PyPI - runbooks - Versions diffs - 0.7.0__py3-none-any.whl → 0.7.6__py3-none-any.whl - Mend

runbooks 0.7.0py3-none-any.whl → 0.7.6py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

runbooks/__init__.py +87 -37
runbooks/cfat/README.md +300 -49
runbooks/cfat/__init__.py +2 -2
runbooks/finops/__init__.py +1 -1
runbooks/finops/cli.py +1 -1
runbooks/inventory/collectors/__init__.py +8 -0
runbooks/inventory/collectors/aws_management.py +791 -0
runbooks/inventory/collectors/aws_networking.py +3 -3
runbooks/main.py +3389 -782
runbooks/operate/__init__.py +207 -0
runbooks/operate/base.py +311 -0
runbooks/operate/cloudformation_operations.py +619 -0
runbooks/operate/cloudwatch_operations.py +496 -0
runbooks/operate/dynamodb_operations.py +812 -0
runbooks/operate/ec2_operations.py +926 -0
runbooks/operate/iam_operations.py +569 -0
runbooks/operate/s3_operations.py +1211 -0
runbooks/operate/tagging_operations.py +655 -0
runbooks/remediation/CLAUDE.md +100 -0
runbooks/remediation/DOME9.md +218 -0
runbooks/remediation/README.md +26 -0
runbooks/remediation/Tests/__init__.py +0 -0
runbooks/remediation/Tests/update_policy.py +74 -0
runbooks/remediation/__init__.py +95 -0
runbooks/remediation/acm_cert_expired_unused.py +98 -0
runbooks/remediation/acm_remediation.py +875 -0
runbooks/remediation/api_gateway_list.py +167 -0
runbooks/remediation/base.py +643 -0
runbooks/remediation/cloudtrail_remediation.py +908 -0
runbooks/remediation/cloudtrail_s3_modifications.py +296 -0
runbooks/remediation/cognito_active_users.py +78 -0
runbooks/remediation/cognito_remediation.py +856 -0
runbooks/remediation/cognito_user_password_reset.py +163 -0
runbooks/remediation/commons.py +455 -0
runbooks/remediation/dynamodb_optimize.py +155 -0
runbooks/remediation/dynamodb_remediation.py +744 -0
runbooks/remediation/dynamodb_server_side_encryption.py +108 -0
runbooks/remediation/ec2_public_ips.py +134 -0
runbooks/remediation/ec2_remediation.py +892 -0
runbooks/remediation/ec2_subnet_disable_auto_ip_assignment.py +72 -0
runbooks/remediation/ec2_unattached_ebs_volumes.py +448 -0
runbooks/remediation/ec2_unused_security_groups.py +202 -0
runbooks/remediation/kms_enable_key_rotation.py +651 -0
runbooks/remediation/kms_remediation.py +717 -0
runbooks/remediation/lambda_list.py +243 -0
runbooks/remediation/lambda_remediation.py +971 -0
runbooks/remediation/multi_account.py +569 -0
runbooks/remediation/rds_instance_list.py +199 -0
runbooks/remediation/rds_remediation.py +873 -0
runbooks/remediation/rds_snapshot_list.py +192 -0
runbooks/remediation/requirements.txt +118 -0
runbooks/remediation/s3_block_public_access.py +159 -0
runbooks/remediation/s3_bucket_public_access.py +143 -0
runbooks/remediation/s3_disable_static_website_hosting.py +74 -0
runbooks/remediation/s3_downloader.py +215 -0
runbooks/remediation/s3_enable_access_logging.py +562 -0
runbooks/remediation/s3_encryption.py +526 -0
runbooks/remediation/s3_force_ssl_secure_policy.py +143 -0
runbooks/remediation/s3_list.py +141 -0
runbooks/remediation/s3_object_search.py +201 -0
runbooks/remediation/s3_remediation.py +816 -0
runbooks/remediation/scan_for_phrase.py +425 -0
runbooks/remediation/workspaces_list.py +220 -0
runbooks/security/__init__.py +9 -10
runbooks/security/security_baseline_tester.py +4 -2
runbooks-0.7.6.dist-info/METADATA +608 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/RECORD +84 -76
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/entry_points.txt +0 -1
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/top_level.txt +0 -1
jupyter-agent/.env +0 -2
jupyter-agent/.env.template +0 -2
jupyter-agent/.gitattributes +0 -35
jupyter-agent/.gradio/certificate.pem +0 -31
jupyter-agent/README.md +0 -16
jupyter-agent/__main__.log +0 -8
jupyter-agent/app.py +0 -256
jupyter-agent/cloudops-agent.png +0 -0
jupyter-agent/ds-system-prompt.txt +0 -154
jupyter-agent/jupyter-agent.png +0 -0
jupyter-agent/llama3_template.jinja +0 -123
jupyter-agent/requirements.txt +0 -9
jupyter-agent/tmp/4ojbs8a02ir/jupyter-agent.ipynb +0 -68
jupyter-agent/tmp/cm5iasgpm3p/jupyter-agent.ipynb +0 -91
jupyter-agent/tmp/crqbsseag5/jupyter-agent.ipynb +0 -91
jupyter-agent/tmp/hohanq1u097/jupyter-agent.ipynb +0 -57
jupyter-agent/tmp/jns1sam29wm/jupyter-agent.ipynb +0 -53
jupyter-agent/tmp/jupyter-agent.ipynb +0 -27
jupyter-agent/utils.py +0 -409
runbooks/aws/__init__.py +0 -58
runbooks/aws/dynamodb_operations.py +0 -231
runbooks/aws/ec2_copy_image_cross-region.py +0 -195
runbooks/aws/ec2_describe_instances.py +0 -202
runbooks/aws/ec2_ebs_snapshots_delete.py +0 -186
runbooks/aws/ec2_run_instances.py +0 -213
runbooks/aws/ec2_start_stop_instances.py +0 -212
runbooks/aws/ec2_terminate_instances.py +0 -143
runbooks/aws/ec2_unused_eips.py +0 -196
runbooks/aws/ec2_unused_volumes.py +0 -188
runbooks/aws/s3_create_bucket.py +0 -142
runbooks/aws/s3_list_buckets.py +0 -152
runbooks/aws/s3_list_objects.py +0 -156
runbooks/aws/s3_object_operations.py +0 -183
runbooks/aws/tagging_lambda_handler.py +0 -183
runbooks/inventory/FAILED_SCRIPTS_TROUBLESHOOTING.md +0 -619
runbooks/inventory/PASSED_SCRIPTS_GUIDE.md +0 -738
runbooks/inventory/aws_organization.png +0 -0
runbooks/inventory/cfn_move_stack_instances.py +0 -1526
runbooks/inventory/delete_s3_buckets_objects.py +0 -169
runbooks/inventory/lockdown_cfn_stackset_role.py +0 -224
runbooks/inventory/update_aws_actions.py +0 -173
runbooks/inventory/update_cfn_stacksets.py +0 -1215
runbooks/inventory/update_cloudwatch_logs_retention_policy.py +0 -294
runbooks/inventory/update_iam_roles_cross_accounts.py +0 -478
runbooks/inventory/update_s3_public_access_block.py +0 -539
runbooks/organizations/__init__.py +0 -12
runbooks/organizations/manager.py +0 -374
runbooks-0.7.0.dist-info/METADATA +0 -375
/runbooks/inventory/{tests → Tests}/common_test_data.py +0 -0
/runbooks/inventory/{tests → Tests}/common_test_functions.py +0 -0
/runbooks/inventory/{tests → Tests}/script_test_data.py +0 -0
/runbooks/inventory/{tests → Tests}/setup.py +0 -0
/runbooks/inventory/{tests → Tests}/src.py +0 -0
/runbooks/inventory/{tests/test_inventory_modules.py → Tests/test_Inventory_Modules.py} +0 -0
/runbooks/inventory/{tests → Tests}/test_cfn_describe_stacks.py +0 -0
/runbooks/inventory/{tests → Tests}/test_ec2_describe_instances.py +0 -0
/runbooks/inventory/{tests → Tests}/test_lambda_list_functions.py +0 -0
/runbooks/inventory/{tests → Tests}/test_moto_integration_example.py +0 -0
/runbooks/inventory/{tests → Tests}/test_org_list_accounts.py +0 -0
/runbooks/inventory/{Inventory_Modules.py → inventory_modules.py} +0 -0
/runbooks/{aws → operate}/tags.json +0 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/WHEEL +0 -0
{runbooks-0.7.0.dist-info → runbooks-0.7.6.dist-info}/licenses/LICENSE +0 -0

runbooks/remediation/scan_for_phrase.py ADDED Viewed

@@ -0,0 +1,425 @@
+"""
+Multi-Service Phrase Scanner - Search for sensitive data across AWS services.
+"""
+import json
+import logging
+import click
+from botocore.exceptions import ClientError
+from .commons import display_aws_account_info, get_client, write_to_csv
+logger = logging.getLogger(__name__)
+def scan_lambda_functions(phrase, case_sensitive=False):
+    """Search Lambda function environment variables for the phrase."""
+    try:
+        lambda_client = get_client("lambda")
+        paginator = lambda_client.get_paginator("list_functions")
+        results = []
+        function_count = 0
+        for page in paginator.paginate():
+            for function in page["Functions"]:
+                function_count += 1
+                function_name = function["FunctionName"]
+                if "Environment" in function:
+                    env_vars = function["Environment"].get("Variables", {})
+                    for key, value in env_vars.items():
+                        search_value = value if case_sensitive else value.lower()
+                        search_phrase = phrase if case_sensitive else phrase.lower()
+                        if search_phrase in search_value:
+                            results.append(
+                                {
+                                    "service": "Lambda",
+                                    "resource_type": "Function",
+                                    "resource_name": function_name,
+                                    "resource_arn": function["FunctionArn"],
+                                    "location": f"Environment Variable: {key}",
+                                    "match_context": f"{key}={value[:100]}..."
+                                    if len(value) > 100
+                                    else f"{key}={value}",
+                                }
+                            )
+        logger.info(f"  Scanned {function_count} Lambda functions")
+        return results
+    except ClientError as e:
+        logger.error(f"Failed to scan Lambda functions: {e}")
+        return []
+def scan_ecs_tasks(phrase, case_sensitive=False):
+    """Search ECS task definitions for the phrase."""
+    try:
+        ecs_client = get_client("ecs")
+        paginator = ecs_client.get_paginator("list_task_definitions")
+        results = []
+        task_def_count = 0
+        for page in paginator.paginate():
+            for task_def_arn in page["taskDefinitionArns"]:
+                task_def_count += 1
+                try:
+                    task_def = ecs_client.describe_task_definition(taskDefinition=task_def_arn)["taskDefinition"]
+                    for container_def in task_def["containerDefinitions"]:
+                        container_name = container_def["name"]
+                        if "environment" in container_def:
+                            for env_var in container_def["environment"]:
+                                var_name = env_var.get("name", "")
+                                var_value = env_var.get("value", "")
+                                search_value = var_value if case_sensitive else var_value.lower()
+                                search_phrase = phrase if case_sensitive else phrase.lower()
+                                if search_phrase in search_value:
+                                    results.append(
+                                        {
+                                            "service": "ECS",
+                                            "resource_type": "Task Definition",
+                                            "resource_name": task_def_arn.split("/")[-1],
+                                            "resource_arn": task_def_arn,
+                                            "location": f"Container: {container_name}, Env Var: {var_name}",
+                                            "match_context": f"{var_name}={var_value[:100]}..."
+                                            if len(var_value) > 100
+                                            else f"{var_name}={var_value}",
+                                        }
+                                    )
+                except ClientError as e:
+                    logger.debug(f"Could not describe task definition {task_def_arn}: {e}")
+                    continue
+        logger.info(f"  Scanned {task_def_count} ECS task definitions")
+        return results
+    except ClientError as e:
+        logger.error(f"Failed to scan ECS task definitions: {e}")
+        return []
+def scan_ssm_parameters(phrase, case_sensitive=False):
+    """Search SSM Parameter Store for the phrase."""
+    try:
+        ssm_client = get_client("ssm")
+        paginator = ssm_client.get_paginator("describe_parameters")
+        results = []
+        param_count = 0
+        access_denied_count = 0
+        for page in paginator.paginate():
+            for param in page["Parameters"]:
+                param_count += 1
+                param_name = param["Name"]
+                try:
+                    parameter = ssm_client.get_parameter(Name=param_name, WithDecryption=True)
+                    param_value = parameter["Parameter"]["Value"]
+                    search_value = param_value if case_sensitive else param_value.lower()
+                    search_phrase = phrase if case_sensitive else phrase.lower()
+                    if search_phrase in search_value:
+                        results.append(
+                            {
+                                "service": "SSM Parameter Store",
+                                "resource_type": "Parameter",
+                                "resource_name": param_name,
+                                "resource_arn": param.get("ARN", "N/A"),
+                                "location": "Parameter Value",
+                                "match_context": param_value[:100] + "..." if len(param_value) > 100 else param_value,
+                            }
+                        )
+                except ClientError as e:
+                    error_code = e.response.get("Error", {}).get("Code", "Unknown")
+                    if error_code in ["ParameterNotFound", "AccessDenied"]:
+                        access_denied_count += 1
+                        logger.debug(f"Cannot access parameter {param_name}: {error_code}")
+                    else:
+                        logger.warning(f"Error accessing parameter {param_name}: {e}")
+        logger.info(f"  Scanned {param_count} SSM parameters ({access_denied_count} access denied)")
+        return results
+    except ClientError as e:
+        logger.error(f"Failed to scan SSM parameters: {e}")
+        return []
+def scan_secrets_manager(phrase, case_sensitive=False):
+    """Search AWS Secrets Manager for the phrase."""
+    try:
+        secrets_client = get_client("secretsmanager")
+        paginator = secrets_client.get_paginator("list_secrets")
+        results = []
+        secret_count = 0
+        access_denied_count = 0
+        for page in paginator.paginate():
+            for secret in page["SecretList"]:
+                secret_count += 1
+                secret_name = secret["Name"]
+                secret_arn = secret["ARN"]
+                try:
+                    secret_value = secrets_client.get_secret_value(SecretId=secret_arn)
+                    secret_string = secret_value.get("SecretString", "")
+                    if isinstance(secret_string, str):
+                        # Try to parse as JSON first
+                        try:
+                            secret_data = json.loads(secret_string)
+                            if isinstance(secret_data, dict):
+                                # Search in JSON keys and values
+                                for key, value in secret_data.items():
+                                    search_value = str(value) if case_sensitive else str(value).lower()
+                                    search_phrase = phrase if case_sensitive else phrase.lower()
+                                    if search_phrase in search_value:
+                                        results.append(
+                                            {
+                                                "service": "Secrets Manager",
+                                                "resource_type": "Secret",
+                                                "resource_name": secret_name,
+                                                "resource_arn": secret_arn,
+                                                "location": f"JSON Key: {key}",
+                                                "match_context": f"{key}={str(value)[:100]}..."
+                                                if len(str(value)) > 100
+                                                else f"{key}={value}",
+                                            }
+                                        )
+                            else:
+                                # Not a JSON object, search the string directly
+                                search_value = secret_string if case_sensitive else secret_string.lower()
+                                search_phrase = phrase if case_sensitive else phrase.lower()
+                                if search_phrase in search_value:
+                                    results.append(
+                                        {
+                                            "service": "Secrets Manager",
+                                            "resource_type": "Secret",
+                                            "resource_name": secret_name,
+                                            "resource_arn": secret_arn,
+                                            "location": "Secret Value",
+                                            "match_context": secret_string[:100] + "..."
+                                            if len(secret_string) > 100
+                                            else secret_string,
+                                        }
+                                    )
+                        except json.JSONDecodeError:
+                            # Not valid JSON, search as plain string
+                            search_value = secret_string if case_sensitive else secret_string.lower()
+                            search_phrase = phrase if case_sensitive else phrase.lower()
+                            if search_phrase in search_value:
+                                results.append(
+                                    {
+                                        "service": "Secrets Manager",
+                                        "resource_type": "Secret",
+                                        "resource_name": secret_name,
+                                        "resource_arn": secret_arn,
+                                        "location": "Secret Value",
+                                        "match_context": secret_string[:100] + "..."
+                                        if len(secret_string) > 100
+                                        else secret_string,
+                                    }
+                                )
+                except ClientError as e:
+                    error_code = e.response.get("Error", {}).get("Code", "Unknown")
+                    if error_code in ["ResourceNotFoundException", "AccessDeniedException"]:
+                        access_denied_count += 1
+                        logger.debug(f"Cannot access secret {secret_name}: {error_code}")
+                    else:
+                        logger.warning(f"Error accessing secret {secret_name}: {e}")
+        logger.info(f"  Scanned {secret_count} secrets ({access_denied_count} access denied)")
+        return results
+    except ClientError as e:
+        logger.error(f"Failed to scan Secrets Manager: {e}")
+        return []
+def scan_route53_records(phrase, case_sensitive=False):
+    """Search Route 53 DNS records for the phrase."""
+    try:
+        route53_client = get_client("route53")
+        results = []
+        zone_count = 0
+        record_count = 0
+        # List all hosted zones
+        hosted_zones = route53_client.list_hosted_zones()["HostedZones"]
+        for zone in hosted_zones:
+            zone_count += 1
+            zone_id = zone["Id"]
+            zone_name = zone["Name"]
+            # List records in the hosted zone
+            paginator = route53_client.get_paginator("list_resource_record_sets")
+            for page in paginator.paginate(HostedZoneId=zone_id):
+                for record in page["ResourceRecordSets"]:
+                    record_count += 1
+                    record_name = record["Name"]
+                    record_type = record["Type"]
+                    search_name = record_name if case_sensitive else record_name.lower()
+                    search_phrase = phrase if case_sensitive else phrase.lower()
+                    # Check if the phrase is in the record name
+                    if search_phrase in search_name:
+                        results.append(
+                            {
+                                "service": "Route 53",
+                                "resource_type": "DNS Record",
+                                "resource_name": record_name,
+                                "resource_arn": f"arn:aws:route53:::hostedzone/{zone_id.split('/')[-1]}",
+                                "location": f"Record Name in Zone: {zone_name}",
+                                "match_context": f"Type: {record_type}, Name: {record_name}",
+                            }
+                        )
+                    # Check record values for A and CNAME records
+                    if record_type in ["A", "CNAME"] and "ResourceRecords" in record:
+                        for value_record in record["ResourceRecords"]:
+                            record_value = value_record["Value"]
+                            search_value = record_value if case_sensitive else record_value.lower()
+                            if search_phrase in search_value:
+                                results.append(
+                                    {
+                                        "service": "Route 53",
+                                        "resource_type": "DNS Record",
+                                        "resource_name": record_name,
+                                        "resource_arn": f"arn:aws:route53:::hostedzone/{zone_id.split('/')[-1]}",
+                                        "location": f"Record Value in Zone: {zone_name}",
+                                        "match_context": f"Type: {record_type}, Value: {record_value}",
+                                    }
+                                )
+        logger.info(f"  Scanned {zone_count} hosted zones, {record_count} DNS records")
+        return results
+    except ClientError as e:
+        logger.error(f"Failed to scan Route 53 records: {e}")
+        return []
+@click.command()
+@click.option("--phrase", required=True, help="Phrase to search for in AWS resources")
+@click.option("--case-sensitive", is_flag=True, help="Perform case-sensitive search")
+@click.option("--services", default="lambda,ecs,ssm,secrets,route53", help="Comma-separated list of services to scan")
+@click.option("--output-file", default="phrase_search_results.csv", help="Output CSV file path")
+def search_aws_resources(phrase, case_sensitive, services, output_file):
+    """Search for a phrase across multiple AWS services (Lambda, ECS, SSM, Secrets Manager, Route 53)."""
+    logger.info(f"Multi-service phrase search in {display_aws_account_info()}")
+    logger.info(f"Searching for: '{phrase}' (case-sensitive: {case_sensitive})")
+    # Parse service list
+    service_list = [s.strip().lower() for s in services.split(",")]
+    service_scanners = {
+        "lambda": scan_lambda_functions,
+        "ecs": scan_ecs_tasks,
+        "ssm": scan_ssm_parameters,
+        "secrets": scan_secrets_manager,
+        "route53": scan_route53_records,
+    }
+    # Validate services
+    invalid_services = [s for s in service_list if s not in service_scanners]
+    if invalid_services:
+        logger.error(f"Invalid services: {invalid_services}")
+        logger.info(f"Valid services: {list(service_scanners.keys())}")
+        return
+    logger.info(f"Scanning services: {', '.join(service_list)}")
+    try:
+        all_results = []
+        # Scan each requested service
+        for service in service_list:
+            logger.info(f"🔍 Scanning {service.upper()}...")
+            scanner = service_scanners[service]
+            try:
+                results = scanner(phrase, case_sensitive)
+                all_results.extend(results)
+                if results:
+                    logger.info(f"  ✓ Found {len(results)} matches in {service}")
+                else:
+                    logger.info(f"  ○ No matches found in {service}")
+            except Exception as e:
+                logger.error(f"  ✗ Error scanning {service}: {e}")
+        # Process and export results
+        if all_results:
+            logger.info(f"\n🎯 SEARCH RESULTS: Found {len(all_results)} total matches")
+            # Group by service for summary
+            service_counts = {}
+            for result in all_results:
+                service = result["service"]
+                service_counts[service] = service_counts.get(service, 0) + 1
+            logger.info("Matches per service:")
+            for service, count in sorted(service_counts.items()):
+                logger.info(f"  {service}: {count} matches")
+            # Export to CSV
+            csv_data = []
+            for result in all_results:
+                csv_data.append(
+                    {
+                        "Service": result["service"],
+                        "ResourceType": result["resource_type"],
+                        "ResourceName": result["resource_name"],
+                        "ResourceARN": result["resource_arn"],
+                        "Location": result["location"],
+                        "MatchContext": result["match_context"],
+                    }
+                )
+            write_to_csv(csv_data, output_file)
+            logger.info(f"Search results exported to: {output_file}")
+            # Show sample results
+            logger.info("\nSample matches (first 5):")
+            for i, result in enumerate(all_results[:5]):
+                logger.info(f"  {i + 1}. {result['service']}: {result['resource_name']}")
+                logger.info(f"     Location: {result['location']}")
+        else:
+            logger.info(f"❌ No matches found for phrase: '{phrase}'")
+        # Summary
+        logger.info("\n=== SEARCH SUMMARY ===")
+        logger.info(f"Services scanned: {len(service_list)}")
+        logger.info(f"Total matches found: {len(all_results)}")
+        logger.info(f"Search phrase: '{phrase}' (case-sensitive: {case_sensitive})")
+    except Exception as e:
+        logger.error(f"Failed to search AWS resources: {e}")
+        raise
+if __name__ == "__main__":
+    search_aws_resources()

runbooks/remediation/workspaces_list.py ADDED Viewed

@@ -0,0 +1,220 @@
+"""
+🚨 HIGH-RISK: WorkSpaces Management - Analyze and manage WorkSpaces with deletion capabilities.
+"""
+import logging
+from datetime import datetime, timedelta, timezone
+import click
+from botocore.exceptions import ClientError
+from .commons import display_aws_account_info, get_client, write_to_csv
+logger = logging.getLogger(__name__)
+def get_workspace_usage_by_hours(workspace_id, start_time, end_time):
+    """Get WorkSpace usage hours from CloudWatch metrics."""
+    try:
+        cloudwatch = get_client("cloudwatch")
+        response = cloudwatch.get_metric_statistics(
+            Namespace="AWS/WorkSpaces",
+            MetricName="UserConnected",
+            Dimensions=[{"Name": "WorkspaceId", "Value": workspace_id}],
+            StartTime=start_time,
+            EndTime=end_time,
+            Period=3600,  # 1 hour intervals
+            Statistics=["Sum"],
+        )
+        usage_hours = sum(datapoint["Sum"] for datapoint in response.get("Datapoints", []))
+        logger.debug(f"Workspace {workspace_id}: {usage_hours} usage hours")
+        return round(usage_hours, 2)
+    except ClientError as e:
+        logger.warning(f"Could not get usage metrics for {workspace_id}: {e}")
+        return 0.0
+@click.command()
+@click.option("--output-file", default="/tmp/workspaces.csv", help="Output CSV file path")
+@click.option("--days", default=30, help="Number of days to analyze for usage metrics")
+@click.option("--delete-unused", is_flag=True, help="🚨 HIGH-RISK: Delete unused WorkSpaces")
+@click.option("--unused-days", default=90, help="Days threshold for considering WorkSpace unused")
+@click.option("--confirm", is_flag=True, help="Skip confirmation prompts (dangerous!)")
+def get_workspaces(
+    output_file: str = "/tmp/workspaces.csv",
+    days: int = 30,
+    delete_unused: bool = False,
+    unused_days: int = 90,
+    confirm: bool = False,
+):
+    """🚨 HIGH-RISK: Analyze WorkSpaces usage and optionally delete unused ones."""
+    # HIGH-RISK OPERATION WARNING
+    if delete_unused and not confirm:
+        logger.warning("🚨 HIGH-RISK OPERATION: WorkSpace deletion")
+        logger.warning("This operation will permanently delete WorkSpaces and all user data")
+        if not click.confirm("Do you want to continue?"):
+            logger.info("Operation cancelled by user")
+            return
+    logger.info(f"Analyzing WorkSpaces in {display_aws_account_info()}")
+    try:
+        ws_client = get_client("workspaces")
+        # Get all WorkSpaces
+        logger.info("Collecting WorkSpaces data...")
+        paginator = ws_client.get_paginator("describe_workspaces")
+        data = []
+        # Calculate time range for usage analysis
+        end_time = datetime.now(tz=timezone.utc)
+        start_time = end_time - timedelta(days=days)
+        unused_threshold = end_time - timedelta(days=unused_days)
+        logger.info(f"Analyzing usage from {start_time.strftime('%Y-%m-%d')} to {end_time.strftime('%Y-%m-%d')}")
+        total_workspaces = 0
+        for page in paginator.paginate():
+            workspaces = page.get("Workspaces", [])
+            total_workspaces += len(workspaces)
+            for workspace in workspaces:
+                workspace_id = workspace["WorkspaceId"]
+                username = workspace["UserName"]
+                state = workspace["State"]
+                logger.info(f"Analyzing WorkSpace: {workspace_id} ({username})")
+                # Get connection status
+                try:
+                    connection_response = ws_client.describe_workspaces_connection_status(WorkspaceIds=[workspace_id])
+                    connection_status_list = connection_response.get("WorkspacesConnectionStatus", [])
+                    if connection_status_list:
+                        last_connection = connection_status_list[0].get("LastKnownUserConnectionTimestamp")
+                        connection_state = connection_status_list[0].get("ConnectionState", "UNKNOWN")
+                    else:
+                        last_connection = None
+                        connection_state = "UNKNOWN"
+                except ClientError as e:
+                    logger.warning(f"Could not get connection status for {workspace_id}: {e}")
+                    last_connection = None
+                    connection_state = "ERROR"
+                # Format last connection
+                if last_connection:
+                    last_connection_str = last_connection.strftime("%Y-%m-%d %H:%M:%S")
+                    days_since_connection = (end_time - last_connection).days
+                else:
+                    last_connection_str = "Never logged in"
+                    days_since_connection = 999  # High number for never connected
+                # Get usage metrics
+                usage_hours = get_workspace_usage_by_hours(workspace_id, start_time, end_time)
+                # Determine if workspace is unused
+                is_unused = last_connection is None or last_connection < unused_threshold
+                workspace_data = {
+                    "WorkspaceId": workspace_id,
+                    "UserName": username,
+                    "State": state,
+                    "RunningMode": workspace["WorkspaceProperties"]["RunningMode"],
+                    "OperatingSystem": workspace["WorkspaceProperties"]["OperatingSystemName"],
+                    "BundleId": workspace["BundleId"],
+                    "LastConnection": last_connection_str,
+                    "DaysSinceConnection": days_since_connection,
+                    "ConnectionState": connection_state,
+                    f"UsageHours_{days}days": usage_hours,
+                    "IsUnused": is_unused,
+                    "UnusedThreshold": f"{unused_days} days",
+                }
+                data.append(workspace_data)
+                # Log status
+                if is_unused:
+                    logger.warning(f"  ⚠ UNUSED: Last connection {days_since_connection} days ago")
+                else:
+                    logger.info(f"  ✓ Active: {usage_hours}h usage in {days} days")
+        # Export data
+        write_to_csv(data, output_file)
+        logger.info(f"WorkSpaces analysis exported to: {output_file}")
+        # Analyze unused WorkSpaces
+        unused_workspaces = [ws for ws in data if ws["IsUnused"]]
+        logger.info("\n=== ANALYSIS SUMMARY ===")
+        logger.info(f"Total WorkSpaces: {len(data)}")
+        logger.info(f"Unused WorkSpaces (>{unused_days} days): {len(unused_workspaces)}")
+        if unused_workspaces:
+            logger.warning(f"⚠ Found {len(unused_workspaces)} unused WorkSpaces:")
+            for ws in unused_workspaces:
+                logger.warning(
+                    f"  - {ws['WorkspaceId']} ({ws['UserName']}) - {ws['DaysSinceConnection']} days since connection"
+                )
+        # Handle deletion of unused WorkSpaces
+        if delete_unused and unused_workspaces:
+            logger.warning(f"\n🚨 DELETION PHASE: {len(unused_workspaces)} WorkSpaces to delete")
+            deletion_candidates = []
+            for ws in unused_workspaces:
+                # Additional safety check - only delete if really unused
+                if ws["State"] in ["AVAILABLE", "STOPPED"] and ws["DaysSinceConnection"] >= unused_days:
+                    deletion_candidates.append(ws)
+            if deletion_candidates:
+                logger.warning(f"Confirmed deletion candidates: {len(deletion_candidates)}")
+                # Final confirmation
+                if not confirm:
+                    logger.warning("\n🚨 FINAL CONFIRMATION:")
+                    logger.warning(f"About to delete {len(deletion_candidates)} WorkSpaces permanently")
+                    if not click.confirm("Proceed with WorkSpace deletion?"):
+                        logger.info("Deletion cancelled")
+                        return
+                # Perform deletions
+                deleted_count = 0
+                failed_count = 0
+                for ws in deletion_candidates:
+                    workspace_id = ws["WorkspaceId"]
+                    username = ws["UserName"]
+                    logger.warning(f"🗑 Deleting WorkSpace: {workspace_id} ({username})")
+                    try:
+                        ws_client.terminate_workspaces(TerminateWorkspaceRequests=[{"WorkspaceId": workspace_id}])
+                        deleted_count += 1
+                        logger.warning(f"  ✓ Successfully deleted {workspace_id}")
+                        # Log for audit
+                        logger.info(f"🔍 Audit: WorkSpace deletion completed")
+                        logger.info(f"  WorkSpace ID: {workspace_id}")
+                        logger.info(f"  Username: {username}")
+                        logger.info(f"  Days since connection: {ws['DaysSinceConnection']}")
+                    except ClientError as e:
+                        failed_count += 1
+                        logger.error(f"  ✗ Failed to delete {workspace_id}: {e}")
+                logger.warning(f"\n🔄 Deletion complete: {deleted_count} deleted, {failed_count} failed")
+            else:
+                logger.info("No WorkSpaces meet the deletion criteria")
+        elif delete_unused and not unused_workspaces:
+            logger.info("✓ No unused WorkSpaces found for deletion")
+    except Exception as e:
+        logger.error(f"Failed to analyze WorkSpaces: {e}")
+        raise

runbooks 0.7.0__py3-none-any.whl → 0.7.6__py3-none-any.whl

runbooks 0.7.0py3-none-any.whl → 0.7.6py3-none-any.whl