PyPI - runbooks - Versions diffs - 0.2.3__py3-none-any.whl → 0.6.1__py3-none-any.whl - Mend

runbooks 0.2.3py3-none-any.whl → 0.6.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (221) hide show

conftest.py +26 -0
jupyter-agent/.env.template +2 -0
jupyter-agent/.gitattributes +35 -0
jupyter-agent/README.md +16 -0
jupyter-agent/app.py +256 -0
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +154 -0
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +123 -0
jupyter-agent/requirements.txt +9 -0
jupyter-agent/utils.py +409 -0
runbooks/__init__.py +71 -3
runbooks/__main__.py +13 -0
runbooks/aws/ec2_describe_instances.py +1 -1
runbooks/aws/ec2_run_instances.py +8 -2
runbooks/aws/ec2_start_stop_instances.py +17 -4
runbooks/aws/ec2_unused_volumes.py +5 -1
runbooks/aws/s3_create_bucket.py +4 -2
runbooks/aws/s3_list_objects.py +6 -1
runbooks/aws/tagging_lambda_handler.py +13 -2
runbooks/aws/tags.json +12 -0
runbooks/base.py +353 -0
runbooks/cfat/README.md +49 -0
runbooks/cfat/__init__.py +74 -0
runbooks/cfat/app.ts +644 -0
runbooks/cfat/assessment/__init__.py +40 -0
runbooks/cfat/assessment/asana-import.csv +39 -0
runbooks/cfat/assessment/cfat-checks.csv +31 -0
runbooks/cfat/assessment/cfat.txt +520 -0
runbooks/cfat/assessment/collectors.py +200 -0
runbooks/cfat/assessment/jira-import.csv +39 -0
runbooks/cfat/assessment/runner.py +387 -0
runbooks/cfat/assessment/validators.py +290 -0
runbooks/cfat/cli.py +103 -0
runbooks/cfat/docs/asana-import.csv +24 -0
runbooks/cfat/docs/cfat-checks.csv +31 -0
runbooks/cfat/docs/cfat.txt +335 -0
runbooks/cfat/docs/checks-output.png +0 -0
runbooks/cfat/docs/cloudshell-console-run.png +0 -0
runbooks/cfat/docs/cloudshell-download.png +0 -0
runbooks/cfat/docs/cloudshell-output.png +0 -0
runbooks/cfat/docs/downloadfile.png +0 -0
runbooks/cfat/docs/jira-import.csv +24 -0
runbooks/cfat/docs/open-cloudshell.png +0 -0
runbooks/cfat/docs/report-header.png +0 -0
runbooks/cfat/models.py +1026 -0
runbooks/cfat/package-lock.json +5116 -0
runbooks/cfat/package.json +38 -0
runbooks/cfat/report.py +496 -0
runbooks/cfat/reporting/__init__.py +46 -0
runbooks/cfat/reporting/exporters.py +337 -0
runbooks/cfat/reporting/formatters.py +496 -0
runbooks/cfat/reporting/templates.py +135 -0
runbooks/cfat/run-assessment.sh +23 -0
runbooks/cfat/runner.py +69 -0
runbooks/cfat/src/actions/check-cloudtrail-existence.ts +43 -0
runbooks/cfat/src/actions/check-config-existence.ts +37 -0
runbooks/cfat/src/actions/check-control-tower.ts +37 -0
runbooks/cfat/src/actions/check-ec2-existence.ts +46 -0
runbooks/cfat/src/actions/check-iam-users.ts +50 -0
runbooks/cfat/src/actions/check-legacy-cur.ts +30 -0
runbooks/cfat/src/actions/check-org-cloudformation.ts +30 -0
runbooks/cfat/src/actions/check-vpc-existence.ts +43 -0
runbooks/cfat/src/actions/create-asanaimport.ts +14 -0
runbooks/cfat/src/actions/create-backlog.ts +372 -0
runbooks/cfat/src/actions/create-jiraimport.ts +15 -0
runbooks/cfat/src/actions/create-report.ts +616 -0
runbooks/cfat/src/actions/define-account-type.ts +51 -0
runbooks/cfat/src/actions/get-enabled-org-policy-types.ts +40 -0
runbooks/cfat/src/actions/get-enabled-org-services.ts +26 -0
runbooks/cfat/src/actions/get-idc-info.ts +34 -0
runbooks/cfat/src/actions/get-org-da-accounts.ts +34 -0
runbooks/cfat/src/actions/get-org-details.ts +35 -0
runbooks/cfat/src/actions/get-org-member-accounts.ts +44 -0
runbooks/cfat/src/actions/get-org-ous.ts +35 -0
runbooks/cfat/src/actions/get-regions.ts +22 -0
runbooks/cfat/src/actions/zip-assessment.ts +27 -0
runbooks/cfat/src/types/index.d.ts +147 -0
runbooks/cfat/tests/__init__.py +141 -0
runbooks/cfat/tests/test_cli.py +340 -0
runbooks/cfat/tests/test_integration.py +290 -0
runbooks/cfat/tests/test_models.py +505 -0
runbooks/cfat/tests/test_reporting.py +354 -0
runbooks/cfat/tsconfig.json +16 -0
runbooks/cfat/webpack.config.cjs +27 -0
runbooks/config.py +260 -0
runbooks/finops/__init__.py +88 -0
runbooks/finops/aws_client.py +245 -0
runbooks/finops/cli.py +151 -0
runbooks/finops/cost_processor.py +410 -0
runbooks/finops/dashboard_runner.py +448 -0
runbooks/finops/helpers.py +355 -0
runbooks/finops/main.py +14 -0
runbooks/finops/profile_processor.py +174 -0
runbooks/finops/types.py +66 -0
runbooks/finops/visualisations.py +80 -0
runbooks/inventory/.gitignore +354 -0
runbooks/inventory/ArgumentsClass.py +261 -0
runbooks/inventory/Inventory_Modules.py +6130 -0
runbooks/inventory/LandingZone/delete_lz.py +1075 -0
runbooks/inventory/README.md +1320 -0
runbooks/inventory/__init__.py +62 -0
runbooks/inventory/account_class.py +532 -0
runbooks/inventory/all_my_instances_wrapper.py +123 -0
runbooks/inventory/aws_decorators.py +201 -0
runbooks/inventory/cfn_move_stack_instances.py +1526 -0
runbooks/inventory/check_cloudtrail_compliance.py +614 -0
runbooks/inventory/check_controltower_readiness.py +1107 -0
runbooks/inventory/check_landingzone_readiness.py +711 -0
runbooks/inventory/cloudtrail.md +727 -0
runbooks/inventory/collectors/__init__.py +20 -0
runbooks/inventory/collectors/aws_compute.py +518 -0
runbooks/inventory/collectors/aws_networking.py +275 -0
runbooks/inventory/collectors/base.py +222 -0
runbooks/inventory/core/__init__.py +19 -0
runbooks/inventory/core/collector.py +303 -0
runbooks/inventory/core/formatter.py +296 -0
runbooks/inventory/delete_s3_buckets_objects.py +169 -0
runbooks/inventory/discovery.md +81 -0
runbooks/inventory/draw_org_structure.py +748 -0
runbooks/inventory/ec2_vpc_utils.py +341 -0
runbooks/inventory/find_cfn_drift_detection.py +272 -0
runbooks/inventory/find_cfn_orphaned_stacks.py +719 -0
runbooks/inventory/find_cfn_stackset_drift.py +733 -0
runbooks/inventory/find_ec2_security_groups.py +669 -0
runbooks/inventory/find_landingzone_versions.py +201 -0
runbooks/inventory/find_vpc_flow_logs.py +1221 -0
runbooks/inventory/inventory.sh +659 -0
runbooks/inventory/list_cfn_stacks.py +558 -0
runbooks/inventory/list_cfn_stackset_operation_results.py +252 -0
runbooks/inventory/list_cfn_stackset_operations.py +734 -0
runbooks/inventory/list_cfn_stacksets.py +453 -0
runbooks/inventory/list_config_recorders_delivery_channels.py +681 -0
runbooks/inventory/list_ds_directories.py +354 -0
runbooks/inventory/list_ec2_availability_zones.py +286 -0
runbooks/inventory/list_ec2_ebs_volumes.py +244 -0
runbooks/inventory/list_ec2_instances.py +425 -0
runbooks/inventory/list_ecs_clusters_and_tasks.py +562 -0
runbooks/inventory/list_elbs_load_balancers.py +411 -0
runbooks/inventory/list_enis_network_interfaces.py +526 -0
runbooks/inventory/list_guardduty_detectors.py +568 -0
runbooks/inventory/list_iam_policies.py +404 -0
runbooks/inventory/list_iam_roles.py +518 -0
runbooks/inventory/list_iam_saml_providers.py +359 -0
runbooks/inventory/list_lambda_functions.py +882 -0
runbooks/inventory/list_org_accounts.py +446 -0
runbooks/inventory/list_org_accounts_users.py +354 -0
runbooks/inventory/list_rds_db_instances.py +406 -0
runbooks/inventory/list_route53_hosted_zones.py +318 -0
runbooks/inventory/list_servicecatalog_provisioned_products.py +575 -0
runbooks/inventory/list_sns_topics.py +360 -0
runbooks/inventory/list_ssm_parameters.py +402 -0
runbooks/inventory/list_vpc_subnets.py +433 -0
runbooks/inventory/list_vpcs.py +422 -0
runbooks/inventory/lockdown_cfn_stackset_role.py +224 -0
runbooks/inventory/models/__init__.py +24 -0
runbooks/inventory/models/account.py +192 -0
runbooks/inventory/models/inventory.py +309 -0
runbooks/inventory/models/resource.py +247 -0
runbooks/inventory/recover_cfn_stack_ids.py +205 -0
runbooks/inventory/requirements.txt +12 -0
runbooks/inventory/run_on_multi_accounts.py +211 -0
runbooks/inventory/tests/common_test_data.py +3661 -0
runbooks/inventory/tests/common_test_functions.py +204 -0
runbooks/inventory/tests/script_test_data.py +0 -0
runbooks/inventory/tests/setup.py +24 -0
runbooks/inventory/tests/src.py +18 -0
runbooks/inventory/tests/test_cfn_describe_stacks.py +208 -0
runbooks/inventory/tests/test_ec2_describe_instances.py +162 -0
runbooks/inventory/tests/test_inventory_modules.py +55 -0
runbooks/inventory/tests/test_lambda_list_functions.py +86 -0
runbooks/inventory/tests/test_moto_integration_example.py +273 -0
runbooks/inventory/tests/test_org_list_accounts.py +49 -0
runbooks/inventory/update_aws_actions.py +173 -0
runbooks/inventory/update_cfn_stacksets.py +1215 -0
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +294 -0
runbooks/inventory/update_iam_roles_cross_accounts.py +478 -0
runbooks/inventory/update_s3_public_access_block.py +539 -0
runbooks/inventory/utils/__init__.py +23 -0
runbooks/inventory/utils/aws_helpers.py +510 -0
runbooks/inventory/utils/threading_utils.py +493 -0
runbooks/inventory/utils/validation.py +682 -0
runbooks/inventory/verify_ec2_security_groups.py +1430 -0
runbooks/main.py +785 -0
runbooks/organizations/__init__.py +12 -0
runbooks/organizations/manager.py +374 -0
runbooks/security_baseline/README.md +324 -0
runbooks/security_baseline/checklist/alternate_contacts.py +8 -1
runbooks/security_baseline/checklist/bucket_public_access.py +4 -1
runbooks/security_baseline/checklist/cloudwatch_alarm_configuration.py +9 -2
runbooks/security_baseline/checklist/guardduty_enabled.py +9 -2
runbooks/security_baseline/checklist/multi_region_instance_usage.py +5 -1
runbooks/security_baseline/checklist/root_access_key.py +6 -1
runbooks/security_baseline/config-origin.json +1 -1
runbooks/security_baseline/config.json +1 -1
runbooks/security_baseline/permission.json +1 -1
runbooks/security_baseline/report_generator.py +10 -2
runbooks/security_baseline/report_template_en.html +8 -8
runbooks/security_baseline/report_template_jp.html +8 -8
runbooks/security_baseline/report_template_kr.html +13 -13
runbooks/security_baseline/report_template_vn.html +8 -8
runbooks/security_baseline/requirements.txt +7 -0
runbooks/security_baseline/run_script.py +8 -2
runbooks/security_baseline/security_baseline_tester.py +10 -2
runbooks/security_baseline/utils/common.py +5 -1
runbooks/utils/__init__.py +204 -0
runbooks-0.6.1.dist-info/METADATA +373 -0
runbooks-0.6.1.dist-info/RECORD +237 -0
{runbooks-0.2.3.dist-info → runbooks-0.6.1.dist-info}/WHEEL +1 -1
runbooks-0.6.1.dist-info/entry_points.txt +7 -0
runbooks-0.6.1.dist-info/licenses/LICENSE +201 -0
runbooks-0.6.1.dist-info/top_level.txt +3 -0
runbooks/python101/calculator.py +0 -34
runbooks/python101/config.py +0 -1
runbooks/python101/exceptions.py +0 -16
runbooks/python101/file_manager.py +0 -218
runbooks/python101/toolkit.py +0 -153
runbooks-0.2.3.dist-info/METADATA +0 -435
runbooks-0.2.3.dist-info/RECORD +0 -61
runbooks-0.2.3.dist-info/entry_points.txt +0 -3
runbooks-0.2.3.dist-info/top_level.txt +0 -1

runbooks/inventory/list_ds_directories.py ADDED Viewed

@@ -0,0 +1,354 @@
+#!/usr/bin/env python3
+"""
+AWS Directory Service (DS) Directory Discovery and Inventory Script
+This enterprise-grade script provides comprehensive discovery and enumeration of AWS Directory
+Service (DS) directories across multi-account AWS Organizations environments. Designed for
+infrastructure teams managing Microsoft Active Directory and Simple AD deployments at scale,
+offering detailed directory metadata extraction, status analysis, and regional distribution
+visibility for enterprise identity and access management governance.
+Key Features:
+    - Multi-account, multi-region Directory Service directory discovery
+    - Comprehensive directory metadata extraction including status, type, and ownership
+    - Fragment-based filtering for targeted directory identification and management
+    - Enterprise governance support with organizational context and compliance tracking
+    - Regional directory distribution analysis for operational planning and optimization
+    - Progress tracking and performance metrics for large-scale directory discovery operations
+Authentication & Access:
+    - AWS Organizations support for centralized directory service management
+    - Cross-account role assumption for organizational directory visibility
+    - Regional validation and opt-in status verification for directory service availability
+    - Profile-based authentication with comprehensive credential management
+Performance & Scalability:
+    - Progress bars and operational feedback for large-scale directory discovery
+    - Efficient credential management for multi-account directory enumeration
+    - Regional optimization with targeted directory service API calls
+    - Memory-efficient processing for extensive directory service inventories
+Enterprise Use Cases:
+    - Directory service governance and compliance reporting across organizational accounts
+    - Identity infrastructure audit and directory service configuration validation
+    - Directory service consolidation and migration planning with organizational visibility
+    - Operational monitoring and directory service health assessment
+Security & Compliance:
+    - Read-only directory discovery operations for operational safety
+    - Comprehensive audit logging for directory service access and discovery activities
+    - Regional access validation preventing unauthorized directory service enumeration
+    - Safe credential handling with automatic session management
+Dependencies:
+    - boto3: AWS SDK for Directory Service API access
+    - colorama: Terminal output formatting and colored display
+    - tqdm: Progress bars for operational visibility during discovery
+    - Custom modules: Inventory_Modules, ArgumentsClass for enterprise argument parsing
+Output Format:
+    - Tabular directory service inventory with sortable columns
+    - Management account context for organizational directory visibility
+    - Regional distribution summary for operational planning
+    - Directory status and configuration details for enterprise governance
+"""
+import logging
+import sys
+from time import time
+from ArgumentsClass import CommonArguments
+from botocore.exceptions import ClientError
+from colorama import Fore, init
+from Inventory_Modules import display_results, find_directories2, get_all_credentials
+from tqdm.auto import tqdm
+init()
+__version__ = "2024.05.31"
+def parse_args(f_arguments):
+    """
+    Parse and validate command-line arguments for Directory Service directory discovery operations.
+    Configures comprehensive argument parsing for AWS Directory Service discovery across multi-account
+    AWS Organizations environments. Supports enterprise-grade directory management with profile
+    management, regional targeting, fragment-based filtering, and operational controls for large-scale
+    directory service governance and compliance operations.
+    Args:
+        f_arguments (list): Command-line argument list for directory discovery configuration
+    Returns:
+        argparse.Namespace: Parsed argument namespace containing:
+            - Profiles: List of AWS profiles for multi-account directory discovery
+            - Regions: Target AWS regions for directory service enumeration
+            - Fragments: Directory name fragments for targeted discovery and filtering
+            - Exact: Boolean flag for exact fragment matching vs substring matching
+            - Accounts: Specific account list for targeted directory discovery
+            - SkipAccounts: Account exclusion list for selective directory enumeration
+            - SkipProfiles: Profile exclusion list for selective discovery operations
+            - Time: Performance timing flag for operational metrics and optimization
+            - RootOnly: Flag restricting discovery to management account only
+            - loglevel: Logging verbosity for operational visibility and troubleshooting
+    CLI Argument Categories:
+        - Multi-profile support for organizational directory service management
+        - Multi-region targeting for comprehensive directory service coverage
+        - Fragment-based filtering for targeted directory identification and management
+        - Extended arguments including account filtering and performance timing
+        - Root-only mode for management account directory service discovery
+        - Verbosity controls for operational logging and troubleshooting
+    Enterprise Features:
+        - Organizational profile management for centralized directory service governance
+        - Regional filtering for geo-distributed directory service architectures
+        - Account inclusion/exclusion for selective directory service discovery
+        - Performance monitoring with timing metrics for operational optimization
+        - Comprehensive logging controls for audit and compliance requirements
+    Usage Examples:
+        - Multi-account discovery: --profiles profile1 profile2 --regions us-east-1 us-west-2
+        - Fragment filtering: --fragment "corp" --exact for targeted directory discovery
+        - Root account only: --rootonly for management account directory enumeration
+        - Performance timing: --timing for operational metrics and optimization analysis
+    """
+    parser = CommonArguments()
+    parser.multiprofile()  # Enable multi-profile support for organizational directory discovery
+    parser.multiregion()  # Enable multi-region targeting for comprehensive directory coverage
+    parser.fragment()  # Enable fragment-based filtering for targeted directory identification
+    parser.extendedargs()  # Enable account filtering and performance timing capabilities
+    parser.timing()  # Enable performance timing metrics for operational optimization
+    parser.rootOnly()  # Enable management account only mode for centralized directory discovery
+    parser.version(__version__)
+    parser.verbosity()  # Enable logging verbosity controls for operational visibility
+    return parser.my_parser.parse_args(f_arguments)
+def find_all_directories(f_credentials, f_fragments, f_exact):
+    """
+    Discover and enumerate AWS Directory Service directories across multiple accounts and regions.
+    Performs comprehensive Directory Service discovery using credential-based enumeration to inventory
+    Microsoft Active Directory, Simple AD, and AD Connector directories across large-scale AWS
+    Organizations environments. Supports fragment-based filtering for targeted directory identification
+    and provides detailed directory metadata extraction for enterprise identity and access management
+    governance.
+    Args:
+        f_credentials (list): List of credential dictionaries for cross-account directory discovery containing:
+            - AccountId: AWS account number for Directory Service access
+            - Region: Target AWS region for directory enumeration
+            - Success: Boolean indicating credential validity and access status
+            - MgmtAccount: Management account identifier for organizational context
+            - AccessError: Error details for failed credential attempts
+        f_fragments (list): Directory name fragments for targeted search and filtering
+                           Supports partial name matching for flexible directory identification
+        f_exact (bool): Exact matching flag for precise directory name filtering
+                       True for exact match, False for substring matching
+    Returns:
+        list: Comprehensive list of directory dictionaries containing:
+            - DirectoryName: Human-readable directory name identifier
+            - DirectoryId: Unique AWS Directory Service identifier
+            - HomeRegion: Primary region where directory service is hosted
+            - Status: Current operational status (Active, Creating, Deleting, etc.)
+            - Type: Directory type (SimpleAD, MicrosoftAD, ADConnector, etc.)
+            - Owner: Directory ownership context (Self, Shared, etc.)
+            - MgmtAccount: Management account for organizational directory oversight
+            - Region: AWS region where directory is deployed
+            - AccountId: AWS account containing the directory
+    Directory Discovery Features:
+        - Multi-account, multi-region Directory Service enumeration
+        - Fragment-based filtering for targeted directory identification
+        - Comprehensive directory metadata extraction for governance and compliance
+        - Cross-account directory visibility for organizational identity management
+        - Regional directory distribution analysis for operational planning
+    Processing Architecture:
+        - Sequential processing with progress tracking for operational visibility
+        - Credential validation and error handling for authorization issues
+        - Regional validation ensuring directory service availability
+        - Memory-efficient processing for extensive directory service inventories
+    Performance Considerations:
+        - Progress bars for operational feedback during large-scale discovery
+        - Efficient Directory Service API usage for optimal performance
+        - Error handling and graceful degradation for authorization failures
+        - TODO: Future enhancement for multi-threading support to improve performance
+    Enterprise Identity Management:
+        - Organizational directory service visibility across accounts and regions
+        - Directory metadata aggregation for compliance and audit tracking
+        - Fragment-based search capabilities for targeted directory management
+        - Comprehensive error handling for operational resilience and troubleshooting
+    Error Handling:
+        - Authorization failure detection with graceful degradation
+        - AWS API error management with comprehensive logging
+        - Type error handling for malformed directory service responses
+        - Credential validation and failure tracking for multi-account operations
+    """
+    AllDirectories = []  # Aggregated list for all discovered directories
+    # TODO: Need to use multi-threading here for improved performance
+    # Sequential processing with progress tracking for operational visibility
+    for credential in tqdm(
+        f_credentials, desc=f"Looking through {len(f_credentials)} accounts and regions", unit="credentials"
+    ):
+        logging.info(f"{ERASE_LINE}Looking in account: {credential['AccountId']} in region {credential['Region']}")
+        # Skip failed credentials to avoid API errors
+        if not credential["Success"]:
+            continue
+        try:
+            # Discover directories using Directory Service API with fragment filtering
+            directories = find_directories2(credential, credential["Region"], f_fragments, f_exact)
+            logging.info(f"directories: {directories}")
+            logging.info(
+                f"{ERASE_LINE}Account: {credential['AccountId']} Region: {credential['Region']} Found {len(directories)} directories"
+            )
+            # Process and aggregate discovered directories with organizational context
+            if directories:
+                for directory in directories:
+                    # Enhance directory metadata with organizational and regional context
+                    # Available directory metadata includes:
+                    # - DirectoryName: Human-readable directory identifier
+                    # - DirectoryId: Unique AWS Directory Service identifier
+                    # - HomeRegion: Primary directory service region
+                    # - Status: Operational status (Active, Creating, etc.)
+                    # - Type: Directory type (SimpleAD, MicrosoftAD, etc.)
+                    # - Owner: Directory ownership context
+                    directory.update(
+                        {
+                            "MgmtAccount": credential["MgmtAccount"],  # Management account context
+                            "Region": credential["Region"],  # Regional deployment information
+                            "AccountId": credential["AccountId"],  # Account ownership details
+                        }
+                    )
+                    AllDirectories.append(directory)
+        except TypeError as my_Error:
+            # Handle type errors from malformed Directory Service API responses
+            logging.info(f"Error: {my_Error}")
+            continue
+        except ClientError as my_Error:
+            # Handle AWS API authorization failures with informative logging
+            if "AuthFailure" in str(my_Error):
+                logging.error(f"{ERASE_LINE} Account {credential['AccountId']} : Authorization Failure")
+    return AllDirectories
+##########################
+if __name__ == "__main__":
+    # Parse command-line arguments for Directory Service discovery configuration
+    args = parse_args(sys.argv[1:])
+    pProfiles = args.Profiles  # AWS profiles for multi-account directory discovery
+    pRegionList = args.Regions  # Target regions for directory service enumeration
+    pFragments = args.Fragments  # Directory name fragments for targeted filtering
+    pExact = args.Exact  # Exact matching flag for precise directory identification
+    pAccounts = args.Accounts  # Specific account list for targeted discovery
+    pSkipAccounts = args.SkipAccounts  # Account exclusion list for selective enumeration
+    pSkipProfiles = args.SkipProfiles  # Profile exclusion list for selective operations
+    pTiming = args.Time  # Performance timing flag for operational metrics
+    pRootOnly = args.RootOnly  # Management account only mode for centralized discovery
+    verbose = args.loglevel  # Logging verbosity for operational visibility
+    # Configure comprehensive logging for Directory Service discovery operations
+    logging.basicConfig(level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+    logging.getLogger("boto3").setLevel(logging.CRITICAL)  # Suppress AWS SDK logging
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)  # Suppress AWS core logging
+    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)  # Suppress S3 transfer logging
+    logging.getLogger("urllib3").setLevel(logging.CRITICAL)  # Suppress HTTP logging
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)  # Suppress boto core logging
+    ERASE_LINE = "\x1b[2K"  # Terminal control for dynamic output updates
+    logging.info(f"Profiles: {pProfiles}")
+    begin_time = time()  # Performance timing baseline for operational metrics
+    print()
+    print(f"Checking for Directories... ")
+    print()
+    # Initialize credential management for multi-account Directory Service access
+    AllCredentials = []
+    if pSkipAccounts is None:
+        pSkipAccounts = []  # Initialize empty skip list if not provided
+    if pSkipProfiles is None:
+        SkipProfiles = []  # Initialize empty profile skip list if not provided
+    account_num = 0
+    # Retrieve and validate credentials for multi-account Directory Service discovery
+    AllCredentials = get_all_credentials(
+        pProfiles, pTiming, pSkipProfiles, pSkipAccounts, pRootOnly, pAccounts, pRegionList
+    )
+    # Display credential retrieval timing for performance optimization
+    if pTiming:
+        print(
+            f"{Fore.GREEN}\tAfter getting credentials, this script took {time() - begin_time:.3f} seconds{Fore.RESET}"
+        )
+        print()
+    # Extract unique regional and account context for discovery scope analysis
+    RegionList = list(set([x["Region"] for x in AllCredentials]))
+    AccountList = list(set([x["AccountId"] for x in AllCredentials]))
+    # Display credential parsing timing for operational metrics
+    if pTiming:
+        print(
+            f"{Fore.GREEN}\tAfter parsing out all Regions, Account and Profiles, this script took {time() - begin_time:.3f} seconds{Fore.RESET}"
+        )
+        print()
+    print()
+    credential_number = 0
+    logging.info(f"Looking through {len(AccountList)} accounts and {len(RegionList)} regions")
+    # Execute comprehensive Directory Service discovery across organizational accounts
+    all_directories = find_all_directories(AllCredentials, pFragments, pExact)
+    print()
+    # Configure display formatting for comprehensive directory service inventory
+    display_dict = {
+        "MgmtAccount": {"DisplayOrder": 1, "Heading": "Parent Acct"},  # Management account context
+        "AccountId": {"DisplayOrder": 2, "Heading": "Account Number"},  # Account ownership
+        "Region": {"DisplayOrder": 3, "Heading": "Region"},  # Regional deployment
+        "DirectoryName": {"DisplayOrder": 4, "Heading": "Directory Name"},  # Human-readable identifier
+        "DirectoryId": {"DisplayOrder": 5, "Heading": "Directory ID"},  # Unique service identifier
+        "HomeRegion": {"DisplayOrder": 6, "Heading": "Home Region"},  # Primary service region
+        "Status": {"DisplayOrder": 7, "Heading": "Status"},  # Operational status
+        "Type": {"DisplayOrder": 8, "Heading": "Type"},  # Directory type classification
+        "Owner": {"DisplayOrder": 9, "Heading": "Owner"},  # Ownership context
+    }
+    # Sort directory results for consistent organizational reporting
+    sorted_Results = sorted(
+        all_directories, key=lambda d: (d["MgmtAccount"], d["AccountId"], d["Region"], d["DirectoryName"])
+    )
+    # Display comprehensive directory service inventory with formatted output
+    display_results(sorted_Results, display_dict, "None")
+    # Provide operational summary with discovery metrics and performance timing
+    print(ERASE_LINE)
+    print(
+        f"Found {len(all_directories)} directories across {len(AccountList)} accounts across {len(RegionList)} regions"
+    )
+    print()
+    # Display total execution timing for performance analysis and optimization
+    if pTiming:
+        print(f"{Fore.GREEN}\tThis script took {time() - begin_time:.3f} seconds{Fore.RESET}")
+        print()
+    print("Thank you for using this script")
+    print()

runbooks/inventory/list_ec2_availability_zones.py ADDED Viewed

@@ -0,0 +1,286 @@
+#!/usr/bin/env python3
+"""
+AWS EC2 Availability Zones Discovery and Mapping Script
+This script provides comprehensive discovery and analysis capabilities for AWS EC2
+availability zones across multiple accounts and regions. It's designed for enterprise
+infrastructure teams who need visibility into availability zone distribution, capacity
+planning, and regional architecture across large-scale AWS deployments.
+Key Features:
+- Multi-account availability zone discovery using assume role capabilities
+- Multi-region scanning with configurable region targeting
+- Availability zone metadata extraction including zone IDs and types
+- Regional capacity planning and architecture documentation
+- Cross-account zone consistency analysis and validation
+- Enterprise reporting with CSV export and structured output
+- Profile-based authentication with support for federated access
+Enterprise Use Cases:
+- Infrastructure capacity planning and availability zone selection
+- Multi-account regional architecture documentation and standardization
+- Disaster recovery planning with availability zone distribution analysis
+- Compliance reporting for regional data residency requirements
+- Cost optimization through availability zone placement strategies
+- Network architecture planning with zone-aware resource placement
+Infrastructure Planning Features:
+- Zone ID mapping for consistent cross-account resource placement
+- Availability zone enumeration for capacity planning
+- Regional coverage analysis across organizational boundaries
+- Zone type classification for infrastructure decision making
+- Cross-account zone consistency validation for disaster recovery
+Security Considerations:
+- Uses IAM assume role capabilities for cross-account access
+- Implements proper error handling for authorization failures
+- Supports read-only operations with no infrastructure modification capabilities
+- Respects regional access permissions and zone visibility constraints
+- Provides comprehensive audit trail through detailed logging
+Availability Zone Analysis:
+- Zone name and ID correlation for consistent placement
+- Zone type classification (availability-zone, local-zone, wavelength-zone)
+- Regional availability zone count validation
+- Cross-account zone naming consistency analysis
+- Capacity planning data aggregation
+Performance Considerations:
+- Sequential processing for reliability across large account sets
+- Progress tracking for operational visibility during long operations
+- Efficient credential management for cross-account operations
+- Memory-optimized data structures for large organizational inventories
+Dependencies:
+- boto3/botocore for AWS EC2 API interactions
+- Inventory_Modules for common utility functions and credential management
+- ArgumentsClass for standardized CLI argument parsing
+- colorama for enhanced output formatting
+Author: AWS CloudOps Team
+Version: 2024.03.06
+"""
+import logging
+import sys
+from time import time
+from ArgumentsClass import CommonArguments
+from colorama import Fore, init
+from Inventory_Modules import display_results, get_all_credentials, get_region_azs2
+init()
+__version__ = "2024.03.06"
+ERASE_LINE = "\x1b[2K"
+begin_time = time()
+###########################
+# Functions
+###########################
+def parse_args(args):
+    """
+    Parse command line arguments for EC2 availability zone discovery operations.
+    Configures comprehensive argument parsing for multi-account, multi-region availability
+    zone inventory operations. Supports enterprise deployment patterns with profile
+    management, region targeting, and organizational access controls for infrastructure
+    planning and capacity management.
+    Args:
+        args (list): Command line arguments from sys.argv[1:]
+    Returns:
+        argparse.Namespace: Parsed arguments containing:
+            - Profiles: List of AWS profiles to process
+            - Regions: Target regions for availability zone discovery
+            - SkipProfiles/SkipAccounts: Exclusion filters
+            - RootOnly: Limit to organization root accounts
+            - AccessRoles: IAM roles for cross-account access
+            - Filename: Output file for CSV export
+            - Time: Enable performance timing metrics
+            - loglevel: Logging verbosity configuration
+    Configuration Options:
+        - Multi-region scanning with region filters for targeted analysis
+        - Multi-profile support for federated access across organizations
+        - Extended arguments for advanced filtering and account selection
+        - Root-only mode for organization-level infrastructure inventory
+        - Role-based access for cross-account availability zone discovery
+        - File output for integration with capacity planning tools
+        - Timing metrics for performance optimization and monitoring
+        - Verbose logging for debugging and infrastructure audit
+    """
+    parser = CommonArguments()
+    parser.multiprofile()
+    parser.multiregion()
+    parser.extendedargs()
+    parser.rootOnly()
+    parser.timing()
+    parser.save_to_file()
+    parser.rolestouse()
+    parser.verbosity()
+    parser.version(__version__)
+    return parser.my_parser.parse_args(args)
+def azs_across_accounts(
+    fProfiles, fRegionList, fSkipProfiles, fSkipAccounts, fAccountList, fTiming, fRootOnly, fverbose, fRoleList
+) -> dict:
+    """
+    Discover and map availability zones across multiple AWS accounts and regions.
+    Performs comprehensive availability zone discovery across organizational boundaries
+    to provide infrastructure teams with complete visibility into zone distribution,
+    capacity planning data, and regional architecture patterns. Supports large-scale
+    enterprise environments with multiple AWS organizations and standalone accounts.
+    Args:
+        fProfiles (list): AWS profiles for authentication and access
+        fRegionList (list): Target regions for availability zone discovery
+        fSkipProfiles (list): Profiles to exclude from processing
+        fSkipAccounts (list): Account IDs to exclude from discovery
+        fAccountList (list): Specific accounts to target (if provided)
+        fTiming (bool): Enable performance timing metrics
+        fRootOnly (bool): Limit discovery to organization root accounts
+        fverbose (int): Logging verbosity level for operational visibility
+        fRoleList (list): IAM roles for cross-account access
+    Returns:
+        dict: Nested dictionary structure with availability zone data:
+            - First level: Account numbers as keys
+            - Second level: Region names as keys
+            - Third level: List of availability zone objects containing:
+                - ZoneName: Human-readable zone name (e.g., us-east-1a)
+                - ZoneId: Unique zone identifier for consistent placement
+                - ZoneType: Zone classification (availability-zone, local-zone, etc.)
+                - Region: AWS region containing the zone
+                - State: Zone operational state
+    Processing Flow:
+        1. Credential Discovery: Obtain cross-account credentials for all target accounts
+        2. Organization Analysis: Identify unique organizations and standalone accounts
+        3. Sequential Processing: Iterate through successful credentials for zone discovery
+        4. Zone Enumeration: Call EC2 API to discover availability zones per account/region
+        5. Data Aggregation: Structure results for enterprise reporting and analysis
+    Enterprise Features:
+        - Progress tracking with real-time feedback for long operations
+        - Organizational boundary detection for multi-org environments
+        - Error handling with graceful degradation for access failures
+        - Performance timing for optimization and capacity planning
+    Infrastructure Planning Use Cases:
+        - Capacity planning with zone-aware resource allocation
+        - Disaster recovery planning with cross-zone distribution analysis
+        - Regional architecture standardization across accounts
+        - Zone ID mapping for consistent multi-account deployments
+    """
+    if fTiming:
+        begin_time = time()
+    logging.warning(f"These profiles are being checked {fProfiles}.")
+    # Obtain credentials for all accounts across specified regions and profiles
+    AllCredentials = get_all_credentials(
+        fProfiles, fTiming, fSkipProfiles, fSkipAccounts, fRootOnly, fAccountList, fRegionList, fRoleList
+    )
+    # Identify unique organizations for progress tracking
+    OrgList = list(set([x["MgmtAccount"] for x in AllCredentials]))
+    print(f"Please bear with us as we run through {len(OrgList)} organizations / standalone accounts")
+    print(ERASE_LINE)
+    # Initialize nested dictionary for organizing availability zone data by account and region
+    AllOrgAZs = dict()
+    SuccessfulCredentials = [x for x in AllCredentials if x["Success"]]
+    passnumber = 0
+    # Process each successful credential set to discover availability zones
+    for item in SuccessfulCredentials:
+        # Initialize account structure if not present
+        if item["AccountNumber"] not in AllOrgAZs.keys():
+            AllOrgAZs[item["AccountNumber"]] = dict()
+        passnumber += 1
+        # Discover availability zones for this account/region combination
+        if item["Success"]:
+            region_azs = get_region_azs2(item)
+            print(
+                f"{ERASE_LINE}Looking at account {item['AccountNumber']} in region {item['Region']} -- {passnumber}/{len(SuccessfulCredentials)}",
+                end="\r",
+            )
+        # Store availability zone data in structured format
+        AllOrgAZs[item["AccountNumber"]][item["Region"]] = region_azs
+    return AllOrgAZs
+###########################
+# Main
+###########################
+if __name__ == "__main__":
+    args = parse_args(sys.argv[1:])
+    pProfiles = args.Profiles
+    pRegions = args.Regions
+    pRootOnly = args.RootOnly
+    pTiming = args.Time
+    pSkipProfiles = args.SkipProfiles
+    pSkipAccounts = args.SkipAccounts
+    pverbose = args.loglevel
+    pSaveFilename = args.Filename
+    pAccountList = args.Accounts
+    pRoleList = args.AccessRoles
+    # Setup logging levels
+    logging.basicConfig(level=pverbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+    logging.getLogger("boto3").setLevel(logging.CRITICAL)
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)
+    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
+    logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+    print(f"Collecting credentials for all accounts in your org, across multiple regions")
+    AllOrgAZs = azs_across_accounts(
+        pProfiles, pRegions, pSkipProfiles, pSkipAccounts, pAccountList, pTiming, pRootOnly, pverbose, pRoleList
+    )
+    histogram = list()
+    for account, account_info in AllOrgAZs.items():
+        for region, az_info in account_info.items():
+            for az in az_info:
+                if az["ZoneType"] == "availability-zone":
+                    # print(az)
+                    histogram.append(
+                        {"AccountNumber": account, "Region": az["Region"], "Name": az["ZoneName"], "Id": az["ZoneId"]}
+                    )
+    summary = dict()
+    for item in histogram:
+        if item["AccountNumber"] not in summary.keys():  # item['AccountNumber'] not in t:
+            summary[item["AccountNumber"]] = dict()
+            summary[item["AccountNumber"]][item["Region"]] = list()
+            summary[item["AccountNumber"]][item["Region"]].append((item["Name"], item["Id"]))
+        elif item["AccountNumber"] in summary.keys() and item["Region"] not in summary[item["AccountNumber"]].keys():
+            summary[item["AccountNumber"]][item["Region"]] = list()
+            summary[item["AccountNumber"]][item["Region"]].append((item["Name"], item["Id"]))
+        elif item["AccountNumber"] in summary.keys():
+            summary[item["AccountNumber"]][item["Region"]].append((item["Name"], item["Id"]))
+    display_dict = {
+        "AccountNumber": {"DisplayOrder": 1, "Heading": "Account Number"},
+        "Region": {"DisplayOrder": 2, "Heading": "Region Name"},
+        "ZoneName": {"DisplayOrder": 3, "Heading": "Zone Name"},
+        "ZoneId": {"DisplayOrder": 4, "Heading": "Zone Id"},
+        "ZoneType": {"DisplayOrder": 5, "Heading": "Zone Type"},
+    }
+    # How to sort a dictionary by the key:
+    sorted_summary = dict(sorted(summary.items()))
+    # sorted_Results = sorted(summary, key=lambda d: (d['MgmtAccount'], d['AccountId'], d['Region']))
+    display_results(summary, display_dict, "None", pSaveFilename)
+    print()
+    if pTiming:
+        print(f"{Fore.GREEN}This script took {time() - begin_time:.2f} seconds{Fore.RESET}")
+    print("Thanks for using this script")
+    print()

runbooks 0.2.3__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks 0.2.3py3-none-any.whl → 0.6.1py3-none-any.whl