PyPI - runbooks - Versions diffs - 0.2.5__py3-none-any.whl → 0.6.1__py3-none-any.whl - Mend

runbooks 0.2.5py3-none-any.whl → 0.6.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (221) hide show

conftest.py +26 -0
jupyter-agent/.env.template +2 -0
jupyter-agent/.gitattributes +35 -0
jupyter-agent/README.md +16 -0
jupyter-agent/app.py +256 -0
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +154 -0
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +123 -0
jupyter-agent/requirements.txt +9 -0
jupyter-agent/utils.py +409 -0
runbooks/__init__.py +71 -3
runbooks/__main__.py +13 -0
runbooks/aws/ec2_describe_instances.py +1 -1
runbooks/aws/ec2_run_instances.py +8 -2
runbooks/aws/ec2_start_stop_instances.py +17 -4
runbooks/aws/ec2_unused_volumes.py +5 -1
runbooks/aws/s3_create_bucket.py +4 -2
runbooks/aws/s3_list_objects.py +6 -1
runbooks/aws/tagging_lambda_handler.py +13 -2
runbooks/aws/tags.json +12 -0
runbooks/base.py +353 -0
runbooks/cfat/README.md +49 -0
runbooks/cfat/__init__.py +74 -0
runbooks/cfat/app.ts +644 -0
runbooks/cfat/assessment/__init__.py +40 -0
runbooks/cfat/assessment/asana-import.csv +39 -0
runbooks/cfat/assessment/cfat-checks.csv +31 -0
runbooks/cfat/assessment/cfat.txt +520 -0
runbooks/cfat/assessment/collectors.py +200 -0
runbooks/cfat/assessment/jira-import.csv +39 -0
runbooks/cfat/assessment/runner.py +387 -0
runbooks/cfat/assessment/validators.py +290 -0
runbooks/cfat/cli.py +103 -0
runbooks/cfat/docs/asana-import.csv +24 -0
runbooks/cfat/docs/cfat-checks.csv +31 -0
runbooks/cfat/docs/cfat.txt +335 -0
runbooks/cfat/docs/checks-output.png +0 -0
runbooks/cfat/docs/cloudshell-console-run.png +0 -0
runbooks/cfat/docs/cloudshell-download.png +0 -0
runbooks/cfat/docs/cloudshell-output.png +0 -0
runbooks/cfat/docs/downloadfile.png +0 -0
runbooks/cfat/docs/jira-import.csv +24 -0
runbooks/cfat/docs/open-cloudshell.png +0 -0
runbooks/cfat/docs/report-header.png +0 -0
runbooks/cfat/models.py +1026 -0
runbooks/cfat/package-lock.json +5116 -0
runbooks/cfat/package.json +38 -0
runbooks/cfat/report.py +496 -0
runbooks/cfat/reporting/__init__.py +46 -0
runbooks/cfat/reporting/exporters.py +337 -0
runbooks/cfat/reporting/formatters.py +496 -0
runbooks/cfat/reporting/templates.py +135 -0
runbooks/cfat/run-assessment.sh +23 -0
runbooks/cfat/runner.py +69 -0
runbooks/cfat/src/actions/check-cloudtrail-existence.ts +43 -0
runbooks/cfat/src/actions/check-config-existence.ts +37 -0
runbooks/cfat/src/actions/check-control-tower.ts +37 -0
runbooks/cfat/src/actions/check-ec2-existence.ts +46 -0
runbooks/cfat/src/actions/check-iam-users.ts +50 -0
runbooks/cfat/src/actions/check-legacy-cur.ts +30 -0
runbooks/cfat/src/actions/check-org-cloudformation.ts +30 -0
runbooks/cfat/src/actions/check-vpc-existence.ts +43 -0
runbooks/cfat/src/actions/create-asanaimport.ts +14 -0
runbooks/cfat/src/actions/create-backlog.ts +372 -0
runbooks/cfat/src/actions/create-jiraimport.ts +15 -0
runbooks/cfat/src/actions/create-report.ts +616 -0
runbooks/cfat/src/actions/define-account-type.ts +51 -0
runbooks/cfat/src/actions/get-enabled-org-policy-types.ts +40 -0
runbooks/cfat/src/actions/get-enabled-org-services.ts +26 -0
runbooks/cfat/src/actions/get-idc-info.ts +34 -0
runbooks/cfat/src/actions/get-org-da-accounts.ts +34 -0
runbooks/cfat/src/actions/get-org-details.ts +35 -0
runbooks/cfat/src/actions/get-org-member-accounts.ts +44 -0
runbooks/cfat/src/actions/get-org-ous.ts +35 -0
runbooks/cfat/src/actions/get-regions.ts +22 -0
runbooks/cfat/src/actions/zip-assessment.ts +27 -0
runbooks/cfat/src/types/index.d.ts +147 -0
runbooks/cfat/tests/__init__.py +141 -0
runbooks/cfat/tests/test_cli.py +340 -0
runbooks/cfat/tests/test_integration.py +290 -0
runbooks/cfat/tests/test_models.py +505 -0
runbooks/cfat/tests/test_reporting.py +354 -0
runbooks/cfat/tsconfig.json +16 -0
runbooks/cfat/webpack.config.cjs +27 -0
runbooks/config.py +260 -0
runbooks/finops/__init__.py +88 -0
runbooks/finops/aws_client.py +245 -0
runbooks/finops/cli.py +151 -0
runbooks/finops/cost_processor.py +410 -0
runbooks/finops/dashboard_runner.py +448 -0
runbooks/finops/helpers.py +355 -0
runbooks/finops/main.py +14 -0
runbooks/finops/profile_processor.py +174 -0
runbooks/finops/types.py +66 -0
runbooks/finops/visualisations.py +80 -0
runbooks/inventory/.gitignore +354 -0
runbooks/inventory/ArgumentsClass.py +261 -0
runbooks/inventory/Inventory_Modules.py +6130 -0
runbooks/inventory/LandingZone/delete_lz.py +1075 -0
runbooks/inventory/README.md +1320 -0
runbooks/inventory/__init__.py +62 -0
runbooks/inventory/account_class.py +532 -0
runbooks/inventory/all_my_instances_wrapper.py +123 -0
runbooks/inventory/aws_decorators.py +201 -0
runbooks/inventory/cfn_move_stack_instances.py +1526 -0
runbooks/inventory/check_cloudtrail_compliance.py +614 -0
runbooks/inventory/check_controltower_readiness.py +1107 -0
runbooks/inventory/check_landingzone_readiness.py +711 -0
runbooks/inventory/cloudtrail.md +727 -0
runbooks/inventory/collectors/__init__.py +20 -0
runbooks/inventory/collectors/aws_compute.py +518 -0
runbooks/inventory/collectors/aws_networking.py +275 -0
runbooks/inventory/collectors/base.py +222 -0
runbooks/inventory/core/__init__.py +19 -0
runbooks/inventory/core/collector.py +303 -0
runbooks/inventory/core/formatter.py +296 -0
runbooks/inventory/delete_s3_buckets_objects.py +169 -0
runbooks/inventory/discovery.md +81 -0
runbooks/inventory/draw_org_structure.py +748 -0
runbooks/inventory/ec2_vpc_utils.py +341 -0
runbooks/inventory/find_cfn_drift_detection.py +272 -0
runbooks/inventory/find_cfn_orphaned_stacks.py +719 -0
runbooks/inventory/find_cfn_stackset_drift.py +733 -0
runbooks/inventory/find_ec2_security_groups.py +669 -0
runbooks/inventory/find_landingzone_versions.py +201 -0
runbooks/inventory/find_vpc_flow_logs.py +1221 -0
runbooks/inventory/inventory.sh +659 -0
runbooks/inventory/list_cfn_stacks.py +558 -0
runbooks/inventory/list_cfn_stackset_operation_results.py +252 -0
runbooks/inventory/list_cfn_stackset_operations.py +734 -0
runbooks/inventory/list_cfn_stacksets.py +453 -0
runbooks/inventory/list_config_recorders_delivery_channels.py +681 -0
runbooks/inventory/list_ds_directories.py +354 -0
runbooks/inventory/list_ec2_availability_zones.py +286 -0
runbooks/inventory/list_ec2_ebs_volumes.py +244 -0
runbooks/inventory/list_ec2_instances.py +425 -0
runbooks/inventory/list_ecs_clusters_and_tasks.py +562 -0
runbooks/inventory/list_elbs_load_balancers.py +411 -0
runbooks/inventory/list_enis_network_interfaces.py +526 -0
runbooks/inventory/list_guardduty_detectors.py +568 -0
runbooks/inventory/list_iam_policies.py +404 -0
runbooks/inventory/list_iam_roles.py +518 -0
runbooks/inventory/list_iam_saml_providers.py +359 -0
runbooks/inventory/list_lambda_functions.py +882 -0
runbooks/inventory/list_org_accounts.py +446 -0
runbooks/inventory/list_org_accounts_users.py +354 -0
runbooks/inventory/list_rds_db_instances.py +406 -0
runbooks/inventory/list_route53_hosted_zones.py +318 -0
runbooks/inventory/list_servicecatalog_provisioned_products.py +575 -0
runbooks/inventory/list_sns_topics.py +360 -0
runbooks/inventory/list_ssm_parameters.py +402 -0
runbooks/inventory/list_vpc_subnets.py +433 -0
runbooks/inventory/list_vpcs.py +422 -0
runbooks/inventory/lockdown_cfn_stackset_role.py +224 -0
runbooks/inventory/models/__init__.py +24 -0
runbooks/inventory/models/account.py +192 -0
runbooks/inventory/models/inventory.py +309 -0
runbooks/inventory/models/resource.py +247 -0
runbooks/inventory/recover_cfn_stack_ids.py +205 -0
runbooks/inventory/requirements.txt +12 -0
runbooks/inventory/run_on_multi_accounts.py +211 -0
runbooks/inventory/tests/common_test_data.py +3661 -0
runbooks/inventory/tests/common_test_functions.py +204 -0
runbooks/inventory/tests/script_test_data.py +0 -0
runbooks/inventory/tests/setup.py +24 -0
runbooks/inventory/tests/src.py +18 -0
runbooks/inventory/tests/test_cfn_describe_stacks.py +208 -0
runbooks/inventory/tests/test_ec2_describe_instances.py +162 -0
runbooks/inventory/tests/test_inventory_modules.py +55 -0
runbooks/inventory/tests/test_lambda_list_functions.py +86 -0
runbooks/inventory/tests/test_moto_integration_example.py +273 -0
runbooks/inventory/tests/test_org_list_accounts.py +49 -0
runbooks/inventory/update_aws_actions.py +173 -0
runbooks/inventory/update_cfn_stacksets.py +1215 -0
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +294 -0
runbooks/inventory/update_iam_roles_cross_accounts.py +478 -0
runbooks/inventory/update_s3_public_access_block.py +539 -0
runbooks/inventory/utils/__init__.py +23 -0
runbooks/inventory/utils/aws_helpers.py +510 -0
runbooks/inventory/utils/threading_utils.py +493 -0
runbooks/inventory/utils/validation.py +682 -0
runbooks/inventory/verify_ec2_security_groups.py +1430 -0
runbooks/main.py +785 -0
runbooks/organizations/__init__.py +12 -0
runbooks/organizations/manager.py +374 -0
runbooks/security_baseline/README.md +324 -0
runbooks/security_baseline/checklist/alternate_contacts.py +8 -1
runbooks/security_baseline/checklist/bucket_public_access.py +4 -1
runbooks/security_baseline/checklist/cloudwatch_alarm_configuration.py +9 -2
runbooks/security_baseline/checklist/guardduty_enabled.py +9 -2
runbooks/security_baseline/checklist/multi_region_instance_usage.py +5 -1
runbooks/security_baseline/checklist/root_access_key.py +6 -1
runbooks/security_baseline/config-origin.json +1 -1
runbooks/security_baseline/config.json +1 -1
runbooks/security_baseline/permission.json +1 -1
runbooks/security_baseline/report_generator.py +10 -2
runbooks/security_baseline/report_template_en.html +7 -7
runbooks/security_baseline/report_template_jp.html +7 -7
runbooks/security_baseline/report_template_kr.html +12 -12
runbooks/security_baseline/report_template_vn.html +7 -7
runbooks/security_baseline/requirements.txt +7 -0
runbooks/security_baseline/run_script.py +8 -2
runbooks/security_baseline/security_baseline_tester.py +10 -2
runbooks/security_baseline/utils/common.py +5 -1
runbooks/utils/__init__.py +204 -0
runbooks-0.6.1.dist-info/METADATA +373 -0
runbooks-0.6.1.dist-info/RECORD +237 -0
{runbooks-0.2.5.dist-info → runbooks-0.6.1.dist-info}/WHEEL +1 -1
runbooks-0.6.1.dist-info/entry_points.txt +7 -0
runbooks-0.6.1.dist-info/licenses/LICENSE +201 -0
runbooks-0.6.1.dist-info/top_level.txt +3 -0
runbooks/python101/calculator.py +0 -34
runbooks/python101/config.py +0 -1
runbooks/python101/exceptions.py +0 -16
runbooks/python101/file_manager.py +0 -218
runbooks/python101/toolkit.py +0 -153
runbooks-0.2.5.dist-info/METADATA +0 -439
runbooks-0.2.5.dist-info/RECORD +0 -61
runbooks-0.2.5.dist-info/entry_points.txt +0 -3
runbooks-0.2.5.dist-info/top_level.txt +0 -1

runbooks/inventory/list_ecs_clusters_and_tasks.py ADDED Viewed

@@ -0,0 +1,562 @@
+# !/usr/bin/env python3
+"""
+AWS ECS Clusters, Services, and Tasks Discovery and Analysis Script
+This script provides comprehensive discovery and inventory capabilities for Amazon
+Elastic Container Service (ECS) resources across multiple AWS accounts and regions.
+It's designed for enterprise container platform teams who need visibility into
+containerized workloads, service distribution, and task management across large-scale
+AWS deployments.
+Key Features:
+- Multi-account ECS cluster discovery using assume role capabilities
+- Multi-region scanning with configurable region targeting
+- ECS service enumeration with detailed metadata extraction
+- ECS task inventory with state tracking and resource utilization
+- Container workload analysis and capacity planning support
+- Enterprise reporting with CSV export and structured output
+- Profile-based authentication with support for federated access
+Enterprise Use Cases:
+- Container platform inventory and governance across organizations
+- ECS service distribution analysis for load balancing optimization
+- Task resource utilization tracking for cost optimization
+- Capacity planning for containerized workloads
+- Compliance reporting for container security and configuration standards
+- Multi-account container orchestration visibility
+- Disaster recovery planning with service distribution analysis
+Container Platform Features:
+- ECS cluster enumeration with capacity provider analysis
+- Service discovery with task definition and deployment tracking
+- Task inventory with container instance placement and resource allocation
+- Service health monitoring and availability analysis
+- Container resource utilization tracking across accounts
+- Load balancer integration analysis for service endpoints
+Security Considerations:
+- Uses IAM assume role capabilities for cross-account ECS access
+- Implements proper error handling for authorization failures
+- Supports read-only operations with no container modification capabilities
+- Respects ECS service permissions and cluster access constraints
+- Provides comprehensive audit trail through detailed logging
+ECS Resource Analysis:
+- Cluster capacity and utilization metrics for planning
+- Service scaling configuration and deployment strategy analysis
+- Task placement constraints and resource requirements tracking
+- Container instance distribution across availability zones
+- Service mesh and load balancer integration visibility
+Performance Considerations:
+- Multi-threaded processing for concurrent ECS API operations
+- Progress tracking with tqdm for operational visibility during long operations
+- Efficient credential management for cross-account container access
+- Memory-optimized data structures for large container inventories
+- Queue-based worker architecture for scalable discovery operations
+Threading Architecture:
+- Worker thread pool with configurable concurrency (max 25 threads)
+- Queue-based task distribution for efficient resource discovery
+- Thread-safe error handling and progress tracking
+- Graceful degradation for account access failures
+Dependencies:
+- boto3/botocore for AWS ECS API interactions
+- Inventory_Modules for common utility functions and credential management
+- ArgumentsClass for standardized CLI argument parsing
+- threading and queue for concurrent processing architecture
+- colorama for enhanced output formatting and tqdm for progress tracking
+Future Enhancements:
+- ECS task definition analysis and security compliance checking
+- Container image vulnerability scanning integration
+- Service mesh configuration analysis
+- Auto-scaling configuration and recommendation engine
+- Cost optimization recommendations based on resource utilization
+Author: AWS CloudOps Team
+Version: 2024.09.06
+"""
+import logging
+import sys
+from os.path import split
+from queue import Queue
+from threading import Thread
+from time import time
+import Inventory_Modules
+from ArgumentsClass import CommonArguments
+from botocore.exceptions import ClientError
+from colorama import Fore, init
+from Inventory_Modules import display_results, find_account_ecs_clusters_services_and_tasks2, get_all_credentials
+from tqdm.auto import tqdm
+init()
+__version__ = "2024.09.06"
+ERASE_LINE = "\x1b[2K"
+begin_time = time()
+# TODO: Need a table at the bottom that summarizes the results, by instance-type, by running/ stopped, maybe by account and region
+##################
+# Functions
+##################
+def parse_args(f_arguments):
+    """
+    Parse command line arguments for ECS clusters, services, and tasks discovery operations.
+    Configures comprehensive argument parsing for multi-account, multi-region ECS resource
+    inventory operations. Supports enterprise container platform management with profile
+    management, region targeting, organizational access controls, and status filtering for
+    container workload analysis and capacity planning.
+    Args:
+        f_arguments (list): Command line arguments from sys.argv[1:]
+    Returns:
+        argparse.Namespace: Parsed arguments containing:
+            - Profiles: List of AWS profiles to process
+            - Regions: Target regions for ECS resource discovery
+            - SkipProfiles/SkipAccounts: Exclusion filters
+            - RootOnly: Limit to organization root accounts
+            - AccessRoles: IAM roles for cross-account access
+            - Filename: Output file for CSV export
+            - Time: Enable performance timing metrics
+            - loglevel: Logging verbosity configuration
+            - pStatus: Filter tasks by status (running/stopped)
+    Configuration Options:
+        - Multi-region scanning with region filters for targeted container analysis
+        - Multi-profile support for federated access across container platforms
+        - Extended arguments for advanced filtering and account selection
+        - Root-only mode for organization-level container inventory
+        - Role-based access for cross-account ECS resource discovery
+        - File output for integration with container management tools
+        - Timing metrics for performance optimization and monitoring
+        - Status filtering for task state analysis (running, stopped, or both)
+        - Verbose logging for debugging and container platform audit
+    ECS-Specific Features:
+        - Task status filtering to focus on specific workload states
+        - Support for container lifecycle analysis and monitoring
+        - Integration with enterprise container governance workflows
+    """
+    script_path, script_name = split(sys.argv[0])
+    parser = CommonArguments()
+    parser.my_parser.description = "Discover and analyze ECS clusters, services, and tasks across multiple AWS accounts and regions for enterprise container platform management."
+    parser.multiprofile()
+    parser.multiregion()
+    parser.extendedargs()
+    parser.rolestouse()
+    parser.rootOnly()
+    parser.save_to_file()
+    parser.timing()
+    parser.verbosity()
+    parser.version(__version__)
+    local = parser.my_parser.add_argument_group(script_name, "Parameters specific to this script")
+    local.add_argument(
+        "-s",
+        "--status",
+        dest="pStatus",
+        choices=["running", "stopped"],
+        type=str,
+        default=None,
+        help="Filter ECS tasks by status: 'running' for active workloads, 'stopped' for terminated tasks, or omit for both states",
+    )
+    return parser.my_parser.parse_args(f_arguments)
+# The parameters passed to this function should be the dictionary of attributes that will be examined within the thread.
+def find_all_clusters_and_tasks(fAllCredentials: list, fStatus: str = None) -> list:
+    """
+    Discover and inventory ECS clusters, services, and tasks across multiple AWS accounts and regions.
+    Performs comprehensive ECS resource discovery using multi-threaded processing to efficiently
+    inventory containerized workloads across enterprise AWS environments. Supports status filtering
+    for task lifecycle analysis and provides detailed metadata for capacity planning and governance.
+    Args:
+        fAllCredentials (list): List of credential dictionaries for cross-account access containing:
+            - AccountId: AWS account number
+            - Region: Target AWS region
+            - Success: Boolean indicating credential validity
+            - MgmtAccount: Management account identifier
+            - ParentProfile: Source AWS profile
+        fStatus (str, optional): Filter tasks by status ('running', 'stopped', or None for all)
+    Returns:
+        list: Comprehensive list of ECS resource dictionaries containing:
+            - MgmtAccount: Management account identifier for organizational hierarchy
+            - AccountId: AWS account containing the ECS resources
+            - Region: AWS region where resources are located
+            - ClusterName: ECS cluster identifier
+            - ServiceName: ECS service name (if applicable)
+            - TaskDefinition: Task definition ARN and revision
+            - TaskArn: Unique task identifier
+            - TaskStatus: Current task state (RUNNING, STOPPED, PENDING)
+            - ContainerInstances: EC2 instances hosting containers
+            - ParentProfile: Source profile for audit and governance
+            - LaunchType: Container launch type (EC2, FARGATE)
+            - PlatformVersion: ECS platform version for Fargate tasks
+    Threading Architecture:
+        - Worker thread pool with maximum 25 concurrent threads for scalability
+        - Queue-based task distribution for efficient resource discovery
+        - Thread-safe error handling and progress tracking with tqdm
+        - Graceful degradation for account access failures and authorization issues
+    Enterprise Features:
+        - Cross-account ECS resource discovery with assume role capabilities
+        - Container workload analysis with status filtering for lifecycle management
+        - Progress tracking for operational visibility during large-scale operations
+        - Comprehensive error handling for authorization and throttling scenarios
+    Error Handling:
+        - Authorization failure detection with region opt-in diagnostics
+        - AWS API throttling management with appropriate logging
+        - Graceful handling of missing resources and empty responses
+        - Thread-safe error reporting and progress updates
+    Performance Considerations:
+        - Configurable thread pool size based on credential set size
+        - Efficient memory management for large container inventories
+        - Progress tracking with real-time feedback for long operations
+        - Optimized data structures for enterprise-scale resource discovery
+    """
+    # Worker thread class for concurrent ECS resource discovery
+    class FindInstances(Thread):
+        def __init__(self, queue):
+            Thread.__init__(self)
+            self.queue = queue
+        def run(self):
+            """
+            Main worker thread execution loop for ECS resource discovery and analysis.
+            Continuously processes credential sets from the shared work queue, performing
+            comprehensive ECS cluster, service, and task discovery operations with detailed
+            metadata extraction and enterprise container platform analysis.
+            """
+            while True:
+                # Retrieve ECS discovery work item from thread-safe queue
+                c_account_credentials = self.queue.get()
+                logging.info(f"De-queued info for account number {c_account_credentials['AccountId']}")
+                try:
+                    # Execute comprehensive ECS resource discovery for the current account/region
+                    # This calls the inventory module's specialized ECS discovery function
+                    EcsInfo = Inventory_Modules.find_account_ecs_clusters_services_and_tasks2(c_account_credentials)
+                    logging.info(
+                        f"Account: {c_account_credentials['AccountId']} Region: {c_account_credentials['Region']} | Discovered ECS resources"
+                    )
+                    # Initialize ECS resource metadata variables with defaults
+                    ClusterName = ServiceName = TaskDefinition = TaskArn = TaskStatus = ""
+                    LaunchType = PlatformVersion = ContainerInstanceArn = ""
+                    # Process discovered ECS clusters, services, and tasks with comprehensive metadata extraction
+                    # ECS resources have a hierarchical structure: Clusters -> Services -> Tasks
+                    if "Clusters" in EcsInfo and EcsInfo["Clusters"]:
+                        for cluster in EcsInfo["Clusters"]:
+                            ClusterName = cluster.get("clusterName", "Unknown")
+                            ClusterArn = cluster.get("clusterArn", "")
+                            ClusterStatus = cluster.get("status", "")
+                            # Process ECS services within each cluster for workload analysis
+                            if "Services" in cluster and cluster["Services"]:
+                                for service in cluster["Services"]:
+                                    ServiceName = service.get("serviceName", "Unknown")
+                                    ServiceArn = service.get("serviceArn", "")
+                                    ServiceStatus = service.get("status", "")
+                                    TaskDefinition = service.get("taskDefinition", "")
+                                    # Extract running task count for capacity analysis
+                                    RunningCount = service.get("runningCount", 0)
+                                    PendingCount = service.get("pendingCount", 0)
+                                    DesiredCount = service.get("desiredCount", 0)
+                                    # Process ECS tasks for detailed workload state analysis
+                                    if "Tasks" in service and service["Tasks"]:
+                                        for task in service["Tasks"]:
+                                            TaskArn = task.get("taskArn", "")
+                                            TaskStatus = task.get("lastStatus", "")
+                                            LaunchType = task.get("launchType", "")
+                                            PlatformVersion = task.get("platformVersion", "")
+                                            # Extract container instance information for EC2 launch type
+                                            ContainerInstanceArn = task.get("containerInstanceArn", "")
+                                            # Apply status filtering for task lifecycle analysis
+                                            if fStatus is None or fStatus.upper() == TaskStatus.upper():
+                                                # Create comprehensive ECS resource record for enterprise inventory
+                                                ecs_record = {
+                                                    # Organizational context for multi-account container management
+                                                    "MgmtAccount": c_account_credentials["MgmtAccount"],
+                                                    "AccountId": c_account_credentials["AccountId"],
+                                                    "Region": c_account_credentials["Region"],
+                                                    "ParentProfile": c_account_credentials["ParentProfile"],
+                                                    # ECS cluster hierarchy and identification
+                                                    "ClusterName": ClusterName,
+                                                    "ClusterArn": ClusterArn,
+                                                    "ClusterStatus": ClusterStatus,
+                                                    # ECS service configuration and capacity
+                                                    "ServiceName": ServiceName,
+                                                    "ServiceArn": ServiceArn,
+                                                    "ServiceStatus": ServiceStatus,
+                                                    "TaskDefinition": TaskDefinition,
+                                                    # Service capacity metrics for planning
+                                                    "RunningCount": RunningCount,
+                                                    "PendingCount": PendingCount,
+                                                    "DesiredCount": DesiredCount,
+                                                    # Task-level metadata and runtime information
+                                                    "TaskArn": TaskArn,
+                                                    "TaskStatus": TaskStatus,
+                                                    "LaunchType": LaunchType,
+                                                    "PlatformVersion": PlatformVersion,
+                                                    "ContainerInstanceArn": ContainerInstanceArn,
+                                                }
+                                                # Add to enterprise container platform inventory
+                                                AllInstances.append(ecs_record)
+                                            else:
+                                                # Skip tasks that don't match status filter
+                                                continue
+                                    else:
+                                        # Handle services without tasks (potentially new or scaled-down services)
+                                        if fStatus is None:  # Only include in comprehensive inventory mode
+                                            service_record = {
+                                                # Organizational context
+                                                "MgmtAccount": c_account_credentials["MgmtAccount"],
+                                                "AccountId": c_account_credentials["AccountId"],
+                                                "Region": c_account_credentials["Region"],
+                                                "ParentProfile": c_account_credentials["ParentProfile"],
+                                                # Service-level information without tasks
+                                                "ClusterName": ClusterName,
+                                                "ServiceName": ServiceName,
+                                                "ServiceStatus": ServiceStatus,
+                                                "TaskDefinition": TaskDefinition,
+                                                "RunningCount": RunningCount,
+                                                "PendingCount": PendingCount,
+                                                "DesiredCount": DesiredCount,
+                                                # Empty task fields for consistency
+                                                "TaskArn": "",
+                                                "TaskStatus": "NO_TASKS",
+                                                "LaunchType": "",
+                                                "PlatformVersion": "",
+                                                "ContainerInstanceArn": "",
+                                            }
+                                            AllInstances.append(service_record)
+                            else:
+                                # Handle clusters without services (empty or infrastructure-only clusters)
+                                if fStatus is None:  # Only include in comprehensive inventory mode
+                                    cluster_record = {
+                                        # Organizational context
+                                        "MgmtAccount": c_account_credentials["MgmtAccount"],
+                                        "AccountId": c_account_credentials["AccountId"],
+                                        "Region": c_account_credentials["Region"],
+                                        "ParentProfile": c_account_credentials["ParentProfile"],
+                                        # Cluster-only information
+                                        "ClusterName": ClusterName,
+                                        "ClusterStatus": ClusterStatus,
+                                        # Empty service and task fields for consistency
+                                        "ServiceName": "NO_SERVICES",
+                                        "ServiceStatus": "",
+                                        "TaskDefinition": "",
+                                        "RunningCount": 0,
+                                        "PendingCount": 0,
+                                        "DesiredCount": 0,
+                                        "TaskArn": "",
+                                        "TaskStatus": "",
+                                        "LaunchType": "",
+                                        "PlatformVersion": "",
+                                        "ContainerInstanceArn": "",
+                                    }
+                                    AllInstances.append(cluster_record)
+                except KeyError as my_Error:
+                    # Handle cases where expected keys are missing from ECS API responses
+                    logging.error(f"Account Access failed - trying to access {c_account_credentials['AccountId']}")
+                    logging.info(f"Actual Error: {my_Error}")
+                    pass
+                except AttributeError as my_Error:
+                    # Handle cases where profile configuration is incorrect
+                    logging.error(f"Error: Likely that one of the supplied profiles was wrong")
+                    logging.warning(my_Error)
+                    continue
+                except ClientError as my_Error:
+                    # Handle AWS API errors including authorization failures and throttling
+                    if "AuthFailure" in str(my_Error):
+                        logging.error(
+                            f"Authorization Failure accessing account {c_account_credentials['AccountId']} in {c_account_credentials['Region']} region"
+                        )
+                        logging.warning(
+                            f"It's possible that the region {c_account_credentials['Region']} hasn't been opted-into"
+                        )
+                        continue
+                    else:
+                        # Handle API throttling and service limits for ECS operations
+                        logging.error(f"Error: Likely throttling errors from too much ECS API activity")
+                        logging.warning(my_Error)
+                        continue
+                finally:
+                    # Ensure progress tracking and queue management regardless of success/failure
+                    pbar.update()
+                    self.queue.task_done()
+    ###########
+    # Initialize queue-based threading architecture for scalable ECS resource discovery
+    ###########
+    # Create thread-safe queue for distributing work across worker threads
+    checkqueue = Queue()
+    # Initialize results list for aggregating discovered ECS resources
+    AllInstances = []
+    # Configure worker thread pool size - balance between performance and AWS API limits
+    # Maximum 25 threads to prevent overwhelming AWS APIs while maintaining efficiency
+    WorkerThreads = min(len(fAllCredentials), 25)
+    # Initialize progress tracking for operational visibility during large-scale operations
+    pbar = tqdm(
+        desc=f"Finding ECS clusters, services and tasks from {len(fAllCredentials)} accounts / regions",
+        total=len(fAllCredentials),
+        unit=" locations",
+    )
+    # Start worker threads for concurrent ECS resource discovery
+    for x in range(WorkerThreads):
+        worker = FindInstances(checkqueue)
+        # Setting daemon to True allows main thread exit even if workers are still processing
+        worker.daemon = True
+        worker.start()
+    # Queue credential sets for processing by worker threads
+    for credential in fAllCredentials:
+        logging.info(f"Beginning to queue data - starting with {credential['AccountId']}")
+        try:
+            # Queue individual credential set for ECS resource discovery
+            # Note: Single parameter queuing - credential dictionary contains all needed info
+            checkqueue.put(credential)
+        except ClientError as my_Error:
+            # Handle authorization failures during credential queuing
+            if "AuthFailure" in str(my_Error):
+                logging.error(
+                    f"Authorization Failure accessing account {credential['AccountId']} in {credential['Region']} region"
+                )
+                logging.warning(f"It's possible that the region {credential['Region']} hasn't been opted-into")
+                pass
+    # Wait for all queued work to complete before proceeding
+    checkqueue.join()
+    pbar.close()
+    return AllInstances
+##################
+# Main execution entry point for enterprise ECS resource discovery and analysis
+##################
+if __name__ == "__main__":
+    """
+    Main orchestration for comprehensive ECS cluster, service, and task discovery operations.
+    Coordinates multi-account, multi-region ECS resource inventory with detailed container
+    platform analysis, capacity planning support, and enterprise containerized workload
+    governance across AWS Organizations environments.
+    """
+    # Parse enterprise command-line arguments with ECS-specific container platform options
+    args = parse_args(sys.argv[1:])
+    # Extract configuration parameters for multi-account container platform discovery
+    pProfiles = args.Profiles  # AWS profile list for federated ECS access
+    pRegionList = args.Regions  # Target regions for ECS cluster enumeration
+    pAccounts = args.Accounts  # Specific account targeting for focused container analysis
+    pSkipAccounts = args.SkipAccounts  # Account exclusion list for organizational policy compliance
+    pSkipProfiles = args.SkipProfiles  # Profile exclusion for credential optimization
+    pAccessRoles = args.AccessRoles  # Cross-account roles for Organizations ECS access
+    pStatus = args.pStatus  # Task status filter for container lifecycle analysis
+    pRootOnly = args.RootOnly  # Organization root account limitation flag
+    pFilename = args.Filename  # CSV export file for enterprise container reporting
+    pTiming = args.Time  # Performance timing for operational optimization
+    verbose = args.loglevel  # Logging verbosity for container platform visibility
+    # Configure enterprise logging infrastructure for ECS operations audit trail
+    logging.basicConfig(level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s")
+    logging.getLogger("boto3").setLevel(logging.CRITICAL)
+    logging.getLogger("botocore").setLevel(logging.CRITICAL)
+    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
+    logging.getLogger("urllib3").setLevel(logging.CRITICAL)
+    print()
+    print(f"Checking for ECS clusters, services, and tasks... ")
+    print()
+    # Execute enterprise credential discovery and validation across organizational container infrastructure
+    CredentialList = get_all_credentials(
+        pProfiles, pTiming, pSkipProfiles, pSkipAccounts, pRootOnly, pAccounts, pRegionList, pAccessRoles
+    )
+    # Calculate organizational scope for executive container platform reporting
+    AccountNum = len(set([acct["AccountId"] for acct in CredentialList]))
+    RegionNum = len(set([acct["Region"] for acct in CredentialList]))
+    print()
+    print(f"Searching total of {AccountNum} accounts and {RegionNum} regions for ECS resources")
+    # Display performance timing for credential discovery phase optimization
+    if pTiming:
+        print()
+        milestone_time1 = time()
+        print(
+            f"{Fore.GREEN}\t\tCredential discovery and region enumeration took: {(milestone_time1 - begin_time):.3f} seconds{Fore.RESET}"
+        )
+        print()
+    print(f"Now running through all accounts and regions to discover ECS resources...")
+    # Execute comprehensive multi-threaded ECS resource discovery and container platform analysis
+    AllInstances = find_all_clusters_and_tasks(CredentialList, pStatus)
+    # Configure enterprise ECS resource inventory report display formatting
+    display_dict = {
+        "ParentProfile": {"DisplayOrder": 1, "Heading": "Parent Profile"},  # Source profile for audit
+        "MgmtAccount": {"DisplayOrder": 2, "Heading": "Mgmt Acct"},  # Management account hierarchy
+        "AccountId": {"DisplayOrder": 3, "Heading": "Acct Number"},  # Account identifier
+        "Region": {"DisplayOrder": 4, "Heading": "Region"},  # AWS region
+        "ClusterName": {"DisplayOrder": 5, "Heading": "Cluster"},  # ECS cluster name
+        "ServiceName": {"DisplayOrder": 6, "Heading": "Service"},  # ECS service name
+        "TaskStatus": {"DisplayOrder": 7, "Heading": "Task Status"},  # Task lifecycle state
+        "LaunchType": {"DisplayOrder": 8, "Heading": "Launch Type"},  # EC2 or Fargate
+        "RunningCount": {"DisplayOrder": 9, "Heading": "Running Tasks"},  # Active task count
+        "DesiredCount": {"DisplayOrder": 10, "Heading": "Desired Tasks"},  # Target task count
+    }
+    # Sort ECS resources for consistent enterprise reporting and operational visibility
+    sorted_all_instances = sorted(
+        AllInstances,
+        key=lambda d: (d["ParentProfile"], d["MgmtAccount"], d["Region"], d["AccountId"], d.get("ClusterName", "")),
+    )
+    # Generate comprehensive ECS resource inventory report with CSV export capability
+    display_results(sorted_all_instances, display_dict, None, pFilename)
+    # Display performance timing metrics for operational optimization and SLA compliance
+    if pTiming:
+        print(ERASE_LINE)
+        print(f"{Fore.GREEN}This script took {time() - begin_time:.2f} seconds{Fore.RESET}")
+    print(ERASE_LINE)
+    # Display comprehensive operational summary for executive container platform reporting
+    print(f"Found {len(AllInstances)} ECS resources across {AccountNum} accounts across {RegionNum} regions")
+    print()
+    # Display completion message for user confirmation and operational closure
+    print("Thank you for using this script")
+    print()

runbooks 0.2.5__py3-none-any.whl → 0.6.1__py3-none-any.whl

runbooks 0.2.5py3-none-any.whl → 0.6.1py3-none-any.whl