aws-cost-calculator-cli 1.0.2__py3-none-any.whl → 1.8.2__py3-none-any.whl

cost_calculator/executor.py

@@ -0,0 +1,291 @@
+"""
+Executor that routes to either API or local execution.
+"""
+import boto3
+import click
+from cost_calculator.api_client import is_api_configured, call_lambda_api
+
+
+def get_credentials_dict(config):
+    """
+    Extract credentials from config in format needed for API.
+    
+    Returns:
+        dict with access_key, secret_key, session_token, or None if profile is 'dummy'
+    """
+    if 'aws_profile' in config:
+        # Skip credential loading for dummy profile (API-only mode)
+        if config['aws_profile'] == 'dummy':
+            return None
+        
+        # Get temporary credentials from SSO session
+        try:
+            session = boto3.Session(profile_name=config['aws_profile'])
+            credentials = session.get_credentials()
+            frozen_creds = credentials.get_frozen_credentials()
+            
+            return {
+                'access_key': frozen_creds.access_key,
+                'secret_key': frozen_creds.secret_key,
+                'session_token': frozen_creds.token
+            }
+        except Exception:
+            # If profile not found, return None (API will handle)
+            return None
+    else:
+        # Use static credentials
+        creds = config.get('credentials', {})
+        if not creds:
+            return None
+        
+        result = {
+            'access_key': creds['aws_access_key_id'],
+            'secret_key': creds['aws_secret_access_key']
+        }
+        if 'aws_session_token' in creds:
+            result['session_token'] = creds['aws_session_token']
+        return result
+
+
+def execute_trends(config, weeks):
+    """
+    Execute trends analysis via API or locally.
+    
+    Returns:
+        dict: trends data
+    """
+    accounts = config['accounts']
+    
+    if is_api_configured():
+        # Use API
+        click.echo("Using Lambda API...")
+        credentials = get_credentials_dict(config)
+        return call_lambda_api('trends', credentials, accounts, weeks=weeks)
+    else:
+        # Use local execution
+        click.echo("Using local execution...")
+        from cost_calculator.trends import analyze_trends
+        
+        # Initialize boto3 client
+        if 'aws_profile' in config:
+            session = boto3.Session(profile_name=config['aws_profile'])
+        else:
+            creds = config['credentials']
+            session_kwargs = {
+                'aws_access_key_id': creds['aws_access_key_id'],
+                'aws_secret_access_key': creds['aws_secret_access_key'],
+                'region_name': creds.get('region', 'us-east-1')
+            }
+            if 'aws_session_token' in creds:
+                session_kwargs['aws_session_token'] = creds['aws_session_token']
+            session = boto3.Session(**session_kwargs)
+        
+        ce_client = session.client('ce', region_name='us-east-1')
+        return analyze_trends(ce_client, accounts, weeks)
+
+
+def execute_monthly(config, months):
+    """
+    Execute monthly analysis via API or locally.
+    
+    Returns:
+        dict: monthly data
+    """
+    accounts = config['accounts']
+    
+    if is_api_configured():
+        # Use API
+        click.echo("Using Lambda API...")
+        credentials = get_credentials_dict(config)
+        return call_lambda_api('monthly', credentials, accounts, months=months)
+    else:
+        # Use local execution
+        click.echo("Using local execution...")
+        from cost_calculator.monthly import analyze_monthly_trends
+        
+        # Initialize boto3 client
+        if 'aws_profile' in config:
+            session = boto3.Session(profile_name=config['aws_profile'])
+        else:
+            creds = config['credentials']
+            session_kwargs = {
+                'aws_access_key_id': creds['aws_access_key_id'],
+                'aws_secret_access_key': creds['aws_secret_access_key'],
+                'region_name': creds.get('region', 'us-east-1')
+            }
+            if 'aws_session_token' in creds:
+                session_kwargs['aws_session_token'] = creds['aws_session_token']
+            session = boto3.Session(**session_kwargs)
+        
+        ce_client = session.client('ce', region_name='us-east-1')
+        return analyze_monthly_trends(ce_client, accounts, months)
+
+
+def execute_drill(config, weeks, service_filter=None, account_filter=None, usage_type_filter=None, resources=False):
+    """
+    Execute drill-down analysis via API or locally.
+    
+    Args:
+        config: Profile configuration
+        weeks: Number of weeks to analyze
+        service_filter: Optional service name filter
+        account_filter: Optional account ID filter
+        usage_type_filter: Optional usage type filter
+        resources: If True, query CUR for resource-level details
+    
+    Returns:
+        dict: drill data or resource data
+    """
+    accounts = config['accounts']
+    
+    if resources:
+        # Resource-level drill requires service filter
+        if not service_filter:
+            raise click.ClickException("--service is required when using --resources flag")
+        
+        if is_api_configured():
+            # Use API
+            click.echo("Using Lambda API for CUR resource query...")
+            credentials = get_credentials_dict(config)
+            kwargs = {
+                'weeks': weeks,
+                'service': service_filter,
+                'resources': True
+            }
+            if account_filter:
+                kwargs['account'] = account_filter
+            return call_lambda_api('drill', credentials, accounts, **kwargs)
+        else:
+            # Use local Athena client
+            click.echo("Using local Athena client for CUR resource query...")
+            from cost_calculator.cur import query_cur_resources
+            
+            # Initialize boto3 session
+            if 'aws_profile' in config:
+                session = boto3.Session(profile_name=config['aws_profile'])
+            else:
+                creds = config['credentials']
+                session_kwargs = {
+                    'aws_access_key_id': creds['aws_access_key_id'],
+                    'aws_secret_access_key': creds['aws_secret_access_key'],
+                    'region_name': creds.get('region', 'us-east-1')
+                }
+                if 'aws_session_token' in creds:
+                    session_kwargs['aws_session_token'] = creds['aws_session_token']
+                session = boto3.Session(**session_kwargs)
+            
+            athena_client = session.client('athena', region_name='us-east-1')
+            return query_cur_resources(
+                athena_client, accounts, service_filter, account_filter, weeks
+            )
+    else:
+        # Standard drill-down via Cost Explorer
+        if is_api_configured():
+            # Use API
+            click.echo("Using Lambda API...")
+            credentials = get_credentials_dict(config)
+            kwargs = {'weeks': weeks}
+            if service_filter:
+                kwargs['service'] = service_filter
+            if account_filter:
+                kwargs['account'] = account_filter
+            if usage_type_filter:
+                kwargs['usage_type'] = usage_type_filter
+            return call_lambda_api('drill', credentials, accounts, **kwargs)
+        else:
+            # Use local execution
+            click.echo("Using local execution...")
+            from cost_calculator.drill import analyze_drill_down
+            
+            # Initialize boto3 client
+            if 'aws_profile' in config:
+                session = boto3.Session(profile_name=config['aws_profile'])
+            else:
+                creds = config['credentials']
+                session_kwargs = {
+                    'aws_access_key_id': creds['aws_access_key_id'],
+                    'aws_secret_access_key': creds['aws_secret_access_key'],
+                    'region_name': creds.get('region', 'us-east-1')
+                }
+                if 'aws_session_token' in creds:
+                    session_kwargs['aws_session_token'] = creds['aws_session_token']
+                session = boto3.Session(**session_kwargs)
+            
+            ce_client = session.client('ce', region_name='us-east-1')
+            return analyze_drill_down(
+                ce_client, accounts, weeks,
+                service_filter=service_filter,
+                account_filter=account_filter,
+                usage_type_filter=usage_type_filter
+            )
+
+
+def execute_analyze(config, weeks, analysis_type, pattern=None, min_cost=None):
+    """
+    Execute pandas-based analysis via API.
+    Note: This only works via API (requires pandas layer).
+    
+    Returns:
+        dict: analysis results
+    """
+    accounts = config['accounts']
+    
+    if not is_api_configured():
+        raise click.ClickException(
+            "Analyze command requires API configuration.\n"
+            "Set COST_API_SECRET environment variable."
+        )
+    
+    credentials = get_credentials_dict(config)
+    kwargs = {'weeks': weeks, 'type': analysis_type}
+    
+    if pattern:
+        kwargs['pattern'] = pattern
+    if min_cost:
+        kwargs['min_cost'] = min_cost
+    
+    return call_lambda_api('analyze', credentials, accounts, **kwargs)
+
+
+def execute_profile_operation(operation, profile_name=None, accounts=None, description=None):
+    """
+    Execute profile CRUD operations via API.
+    
+    Returns:
+        dict: operation result
+    """
+    if not is_api_configured():
+        raise click.ClickException(
+            "Profile commands require API configuration.\n"
+            "Set COST_API_SECRET environment variable."
+        )
+    
+    # Profile operations don't need AWS credentials, just API secret
+    import os
+    import requests
+    import json
+    
+    api_secret = os.environ.get('COST_API_SECRET', '')
+    
+    # Use profiles endpoint (hardcoded URL)
+    url = 'https://64g7jq7sjygec2zmll5lsghrpi0txrzo.lambda-url.us-east-1.on.aws/'
+    
+    payload = {'operation': operation}
+    if profile_name:
+        payload['profile_name'] = profile_name
+    if accounts:
+        payload['accounts'] = accounts
+    if description:
+        payload['description'] = description
+    
+    headers = {
+        'X-API-Secret': api_secret,
+        'Content-Type': 'application/json'
+    }
+    
+    response = requests.post(url, headers=headers, json=payload, timeout=60)
+    
+    if response.status_code != 200:
+        raise Exception(f"API call failed: {response.status_code} - {response.text}")
+    
+    return response.json()

cost_calculator/forensics.py

@@ -0,0 +1,321 @@
+"""
+Cost forensics module - Resource inventory and CloudTrail analysis
+"""
+import boto3
+from datetime import datetime, timedelta
+from collections import defaultdict
+import json
+
+
+def inventory_resources(account_id, profile, region='us-west-2'):
+    """
+    Inventory AWS resources in an account
+    
+    Args:
+        account_id: AWS account ID
+        profile: AWS profile name (SSO)
+        region: AWS region
+        
+    Returns:
+        dict with resource inventory
+    """
+    session = boto3.Session(profile_name=profile)
+    inventory = {
+        'account_id': account_id,
+        'profile': profile,
+        'region': region,
+        'timestamp': datetime.utcnow().isoformat(),
+        'ec2_instances': [],
+        'efs_file_systems': [],
+        'load_balancers': [],
+        'dynamodb_tables': []
+    }
+    
+    try:
+        # EC2 Instances
+        ec2_client = session.client('ec2', region_name=region)
+        instances_response = ec2_client.describe_instances()
+        
+        for reservation in instances_response['Reservations']:
+            for instance in reservation['Instances']:
+                if instance['State']['Name'] == 'running':
+                    name = 'N/A'
+                    for tag in instance.get('Tags', []):
+                        if tag['Key'] == 'Name':
+                            name = tag['Value']
+                            break
+                    
+                    inventory['ec2_instances'].append({
+                        'instance_id': instance['InstanceId'],
+                        'instance_type': instance['InstanceType'],
+                        'name': name,
+                        'state': instance['State']['Name'],
+                        'launch_time': instance['LaunchTime'].isoformat(),
+                        'availability_zone': instance['Placement']['AvailabilityZone']
+                    })
+        
+        # EFS File Systems
+        efs_client = session.client('efs', region_name=region)
+        efs_response = efs_client.describe_file_systems()
+        
+        total_efs_size = 0
+        for fs in efs_response['FileSystems']:
+            size_bytes = fs['SizeInBytes']['Value']
+            size_gb = size_bytes / (1024**3)
+            total_efs_size += size_gb
+            
+            inventory['efs_file_systems'].append({
+                'file_system_id': fs['FileSystemId'],
+                'name': fs.get('Name', 'N/A'),
+                'size_gb': round(size_gb, 2),
+                'creation_time': fs['CreationTime'].isoformat(),
+                'number_of_mount_targets': fs['NumberOfMountTargets']
+            })
+        
+        inventory['total_efs_size_gb'] = round(total_efs_size, 2)
+        
+        # Load Balancers
+        elbv2_client = session.client('elbv2', region_name=region)
+        elb_response = elbv2_client.describe_load_balancers()
+        
+        for lb in elb_response['LoadBalancers']:
+            inventory['load_balancers'].append({
+                'name': lb['LoadBalancerName'],
+                'type': lb['Type'],
+                'dns_name': lb['DNSName'],
+                'scheme': lb['Scheme'],
+                'created_time': lb['CreatedTime'].isoformat(),
+                'availability_zones': [az['ZoneName'] for az in lb['AvailabilityZones']]
+            })
+        
+        # DynamoDB Tables (only if region supports it)
+        try:
+            ddb_client = session.client('dynamodb', region_name=region)
+            tables_response = ddb_client.list_tables()
+            
+            for table_name in tables_response['TableNames'][:20]:  # Limit to 20 tables
+                table_desc = ddb_client.describe_table(TableName=table_name)
+                table_info = table_desc['Table']
+                
+                # Get backup settings
+                try:
+                    backup_desc = ddb_client.describe_continuous_backups(TableName=table_name)
+                    pitr_status = backup_desc['ContinuousBackupsDescription']['PointInTimeRecoveryDescription']['PointInTimeRecoveryStatus']
+                except:
+                    pitr_status = 'UNKNOWN'
+                
+                size_gb = table_info.get('TableSizeBytes', 0) / (1024**3)
+                
+                inventory['dynamodb_tables'].append({
+                    'table_name': table_name,
+                    'size_gb': round(size_gb, 2),
+                    'item_count': table_info.get('ItemCount', 0),
+                    'pitr_status': pitr_status,
+                    'created_time': table_info['CreationDateTime'].isoformat()
+                })
+        except Exception as e:
+            # DynamoDB might not be available in all regions
+            pass
+            
+    except Exception as e:
+        inventory['error'] = str(e)
+    
+    return inventory
+
+
+def analyze_cloudtrail(account_id, profile, start_date, end_date, region='us-west-2'):
+    """
+    Analyze CloudTrail events for an account
+    
+    Args:
+        account_id: AWS account ID
+        profile: AWS profile name (SSO)
+        start_date: Start datetime
+        end_date: End datetime
+        region: AWS region
+        
+    Returns:
+        dict with CloudTrail event summary
+    """
+    session = boto3.Session(profile_name=profile)
+    ct_client = session.client('cloudtrail', region_name=region)
+    
+    analysis = {
+        'account_id': account_id,
+        'profile': profile,
+        'region': region,
+        'start_date': start_date.isoformat(),
+        'end_date': end_date.isoformat(),
+        'event_summary': {},
+        'write_events': [],
+        'error': None
+    }
+    
+    # Events that indicate resource creation/modification
+    write_event_names = [
+        'RunInstances', 'CreateVolume', 'AttachVolume',
+        'CreateFileSystem', 'ModifyFileSystem',
+        'CreateLoadBalancer', 'ModifyLoadBalancerAttributes',
+        'CreateTable', 'UpdateTable', 'UpdateContinuousBackups',
+        'CreateBackupVault', 'StartBackupJob'
+    ]
+    
+    try:
+        event_counts = defaultdict(int)
+        
+        # Query CloudTrail
+        paginator = ct_client.get_paginator('lookup_events')
+        
+        for page in paginator.paginate(
+            StartTime=start_date,
+            EndTime=end_date,
+            MaxResults=50,
+            PaginationConfig={'MaxItems': 200}
+        ):
+            for event in page.get('Events', []):
+                event_name = event.get('EventName', '')
+                event_counts[event_name] += 1
+                
+                # Capture write events
+                if event_name in write_event_names:
+                    event_detail = json.loads(event['CloudTrailEvent'])
+                    
+                    analysis['write_events'].append({
+                        'time': event.get('EventTime').isoformat(),
+                        'event_name': event_name,
+                        'username': event.get('Username', 'N/A'),
+                        'resources': [
+                            {
+                                'type': r.get('ResourceType', 'N/A'),
+                                'name': r.get('ResourceName', 'N/A')
+                            }
+                            for r in event.get('Resources', [])[:3]
+                        ]
+                    })
+        
+        # Convert to regular dict and sort
+        analysis['event_summary'] = dict(sorted(
+            event_counts.items(),
+            key=lambda x: x[1],
+            reverse=True
+        ))
+        
+    except Exception as e:
+        analysis['error'] = str(e)
+    
+    return analysis
+
+
+def format_investigation_report(cost_data, inventories, cloudtrail_data=None):
+    """
+    Format investigation data into markdown report
+    
+    Args:
+        cost_data: Cost analysis results from trends/drill
+        inventories: List of resource inventories
+        cloudtrail_data: List of CloudTrail analyses (optional)
+        
+    Returns:
+        str: Markdown formatted report
+    """
+    report = []
+    report.append("# Cost Investigation Report")
+    report.append(f"**Generated:** {datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S UTC')}")
+    report.append("")
+    
+    # Cost Analysis Section
+    if cost_data:
+        report.append("## Cost Analysis")
+        report.append("")
+        # Add cost data formatting here
+        # This will be populated from trends/drill results
+    
+    # Resource Inventory Section
+    if inventories:
+        report.append("## Resource Inventory")
+        report.append("")
+        
+        for inv in inventories:
+            report.append(f"### Account {inv['account_id']} ({inv['profile']})")
+            report.append(f"**Region:** {inv['region']}")
+            report.append("")
+            
+            # EC2 Instances
+            if inv['ec2_instances']:
+                report.append(f"**EC2 Instances:** {len(inv['ec2_instances'])} running")
+                for instance in inv['ec2_instances'][:10]:  # Show first 10
+                    report.append(f"- `{instance['instance_id']}`: {instance['instance_type']} ({instance['name']})")
+                    report.append(f"  - Launched: {instance['launch_time'][:10]}, AZ: {instance['availability_zone']}")
+                if len(inv['ec2_instances']) > 10:
+                    report.append(f"  ... and {len(inv['ec2_instances']) - 10} more")
+                report.append("")
+            
+            # EFS File Systems
+            if inv['efs_file_systems']:
+                total_size = inv.get('total_efs_size_gb', 0)
+                report.append(f"**EFS File Systems:** {len(inv['efs_file_systems'])} total, {total_size:,.0f} GB")
+                for fs in inv['efs_file_systems']:
+                    report.append(f"- `{fs['file_system_id']}` ({fs['name']}): {fs['size_gb']:,.2f} GB")
+                    report.append(f"  - Created: {fs['creation_time'][:10]}")
+                report.append("")
+            
+            # Load Balancers
+            if inv['load_balancers']:
+                report.append(f"**Load Balancers:** {len(inv['load_balancers'])}")
+                for lb in inv['load_balancers'][:10]:  # Show first 10
+                    report.append(f"- `{lb['name']}`: {lb['type']}")
+                    report.append(f"  - Created: {lb['created_time'][:10]}, Scheme: {lb['scheme']}")
+                if len(inv['load_balancers']) > 10:
+                    report.append(f"  ... and {len(inv['load_balancers']) - 10} more")
+                report.append("")
+            
+            # DynamoDB Tables
+            if inv['dynamodb_tables']:
+                report.append(f"**DynamoDB Tables:** {len(inv['dynamodb_tables'])}")
+                for table in inv['dynamodb_tables'][:10]:
+                    report.append(f"- `{table['table_name']}`: {table['size_gb']:.2f} GB, {table['item_count']:,} items")
+                    report.append(f"  - PITR: {table['pitr_status']}, Created: {table['created_time'][:10]}")
+                if len(inv['dynamodb_tables']) > 10:
+                    report.append(f"  ... and {len(inv['dynamodb_tables']) - 10} more")
+                report.append("")
+            
+            report.append("---")
+            report.append("")
+    
+    # CloudTrail Section
+    if cloudtrail_data:
+        report.append("## CloudTrail Events")
+        report.append("")
+        
+        for ct in cloudtrail_data:
+            report.append(f"### Account {ct['account_id']} ({ct['profile']})")
+            report.append(f"**Period:** {ct['start_date'][:10]} to {ct['end_date'][:10]}")
+            report.append("")
+            
+            if ct.get('error'):
+                report.append(f"⚠️ Error: {ct['error']}")
+                report.append("")
+                continue
+            
+            # Write events (resource changes)
+            if ct['write_events']:
+                report.append(f"**Resource Changes:** {len(ct['write_events'])} events")
+                for evt in ct['write_events'][:10]:
+                    report.append(f"- `{evt['time'][:19]}` - **{evt['event_name']}**")
+                    report.append(f"  - User: {evt['username']}")
+                    if evt['resources']:
+                        for res in evt['resources']:
+                            report.append(f"  - Resource: {res['type']} - {res['name']}")
+                report.append("")
+            
+            # Event summary
+            if ct['event_summary']:
+                report.append("**Top Events:**")
+                for event_name, count in list(ct['event_summary'].items())[:15]:
+                    report.append(f"- {event_name}: {count}")
+                report.append("")
+            
+            report.append("---")
+            report.append("")
+    
+    return "\n".join(report)