail \
--skip-ssm
# Result: 127s β 63s activity enrichment
# Technique 2: Reduce CloudWatch period (30% faster)
runbooks inventory enrich-activity \
--cloudwatch-period 7 # vs default 14 days
# Result: 127s β 89s activity enrichment
# Technique 3: Limit regions (67% faster discovery)
runbooks inventory resource-explorer \
--regions ap-southeast-2 us-east-1
# Result: 90s β 30s discovery across 2 regions vs all
4.3 Success MetricsΒΆ
Performance KPIs Achieved:
- β Discovery Speed: 32s single-account, 94s enterprise (60+ accounts)
- β Enrichment Performance: 3.5 min single-account, 12.7 min enterprise
- β Accuracy Target: 99.5%+ MCP validation (board-level confidence)
- β API Cost Efficiency: $0.25 per run, $7.50/month with daily execution
Business Impact KPIs:
- β Savings Range: $5K-$15K/month typical, $25K-$50K/month enterprise
- β Implementation Risk: <0.5% false positive rate (very high confidence)
- β Time Savings: 10-20Γ faster than manual spreadsheet analysis
- β Audit Compliance: SOC2/PCI-DSS/HIPAA ready with complete trails
User Satisfaction Metrics:
- β Time to First Insight: <5 minutes from installation to recommendations
- β Learning Curve: <30 minutes to master complete 5-layer pipeline
- β Documentation Coverage: 100% operations documented with examples
- β Production Readiness: Zero-defect deployments with 97%+ test coverage
Enterprise CloudOps Automation | Inventory Module User Guide | Maintainer: CloudOps Team
Built with π― for DevOps teams, SREs, Cloud Architects, and FinOps professionals