aws-cost-calculator-cli 1.6.0__py3-none-any.whl → 1.9.1__py3-none-any.whl

cost_calculator/cli.py

@@ -11,6 +11,8 @@ Usage:
 import click
 import boto3
 import json
+import os
+import platform
 from datetime import datetime, timedelta
 from pathlib import Path
 from cost_calculator.trends import format_trends_markdown
@@ -134,8 +136,11 @@ def load_profile(profile_name):
             profile_data = response_data.get('profile', response_data)
             profile = {'accounts': profile_data['accounts']}
             
+            # If profile has aws_profile field, use it
+            if 'aws_profile' in profile_data:
+                profile['aws_profile'] = profile_data['aws_profile']
             # Check for AWS_PROFILE environment variable (SSO support)
-            if os.environ.get('AWS_PROFILE'):
+            elif os.environ.get('AWS_PROFILE'):
                 profile['aws_profile'] = os.environ['AWS_PROFILE']
             # Use environment credentials
             elif os.environ.get('AWS_ACCESS_KEY_ID'):
@@ -144,6 +149,33 @@ def load_profile(profile_name):
                     'aws_secret_access_key': os.environ['AWS_SECRET_ACCESS_KEY'],
                     'aws_session_token': os.environ.get('AWS_SESSION_TOKEN')
                 }
+            else:
+                # Try to find a matching AWS profile by name
+                # This allows "khoros" profile to work with "khoros_umbrella" AWS profile
+                import subprocess
+                try:
+                    result = subprocess.run(
+                        ['aws', 'configure', 'list-profiles'],
+                        capture_output=True,
+                        text=True,
+                        timeout=5
+                    )
+                    if result.returncode == 0:
+                        available_profiles = result.stdout.strip().split('\n')
+                        # Try exact match first
+                        if profile_name in available_profiles:
+                            profile['aws_profile'] = profile_name
+                        # Try with common suffixes
+                        elif f"{profile_name}_umbrella" in available_profiles:
+                            profile['aws_profile'] = f"{profile_name}_umbrella"
+                        elif f"{profile_name}-umbrella" in available_profiles:
+                            profile['aws_profile'] = f"{profile_name}-umbrella"
+                        elif f"{profile_name}_prod" in available_profiles:
+                            profile['aws_profile'] = f"{profile_name}_prod"
+                        # If no match found, leave it unset - user must provide --sso
+                except:
+                    # If we can't list profiles, leave it unset - user must provide --sso
+                    pass
             
             return profile
         else:
@@ -323,9 +355,10 @@ def calculate_costs(profile_config, accounts, start_date, offset, window):
     # Calculate days in the month that the support covers
     # Support on Nov 1 covers October (31 days)
     support_month = support_month_date - timedelta(days=1)  # Go back to previous month
-    days_in_support_month = support_month.day  # This gives us the last day of the month
+    import calendar
+    days_in_support_month = calendar.monthrange(support_month.year, support_month.month)[1]
     
-    # Support allocation: divide by 2 (half to Khoros), then by days in month
+    # Support allocation: divide by 2 (50% allocation), then by days in month
     support_per_day = (support_cost / 2) / days_in_support_month
     
     # Calculate daily rate
@@ -384,26 +417,147 @@ def cli():
     pass
 
 
+@cli.command('setup-cur')
+@click.option('--database', required=True, prompt='CUR Athena Database', help='Athena database name for CUR')
+@click.option('--table', required=True, prompt='CUR Table Name', help='CUR table name')
+@click.option('--s3-output', required=True, prompt='S3 Output Location', help='S3 bucket for Athena query results')
+def setup_cur(database, table, s3_output):
+    """
+    Configure CUR (Cost and Usage Report) settings for resource-level queries
+    
+    Saves CUR configuration to ~/.config/cost-calculator/cur_config.json
+    
+    Example:
+      cc setup-cur --database my_cur_db --table cur_table --s3-output s3://my-bucket/
+    """
+    import json
+    
+    config_dir = Path.home() / '.config' / 'cost-calculator'
+    config_dir.mkdir(parents=True, exist_ok=True)
+    
+    config_file = config_dir / 'cur_config.json'
+    
+    config = {
+        'database': database,
+        'table': table,
+        's3_output': s3_output
+    }
+    
+    with open(config_file, 'w') as f:
+        json.dump(config, f, indent=2)
+    
+    click.echo(f"✓ CUR configuration saved to {config_file}")
+    click.echo(f"  Database: {database}")
+    click.echo(f"  Table: {table}")
+    click.echo(f"  S3 Output: {s3_output}")
+    click.echo("")
+    click.echo("You can now use: cc drill --service 'EC2 - Other' --resources")
+
+
+@cli.command('setup-api')
+@click.option('--api-secret', required=True, prompt=True, hide_input=True, help='COST_API_SECRET value')
+def setup_api(api_secret):
+    """
+    Configure COST_API_SECRET for backend API access
+    
+    Saves the API secret to the appropriate location based on your OS:
+    - Mac/Linux: ~/.zshrc or ~/.bashrc
+    - Windows: User environment variables
+    
+    Example:
+      cc setup-api --api-secret your-secret-here
+      
+    Or let it prompt you (input will be hidden):
+      cc setup-api
+    """
+    system = platform.system()
+    
+    if system == "Windows":
+        # Windows: Set user environment variable
+        try:
+            import winreg
+            key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, 'Environment', 0, winreg.KEY_SET_VALUE)
+            winreg.SetValueEx(key, 'COST_API_SECRET', 0, winreg.REG_SZ, api_secret)
+            winreg.CloseKey(key)
+            click.echo("✓ COST_API_SECRET saved to Windows user environment variables")
+            click.echo("  Please restart your terminal for changes to take effect")
+        except Exception as e:
+            click.echo(f"✗ Error setting Windows environment variable: {e}", err=True)
+            click.echo("\nManual setup:")
+            click.echo("1. Open System Properties > Environment Variables")
+            click.echo("2. Add new User variable:")
+            click.echo("   Name: COST_API_SECRET")
+            click.echo(f"   Value: {api_secret}")
+            return
+    else:
+        # Mac/Linux: Add to shell profile
+        shell = os.environ.get('SHELL', '/bin/bash')
+        
+        if 'zsh' in shell:
+            profile_file = Path.home() / '.zshrc'
+        else:
+            profile_file = Path.home() / '.bashrc'
+        
+        # Check if already exists
+        export_line = f'export COST_API_SECRET="{api_secret}"'
+        
+        try:
+            if profile_file.exists():
+                content = profile_file.read_text()
+                if 'COST_API_SECRET' in content:
+                    # Replace existing
+                    lines = content.split('\n')
+                    new_lines = []
+                    for line in lines:
+                        if 'COST_API_SECRET' in line and line.strip().startswith('export'):
+                            new_lines.append(export_line)
+                        else:
+                            new_lines.append(line)
+                    profile_file.write_text('\n'.join(new_lines))
+                    click.echo(f"✓ Updated COST_API_SECRET in {profile_file}")
+                else:
+                    # Append
+                    with profile_file.open('a') as f:
+                        f.write(f'\n# AWS Cost Calculator API Secret\n{export_line}\n')
+                    click.echo(f"✓ Added COST_API_SECRET to {profile_file}")
+            else:
+                # Create new file
+                profile_file.write_text(f'# AWS Cost Calculator API Secret\n{export_line}\n')
+                click.echo(f"✓ Created {profile_file} with COST_API_SECRET")
+            
+            # Also set for current session
+            os.environ['COST_API_SECRET'] = api_secret
+            click.echo(f"✓ Set COST_API_SECRET for current session")
+            click.echo(f"\nTo use in new terminals, run: source {profile_file}")
+            
+        except Exception as e:
+            click.echo(f"✗ Error writing to {profile_file}: {e}", err=True)
+            click.echo(f"\nManual setup: Add this line to {profile_file}:")
+            click.echo(f"  {export_line}")
+            return
+
+
 @cli.command()
 @click.option('--profile', required=True, help='Profile name (e.g., myprofile)')
 @click.option('--start-date', help='Start date (YYYY-MM-DD, default: today)')
 @click.option('--offset', default=2, help='Days to go back from start date (default: 2)')
 @click.option('--window', default=30, help='Number of days to analyze (default: 30)')
 @click.option('--json-output', is_flag=True, help='Output as JSON')
-@click.option('--sso', help='AWS SSO profile name (e.g., khoros_umbrella)')
+@click.option('--sso', help='AWS SSO profile name (e.g., my_sso_profile)')
 @click.option('--access-key-id', help='AWS Access Key ID (for static credentials)')
 @click.option('--secret-access-key', help='AWS Secret Access Key (for static credentials)')
 @click.option('--session-token', help='AWS Session Token (for static credentials)')
 def calculate(profile, start_date, offset, window, json_output, sso, access_key_id, secret_access_key, session_token):
-    """Calculate AWS costs for the specified period
+    """
+    Calculate AWS costs for the specified period
     
     \b
     Authentication Options:
       1. SSO: --sso <profile_name>
-         Example: cc calculate --profile khoros --sso khoros_umbrella
+         Example: cc calculate --profile myprofile --sso my_sso_profile
       
       2. Static Credentials: --access-key-id, --secret-access-key, --session-token
-         Example: cc calculate --profile khoros --access-key-id ASIA... --secret-access-key ... --session-token ...
+         Example: cc calculate --profile myprofile --access-key-id ASIA... --secret-access-key ... --session-token ...
       
       3. Environment Variables: AWS_PROFILE or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY
     """
@@ -801,14 +955,19 @@ def monthly(profile, months, output, json_output, sso, access_key_id, secret_acc
 @click.option('--service', help='Filter by service name (e.g., "EC2 - Other")')
 @click.option('--account', help='Filter by account ID')
 @click.option('--usage-type', help='Filter by usage type')
+@click.option('--resources', is_flag=True, help='Show individual resource IDs (requires CUR, uses Athena)')
 @click.option('--output', default='drill_down.md', help='Output markdown file (default: drill_down.md)')
 @click.option('--json-output', is_flag=True, help='Output as JSON')
 @click.option('--sso', help='AWS SSO profile name')
 @click.option('--access-key-id', help='AWS Access Key ID')
 @click.option('--secret-access-key', help='AWS Secret Access Key')
 @click.option('--session-token', help='AWS Session Token')
-def drill(profile, weeks, service, account, usage_type, output, json_output, sso, access_key_id, secret_access_key, session_token):
-    """Drill down into cost changes by service, account, or usage type"""
+def drill(profile, weeks, service, account, usage_type, resources, output, json_output, sso, access_key_id, secret_access_key, session_token):
+    """
+    Drill down into cost changes by service, account, or usage type
+    
+    Add --resources flag to see individual resource IDs and costs (requires CUR data via Athena)
+    """
     
     # Load profile
     config = load_profile(profile)
@@ -822,10 +981,19 @@ def drill(profile, weeks, service, account, usage_type, output, json_output, sso
         click.echo(f"  Account filter: {account}")
     if usage_type:
         click.echo(f"  Usage type filter: {usage_type}")
+    if resources:
+        click.echo(f"  Mode: Resource-level (CUR via Athena)")
     click.echo("")
     
     # Execute via API or locally
-    drill_data = execute_drill(config, weeks, service, account, usage_type)
+    drill_data = execute_drill(config, weeks, service, account, usage_type, resources)
+    
+    # Handle resource-level output differently
+    if resources:
+        from cost_calculator.cur import format_resource_output
+        output_text = format_resource_output(drill_data)
+        click.echo(output_text)
+        return
     
     if json_output:
         # Output as JSON
@@ -998,5 +1166,219 @@ def profile(operation, name, accounts, description):
         click.echo(result.get('message', 'Operation completed'))
 
 
+@cli.command()
+@click.option('--profile', required=True, help='Profile name')
+@click.option('--sso', help='AWS SSO profile to use')
+@click.option('--weeks', default=8, help='Number of weeks to analyze')
+@click.option('--account', help='Focus on specific account ID')
+@click.option('--service', help='Focus on specific service')
+@click.option('--no-cloudtrail', is_flag=True, help='Skip CloudTrail analysis (faster)')
+@click.option('--output', default='investigation_report.md', help='Output file path')
+def investigate(profile, sso, weeks, account, service, no_cloudtrail, output):
+    """
+    Multi-stage cost investigation:
+    1. Analyze cost trends and drill-downs
+    2. Inventory actual resources in problem accounts
+    3. Analyze CloudTrail events (optional)
+    4. Generate comprehensive report
+    """
+    from cost_calculator.executor import execute_trends, execute_drill, get_credentials_dict
+    from cost_calculator.api_client import call_lambda_api, is_api_configured
+    from cost_calculator.forensics import format_investigation_report
+    from datetime import datetime, timedelta
+    
+    click.echo("=" * 80)
+    click.echo("COST INVESTIGATION")
+    click.echo("=" * 80)
+    click.echo(f"Profile: {profile}")
+    click.echo(f"Weeks: {weeks}")
+    if account:
+        click.echo(f"Account: {account}")
+    if service:
+        click.echo(f"Service: {service}")
+    click.echo("")
+    
+    # Load profile
+    config = load_profile(profile)
+    
+    # Override with SSO if provided
+    if sso:
+        config['aws_profile'] = sso
+    
+    # Validate that we have a way to get credentials
+    if 'aws_profile' not in config and 'credentials' not in config:
+        import subprocess
+        try:
+            result = subprocess.run(
+                ['aws', 'configure', 'list-profiles'],
+                capture_output=True,
+                text=True,
+                timeout=5
+            )
+            available = result.stdout.strip().split('\n') if result.returncode == 0 else []
+            suggestion = f"\nAvailable AWS profiles: {', '.join(available[:5])}" if available else ""
+        except:
+            suggestion = ""
+        
+        raise click.ClickException(
+            f"Profile '{profile}' has no AWS authentication configured.\n"
+            f"Use --sso flag to specify your AWS SSO profile:\n"
+            f"  cc investigate --profile {profile} --sso YOUR_AWS_PROFILE{suggestion}"
+        )
+    
+    # Step 1: Cost Analysis
+    click.echo("Step 1/3: Analyzing cost trends...")
+    try:
+        trends_data = execute_trends(config, weeks)
+        click.echo(f"✓ Found cost data for {weeks} weeks")
+    except Exception as e:
+        click.echo(f"✗ Error analyzing trends: {str(e)}")
+        trends_data = None
+    
+    # Step 2: Drill-down
+    click.echo("\nStep 2/3: Drilling down into costs...")
+    drill_data = None
+    if service or account:
+        try:
+            drill_data = execute_drill(config, weeks, service, account, None, False)
+            click.echo(f"✓ Drill-down complete")
+        except Exception as e:
+            click.echo(f"✗ Error in drill-down: {str(e)}")
+    
+    # Step 3: Resource Inventory
+    click.echo("\nStep 3/3: Inventorying resources...")
+    inventories = []
+    cloudtrail_analyses = []
+    
+    # Determine which accounts to investigate
+    accounts_to_investigate = []
+    if account:
+        accounts_to_investigate = [account]
+    else:
+        # Extract top cost accounts from trends/drill data
+        # For now, we'll need the user to specify
+        click.echo("⚠️  No account specified. Use --account to inventory resources.")
+    
+    # For each account, do inventory and CloudTrail via backend API
+    for acc_id in accounts_to_investigate:
+        click.echo(f"\n  Investigating account {acc_id}...")
+        
+        # Get credentials (SSO or static)
+        account_creds = get_credentials_dict(config)
+        if not account_creds:
+            click.echo(f"    ⚠️  No credentials available for account")
+            continue
+        
+        # Inventory resources via backend API only
+        if not is_api_configured():
+            click.echo(f"    ✗ API not configured. Set COST_API_SECRET environment variable.")
+            continue
+        
+        try:
+            regions = ['us-west-2', 'us-east-1', 'eu-west-1']
+            for region in regions:
+                try:
+                    inv = call_lambda_api(
+                        'forensics',
+                        account_creds,
+                        [],  # accounts not needed for forensics
+                        operation='inventory',
+                        account_id=acc_id,
+                        region=region
+                    )
+                    
+                    if not inv.get('error'):
+                        inventories.append(inv)
+                        click.echo(f"    ✓ Inventory complete for {region}")
+                        click.echo(f"      - EC2: {len(inv['ec2_instances'])} instances")
+                        click.echo(f"      - EFS: {len(inv['efs_file_systems'])} file systems ({inv.get('total_efs_size_gb', 0):,.0f} GB)")
+                        click.echo(f"      - ELB: {len(inv['load_balancers'])} load balancers")
+                        break
+                except Exception as e:
+                    continue
+        except Exception as e:
+            click.echo(f"    ✗ Inventory error: {str(e)}")
+        
+        # CloudTrail analysis via backend API only
+        if not no_cloudtrail:
+            if not is_api_configured():
+                click.echo(f"    ✗ CloudTrail skipped: API not configured")
+            else:
+                try:
+                    start_date = (datetime.now() - timedelta(days=weeks * 7)).isoformat() + 'Z'
+                    end_date = datetime.now().isoformat() + 'Z'
+                    
+                    ct_analysis = call_lambda_api(
+                        'forensics',
+                        account_creds,
+                        [],
+                        operation='cloudtrail',
+                        account_id=acc_id,
+                        start_date=start_date,
+                        end_date=end_date,
+                        region='us-west-2'
+                    )
+                    
+                    cloudtrail_analyses.append(ct_analysis)
+                    
+                    if ct_analysis.get('error'):
+                        click.echo(f"    ⚠️  CloudTrail: {ct_analysis['error']}")
+                    else:
+                        click.echo(f"    ✓ CloudTrail analysis complete")
+                        click.echo(f"      - {len(ct_analysis['event_summary'])} event types")
+                        click.echo(f"      - {len(ct_analysis['write_events'])} resource changes")
+                except Exception as e:
+                    click.echo(f"    ✗ CloudTrail error: {str(e)}")
+    
+    # Generate report
+    click.echo(f"\nGenerating report...")
+    report = format_investigation_report(trends_data, inventories, cloudtrail_analyses if not no_cloudtrail else None)
+    
+    # Write to file
+    with open(output, 'w') as f:
+        f.write(report)
+    
+    click.echo(f"\n✓ Investigation complete!")
+    click.echo(f"✓ Report saved to: {output}")
+    click.echo("")
+
+
+def find_account_profile(account_id):
+    """
+    Find the SSO profile name for a given account ID
+    Returns profile name or None
+    """
+    import subprocess
+    
+    try:
+        # Get list of profiles
+        result = subprocess.run(
+            ['aws', 'configure', 'list-profiles'],
+            capture_output=True,
+            text=True
+        )
+        
+        profiles = result.stdout.strip().split('\n')
+        
+        # Check each profile
+        for profile in profiles:
+            try:
+                result = subprocess.run(
+                    ['aws', 'sts', 'get-caller-identity', '--profile', profile],
+                    capture_output=True,
+                    text=True,
+                    timeout=5
+                )
+                
+                if account_id in result.stdout:
+                    return profile
+            except:
+                continue
+        
+        return None
+    except:
+        return None
+
+
 if __name__ == '__main__':
     cli()