aws-cost-calculator-cli 1.6.2__py3-none-any.whl → 2.4.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. {aws_cost_calculator_cli-1.6.2.dist-info → aws_cost_calculator_cli-2.4.0.dist-info}/METADATA +31 -12
  2. aws_cost_calculator_cli-2.4.0.dist-info/RECORD +16 -0
  3. {aws_cost_calculator_cli-1.6.2.dist-info → aws_cost_calculator_cli-2.4.0.dist-info}/top_level.txt +0 -1
  4. cost_calculator/api_client.py +18 -20
  5. cost_calculator/cli.py +1750 -249
  6. cost_calculator/cur.py +244 -0
  7. cost_calculator/dimensions.py +141 -0
  8. cost_calculator/executor.py +124 -101
  9. cost_calculator/forensics.py +323 -0
  10. aws_cost_calculator_cli-1.6.2.dist-info/RECORD +0 -25
  11. backend/__init__.py +0 -1
  12. backend/algorithms/__init__.py +0 -1
  13. backend/algorithms/analyze.py +0 -272
  14. backend/algorithms/drill.py +0 -323
  15. backend/algorithms/monthly.py +0 -242
  16. backend/algorithms/trends.py +0 -353
  17. backend/handlers/__init__.py +0 -1
  18. backend/handlers/analyze.py +0 -112
  19. backend/handlers/drill.py +0 -117
  20. backend/handlers/monthly.py +0 -106
  21. backend/handlers/profiles.py +0 -148
  22. backend/handlers/trends.py +0 -106
  23. {aws_cost_calculator_cli-1.6.2.dist-info → aws_cost_calculator_cli-2.4.0.dist-info}/WHEEL +0 -0
  24. {aws_cost_calculator_cli-1.6.2.dist-info → aws_cost_calculator_cli-2.4.0.dist-info}/entry_points.txt +0 -0
  25. {aws_cost_calculator_cli-1.6.2.dist-info → aws_cost_calculator_cli-2.4.0.dist-info}/licenses/LICENSE +0 -0
cost_calculator/cli.py CHANGED
@@ -11,11 +11,24 @@ Usage:
11
11
  import click
12
12
  import boto3
13
13
  import json
14
+ import os
15
+ import platform
14
16
  from datetime import datetime, timedelta
15
17
  from pathlib import Path
16
18
  from cost_calculator.trends import format_trends_markdown
17
19
  from cost_calculator.monthly import format_monthly_markdown
18
20
  from cost_calculator.drill import format_drill_down_markdown
21
+
22
+ # API Configuration - can be overridden via environment variable
23
+ API_BASE_URL = os.environ.get(
24
+ 'COST_CALCULATOR_API_URL',
25
+ 'https://api.costcop.cloudfix.dev'
26
+ )
27
+ # Legacy profiles URL for backward compatibility
28
+ PROFILES_API_URL = os.environ.get(
29
+ 'COST_CALCULATOR_PROFILES_URL',
30
+ f'{API_BASE_URL}/profiles'
31
+ )
19
32
  from cost_calculator.executor import execute_trends, execute_monthly, execute_drill
20
33
 
21
34
 
@@ -65,64 +78,134 @@ def apply_auth_options(config, sso=None, access_key_id=None, secret_access_key=N
65
78
  return config
66
79
 
67
80
 
68
- def load_profile(profile_name):
69
- """Load profile configuration from local file or DynamoDB API"""
81
+ def get_api_secret():
82
+ """Get API secret from config file or environment variable"""
70
83
  import os
71
- import requests
72
84
 
85
+ # Check environment variable first
86
+ api_secret = os.environ.get('COST_API_SECRET')
87
+ if api_secret:
88
+ return api_secret
89
+
90
+ # Check config file
73
91
  config_dir = Path.home() / '.config' / 'cost-calculator'
74
- config_file = config_dir / 'profiles.json'
75
- creds_file = config_dir / 'credentials.json'
92
+ config_file = config_dir / 'config.json'
76
93
 
77
- # Try local file first
78
94
  if config_file.exists():
79
95
  with open(config_file) as f:
80
- profiles = json.load(f)
81
-
82
- if profile_name in profiles:
83
- profile = profiles[profile_name]
84
-
85
- # Load credentials if using static credentials (not SSO)
86
- if 'aws_profile' not in profile:
87
- if not creds_file.exists():
88
- # Try environment variables
89
- if os.environ.get('AWS_ACCESS_KEY_ID'):
90
- profile['credentials'] = {
91
- 'aws_access_key_id': os.environ['AWS_ACCESS_KEY_ID'],
92
- 'aws_secret_access_key': os.environ['AWS_SECRET_ACCESS_KEY'],
93
- 'aws_session_token': os.environ.get('AWS_SESSION_TOKEN')
94
- }
95
- return profile
96
-
97
- raise click.ClickException(
98
- f"No credentials found for profile '{profile_name}'.\n"
99
- f"Run: cc configure --profile {profile_name}"
100
- )
101
-
102
- with open(creds_file) as f:
103
- creds = json.load(f)
104
-
105
- if profile_name not in creds:
106
- raise click.ClickException(
107
- f"No credentials found for profile '{profile_name}'.\n"
108
- f"Run: cc configure --profile {profile_name}"
109
- )
110
-
111
- profile['credentials'] = creds[profile_name]
112
-
113
- return profile
96
+ config = json.load(f)
97
+ return config.get('api_secret')
98
+
99
+ return None
100
+
101
+
102
+ def get_exclusions(profile_name=None):
103
+ """Get exclusions configuration from DynamoDB API"""
104
+ import requests
105
+
106
+ api_secret = get_api_secret()
107
+ if not api_secret:
108
+ raise click.ClickException(
109
+ "No API secret configured.\n"
110
+ "Run: cc configure --api-secret YOUR_SECRET"
111
+ )
112
+
113
+ try:
114
+ response = requests.post(
115
+ PROFILES_API_URL,
116
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
117
+ json={'operation': 'get_exclusions', 'profile_name': profile_name},
118
+ timeout=10
119
+ )
120
+
121
+ if response.status_code == 200:
122
+ return response.json().get('exclusions', {})
123
+ else:
124
+ # Return defaults if API fails
125
+ return {
126
+ 'record_types': ['Tax', 'Support'],
127
+ 'services': [],
128
+ 'usage_types': [],
129
+ 'line_item_types': []
130
+ }
131
+ except:
132
+ # Return defaults if request fails
133
+ return {
134
+ 'record_types': ['Tax', 'Support'],
135
+ 'services': [],
136
+ 'usage_types': [],
137
+ 'line_item_types': []
138
+ }
139
+
140
+
141
+ def build_exclusion_filter(exclusions):
142
+ """Build AWS Cost Explorer filter from exclusions config"""
143
+ filter_parts = []
144
+
145
+ # Exclude record types (Tax, Support, etc.)
146
+ if exclusions.get('record_types'):
147
+ filter_parts.append({
148
+ "Not": {
149
+ "Dimensions": {
150
+ "Key": "RECORD_TYPE",
151
+ "Values": exclusions['record_types']
152
+ }
153
+ }
154
+ })
155
+
156
+ # Exclude specific services (OCBLateFee, etc.)
157
+ if exclusions.get('services'):
158
+ filter_parts.append({
159
+ "Not": {
160
+ "Dimensions": {
161
+ "Key": "SERVICE",
162
+ "Values": exclusions['services']
163
+ }
164
+ }
165
+ })
166
+
167
+ # Exclude usage types
168
+ if exclusions.get('usage_types'):
169
+ filter_parts.append({
170
+ "Not": {
171
+ "Dimensions": {
172
+ "Key": "USAGE_TYPE",
173
+ "Values": exclusions['usage_types']
174
+ }
175
+ }
176
+ })
177
+
178
+ # Exclude line item types (Refund, Credit, etc.)
179
+ if exclusions.get('line_item_types'):
180
+ filter_parts.append({
181
+ "Not": {
182
+ "Dimensions": {
183
+ "Key": "LINE_ITEM_TYPE",
184
+ "Values": exclusions['line_item_types']
185
+ }
186
+ }
187
+ })
188
+
189
+ return filter_parts
190
+
191
+
192
+ def load_profile(profile_name):
193
+ """Load profile configuration from DynamoDB API (API-only, no local files)"""
194
+ import requests
195
+
196
+ # Get API secret
197
+ api_secret = get_api_secret()
114
198
 
115
- # Profile not found locally - try DynamoDB API
116
- api_secret = os.environ.get('COST_API_SECRET')
117
199
  if not api_secret:
118
200
  raise click.ClickException(
119
- f"Profile '{profile_name}' not found locally and COST_API_SECRET not set.\n"
120
- f"Run: cc init --profile {profile_name}"
201
+ "No API secret configured.\n"
202
+ "Run: cc configure --api-secret YOUR_SECRET\n"
203
+ "Or set environment variable: export COST_API_SECRET=YOUR_SECRET"
121
204
  )
122
205
 
123
206
  try:
124
207
  response = requests.post(
125
- 'https://64g7jq7sjygec2zmll5lsghrpi0txrzo.lambda-url.us-east-1.on.aws/',
208
+ PROFILES_API_URL,
126
209
  headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
127
210
  json={'operation': 'get', 'profile_name': profile_name},
128
211
  timeout=10
@@ -132,10 +215,16 @@ def load_profile(profile_name):
132
215
  response_data = response.json()
133
216
  # API returns {"profile": {...}} wrapper
134
217
  profile_data = response_data.get('profile', response_data)
135
- profile = {'accounts': profile_data['accounts']}
218
+ profile = {
219
+ 'accounts': profile_data['accounts'],
220
+ 'profile_name': profile_name # Store profile name for API calls
221
+ }
136
222
 
223
+ # If profile has aws_profile field, use it
224
+ if 'aws_profile' in profile_data:
225
+ profile['aws_profile'] = profile_data['aws_profile']
137
226
  # Check for AWS_PROFILE environment variable (SSO support)
138
- if os.environ.get('AWS_PROFILE'):
227
+ elif os.environ.get('AWS_PROFILE'):
139
228
  profile['aws_profile'] = os.environ['AWS_PROFILE']
140
229
  # Use environment credentials
141
230
  elif os.environ.get('AWS_ACCESS_KEY_ID'):
@@ -144,6 +233,33 @@ def load_profile(profile_name):
144
233
  'aws_secret_access_key': os.environ['AWS_SECRET_ACCESS_KEY'],
145
234
  'aws_session_token': os.environ.get('AWS_SESSION_TOKEN')
146
235
  }
236
+ else:
237
+ # Try to find a matching AWS profile by name
238
+ # This allows "khoros" profile to work with "khoros_umbrella" AWS profile
239
+ import subprocess
240
+ try:
241
+ result = subprocess.run(
242
+ ['aws', 'configure', 'list-profiles'],
243
+ capture_output=True,
244
+ text=True,
245
+ timeout=5
246
+ )
247
+ if result.returncode == 0:
248
+ available_profiles = result.stdout.strip().split('\n')
249
+ # Try exact match first
250
+ if profile_name in available_profiles:
251
+ profile['aws_profile'] = profile_name
252
+ # Try with common suffixes
253
+ elif f"{profile_name}_umbrella" in available_profiles:
254
+ profile['aws_profile'] = f"{profile_name}_umbrella"
255
+ elif f"{profile_name}-umbrella" in available_profiles:
256
+ profile['aws_profile'] = f"{profile_name}-umbrella"
257
+ elif f"{profile_name}_prod" in available_profiles:
258
+ profile['aws_profile'] = f"{profile_name}_prod"
259
+ # If no match found, leave it unset - user must provide --sso
260
+ except:
261
+ # If we can't list profiles, leave it unset - user must provide --sso
262
+ pass
147
263
 
148
264
  return profile
149
265
  else:
@@ -154,7 +270,7 @@ def load_profile(profile_name):
154
270
  except requests.exceptions.RequestException as e:
155
271
  raise click.ClickException(
156
272
  f"Failed to fetch profile from API: {e}\n"
157
- f"Run: cc init --profile {profile_name}"
273
+ "Check your API secret and network connection."
158
274
  )
159
275
 
160
276
 
@@ -233,7 +349,10 @@ def calculate_costs(profile_config, accounts, start_date, offset, window):
233
349
  )
234
350
  raise
235
351
 
236
- # Build filter
352
+ # Build filter with dynamic exclusions
353
+ exclusions = get_exclusions() # Get from DynamoDB
354
+ exclusion_filters = build_exclusion_filter(exclusions)
355
+
237
356
  cost_filter = {
238
357
  "And": [
239
358
  {
@@ -247,18 +366,13 @@ def calculate_costs(profile_config, accounts, start_date, offset, window):
247
366
  "Key": "BILLING_ENTITY",
248
367
  "Values": ["AWS"]
249
368
  }
250
- },
251
- {
252
- "Not": {
253
- "Dimensions": {
254
- "Key": "RECORD_TYPE",
255
- "Values": ["Tax", "Support"]
256
- }
257
- }
258
369
  }
259
370
  ]
260
371
  }
261
372
 
373
+ # Add dynamic exclusion filters
374
+ cost_filter["And"].extend(exclusion_filters)
375
+
262
376
  # Get daily costs
263
377
  click.echo("Fetching cost data...")
264
378
  try:
@@ -323,7 +437,8 @@ def calculate_costs(profile_config, accounts, start_date, offset, window):
323
437
  # Calculate days in the month that the support covers
324
438
  # Support on Nov 1 covers October (31 days)
325
439
  support_month = support_month_date - timedelta(days=1) # Go back to previous month
326
- days_in_support_month = support_month.day # This gives us the last day of the month
440
+ import calendar
441
+ days_in_support_month = calendar.monthrange(support_month.year, support_month.month)[1]
327
442
 
328
443
  # Support allocation: divide by 2 (50% allocation), then by days in month
329
444
  support_per_day = (support_cost / 2) / days_in_support_month
@@ -384,6 +499,126 @@ def cli():
384
499
  pass
385
500
 
386
501
 
502
+ @cli.command('setup-cur')
503
+ @click.option('--database', required=True, prompt='CUR Athena Database', help='Athena database name for CUR')
504
+ @click.option('--table', required=True, prompt='CUR Table Name', help='CUR table name')
505
+ @click.option('--s3-output', required=True, prompt='S3 Output Location', help='S3 bucket for Athena query results')
506
+ def setup_cur(database, table, s3_output):
507
+ """
508
+ Configure CUR (Cost and Usage Report) settings for resource-level queries
509
+
510
+ Saves CUR configuration to ~/.config/cost-calculator/cur_config.json
511
+
512
+ Example:
513
+ cc setup-cur --database my_cur_db --table cur_table --s3-output s3://my-bucket/
514
+ """
515
+ import json
516
+
517
+ config_dir = Path.home() / '.config' / 'cost-calculator'
518
+ config_dir.mkdir(parents=True, exist_ok=True)
519
+
520
+ config_file = config_dir / 'cur_config.json'
521
+
522
+ config = {
523
+ 'database': database,
524
+ 'table': table,
525
+ 's3_output': s3_output
526
+ }
527
+
528
+ with open(config_file, 'w') as f:
529
+ json.dump(config, f, indent=2)
530
+
531
+ click.echo(f"✓ CUR configuration saved to {config_file}")
532
+ click.echo(f" Database: {database}")
533
+ click.echo(f" Table: {table}")
534
+ click.echo(f" S3 Output: {s3_output}")
535
+ click.echo("")
536
+ click.echo("You can now use: cc drill --service 'EC2 - Other' --resources")
537
+
538
+
539
+ @cli.command('setup-api')
540
+ @click.option('--api-secret', required=True, prompt=True, hide_input=True, help='COST_API_SECRET value')
541
+ def setup_api(api_secret):
542
+ """
543
+ Configure COST_API_SECRET for backend API access
544
+
545
+ Saves the API secret to the appropriate location based on your OS:
546
+ - Mac/Linux: ~/.zshrc or ~/.bashrc
547
+ - Windows: User environment variables
548
+
549
+ Example:
550
+ cc setup-api --api-secret your-secret-here
551
+
552
+ Or let it prompt you (input will be hidden):
553
+ cc setup-api
554
+ """
555
+ system = platform.system()
556
+
557
+ if system == "Windows":
558
+ # Windows: Set user environment variable
559
+ try:
560
+ import winreg
561
+ key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, 'Environment', 0, winreg.KEY_SET_VALUE)
562
+ winreg.SetValueEx(key, 'COST_API_SECRET', 0, winreg.REG_SZ, api_secret)
563
+ winreg.CloseKey(key)
564
+ click.echo("✓ COST_API_SECRET saved to Windows user environment variables")
565
+ click.echo(" Please restart your terminal for changes to take effect")
566
+ except Exception as e:
567
+ click.echo(f"✗ Error setting Windows environment variable: {e}", err=True)
568
+ click.echo("\nManual setup:")
569
+ click.echo("1. Open System Properties > Environment Variables")
570
+ click.echo("2. Add new User variable:")
571
+ click.echo(" Name: COST_API_SECRET")
572
+ click.echo(f" Value: {api_secret}")
573
+ return
574
+ else:
575
+ # Mac/Linux: Add to shell profile
576
+ shell = os.environ.get('SHELL', '/bin/bash')
577
+
578
+ if 'zsh' in shell:
579
+ profile_file = Path.home() / '.zshrc'
580
+ else:
581
+ profile_file = Path.home() / '.bashrc'
582
+
583
+ # Check if already exists
584
+ export_line = f'export COST_API_SECRET="{api_secret}"'
585
+
586
+ try:
587
+ if profile_file.exists():
588
+ content = profile_file.read_text()
589
+ if 'COST_API_SECRET' in content:
590
+ # Replace existing
591
+ lines = content.split('\n')
592
+ new_lines = []
593
+ for line in lines:
594
+ if 'COST_API_SECRET' in line and line.strip().startswith('export'):
595
+ new_lines.append(export_line)
596
+ else:
597
+ new_lines.append(line)
598
+ profile_file.write_text('\n'.join(new_lines))
599
+ click.echo(f"✓ Updated COST_API_SECRET in {profile_file}")
600
+ else:
601
+ # Append
602
+ with profile_file.open('a') as f:
603
+ f.write(f'\n# AWS Cost Calculator API Secret\n{export_line}\n')
604
+ click.echo(f"✓ Added COST_API_SECRET to {profile_file}")
605
+ else:
606
+ # Create new file
607
+ profile_file.write_text(f'# AWS Cost Calculator API Secret\n{export_line}\n')
608
+ click.echo(f"✓ Created {profile_file} with COST_API_SECRET")
609
+
610
+ # Also set for current session
611
+ os.environ['COST_API_SECRET'] = api_secret
612
+ click.echo(f"✓ Set COST_API_SECRET for current session")
613
+ click.echo(f"\nTo use in new terminals, run: source {profile_file}")
614
+
615
+ except Exception as e:
616
+ click.echo(f"✗ Error writing to {profile_file}: {e}", err=True)
617
+ click.echo(f"\nManual setup: Add this line to {profile_file}:")
618
+ click.echo(f" {export_line}")
619
+ return
620
+
621
+
387
622
  @cli.command()
388
623
  @click.option('--profile', required=True, help='Profile name (e.g., myprofile)')
389
624
  @click.option('--start-date', help='Start date (YYYY-MM-DD, default: today)')
@@ -442,219 +677,139 @@ def calculate(profile, start_date, offset, window, json_output, sso, access_key_
442
677
  click.echo("=" * 60)
443
678
 
444
679
 
445
- @cli.command()
446
- @click.option('--profile', required=True, help='Profile name to create')
447
- @click.option('--aws-profile', required=True, help='AWS CLI profile name')
448
- @click.option('--accounts', required=True, help='Comma-separated list of account IDs')
449
- def init(profile, aws_profile, accounts):
450
- """Initialize a new profile configuration"""
451
-
452
- config_dir = Path.home() / '.config' / 'cost-calculator'
453
- config_file = config_dir / 'profiles.json'
454
-
455
- # Create config directory if it doesn't exist
456
- config_dir.mkdir(parents=True, exist_ok=True)
457
-
458
- # Load existing profiles or create new
459
- if config_file.exists() and config_file.stat().st_size > 0:
460
- try:
461
- with open(config_file) as f:
462
- profiles = json.load(f)
463
- except json.JSONDecodeError:
464
- profiles = {}
465
- else:
466
- profiles = {}
467
-
468
- # Parse accounts
469
- account_list = [acc.strip() for acc in accounts.split(',')]
470
-
471
- # Add new profile
472
- profiles[profile] = {
473
- 'aws_profile': aws_profile,
474
- 'accounts': account_list
475
- }
476
-
477
- # Save
478
- with open(config_file, 'w') as f:
479
- json.dump(profiles, f, indent=2)
480
-
481
- click.echo(f"✓ Profile '{profile}' created with {len(account_list)} accounts")
482
- click.echo(f"✓ Configuration saved to {config_file}")
483
- click.echo(f"\nUsage: cc calculate --profile {profile}")
680
+ # init command removed - use backend API via 'cc profile create' instead
484
681
 
485
682
 
486
683
  @cli.command()
487
684
  def list_profiles():
488
- """List all configured profiles"""
489
-
490
- config_file = Path.home() / '.config' / 'cost-calculator' / 'profiles.json'
491
-
492
- if not config_file.exists():
493
- click.echo("No profiles configured. Run: cc init --profile <name>")
494
- return
495
-
496
- with open(config_file) as f:
497
- profiles = json.load(f)
685
+ """List all profiles from backend API (no local caching)"""
686
+ import requests
498
687
 
499
- if not profiles:
500
- click.echo("No profiles configured.")
688
+ api_secret = get_api_secret()
689
+ if not api_secret:
690
+ click.echo("No API secret configured.")
691
+ click.echo("Run: cc configure --api-secret YOUR_SECRET")
501
692
  return
502
693
 
503
- click.echo("Configured profiles:")
504
- click.echo("")
505
- for name, config in profiles.items():
506
- click.echo(f" {name}")
507
- if 'aws_profile' in config:
508
- click.echo(f" AWS Profile: {config['aws_profile']} (SSO)")
509
- else:
510
- click.echo(f" AWS Credentials: Configured (Static)")
511
- click.echo(f" Accounts: {len(config['accounts'])}")
694
+ try:
695
+ response = requests.post(
696
+ f"{API_BASE_URL}/profiles",
697
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
698
+ json={'operation': 'list'},
699
+ timeout=10
700
+ )
701
+
702
+ if response.status_code != 200:
703
+ click.echo(f"Error: {response.status_code} - {response.text}")
704
+ return
705
+
706
+ result = response.json()
707
+ profiles = result.get('profiles', [])
708
+
709
+ if not profiles:
710
+ click.echo("No profiles found in backend.")
711
+ click.echo("Contact admin to create profiles in DynamoDB.")
712
+ return
713
+
714
+ click.echo("Profiles (from backend API):")
512
715
  click.echo("")
716
+ for profile in profiles:
717
+ # Each profile is a dict, extract the profile_name
718
+ if isinstance(profile, dict):
719
+ name = profile.get('profile_name', 'unknown')
720
+ # Skip exclusions entries
721
+ if not name.startswith('exclusions:'):
722
+ accounts = profile.get('accounts', [])
723
+ click.echo(f" {name}")
724
+ click.echo(f" Accounts: {len(accounts)}")
725
+ click.echo("")
726
+ else:
727
+ click.echo(f" {profile}")
728
+ click.echo(f"Total: {len([p for p in profiles if isinstance(p, dict) and not p.get('profile_name', '').startswith('exclusions:')])} profile(s)")
729
+
730
+ except Exception as e:
731
+ click.echo(f"Error loading profiles: {e}")
513
732
 
514
733
 
515
- @cli.command()
516
- def setup():
517
- """Show setup instructions for manual profile configuration"""
518
- import platform
519
-
520
- system = platform.system()
521
-
522
- if system == "Windows":
523
- config_path = "%USERPROFILE%\\.config\\cost-calculator\\profiles.json"
524
- config_path_example = "C:\\Users\\YourName\\.config\\cost-calculator\\profiles.json"
525
- mkdir_cmd = "mkdir %USERPROFILE%\\.config\\cost-calculator"
526
- edit_cmd = "notepad %USERPROFILE%\\.config\\cost-calculator\\profiles.json"
527
- else: # macOS/Linux
528
- config_path = "~/.config/cost-calculator/profiles.json"
529
- config_path_example = "/Users/yourname/.config/cost-calculator/profiles.json"
530
- mkdir_cmd = "mkdir -p ~/.config/cost-calculator"
531
- edit_cmd = "nano ~/.config/cost-calculator/profiles.json"
532
-
533
- click.echo("=" * 70)
534
- click.echo("AWS Cost Calculator - Manual Profile Setup")
535
- click.echo("=" * 70)
536
- click.echo("")
537
- click.echo(f"Platform: {system}")
538
- click.echo(f"Config location: {config_path}")
539
- click.echo("")
540
- click.echo("Step 1: Create the config directory")
541
- click.echo(f" {mkdir_cmd}")
542
- click.echo("")
543
- click.echo("Step 2: Create the profiles.json file")
544
- click.echo(f" {edit_cmd}")
545
- click.echo("")
546
- click.echo("Step 3: Add your profile configuration (JSON format):")
547
- click.echo("")
548
- click.echo(' {')
549
- click.echo(' "myprofile": {')
550
- click.echo(' "aws_profile": "my_aws_profile",')
551
- click.echo(' "accounts": [')
552
- click.echo(' "123456789012",')
553
- click.echo(' "234567890123",')
554
- click.echo(' "345678901234"')
555
- click.echo(' ]')
556
- click.echo(' }')
557
- click.echo(' }')
558
- click.echo("")
559
- click.echo("Step 4: Save the file")
560
- click.echo("")
561
- click.echo("Step 5: Verify it works")
562
- click.echo(" cc list-profiles")
563
- click.echo("")
564
- click.echo("Step 6: Configure AWS credentials")
565
- click.echo(" Option A (SSO):")
566
- click.echo(" aws sso login --profile my_aws_profile")
567
- click.echo(" cc calculate --profile myprofile")
568
- click.echo("")
569
- click.echo(" Option B (Static credentials):")
570
- click.echo(" cc configure --profile myprofile")
571
- click.echo(" cc calculate --profile myprofile")
572
- click.echo("")
573
- click.echo("=" * 70)
574
- click.echo("")
575
- click.echo("For multiple profiles, add more entries to the JSON:")
576
- click.echo("")
577
- click.echo(' {')
578
- click.echo(' "profile1": { ... },')
579
- click.echo(' "profile2": { ... }')
580
- click.echo(' }')
581
- click.echo("")
582
- click.echo(f"Full path example: {config_path_example}")
583
- click.echo("=" * 70)
734
+ # setup command removed - profiles are managed in DynamoDB backend only
584
735
 
585
736
 
586
737
  @cli.command()
587
- @click.option('--profile', required=True, help='Profile name to configure')
588
- @click.option('--access-key-id', prompt=True, hide_input=False, help='AWS Access Key ID')
589
- @click.option('--secret-access-key', prompt=True, hide_input=True, help='AWS Secret Access Key')
590
- @click.option('--session-token', default='', help='AWS Session Token (optional, for temporary credentials)')
591
- @click.option('--region', default='us-east-1', help='AWS Region (default: us-east-1)')
592
- def configure(profile, access_key_id, secret_access_key, session_token, region):
593
- """Configure AWS credentials for a profile (alternative to SSO)"""
738
+ @click.option('--api-secret', help='API secret for DynamoDB profile access')
739
+ @click.option('--show', is_flag=True, help='Show current configuration')
740
+ def configure(api_secret, show):
741
+ """
742
+ Configure Cost Calculator CLI settings.
594
743
 
595
- config_dir = Path.home() / '.config' / 'cost-calculator'
596
- config_file = config_dir / 'profiles.json'
597
- creds_file = config_dir / 'credentials.json'
744
+ This tool requires an API secret to access profiles stored in DynamoDB.
745
+ The secret can be configured here or set via COST_API_SECRET environment variable.
746
+
747
+ Examples:
748
+ # Configure API secret
749
+ cc configure --api-secret YOUR_SECRET_KEY
750
+
751
+ # Show current configuration
752
+ cc configure --show
753
+
754
+ # Use environment variable instead (no configuration needed)
755
+ export COST_API_SECRET=YOUR_SECRET_KEY
756
+ """
757
+ import os
598
758
 
599
- # Create config directory if it doesn't exist
759
+ config_dir = Path.home() / '.config' / 'cost-calculator'
600
760
  config_dir.mkdir(parents=True, exist_ok=True)
761
+ config_file = config_dir / 'config.json'
601
762
 
602
- # Load existing profiles
603
- if config_file.exists() and config_file.stat().st_size > 0:
604
- try:
763
+ if show:
764
+ # Show current configuration
765
+ if config_file.exists():
605
766
  with open(config_file) as f:
606
- profiles = json.load(f)
607
- except json.JSONDecodeError:
608
- profiles = {}
609
- else:
610
- profiles = {}
611
-
612
- # Check if profile exists
613
- if profile not in profiles:
614
- click.echo(f"Error: Profile '{profile}' not found. Create it first with: cc init --profile {profile}")
767
+ config = json.load(f)
768
+ if 'api_secret' in config:
769
+ masked_secret = config['api_secret'][:8] + '...' + config['api_secret'][-4:]
770
+ click.echo(f"API Secret: {masked_secret} (configured)")
771
+ else:
772
+ click.echo("API Secret: Not configured")
773
+ else:
774
+ click.echo("No configuration file found")
775
+
776
+ # Check environment variable
777
+ import os
778
+ if os.environ.get('COST_API_SECRET'):
779
+ click.echo("Environment: COST_API_SECRET is set")
780
+ else:
781
+ click.echo("Environment: COST_API_SECRET is not set")
782
+
615
783
  return
616
784
 
617
- # Remove aws_profile if it exists (switching from SSO to static creds)
618
- if 'aws_profile' in profiles[profile]:
619
- del profiles[profile]['aws_profile']
620
-
621
- # Save updated profile
622
- with open(config_file, 'w') as f:
623
- json.dump(profiles, f, indent=2)
624
-
625
- # Load or create credentials file
626
- if creds_file.exists() and creds_file.stat().st_size > 0:
627
- try:
628
- with open(creds_file) as f:
629
- creds = json.load(f)
630
- except json.JSONDecodeError:
631
- creds = {}
632
- else:
633
- creds = {}
785
+ if not api_secret:
786
+ raise click.ClickException(
787
+ "Please provide --api-secret or use --show to view current configuration\n"
788
+ "Example: cc configure --api-secret YOUR_SECRET_KEY"
789
+ )
634
790
 
635
- # Store credentials (encrypted would be better, but for now just file permissions)
636
- creds[profile] = {
637
- 'aws_access_key_id': access_key_id,
638
- 'aws_secret_access_key': secret_access_key,
639
- 'region': region
640
- }
791
+ # Load existing config
792
+ config = {}
793
+ if config_file.exists():
794
+ with open(config_file) as f:
795
+ config = json.load(f)
641
796
 
642
- if session_token:
643
- creds[profile]['aws_session_token'] = session_token
797
+ # Update API secret
798
+ config['api_secret'] = api_secret
644
799
 
645
- # Save credentials with restricted permissions
646
- with open(creds_file, 'w') as f:
647
- json.dump(creds, f, indent=2)
800
+ # Save config
801
+ with open(config_file, 'w') as f:
802
+ json.dump(config, f, indent=2)
648
803
 
649
- # Set file permissions to 600 (owner read/write only)
650
- creds_file.chmod(0o600)
804
+ # Set restrictive permissions (Unix/Mac only - Windows uses different permission model)
805
+ import platform
806
+ if platform.system() != 'Windows':
807
+ os.chmod(config_file, 0o600)
651
808
 
652
- click.echo(f"✓ AWS credentials configured for profile '{profile}'")
653
- click.echo(f"✓ Credentials saved to {creds_file} (permissions: 600)")
654
- click.echo(f"\nUsage: cc calculate --profile {profile}")
655
- click.echo("\nNote: Credentials are stored locally. For temporary credentials,")
656
- click.echo(" you'll need to reconfigure when they expire.")
657
-
809
+ masked_secret = api_secret[:8] + '...' + api_secret[-4:]
810
+ click.echo(f"✓ API secret configured: {masked_secret}")
811
+ click.echo(f"\nYou can now run: cc calculate --profile PROFILE_NAME")
812
+ click.echo(f"\nNote: Profiles are stored in DynamoDB and accessed via the API.")
658
813
 
659
814
  @cli.command()
660
815
  @click.option('--profile', required=True, help='Profile name')
@@ -802,31 +957,80 @@ def monthly(profile, months, output, json_output, sso, access_key_id, secret_acc
802
957
  @click.option('--service', help='Filter by service name (e.g., "EC2 - Other")')
803
958
  @click.option('--account', help='Filter by account ID')
804
959
  @click.option('--usage-type', help='Filter by usage type')
960
+ @click.option('--dimension', type=click.Choice(['service', 'account', 'region', 'usage_type', 'resource', 'instance_type', 'operation', 'availability_zone']),
961
+ help='Dimension to analyze by (overrides --service/--account filters)')
962
+ @click.option('--backend', type=click.Choice(['auto', 'ce', 'athena']), default='auto',
963
+ help='Data source: auto (smart selection), ce (Cost Explorer), athena (CUR). Default: auto')
964
+ @click.option('--resources', is_flag=True, help='Show individual resource IDs (requires CUR, uses Athena)')
805
965
  @click.option('--output', default='drill_down.md', help='Output markdown file (default: drill_down.md)')
806
966
  @click.option('--json-output', is_flag=True, help='Output as JSON')
807
967
  @click.option('--sso', help='AWS SSO profile name')
808
968
  @click.option('--access-key-id', help='AWS Access Key ID')
809
969
  @click.option('--secret-access-key', help='AWS Secret Access Key')
810
970
  @click.option('--session-token', help='AWS Session Token')
811
- def drill(profile, weeks, service, account, usage_type, output, json_output, sso, access_key_id, secret_access_key, session_token):
812
- """Drill down into cost changes by service, account, or usage type"""
971
+ def drill(profile, weeks, service, account, usage_type, dimension, backend, resources, output, json_output, sso, access_key_id, secret_access_key, session_token):
972
+ """
973
+ Drill down into cost changes by service, account, or usage type
974
+
975
+ Add --resources flag to see individual resource IDs and costs (requires CUR data via Athena)
976
+
977
+ Examples:
978
+ # Analyze by service (auto-selects Cost Explorer for speed)
979
+ cc drill --profile khoros --dimension service
980
+
981
+ # Analyze by region with specific service filter
982
+ cc drill --profile khoros --dimension region --service AWSELB
983
+
984
+ # Analyze by resource (auto-selects Athena - only source with resource IDs)
985
+ cc drill --profile khoros --dimension resource --service AWSELB --account 820054669588
986
+
987
+ # Force Athena backend for detailed analysis
988
+ cc drill --profile khoros --dimension service --backend athena
989
+ """
813
990
 
814
991
  # Load profile
815
992
  config = load_profile(profile)
816
993
  config = apply_auth_options(config, sso, access_key_id, secret_access_key, session_token)
817
994
 
995
+ # Smart backend selection
996
+ def select_backend(dimension, resources_flag, backend_choice):
997
+ """Auto-select backend based on query requirements"""
998
+ if backend_choice != 'auto':
999
+ return backend_choice
1000
+
1001
+ # Must use Athena if:
1002
+ if dimension == 'resource' or resources_flag:
1003
+ return 'athena'
1004
+
1005
+ # Prefer CE for speed (unless explicitly requesting Athena)
1006
+ return 'ce'
1007
+
1008
+ selected_backend = select_backend(dimension, resources, backend)
1009
+
818
1010
  # Show filters
819
1011
  click.echo(f"Analyzing last {weeks} weeks...")
1012
+ if dimension:
1013
+ click.echo(f" Dimension: {dimension}")
820
1014
  if service:
821
1015
  click.echo(f" Service filter: {service}")
822
1016
  if account:
823
1017
  click.echo(f" Account filter: {account}")
824
1018
  if usage_type:
825
1019
  click.echo(f" Usage type filter: {usage_type}")
1020
+ if resources:
1021
+ click.echo(f" Mode: Resource-level (CUR via Athena)")
1022
+ click.echo(f" Backend: {selected_backend.upper()}")
826
1023
  click.echo("")
827
1024
 
828
1025
  # Execute via API or locally
829
- drill_data = execute_drill(config, weeks, service, account, usage_type)
1026
+ drill_data = execute_drill(config, weeks, service, account, usage_type, resources, dimension, selected_backend)
1027
+
1028
+ # Handle resource-level output differently
1029
+ if resources:
1030
+ from cost_calculator.cur import format_resource_output
1031
+ output_text = format_resource_output(drill_data)
1032
+ click.echo(output_text)
1033
+ return
830
1034
 
831
1035
  if json_output:
832
1036
  # Output as JSON
@@ -999,5 +1203,1302 @@ def profile(operation, name, accounts, description):
999
1203
  click.echo(result.get('message', 'Operation completed'))
1000
1204
 
1001
1205
 
1206
+ @cli.command()
1207
+ @click.option('--profile', required=True, help='Profile name')
1208
+ @click.option('--sso', help='AWS SSO profile to use')
1209
+ @click.option('--weeks', default=8, help='Number of weeks to analyze')
1210
+ @click.option('--account', help='Focus on specific account ID')
1211
+ @click.option('--service', help='Focus on specific service')
1212
+ @click.option('--no-cloudtrail', is_flag=True, help='Skip CloudTrail analysis (faster)')
1213
+ @click.option('--output', default='investigation_report.md', help='Output file path')
1214
+ def investigate(profile, sso, weeks, account, service, no_cloudtrail, output):
1215
+ """
1216
+ Multi-stage cost investigation:
1217
+ 1. Analyze cost trends and drill-downs
1218
+ 2. Inventory actual resources in problem accounts
1219
+ 3. Analyze CloudTrail events (optional)
1220
+ 4. Generate comprehensive report
1221
+ """
1222
+ from cost_calculator.executor import execute_trends, execute_drill, get_credentials_dict
1223
+ from cost_calculator.api_client import call_lambda_api, is_api_configured
1224
+ from cost_calculator.forensics import format_investigation_report
1225
+ from datetime import datetime, timedelta
1226
+
1227
+ click.echo("=" * 80)
1228
+ click.echo("COST INVESTIGATION")
1229
+ click.echo("=" * 80)
1230
+ click.echo(f"Profile: {profile}")
1231
+ click.echo(f"Weeks: {weeks}")
1232
+ if account:
1233
+ click.echo(f"Account: {account}")
1234
+ if service:
1235
+ click.echo(f"Service: {service}")
1236
+ click.echo("")
1237
+
1238
+ # Load profile
1239
+ config = load_profile(profile)
1240
+
1241
+ # Override with SSO if provided
1242
+ if sso:
1243
+ config['aws_profile'] = sso
1244
+
1245
+ # Validate that we have a way to get credentials
1246
+ if 'aws_profile' not in config and 'credentials' not in config:
1247
+ import subprocess
1248
+ try:
1249
+ result = subprocess.run(
1250
+ ['aws', 'configure', 'list-profiles'],
1251
+ capture_output=True,
1252
+ text=True,
1253
+ timeout=5
1254
+ )
1255
+ available = result.stdout.strip().split('\n') if result.returncode == 0 else []
1256
+ suggestion = f"\nAvailable AWS profiles: {', '.join(available[:5])}" if available else ""
1257
+ except:
1258
+ suggestion = ""
1259
+
1260
+ raise click.ClickException(
1261
+ f"Profile '{profile}' has no AWS authentication configured.\n"
1262
+ f"Use --sso flag to specify your AWS SSO profile:\n"
1263
+ f" cc investigate --profile {profile} --sso YOUR_AWS_PROFILE{suggestion}"
1264
+ )
1265
+
1266
+ # Step 1: Cost Analysis
1267
+ click.echo("Step 1/3: Analyzing cost trends...")
1268
+ try:
1269
+ trends_data = execute_trends(config, weeks)
1270
+ click.echo(f"✓ Found cost data for {weeks} weeks")
1271
+ except Exception as e:
1272
+ click.echo(f"✗ Error analyzing trends: {str(e)}")
1273
+ trends_data = None
1274
+
1275
+ # Step 2: Drill-down
1276
+ click.echo("\nStep 2/3: Drilling down into costs...")
1277
+ drill_data = None
1278
+ if service or account:
1279
+ try:
1280
+ drill_data = execute_drill(config, weeks, service, account, None, False)
1281
+ click.echo(f"✓ Drill-down complete")
1282
+ except Exception as e:
1283
+ click.echo(f"✗ Error in drill-down: {str(e)}")
1284
+
1285
+ # Step 3: Resource Inventory
1286
+ click.echo("\nStep 3/3: Inventorying resources...")
1287
+ inventories = []
1288
+ cloudtrail_analyses = []
1289
+
1290
+ # Determine which accounts to investigate
1291
+ accounts_to_investigate = []
1292
+ if account:
1293
+ accounts_to_investigate = [account]
1294
+ else:
1295
+ # Extract top cost accounts from trends/drill data
1296
+ # For now, we'll need the user to specify
1297
+ click.echo("⚠️ No account specified. Use --account to inventory resources.")
1298
+
1299
+ # For each account, do inventory and CloudTrail via backend API
1300
+ for acc_id in accounts_to_investigate:
1301
+ click.echo(f"\n Investigating account {acc_id}...")
1302
+
1303
+ # Get credentials (SSO or static)
1304
+ account_creds = get_credentials_dict(config)
1305
+ if not account_creds:
1306
+ click.echo(f" ⚠️ No credentials available for account")
1307
+ continue
1308
+
1309
+ # Inventory resources via backend API only
1310
+ if not is_api_configured():
1311
+ click.echo(f" ✗ API not configured. Set COST_API_SECRET environment variable.")
1312
+ continue
1313
+
1314
+ try:
1315
+ regions = ['us-west-2', 'us-east-1', 'eu-west-1']
1316
+ for region in regions:
1317
+ try:
1318
+ inv = call_lambda_api(
1319
+ 'forensics',
1320
+ account_creds,
1321
+ [], # accounts not needed for forensics
1322
+ operation='inventory',
1323
+ account_id=acc_id,
1324
+ region=region
1325
+ )
1326
+
1327
+ if not inv.get('error'):
1328
+ inventories.append(inv)
1329
+ click.echo(f" ✓ Inventory complete for {region}")
1330
+ click.echo(f" - EC2: {len(inv['ec2_instances'])} instances")
1331
+ click.echo(f" - EFS: {len(inv['efs_file_systems'])} file systems ({inv.get('total_efs_size_gb', 0):,.0f} GB)")
1332
+ click.echo(f" - ELB: {len(inv['load_balancers'])} load balancers")
1333
+ break
1334
+ except Exception as e:
1335
+ continue
1336
+ except Exception as e:
1337
+ click.echo(f" ✗ Inventory error: {str(e)}")
1338
+
1339
+ # CloudTrail analysis via backend API only
1340
+ if not no_cloudtrail:
1341
+ if not is_api_configured():
1342
+ click.echo(f" ✗ CloudTrail skipped: API not configured")
1343
+ else:
1344
+ try:
1345
+ start_date = (datetime.now() - timedelta(days=weeks * 7)).isoformat() + 'Z'
1346
+ end_date = datetime.now().isoformat() + 'Z'
1347
+
1348
+ ct_analysis = call_lambda_api(
1349
+ 'forensics',
1350
+ account_creds,
1351
+ [],
1352
+ operation='cloudtrail',
1353
+ account_id=acc_id,
1354
+ start_date=start_date,
1355
+ end_date=end_date,
1356
+ region='us-west-2'
1357
+ )
1358
+
1359
+ cloudtrail_analyses.append(ct_analysis)
1360
+
1361
+ if ct_analysis.get('error'):
1362
+ click.echo(f" ⚠️ CloudTrail: {ct_analysis['error']}")
1363
+ else:
1364
+ click.echo(f" ✓ CloudTrail analysis complete")
1365
+ click.echo(f" - {len(ct_analysis['event_summary'])} event types")
1366
+ click.echo(f" - {len(ct_analysis['write_events'])} resource changes")
1367
+ except Exception as e:
1368
+ click.echo(f" ✗ CloudTrail error: {str(e)}")
1369
+
1370
+ # Generate report
1371
+ click.echo(f"\nGenerating report...")
1372
+ report = format_investigation_report(trends_data, inventories, cloudtrail_analyses if not no_cloudtrail else None)
1373
+
1374
+ # Write to file
1375
+ with open(output, 'w') as f:
1376
+ f.write(report)
1377
+
1378
+ click.echo(f"\n✓ Investigation complete!")
1379
+ click.echo(f"✓ Report saved to: {output}")
1380
+ click.echo("")
1381
+
1382
+
1383
+ def find_account_profile(account_id):
1384
+ """
1385
+ Find the SSO profile name for a given account ID
1386
+ Returns profile name or None
1387
+ """
1388
+ import subprocess
1389
+
1390
+ try:
1391
+ # Get list of profiles
1392
+ result = subprocess.run(
1393
+ ['aws', 'configure', 'list-profiles'],
1394
+ capture_output=True,
1395
+ text=True
1396
+ )
1397
+
1398
+ profiles = result.stdout.strip().split('\n')
1399
+
1400
+ # Check each profile
1401
+ for profile in profiles:
1402
+ try:
1403
+ result = subprocess.run(
1404
+ ['aws', 'sts', 'get-caller-identity', '--profile', profile],
1405
+ capture_output=True,
1406
+ text=True,
1407
+ timeout=5
1408
+ )
1409
+
1410
+ if account_id in result.stdout:
1411
+ return profile
1412
+ except:
1413
+ continue
1414
+
1415
+ return None
1416
+ except:
1417
+ return None
1418
+
1419
+
1420
+ @cli.command()
1421
+ @click.option('--profile', required=True, help='Profile name')
1422
+ @click.option('--start-date', help='Start date (YYYY-MM-DD)')
1423
+ @click.option('--end-date', help='End date (YYYY-MM-DD)')
1424
+ @click.option('--days', type=int, default=10, help='Number of days to analyze (default: 10)')
1425
+ @click.option('--service', help='Filter by service name')
1426
+ @click.option('--account', help='Filter by account ID')
1427
+ @click.option('--sso', help='AWS SSO profile name')
1428
+ @click.option('--json', 'output_json', is_flag=True, help='Output as JSON')
1429
+ def daily(profile, start_date, end_date, days, service, account, sso, output_json):
1430
+ """
1431
+ Get daily cost breakdown with granular detail.
1432
+
1433
+ Shows day-by-day costs for specific services and accounts, useful for:
1434
+ - Identifying cost spikes on specific dates
1435
+ - Validating daily cost patterns
1436
+ - Calculating precise daily averages
1437
+
1438
+ Examples:
1439
+ # Last 10 days of CloudWatch costs for specific account
1440
+ cc daily --profile khoros --days 10 --service AmazonCloudWatch --account 820054669588
1441
+
1442
+ # Custom date range with JSON output for automation
1443
+ cc daily --profile khoros --start-date 2025-10-28 --end-date 2025-11-06 --json
1444
+
1445
+ # Find high-cost days using jq
1446
+ cc daily --profile khoros --days 30 --json | jq '.daily_costs | map(select(.cost > 1000))'
1447
+ """
1448
+ # Load profile
1449
+ config = load_profile(profile)
1450
+
1451
+ # Apply SSO if provided
1452
+ if sso:
1453
+ config['aws_profile'] = sso
1454
+
1455
+ # Calculate date range
1456
+ if end_date:
1457
+ end = datetime.strptime(end_date, '%Y-%m-%d')
1458
+ else:
1459
+ end = datetime.now()
1460
+
1461
+ if start_date:
1462
+ start = datetime.strptime(start_date, '%Y-%m-%d')
1463
+ else:
1464
+ start = end - timedelta(days=days)
1465
+
1466
+ click.echo(f"Daily breakdown: {start.strftime('%Y-%m-%d')} to {end.strftime('%Y-%m-%d')}")
1467
+ if service:
1468
+ click.echo(f"Service filter: {service}")
1469
+ if account:
1470
+ click.echo(f"Account filter: {account}")
1471
+ click.echo("")
1472
+
1473
+ # Get credentials
1474
+ try:
1475
+ if 'aws_profile' in config:
1476
+ session = boto3.Session(profile_name=config['aws_profile'])
1477
+ else:
1478
+ creds = config['credentials']
1479
+ session = boto3.Session(
1480
+ aws_access_key_id=creds['aws_access_key_id'],
1481
+ aws_secret_access_key=creds['aws_secret_access_key'],
1482
+ aws_session_token=creds.get('aws_session_token')
1483
+ )
1484
+
1485
+ ce_client = session.client('ce', region_name='us-east-1')
1486
+
1487
+ # Build filter
1488
+ filter_parts = []
1489
+
1490
+ # Account filter
1491
+ if account:
1492
+ filter_parts.append({
1493
+ "Dimensions": {
1494
+ "Key": "LINKED_ACCOUNT",
1495
+ "Values": [account]
1496
+ }
1497
+ })
1498
+ else:
1499
+ filter_parts.append({
1500
+ "Dimensions": {
1501
+ "Key": "LINKED_ACCOUNT",
1502
+ "Values": config['accounts']
1503
+ }
1504
+ })
1505
+
1506
+ # Service filter
1507
+ if service:
1508
+ filter_parts.append({
1509
+ "Dimensions": {
1510
+ "Key": "SERVICE",
1511
+ "Values": [service]
1512
+ }
1513
+ })
1514
+
1515
+ # Exclude support and tax
1516
+ filter_parts.append({
1517
+ "Not": {
1518
+ "Dimensions": {
1519
+ "Key": "RECORD_TYPE",
1520
+ "Values": ["Tax", "Support"]
1521
+ }
1522
+ }
1523
+ })
1524
+
1525
+ cost_filter = {"And": filter_parts} if len(filter_parts) > 1 else filter_parts[0]
1526
+
1527
+ # Get daily costs
1528
+ response = ce_client.get_cost_and_usage(
1529
+ TimePeriod={
1530
+ 'Start': start.strftime('%Y-%m-%d'),
1531
+ 'End': (end + timedelta(days=1)).strftime('%Y-%m-%d')
1532
+ },
1533
+ Granularity='DAILY',
1534
+ Metrics=['UnblendedCost'],
1535
+ Filter=cost_filter
1536
+ )
1537
+
1538
+ # Collect results
1539
+ daily_costs = []
1540
+ total = 0
1541
+ for day in response['ResultsByTime']:
1542
+ date = day['TimePeriod']['Start']
1543
+ cost = float(day['Total']['UnblendedCost']['Amount'])
1544
+ total += cost
1545
+ daily_costs.append({'date': date, 'cost': cost})
1546
+
1547
+ num_days = len(response['ResultsByTime'])
1548
+ daily_avg = total / num_days if num_days > 0 else 0
1549
+ annual = daily_avg * 365
1550
+
1551
+ # Output results
1552
+ if output_json:
1553
+ import json
1554
+ result = {
1555
+ 'period': {
1556
+ 'start': start.strftime('%Y-%m-%d'),
1557
+ 'end': end.strftime('%Y-%m-%d'),
1558
+ 'days': num_days
1559
+ },
1560
+ 'filters': {
1561
+ 'service': service,
1562
+ 'account': account
1563
+ },
1564
+ 'daily_costs': daily_costs,
1565
+ 'summary': {
1566
+ 'total': total,
1567
+ 'daily_avg': daily_avg,
1568
+ 'annual_projection': annual
1569
+ }
1570
+ }
1571
+ click.echo(json.dumps(result, indent=2))
1572
+ else:
1573
+ click.echo("Date | Cost")
1574
+ click.echo("-----------|-----------")
1575
+ for item in daily_costs:
1576
+ click.echo(f"{item['date']} | ${item['cost']:,.2f}")
1577
+ click.echo("-----------|-----------")
1578
+ click.echo(f"Total | ${total:,.2f}")
1579
+ click.echo(f"Daily Avg | ${daily_avg:,.2f}")
1580
+ click.echo(f"Annual | ${annual:,.0f}")
1581
+
1582
+ except Exception as e:
1583
+ raise click.ClickException(f"Failed to get daily costs: {e}")
1584
+
1585
+
1586
+ @cli.command()
1587
+ @click.option('--profile', required=True, help='Profile name')
1588
+ @click.option('--account', help='Account ID to compare')
1589
+ @click.option('--service', help='Service to compare')
1590
+ @click.option('--before', required=True, help='Before period (YYYY-MM-DD:YYYY-MM-DD)')
1591
+ @click.option('--after', required=True, help='After period (YYYY-MM-DD:YYYY-MM-DD)')
1592
+ @click.option('--expected-reduction', type=float, help='Expected reduction percentage')
1593
+ @click.option('--sso', help='AWS SSO profile name')
1594
+ @click.option('--json', 'output_json', is_flag=True, help='Output as JSON')
1595
+ def compare(profile, account, service, before, after, expected_reduction, sso, output_json):
1596
+ """
1597
+ Compare costs between two periods for validation and analysis.
1598
+
1599
+ Perfect for:
1600
+ - Validating cost optimization savings
1601
+ - Before/after migration analysis
1602
+ - Measuring impact of infrastructure changes
1603
+ - Automated savings validation in CI/CD
1604
+
1605
+ Examples:
1606
+ # Validate Datadog migration savings (expect 50% reduction)
1607
+ cc compare --profile khoros --account 180770971501 --service AmazonCloudWatch \
1608
+ --before "2025-10-28:2025-11-06" --after "2025-11-17:2025-11-26" --expected-reduction 50
1609
+
1610
+ # Compare total costs across all accounts
1611
+ cc compare --profile khoros --before "2025-10-01:2025-10-31" --after "2025-11-01:2025-11-30"
1612
+
1613
+ # JSON output for automated validation
1614
+ cc compare --profile khoros --service EC2 --before "2025-10-01:2025-10-07" \
1615
+ --after "2025-11-08:2025-11-14" --json | jq '.comparison.met_expectation'
1616
+ """
1617
+ # Load profile
1618
+ config = load_profile(profile)
1619
+
1620
+ # Apply SSO if provided
1621
+ if sso:
1622
+ config['aws_profile'] = sso
1623
+
1624
+ # Parse periods
1625
+ try:
1626
+ before_start, before_end = before.split(':')
1627
+ after_start, after_end = after.split(':')
1628
+ except ValueError:
1629
+ raise click.ClickException("Period format must be 'YYYY-MM-DD:YYYY-MM-DD'")
1630
+
1631
+ if not output_json:
1632
+ click.echo(f"Comparing periods:")
1633
+ click.echo(f" Before: {before_start} to {before_end}")
1634
+ click.echo(f" After: {after_start} to {after_end}")
1635
+ if service:
1636
+ click.echo(f" Service: {service}")
1637
+ if account:
1638
+ click.echo(f" Account: {account}")
1639
+ click.echo("")
1640
+
1641
+ # Get credentials
1642
+ try:
1643
+ if 'aws_profile' in config:
1644
+ session = boto3.Session(profile_name=config['aws_profile'])
1645
+ else:
1646
+ creds = config['credentials']
1647
+ session = boto3.Session(
1648
+ aws_access_key_id=creds['aws_access_key_id'],
1649
+ aws_secret_access_key=creds['aws_secret_access_key'],
1650
+ aws_session_token=creds.get('aws_session_token')
1651
+ )
1652
+
1653
+ ce_client = session.client('ce', region_name='us-east-1')
1654
+
1655
+ # Build filter
1656
+ def build_filter():
1657
+ filter_parts = []
1658
+
1659
+ if account:
1660
+ filter_parts.append({
1661
+ "Dimensions": {
1662
+ "Key": "LINKED_ACCOUNT",
1663
+ "Values": [account]
1664
+ }
1665
+ })
1666
+ else:
1667
+ filter_parts.append({
1668
+ "Dimensions": {
1669
+ "Key": "LINKED_ACCOUNT",
1670
+ "Values": config['accounts']
1671
+ }
1672
+ })
1673
+
1674
+ if service:
1675
+ filter_parts.append({
1676
+ "Dimensions": {
1677
+ "Key": "SERVICE",
1678
+ "Values": [service]
1679
+ }
1680
+ })
1681
+
1682
+ filter_parts.append({
1683
+ "Not": {
1684
+ "Dimensions": {
1685
+ "Key": "RECORD_TYPE",
1686
+ "Values": ["Tax", "Support"]
1687
+ }
1688
+ }
1689
+ })
1690
+
1691
+ return {"And": filter_parts} if len(filter_parts) > 1 else filter_parts[0]
1692
+
1693
+ cost_filter = build_filter()
1694
+
1695
+ # Get before period costs
1696
+ before_response = ce_client.get_cost_and_usage(
1697
+ TimePeriod={
1698
+ 'Start': before_start,
1699
+ 'End': (datetime.strptime(before_end, '%Y-%m-%d') + timedelta(days=1)).strftime('%Y-%m-%d')
1700
+ },
1701
+ Granularity='DAILY',
1702
+ Metrics=['UnblendedCost'],
1703
+ Filter=cost_filter
1704
+ )
1705
+
1706
+ # Get after period costs
1707
+ after_response = ce_client.get_cost_and_usage(
1708
+ TimePeriod={
1709
+ 'Start': after_start,
1710
+ 'End': (datetime.strptime(after_end, '%Y-%m-%d') + timedelta(days=1)).strftime('%Y-%m-%d')
1711
+ },
1712
+ Granularity='DAILY',
1713
+ Metrics=['UnblendedCost'],
1714
+ Filter=cost_filter
1715
+ )
1716
+
1717
+ # Calculate totals
1718
+ before_total = sum(float(day['Total']['UnblendedCost']['Amount']) for day in before_response['ResultsByTime'])
1719
+ after_total = sum(float(day['Total']['UnblendedCost']['Amount']) for day in after_response['ResultsByTime'])
1720
+
1721
+ before_days = len(before_response['ResultsByTime'])
1722
+ after_days = len(after_response['ResultsByTime'])
1723
+
1724
+ before_daily = before_total / before_days if before_days > 0 else 0
1725
+ after_daily = after_total / after_days if after_days > 0 else 0
1726
+
1727
+ reduction = before_daily - after_daily
1728
+ reduction_pct = (reduction / before_daily * 100) if before_daily > 0 else 0
1729
+ annual_savings = reduction * 365
1730
+
1731
+ # Output results
1732
+ if output_json:
1733
+ import json
1734
+ result = {
1735
+ 'before': {
1736
+ 'period': {'start': before_start, 'end': before_end},
1737
+ 'total': before_total,
1738
+ 'daily_avg': before_daily,
1739
+ 'days': before_days
1740
+ },
1741
+ 'after': {
1742
+ 'period': {'start': after_start, 'end': after_end},
1743
+ 'total': after_total,
1744
+ 'daily_avg': after_daily,
1745
+ 'days': after_days
1746
+ },
1747
+ 'comparison': {
1748
+ 'daily_reduction': reduction,
1749
+ 'reduction_pct': reduction_pct,
1750
+ 'annual_savings': annual_savings
1751
+ }
1752
+ }
1753
+
1754
+ if expected_reduction is not None:
1755
+ result['comparison']['expected_reduction_pct'] = expected_reduction
1756
+ result['comparison']['met_expectation'] = reduction_pct >= expected_reduction
1757
+
1758
+ click.echo(json.dumps(result, indent=2))
1759
+ else:
1760
+ click.echo("Before Period:")
1761
+ click.echo(f" Total: ${before_total:,.2f}")
1762
+ click.echo(f" Daily Avg: ${before_daily:,.2f}")
1763
+ click.echo(f" Days: {before_days}")
1764
+ click.echo("")
1765
+ click.echo("After Period:")
1766
+ click.echo(f" Total: ${after_total:,.2f}")
1767
+ click.echo(f" Daily Avg: ${after_daily:,.2f}")
1768
+ click.echo(f" Days: {after_days}")
1769
+ click.echo("")
1770
+ click.echo("Comparison:")
1771
+ click.echo(f" Daily Reduction: ${reduction:,.2f}")
1772
+ click.echo(f" Reduction %: {reduction_pct:.1f}%")
1773
+ click.echo(f" Annual Savings: ${annual_savings:,.0f}")
1774
+
1775
+ if expected_reduction is not None:
1776
+ click.echo("")
1777
+ if reduction_pct >= expected_reduction:
1778
+ click.echo(f"✅ Savings achieved: {reduction_pct:.1f}% (expected {expected_reduction}%)")
1779
+ else:
1780
+ click.echo(f"⚠️ Below target: {reduction_pct:.1f}% (expected {expected_reduction}%)")
1781
+
1782
+ except Exception as e:
1783
+ raise click.ClickException(f"Comparison failed: {e}")
1784
+
1785
+
1786
+ @cli.command()
1787
+ @click.option('--profile', required=True, help='Profile name')
1788
+ @click.option('--tag-key', required=True, help='Tag key to filter by')
1789
+ @click.option('--tag-value', help='Tag value to filter by (optional)')
1790
+ @click.option('--start-date', help='Start date (YYYY-MM-DD)')
1791
+ @click.option('--end-date', help='End date (YYYY-MM-DD)')
1792
+ @click.option('--days', type=int, default=30, help='Number of days to analyze (default: 30)')
1793
+ @click.option('--sso', help='AWS SSO profile name')
1794
+ @click.option('--json', 'output_json', is_flag=True, help='Output as JSON')
1795
+ def tags(profile, tag_key, tag_value, start_date, end_date, days, sso, output_json):
1796
+ """
1797
+ Analyze costs grouped by resource tags for cost attribution.
1798
+
1799
+ Useful for:
1800
+ - Cost allocation by team, project, or environment
1801
+ - Identifying untagged resources (cost attribution gaps)
1802
+ - Tracking costs by cost center or department
1803
+ - Validating tagging compliance
1804
+
1805
+ Examples:
1806
+ # See all costs by Environment tag
1807
+ cc tags --profile khoros --tag-key "Environment" --days 30
1808
+
1809
+ # Filter to specific tag value
1810
+ cc tags --profile khoros --tag-key "Team" --tag-value "Platform" --days 30
1811
+
1812
+ # Find top cost centers with JSON output
1813
+ cc tags --profile khoros --tag-key "CostCenter" --days 30 --json | \
1814
+ jq '.tag_costs | sort_by(-.cost) | .[:5]'
1815
+
1816
+ # Identify untagged resources (look for empty tag values)
1817
+ cc tags --profile khoros --tag-key "Owner" --days 7
1818
+ """
1819
+ # Load profile
1820
+ config = load_profile(profile)
1821
+
1822
+ # Apply SSO if provided
1823
+ if sso:
1824
+ config['aws_profile'] = sso
1825
+
1826
+ # Calculate date range
1827
+ if end_date:
1828
+ end = datetime.strptime(end_date, '%Y-%m-%d')
1829
+ else:
1830
+ end = datetime.now()
1831
+
1832
+ if start_date:
1833
+ start = datetime.strptime(start_date, '%Y-%m-%d')
1834
+ else:
1835
+ start = end - timedelta(days=days)
1836
+
1837
+ if not output_json:
1838
+ click.echo(f"Tag-based cost analysis: {start.strftime('%Y-%m-%d')} to {end.strftime('%Y-%m-%d')}")
1839
+ click.echo(f"Tag key: {tag_key}")
1840
+ if tag_value:
1841
+ click.echo(f"Tag value: {tag_value}")
1842
+ click.echo("")
1843
+
1844
+ # Get credentials
1845
+ try:
1846
+ if 'aws_profile' in config:
1847
+ session = boto3.Session(profile_name=config['aws_profile'])
1848
+ else:
1849
+ creds = config['credentials']
1850
+ session = boto3.Session(
1851
+ aws_access_key_id=creds['aws_access_key_id'],
1852
+ aws_secret_access_key=creds['aws_secret_access_key'],
1853
+ aws_session_token=creds.get('aws_session_token')
1854
+ )
1855
+
1856
+ ce_client = session.client('ce', region_name='us-east-1')
1857
+
1858
+ # Build filter
1859
+ filter_parts = [
1860
+ {
1861
+ "Dimensions": {
1862
+ "Key": "LINKED_ACCOUNT",
1863
+ "Values": config['accounts']
1864
+ }
1865
+ },
1866
+ {
1867
+ "Not": {
1868
+ "Dimensions": {
1869
+ "Key": "RECORD_TYPE",
1870
+ "Values": ["Tax", "Support"]
1871
+ }
1872
+ }
1873
+ }
1874
+ ]
1875
+
1876
+ # Add tag filter if value specified
1877
+ if tag_value:
1878
+ filter_parts.append({
1879
+ "Tags": {
1880
+ "Key": tag_key,
1881
+ "Values": [tag_value]
1882
+ }
1883
+ })
1884
+
1885
+ cost_filter = {"And": filter_parts}
1886
+
1887
+ # Get costs grouped by tag values
1888
+ response = ce_client.get_cost_and_usage(
1889
+ TimePeriod={
1890
+ 'Start': start.strftime('%Y-%m-%d'),
1891
+ 'End': (end + timedelta(days=1)).strftime('%Y-%m-%d')
1892
+ },
1893
+ Granularity='MONTHLY',
1894
+ Metrics=['UnblendedCost'],
1895
+ GroupBy=[{
1896
+ 'Type': 'TAG',
1897
+ 'Key': tag_key
1898
+ }],
1899
+ Filter=cost_filter
1900
+ )
1901
+
1902
+ # Collect results
1903
+ tag_costs = {}
1904
+ for period in response['ResultsByTime']:
1905
+ for group in period['Groups']:
1906
+ tag_val = group['Keys'][0].split('$')[1] if '$' in group['Keys'][0] else group['Keys'][0]
1907
+ cost = float(group['Metrics']['UnblendedCost']['Amount'])
1908
+ tag_costs[tag_val] = tag_costs.get(tag_val, 0) + cost
1909
+
1910
+ # Sort by cost
1911
+ sorted_tags = sorted(tag_costs.items(), key=lambda x: x[1], reverse=True)
1912
+
1913
+ total = sum(tag_costs.values())
1914
+ num_days = (end - start).days
1915
+ daily_avg = total / num_days if num_days > 0 else 0
1916
+
1917
+ # Output results
1918
+ if output_json:
1919
+ import json
1920
+ result = {
1921
+ 'period': {
1922
+ 'start': start.strftime('%Y-%m-%d'),
1923
+ 'end': end.strftime('%Y-%m-%d'),
1924
+ 'days': num_days
1925
+ },
1926
+ 'tag_key': tag_key,
1927
+ 'tag_value_filter': tag_value,
1928
+ 'tag_costs': [{'tag_value': k, 'cost': v, 'percentage': (v/total*100) if total > 0 else 0} for k, v in sorted_tags],
1929
+ 'summary': {
1930
+ 'total': total,
1931
+ 'daily_avg': daily_avg,
1932
+ 'annual_projection': daily_avg * 365
1933
+ }
1934
+ }
1935
+ click.echo(json.dumps(result, indent=2))
1936
+ else:
1937
+ click.echo(f"Tag Value{' '*(30-len('Tag Value'))} | Cost | %")
1938
+ click.echo("-" * 60)
1939
+ for tag_val, cost in sorted_tags:
1940
+ pct = (cost / total * 100) if total > 0 else 0
1941
+ tag_display = tag_val[:30].ljust(30)
1942
+ click.echo(f"{tag_display} | ${cost:>9,.2f} | {pct:>5.1f}%")
1943
+ click.echo("-" * 60)
1944
+ click.echo(f"{'Total'.ljust(30)} | ${total:>9,.2f} | 100.0%")
1945
+ click.echo("")
1946
+ click.echo(f"Daily Avg: ${daily_avg:,.2f}")
1947
+ click.echo(f"Annual Projection: ${daily_avg * 365:,.0f}")
1948
+
1949
+ except Exception as e:
1950
+ raise click.ClickException(f"Tag analysis failed: {e}")
1951
+
1952
+
1953
+ @cli.command()
1954
+ @click.option('--profile', required=True, help='Profile name')
1955
+ @click.option('--query', required=True, help='SQL query to execute')
1956
+ @click.option('--database', default='athenacurcfn_cloud_intelligence_dashboard', help='Athena database name')
1957
+ @click.option('--output-bucket', help='S3 bucket for query results (default: from profile)')
1958
+ @click.option('--sso', help='AWS SSO profile name')
1959
+ def query(profile, query, database, output_bucket, sso):
1960
+ """
1961
+ Execute custom Athena SQL query on CUR data
1962
+
1963
+ Example:
1964
+ cc query --profile khoros --query "SELECT line_item_usage_account_id, SUM(line_item_unblended_cost) as cost FROM cloud_intelligence_dashboard WHERE line_item_usage_start_date >= DATE '2025-11-01' GROUP BY 1 ORDER BY 2 DESC LIMIT 10"
1965
+ """
1966
+ # Load profile
1967
+ config = load_profile(profile)
1968
+
1969
+ # Apply SSO if provided
1970
+ if sso:
1971
+ config['aws_profile'] = sso
1972
+
1973
+ # Get credentials
1974
+ try:
1975
+ if 'aws_profile' in config:
1976
+ session = boto3.Session(profile_name=config['aws_profile'])
1977
+ else:
1978
+ creds = config['credentials']
1979
+ session = boto3.Session(
1980
+ aws_access_key_id=creds['aws_access_key_id'],
1981
+ aws_secret_access_key=creds['aws_secret_access_key'],
1982
+ aws_session_token=creds.get('aws_session_token')
1983
+ )
1984
+
1985
+ athena_client = session.client('athena', region_name='us-east-1')
1986
+
1987
+ # Default output location
1988
+ if not output_bucket:
1989
+ output_bucket = 's3://khoros-finops-athena/athena/'
1990
+
1991
+ click.echo(f"Executing query on database: {database}")
1992
+ click.echo(f"Output location: {output_bucket}")
1993
+ click.echo("")
1994
+
1995
+ # Execute query
1996
+ response = athena_client.start_query_execution(
1997
+ QueryString=query,
1998
+ QueryExecutionContext={'Database': database},
1999
+ ResultConfiguration={'OutputLocation': output_bucket}
2000
+ )
2001
+
2002
+ query_id = response['QueryExecutionId']
2003
+ click.echo(f"Query ID: {query_id}")
2004
+ click.echo("Waiting for query to complete...")
2005
+
2006
+ # Wait for completion
2007
+ import time
2008
+ max_wait = 60
2009
+ waited = 0
2010
+ while waited < max_wait:
2011
+ status_response = athena_client.get_query_execution(QueryExecutionId=query_id)
2012
+ status = status_response['QueryExecution']['Status']['State']
2013
+
2014
+ if status == 'SUCCEEDED':
2015
+ click.echo("✓ Query completed successfully")
2016
+ break
2017
+ elif status in ['FAILED', 'CANCELLED']:
2018
+ reason = status_response['QueryExecution']['Status'].get('StateChangeReason', 'Unknown')
2019
+ raise click.ClickException(f"Query {status}: {reason}")
2020
+
2021
+ time.sleep(2)
2022
+ waited += 2
2023
+
2024
+ if waited >= max_wait:
2025
+ raise click.ClickException(f"Query timeout after {max_wait}s. Check query ID: {query_id}")
2026
+
2027
+ # Get results
2028
+ results = athena_client.get_query_results(QueryExecutionId=query_id)
2029
+
2030
+ # Display results
2031
+ rows = results['ResultSet']['Rows']
2032
+ if not rows:
2033
+ click.echo("No results returned")
2034
+ return
2035
+
2036
+ # Header
2037
+ headers = [col['VarCharValue'] for col in rows[0]['Data']]
2038
+ click.echo(" | ".join(headers))
2039
+ click.echo("-" * (len(" | ".join(headers))))
2040
+
2041
+ # Data rows
2042
+ for row in rows[1:]:
2043
+ values = [col.get('VarCharValue', '') for col in row['Data']]
2044
+ click.echo(" | ".join(values))
2045
+
2046
+ click.echo("")
2047
+ click.echo(f"Returned {len(rows)-1} rows")
2048
+
2049
+ except Exception as e:
2050
+ raise click.ClickException(f"Query failed: {e}")
2051
+
2052
+
2053
+ @cli.group()
2054
+ def exclusions():
2055
+ """
2056
+ Manage cost exclusions (services/types to exclude from calculations).
2057
+
2058
+ Exclusions are stored in DynamoDB and apply globally or per-profile.
2059
+ Common exclusions: Tax, Support, OCBLateFee, Refunds, Credits
2060
+ """
2061
+ pass
2062
+
2063
+
2064
+ @exclusions.command('show')
2065
+ @click.option('--profile', help='Show profile-specific exclusions (default: global)')
2066
+ @click.option('--json', 'output_json', is_flag=True, help='Output as JSON')
2067
+ def show_exclusions(profile, output_json):
2068
+ """Show current exclusions configuration"""
2069
+ import requests
2070
+
2071
+ api_secret = get_api_secret()
2072
+ if not api_secret:
2073
+ raise click.ClickException(
2074
+ "No API secret configured.\n"
2075
+ "Run: cc configure --api-secret YOUR_SECRET"
2076
+ )
2077
+
2078
+ try:
2079
+ response = requests.post(
2080
+ PROFILES_API_URL,
2081
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2082
+ json={'operation': 'get_exclusions', 'profile_name': profile},
2083
+ timeout=10
2084
+ )
2085
+
2086
+ if response.status_code == 200:
2087
+ exclusions_data = response.json().get('exclusions', {})
2088
+
2089
+ if output_json:
2090
+ click.echo(json.dumps(exclusions_data, indent=2))
2091
+ else:
2092
+ scope = profile if profile else "global"
2093
+ click.echo(f"Exclusions ({scope}):")
2094
+ click.echo("")
2095
+
2096
+ if exclusions_data.get('record_types'):
2097
+ click.echo("Record Types:")
2098
+ for rt in exclusions_data['record_types']:
2099
+ click.echo(f" - {rt}")
2100
+ click.echo("")
2101
+
2102
+ if exclusions_data.get('services'):
2103
+ click.echo("Services:")
2104
+ for svc in exclusions_data['services']:
2105
+ click.echo(f" - {svc}")
2106
+ click.echo("")
2107
+
2108
+ if exclusions_data.get('line_item_types'):
2109
+ click.echo("Line Item Types:")
2110
+ for lit in exclusions_data['line_item_types']:
2111
+ click.echo(f" - {lit}")
2112
+ click.echo("")
2113
+
2114
+ if exclusions_data.get('usage_types'):
2115
+ click.echo("Usage Types:")
2116
+ for ut in exclusions_data['usage_types']:
2117
+ click.echo(f" - {ut}")
2118
+ else:
2119
+ raise click.ClickException(f"Failed to fetch exclusions: {response.status_code}")
2120
+
2121
+ except requests.exceptions.RequestException as e:
2122
+ raise click.ClickException(f"API request failed: {e}")
2123
+
2124
+
2125
+ @exclusions.command('add')
2126
+ @click.option('--record-type', help='Add record type exclusion (e.g., Tax, Support)')
2127
+ @click.option('--service', help='Add service exclusion (e.g., OCBLateFee)')
2128
+ @click.option('--line-item-type', help='Add line item type exclusion (e.g., Refund, Credit)')
2129
+ @click.option('--usage-type', help='Add usage type exclusion')
2130
+ @click.option('--profile', help='Add to profile-specific exclusions (default: global)')
2131
+ def add_exclusion(record_type, service, line_item_type, usage_type, profile):
2132
+ """Add an exclusion"""
2133
+ import requests
2134
+
2135
+ if not any([record_type, service, line_item_type, usage_type]):
2136
+ raise click.ClickException(
2137
+ "Must specify at least one of: --record-type, --service, --line-item-type, --usage-type"
2138
+ )
2139
+
2140
+ api_secret = get_api_secret()
2141
+ if not api_secret:
2142
+ raise click.ClickException(
2143
+ "No API secret configured.\n"
2144
+ "Run: cc configure --api-secret YOUR_SECRET"
2145
+ )
2146
+
2147
+ # Get current exclusions
2148
+ try:
2149
+ response = requests.post(
2150
+ PROFILES_API_URL,
2151
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2152
+ json={'operation': 'get_exclusions', 'profile_name': profile},
2153
+ timeout=10
2154
+ )
2155
+
2156
+ if response.status_code == 200:
2157
+ exclusions_data = response.json().get('exclusions', {})
2158
+ else:
2159
+ exclusions_data = {
2160
+ 'record_types': [],
2161
+ 'services': [],
2162
+ 'line_item_types': [],
2163
+ 'usage_types': []
2164
+ }
2165
+
2166
+ # Add new exclusions
2167
+ if record_type and record_type not in exclusions_data.get('record_types', []):
2168
+ exclusions_data.setdefault('record_types', []).append(record_type)
2169
+
2170
+ if service and service not in exclusions_data.get('services', []):
2171
+ exclusions_data.setdefault('services', []).append(service)
2172
+
2173
+ if line_item_type and line_item_type not in exclusions_data.get('line_item_types', []):
2174
+ exclusions_data.setdefault('line_item_types', []).append(line_item_type)
2175
+
2176
+ if usage_type and usage_type not in exclusions_data.get('usage_types', []):
2177
+ exclusions_data.setdefault('usage_types', []).append(usage_type)
2178
+
2179
+ # Update exclusions
2180
+ update_response = requests.post(
2181
+ PROFILES_API_URL,
2182
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2183
+ json={
2184
+ 'operation': 'update_exclusions',
2185
+ 'profile_name': profile,
2186
+ 'record_types': exclusions_data.get('record_types', []),
2187
+ 'services': exclusions_data.get('services', []),
2188
+ 'line_item_types': exclusions_data.get('line_item_types', []),
2189
+ 'usage_types': exclusions_data.get('usage_types', [])
2190
+ },
2191
+ timeout=10
2192
+ )
2193
+
2194
+ if update_response.status_code == 200:
2195
+ scope = profile if profile else "global"
2196
+ click.echo(f"✓ Exclusion added to {scope} config")
2197
+ if record_type:
2198
+ click.echo(f" Record Type: {record_type}")
2199
+ if service:
2200
+ click.echo(f" Service: {service}")
2201
+ if line_item_type:
2202
+ click.echo(f" Line Item Type: {line_item_type}")
2203
+ if usage_type:
2204
+ click.echo(f" Usage Type: {usage_type}")
2205
+ else:
2206
+ raise click.ClickException(f"Failed to update exclusions: {update_response.status_code}")
2207
+
2208
+ except requests.exceptions.RequestException as e:
2209
+ raise click.ClickException(f"API request failed: {e}")
2210
+
2211
+
2212
+ @exclusions.command('remove')
2213
+ @click.option('--record-type', help='Remove record type exclusion')
2214
+ @click.option('--service', help='Remove service exclusion')
2215
+ @click.option('--line-item-type', help='Remove line item type exclusion')
2216
+ @click.option('--usage-type', help='Remove usage type exclusion')
2217
+ @click.option('--profile', help='Remove from profile-specific exclusions (default: global)')
2218
+ def remove_exclusion(record_type, service, line_item_type, usage_type, profile):
2219
+ """Remove an exclusion"""
2220
+ import requests
2221
+
2222
+ if not any([record_type, service, line_item_type, usage_type]):
2223
+ raise click.ClickException(
2224
+ "Must specify at least one of: --record-type, --service, --line-item-type, --usage-type"
2225
+ )
2226
+
2227
+ api_secret = get_api_secret()
2228
+ if not api_secret:
2229
+ raise click.ClickException(
2230
+ "No API secret configured.\n"
2231
+ "Run: cc configure --api-secret YOUR_SECRET"
2232
+ )
2233
+
2234
+ # Get current exclusions
2235
+ try:
2236
+ response = requests.post(
2237
+ PROFILES_API_URL,
2238
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2239
+ json={'operation': 'get_exclusions', 'profile_name': profile},
2240
+ timeout=10
2241
+ )
2242
+
2243
+ if response.status_code == 200:
2244
+ exclusions_data = response.json().get('exclusions', {})
2245
+ else:
2246
+ raise click.ClickException("No exclusions found")
2247
+
2248
+ # Remove exclusions
2249
+ if record_type and record_type in exclusions_data.get('record_types', []):
2250
+ exclusions_data['record_types'].remove(record_type)
2251
+
2252
+ if service and service in exclusions_data.get('services', []):
2253
+ exclusions_data['services'].remove(service)
2254
+
2255
+ if line_item_type and line_item_type in exclusions_data.get('line_item_types', []):
2256
+ exclusions_data['line_item_types'].remove(line_item_type)
2257
+
2258
+ if usage_type and usage_type in exclusions_data.get('usage_types', []):
2259
+ exclusions_data['usage_types'].remove(usage_type)
2260
+
2261
+ # Update exclusions
2262
+ update_response = requests.post(
2263
+ PROFILES_API_URL,
2264
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2265
+ json={
2266
+ 'operation': 'update_exclusions',
2267
+ 'profile_name': profile,
2268
+ 'record_types': exclusions_data.get('record_types', []),
2269
+ 'services': exclusions_data.get('services', []),
2270
+ 'line_item_types': exclusions_data.get('line_item_types', []),
2271
+ 'usage_types': exclusions_data.get('usage_types', [])
2272
+ },
2273
+ timeout=10
2274
+ )
2275
+
2276
+ if update_response.status_code == 200:
2277
+ scope = profile if profile else "global"
2278
+ click.echo(f"✓ Exclusion removed from {scope} config")
2279
+ else:
2280
+ raise click.ClickException(f"Failed to update exclusions: {update_response.status_code}")
2281
+
2282
+ except requests.exceptions.RequestException as e:
2283
+ raise click.ClickException(f"API request failed: {e}")
2284
+
2285
+
2286
+ @cli.command('trends-detailed')
2287
+ @click.option('--profile', required=True, help='Profile name')
2288
+ @click.option('--accounts', help='Comma-separated account IDs (optional, defaults to all profile accounts)')
2289
+ @click.option('--services', help='Comma-separated service names (optional, defaults to top N)')
2290
+ @click.option('--start-date', help='Start date (YYYY-MM-DD, defaults to 30 days before end-date)')
2291
+ @click.option('--end-date', help='End date (YYYY-MM-DD, defaults to T-2)')
2292
+ @click.option('--granularity', type=click.Choice(['DAILY', 'HOURLY'], case_sensitive=False), default='DAILY', help='Time granularity')
2293
+ @click.option('--top-n', type=int, default=20, help='Number of top services to return')
2294
+ @click.option('--filter-spikes/--no-filter-spikes', default=True, help='Filter out anomalous spikes (>100% day-over-day)')
2295
+ @click.option('--spike-threshold', type=float, default=2.0, help='Spike threshold multiplier (2.0 = 100% increase)')
2296
+ @click.option('--trendline', is_flag=True, help='Fit smooth trendline over spiky data (removes outliers)')
2297
+ @click.option('--outlier-threshold', type=float, default=2.5, help='Standard deviations from mean to consider outlier')
2298
+ @click.option('--output', default='trends_detailed.csv', help='Output CSV file')
2299
+ @click.option('--chart', is_flag=True, help='Generate trend chart (PNG)')
2300
+ @click.option('--json-output', is_flag=True, help='Output as JSON instead of CSV')
2301
+ @click.option('--sso', help='AWS SSO profile name')
2302
+ @click.option('--access-key-id', help='AWS Access Key ID')
2303
+ @click.option('--secret-access-key', help='AWS Secret Access Key')
2304
+ @click.option('--session-token', help='AWS Session Token')
2305
+ def trends_detailed(profile, accounts, services, start_date, end_date, granularity,
2306
+ top_n, filter_spikes, spike_threshold, trendline, outlier_threshold,
2307
+ output, chart, json_output,
2308
+ sso, access_key_id, secret_access_key, session_token):
2309
+ """
2310
+ Detailed cost trends with flexible granularity and filtering.
2311
+
2312
+ Supports:
2313
+ - Daily or Hourly granularity
2314
+ - Account filtering (specific accounts or all)
2315
+ - Service filtering (specific services or top N)
2316
+ - Spike detection and removal (one-time charges)
2317
+ - Automatic exclusions (Tax, Support, etc.)
2318
+
2319
+ Examples:
2320
+
2321
+ # Top 20 services for 2 specific accounts, daily, last 30 days
2322
+ cc trends-detailed --profile khoros --accounts "820054669588,180770971501" --sso khoros_umbrella
2323
+
2324
+ # Hourly granularity for specific date range
2325
+ cc trends-detailed --profile khoros --granularity HOURLY --start-date 2025-11-01 --end-date 2025-11-05 --sso khoros_umbrella
2326
+
2327
+ # Top 10 services with chart
2328
+ cc trends-detailed --profile khoros --top-n 10 --chart --sso khoros_umbrella
2329
+
2330
+ # Specific services only
2331
+ cc trends-detailed --profile khoros --services "EC2,RDS,CloudWatch" --sso khoros_umbrella
2332
+ """
2333
+ import requests
2334
+ from datetime import datetime, timedelta
2335
+
2336
+ # Load profile configuration
2337
+ config = load_profile(profile)
2338
+ config = apply_auth_options(config, sso, access_key_id, secret_access_key, session_token)
2339
+
2340
+ # Get credentials
2341
+ from cost_calculator.executor import get_credentials_dict
2342
+ credentials = get_credentials_dict(config)
2343
+ if not credentials:
2344
+ raise click.ClickException("Failed to get AWS credentials. Check your AWS SSO session.")
2345
+
2346
+ # Parse accounts and services
2347
+ account_list = [acc.strip() for acc in accounts.split(',')] if accounts else None
2348
+ service_list = [svc.strip() for svc in services.split(',')] if services else None
2349
+
2350
+ # Build request
2351
+ request_data = {
2352
+ 'profile': profile,
2353
+ 'credentials': credentials,
2354
+ 'granularity': granularity.upper(),
2355
+ 'top_n': top_n,
2356
+ 'filter_spikes': filter_spikes,
2357
+ 'spike_threshold': spike_threshold,
2358
+ 'fit_trendline': trendline,
2359
+ 'outlier_threshold': outlier_threshold
2360
+ }
2361
+
2362
+ if start_date:
2363
+ request_data['start_date'] = start_date
2364
+ if end_date:
2365
+ request_data['end_date'] = end_date
2366
+ if account_list:
2367
+ request_data['accounts'] = account_list
2368
+ if service_list:
2369
+ request_data['services'] = service_list
2370
+
2371
+ # Get API secret
2372
+ api_secret = get_api_secret()
2373
+ if not api_secret:
2374
+ raise click.ClickException(
2375
+ "No API secret configured.\n"
2376
+ "Run: cc configure --api-secret YOUR_SECRET"
2377
+ )
2378
+
2379
+ # Call API
2380
+ click.echo(f"Fetching {granularity.lower()} cost trends...")
2381
+ if account_list:
2382
+ click.echo(f" Accounts: {', '.join(account_list)}")
2383
+ if service_list:
2384
+ click.echo(f" Services: {', '.join(service_list)}")
2385
+ else:
2386
+ click.echo(f" Top {top_n} services")
2387
+ click.echo(f" Spike filtering: {'enabled' if filter_spikes else 'disabled'}")
2388
+ click.echo("")
2389
+
2390
+ try:
2391
+ response = requests.post(
2392
+ f"{API_BASE_URL}/trends-detailed",
2393
+ headers={'X-API-Secret': api_secret, 'Content-Type': 'application/json'},
2394
+ json=request_data,
2395
+ timeout=300 # 5 minutes for large queries
2396
+ )
2397
+
2398
+ if response.status_code != 200:
2399
+ raise click.ClickException(f"API call failed: {response.status_code} - {response.text}")
2400
+
2401
+ result = response.json()
2402
+
2403
+ if json_output:
2404
+ # Output as JSON
2405
+ click.echo(json.dumps(result, indent=2))
2406
+ else:
2407
+ # Generate CSV
2408
+ import csv
2409
+
2410
+ with open(output, 'w', newline='') as f:
2411
+ writer = csv.writer(f)
2412
+
2413
+ # Get all dates from first service
2414
+ if result['services']:
2415
+ dates = sorted(result['services'][0]['daily_costs'].keys())
2416
+
2417
+ # Header
2418
+ writer.writerow(['Service', 'Total', 'Daily Avg', 'Min', 'Max'] + dates)
2419
+
2420
+ # Data rows
2421
+ for service in result['services']:
2422
+ row = [
2423
+ service['name'],
2424
+ service['total'],
2425
+ service['daily_average'],
2426
+ service['min'],
2427
+ service['max']
2428
+ ]
2429
+ row.extend([service['daily_costs'].get(date, 0.0) for date in dates])
2430
+ writer.writerow(row)
2431
+
2432
+ click.echo(f"✓ Trends data saved to {output}")
2433
+
2434
+ # Show summary
2435
+ summary = result['summary']
2436
+ click.echo("")
2437
+ click.echo(f"Total Cost: ${summary['total_cost']:,.2f}")
2438
+ click.echo(f"Daily Average: ${summary['daily_average']:,.2f}")
2439
+ click.echo(f"Services: {summary['num_services']}")
2440
+ click.echo(f"Periods: {summary['num_periods']}")
2441
+
2442
+ # Generate chart if requested
2443
+ if chart:
2444
+ try:
2445
+ import matplotlib.pyplot as plt
2446
+ import matplotlib.dates as mdates
2447
+ from datetime import datetime as dt
2448
+
2449
+ chart_file = output.replace('.csv', '.png')
2450
+
2451
+ # Prepare data
2452
+ dates = sorted(result['services'][0]['daily_costs'].keys())
2453
+ date_objects = [dt.fromisoformat(d) for d in dates]
2454
+
2455
+ # Create plot
2456
+ fig, ax = plt.subplots(figsize=(16, 10))
2457
+
2458
+ for service in result['services'][:10]: # Top 10 only
2459
+ costs = [service['daily_costs'].get(date, 0.0) for date in dates]
2460
+
2461
+ if trendline and 'trendline' in service:
2462
+ # Plot raw data with lighter color and smaller markers
2463
+ line = ax.plot(date_objects, costs, marker='o', alpha=0.3,
2464
+ linewidth=1, markersize=3, linestyle='--')[0]
2465
+ # Plot trendline with same color but bolder
2466
+ trendline_costs = [service['trendline'].get(date, 0.0) for date in dates]
2467
+ ax.plot(date_objects, trendline_costs, color=line.get_color(),
2468
+ label=service['name'], linewidth=3, markersize=0)
2469
+ else:
2470
+ # Plot raw data only
2471
+ ax.plot(date_objects, costs, marker='o', label=service['name'],
2472
+ linewidth=2, markersize=4)
2473
+
2474
+ title = f'Top 10 Services - {granularity.title()} Cost Trends'
2475
+ if trendline:
2476
+ title += ' (with Fitted Trendlines)'
2477
+ title += f"\nAccounts: {', '.join(account_list) if account_list else 'All'}"
2478
+ ax.set_title(title, fontsize=14, fontweight='bold')
2479
+ ax.set_xlabel('Date', fontsize=12)
2480
+ ax.set_ylabel(f'{granularity.title()} Cost ($)', fontsize=12)
2481
+ ax.legend(loc='upper left', bbox_to_anchor=(1.02, 1), fontsize=9)
2482
+ ax.grid(True, alpha=0.3)
2483
+
2484
+ if granularity == 'DAILY':
2485
+ ax.xaxis.set_major_formatter(mdates.DateFormatter('%m/%d'))
2486
+ ax.xaxis.set_major_locator(mdates.DayLocator(interval=max(1, len(dates)//15)))
2487
+ else:
2488
+ ax.xaxis.set_major_formatter(mdates.DateFormatter('%m/%d %H:%M'))
2489
+ ax.xaxis.set_major_locator(mdates.HourLocator(interval=max(1, len(dates)//15)))
2490
+
2491
+ plt.setp(ax.xaxis.get_majorticklabels(), rotation=45, ha='right')
2492
+ plt.tight_layout()
2493
+ plt.savefig(chart_file, dpi=150, bbox_inches='tight')
2494
+
2495
+ click.echo(f"✓ Chart saved to {chart_file}")
2496
+ except ImportError:
2497
+ click.echo("⚠ matplotlib not installed, skipping chart generation")
2498
+
2499
+ except requests.exceptions.RequestException as e:
2500
+ raise click.ClickException(f"API request failed: {e}")
2501
+
2502
+
1002
2503
  if __name__ == '__main__':
1003
2504
  cli()