runbooks 0.7.7__py3-none-any.whl → 0.9.0__py3-none-any.whl

runbooks/__init__.py

@@ -67,7 +67,7 @@ try:
     __version__ = _pkg_version("runbooks")
 except Exception:
     # Fallback if metadata is unavailable during editable installs
-    __version__ = "0.7.6"
+    __version__ = "0.9.0"
 
 # Core module exports
 from runbooks.config import RunbooksConfig, load_config, save_config

runbooks/base.py

@@ -88,8 +88,8 @@ class CloudFoundationsBase(ABC):
     def _create_session(self) -> boto3.Session:
         """Create boto3 session with appropriate configuration."""
         # Use environment variable first, then profile parameter, then default
-        profile = os.environ.get('AWS_PROFILE') or self.profile
-        
+        profile = os.environ.get("AWS_PROFILE") or self.profile
+
         session_kwargs = {"profile_name": profile}
         if self.region:
             session_kwargs["region_name"] = self.region

runbooks/cfat/README.md

@@ -1,4 +1,15 @@
-# Cloud Foundations Assessment Tool (CFAT)
+# AWS Cloud Foundations Assessment Tool (CLI)
+
+The AWS Cloud Foundations Assessment Tool (CFAT) is an enterprise-grade command-line tool for automated discovery and assessment of AWS environments and multi-account architectures. Built with the Rich library for beautiful terminal output, it provides comprehensive evaluation against Cloud Foundations best practices with advanced enterprise features.
+
+## 📈 *cfat-runbooks*.md Enterprise Rollout
+
+Following proven **99/100 manager score** success patterns established in FinOps:
+
+### **Rollout Strategy**: Progressive *-runbooks*.md standardization 
+- **Phase 1**: CFAT rollout with *cfat-runbooks*.md framework ✅
+- **Integration**: Multi-format reporting with project management export
+- **Enterprise Features**: SOC2, PCI-DSS, HIPAA alignment support
 
 **CFAT** is an enterprise-grade, open-source solution designed to provide automated discovery and assessment of AWS environments and multi-account architectures. **Fully integrated with the CloudOps Runbooks CLI**, CFAT offers comprehensive evaluation against Cloud Foundations best practices with advanced enterprise features.
 

runbooks/cfat/__init__.py

@@ -30,11 +30,15 @@ Example:
     report.to_html("assessment_report.html")
     report.to_json("findings.json")
 
-    print(f"Compliance Score: {report.summary.compliance_score}/100")
-    print(f"Critical Issues: {report.summary.critical_issues}")
+    # Rich console output for better formatting
+    from rich.console import Console
+    console = Console()
+
+    console.print(f"[green]Compliance Score: {report.summary.compliance_score}/100[/green]")
+    console.print(f"[red]Critical Issues: {report.summary.critical_issues}[/red]")
     ```
 
-Version: 0.7.6 (Latest with enhanced CLI integration, rust tooling, and modern dependency stack)
+Version: 0.7.8 (Latest with enhanced CLI integration, rust tooling, and modern dependency stack)
 """
 
 # Core assessment engine
@@ -53,7 +57,7 @@ from runbooks.cfat.models import (
 from runbooks.cfat.runner import AssessmentRunner
 
 # Version info
-__version__ = "0.7.6"
+__version__ = "0.7.8"
 __author__ = "CloudOps Runbooks Team"
 
 # Public API exports

runbooks/cfat/assessment/collectors.py

@@ -66,7 +66,7 @@ class IAMCollector(BaseCollector):
 
 
 class VPCCollector(BaseCollector):
-    """Virtual Private Cloud resource collector."""
+    """Virtual Private Cloud resource collector with NAT Gateway cost optimization integration."""
 
     def get_service_name(self) -> str:
         """Get service name."""
@@ -74,23 +74,180 @@ class VPCCollector(BaseCollector):
 
     def collect(self) -> Dict[str, Any]:
         """
-        Collect VPC resources for assessment.
+        Collect VPC resources for assessment with NAT Gateway cost analysis.
 
         Returns:
-            Dictionary containing VPC resource data
+            Dictionary containing VPC resource data including cost optimization insights
         """
-        logger.info("Collecting VPC resources...")
+        logger.info("Collecting VPC resources with cost optimization analysis...")
+
+        try:
+            ec2_client = self.session.client("ec2", region_name=self.region)
+
+            # Collect VPCs
+            vpcs_response = ec2_client.describe_vpcs()
+            vpcs = vpcs_response.get("Vpcs", [])
+
+            # Collect Subnets
+            subnets_response = ec2_client.describe_subnets()
+            subnets = subnets_response.get("Subnets", [])
+
+            # Collect NAT Gateways with cost analysis (GitHub Issue #96)
+            nat_gateways_response = ec2_client.describe_nat_gateways()
+            nat_gateways = nat_gateways_response.get("NatGateways", [])
+
+            # Calculate NAT Gateway costs ($45/month per gateway)
+            active_nat_gateways = [ng for ng in nat_gateways if ng.get("State") == "available"]
+            nat_cost_analysis = {
+                "total_nat_gateways": len(active_nat_gateways),
+                "estimated_monthly_cost": len(active_nat_gateways) * 45.0,
+                "optimization_opportunities": self._analyze_nat_optimization(active_nat_gateways, subnets),
+                "cost_alerts": [],
+            }
+
+            if len(active_nat_gateways) > 3:
+                nat_cost_analysis["cost_alerts"].append(
+                    f"HIGH COST: {len(active_nat_gateways)} NAT Gateways detected. "
+                    f"Monthly cost: ${nat_cost_analysis['estimated_monthly_cost']:,.2f}"
+                )
+
+            # Collect Security Groups
+            sg_response = ec2_client.describe_security_groups()
+            security_groups = sg_response.get("SecurityGroups", [])
+
+            # Collect Network ACLs
+            nacls_response = ec2_client.describe_network_acls()
+            nacls = nacls_response.get("NetworkAcls", [])
+
+            # Collect Internet Gateways
+            igw_response = ec2_client.describe_internet_gateways()
+            internet_gateways = igw_response.get("InternetGateways", [])
+
+            # Collect VPC Flow Logs
+            flow_logs_response = ec2_client.describe_flow_logs()
+            flow_logs = flow_logs_response.get("FlowLogs", [])
+
+            # Collect Route Tables for routing analysis
+            route_tables_response = ec2_client.describe_route_tables()
+            route_tables = route_tables_response.get("RouteTables", [])
+
+            logger.info(
+                f"Collected {len(vpcs)} VPCs, {len(nat_gateways)} NAT Gateways, "
+                f"estimated monthly NAT cost: ${nat_cost_analysis['estimated_monthly_cost']:,.2f}"
+            )
+
+            return {
+                "vpcs": vpcs,
+                "subnets": subnets,
+                "nat_gateways": nat_gateways,
+                "nat_cost_analysis": nat_cost_analysis,  # New: Cost optimization data
+                "security_groups": security_groups,
+                "nacls": nacls,
+                "flow_logs": flow_logs,
+                "internet_gateways": internet_gateways,
+                "route_tables": route_tables,
+                "assessment_metadata": {
+                    "collector_version": "v0.7.8-vpc-enhanced",
+                    "github_issue": "#96",
+                    "cost_optimization_enabled": True,
+                },
+            }
+
+        except Exception as e:
+            logger.error(f"Failed to collect VPC resources: {e}")
+            return {
+                "vpcs": [],
+                "subnets": [],
+                "nat_gateways": [],
+                "nat_cost_analysis": {"error": str(e)},
+                "security_groups": [],
+                "nacls": [],
+                "flow_logs": [],
+                "internet_gateways": [],
+                "route_tables": [],
+                "assessment_metadata": {"collector_version": "v0.7.8-vpc-enhanced", "error": str(e)},
+            }
+
+    def _analyze_nat_optimization(self, nat_gateways: List[Dict], subnets: List[Dict]) -> int:
+        """
+        Analyze NAT Gateway placement for cost optimization opportunities.
 
-        # Placeholder implementation
-        # TODO: Implement actual VPC resource collection
-        return {
-            "vpcs": [],
-            "subnets": [],
-            "security_groups": [],
-            "nacls": [],
-            "flow_logs": [],
-            "internet_gateways": [],
-        }
+        Args:
+            nat_gateways: List of NAT Gateway configurations
+            subnets: List of subnet configurations
+
+        Returns:
+            Number of optimization opportunities found
+        """
+        opportunities = 0
+
+        # Group NAT Gateways by Availability Zone
+        az_nat_count = {}
+        for nat in nat_gateways:
+            if nat.get("State") == "available":
+                subnet_id = nat.get("SubnetId")
+                # Find AZ for this subnet
+                subnet_az = None
+                for subnet in subnets:
+                    if subnet.get("SubnetId") == subnet_id:
+                        subnet_az = subnet.get("AvailabilityZone")
+                        break
+
+                if subnet_az:
+                    az_nat_count[subnet_az] = az_nat_count.get(subnet_az, 0) + 1
+
+        # Check for potential consolidation opportunities
+        for az, count in az_nat_count.items():
+            if count > 1:
+                opportunities += count - 1  # Could potentially consolidate to 1 per AZ
+
+        return opportunities
+
+    def run(self) -> "CloudFoundationsResult":
+        """
+        Run VPC resource collection and return standardized result.
+
+        Returns:
+            CloudFoundationsResult with VPC assessment data including NAT Gateway cost analysis
+        """
+        try:
+            # Collect VPC resources with cost optimization analysis
+            vpc_data = self.collect()
+
+            # Determine success based on data collection
+            success = bool(vpc_data) and not vpc_data.get("assessment_metadata", {}).get("error")
+
+            # Create message with cost insights
+            nat_cost_analysis = vpc_data.get("nat_cost_analysis", {})
+            total_cost = nat_cost_analysis.get("estimated_monthly_cost", 0)
+            total_nats = nat_cost_analysis.get("total_nat_gateways", 0)
+
+            if success:
+                message = (
+                    f"VPC assessment completed: {len(vpc_data.get('vpcs', []))} VPCs, "
+                    f"{total_nats} NAT Gateways, estimated monthly NAT cost: ${total_cost:,.2f}"
+                )
+
+                # Add cost alerts to message if present
+                cost_alerts = nat_cost_analysis.get("cost_alerts", [])
+                if cost_alerts:
+                    message += f". {len(cost_alerts)} cost optimization opportunities identified"
+            else:
+                error = vpc_data.get("assessment_metadata", {}).get("error", "Unknown error")
+                message = f"VPC assessment failed: {error}"
+
+            return self.create_result(
+                success=success,
+                message=message,
+                data=vpc_data,
+                errors=[vpc_data.get("assessment_metadata", {}).get("error")] if not success else [],
+            )
+
+        except Exception as e:
+            logger.error(f"VPC collector run failed: {e}")
+            return self.create_result(
+                success=False, message=f"VPC assessment failed: {str(e)}", data={}, errors=[str(e)]
+            )
 
 
 class CloudTrailCollector(BaseCollector):