runbooks 0.9.9__py3-none-any.whl → 1.0.1__py3-none-any.whl

runbooks/remediation/commvault_ec2_analysis.py

@@ -2,7 +2,6 @@
 EC2 Utilization Analysis - Investigate EC2 utilization patterns for cost optimization.
 
 Business Case: Enhanced EC2 investigation framework for backup infrastructure analysis
-Target Account: 637423383469 (Backup infrastructure account)
 Challenge: Determine if EC2 instances are actively used for backups or idle
 Strategic Value: Infrastructure right-sizing and cost optimization through utilization analysis
 """
@@ -19,10 +18,60 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning,
     create_table, create_progress_bar, format_cost
 )
+from ..common.profile_utils import create_operational_session
 
 logger = logging.getLogger(__name__)
 
 
+def _calculate_instance_monthly_cost(instance_type: str, region: str = "us-east-1") -> float:
+    """
+    Calculate monthly cost for EC2 instance type using dynamic AWS Pricing API.
+    
+    ENTERPRISE COMPLIANCE: Uses AWS Pricing API to eliminate hardcoded pricing violations.
+    
+    Args:
+        instance_type: EC2 instance type (e.g., 't3.micro', 'm5.large')
+        region: AWS region for pricing lookup
+    
+    Returns:
+        float: Monthly cost in USD from AWS Pricing API
+    """
+    from ..common.aws_pricing import get_ec2_monthly_cost
+    from ..common.rich_utils import console
+    
+    try:
+        # Use dynamic AWS pricing - NO hardcoded values allowed
+        monthly_cost = get_ec2_monthly_cost(instance_type, region)
+        logger.debug(f"Dynamic pricing for {instance_type}: ${monthly_cost:.2f}/month")
+        return monthly_cost
+        
+    except Exception as e:
+        console.print(f"[red]⚠ ENTERPRISE WARNING: Cannot get dynamic pricing for {instance_type}: {e}[/red]")
+        console.print(f"[yellow]Falling back to AWS pricing pattern calculation...[/yellow]")
+        
+        # Use AWS pricing engine's fallback calculation (which uses documented AWS patterns)
+        from ..common.aws_pricing import get_aws_pricing_engine
+        
+        try:
+            pricing_engine = get_aws_pricing_engine(enable_fallback=True)
+            result = pricing_engine.get_ec2_instance_pricing(instance_type, region)
+            logger.warning(f"Using fallback pricing for {instance_type}: ${result.monthly_cost:.2f}/month")
+            return result.monthly_cost
+            
+        except Exception as fallback_error:
+            logger.error(f"All pricing methods failed for {instance_type}: {fallback_error}")
+            
+            # Complete failure - cannot proceed without violating enterprise standards
+            raise RuntimeError(
+                f"ENTERPRISE VIOLATION: Cannot get dynamic pricing for {instance_type} "
+                f"in region {region}. All pricing methods failed. "
+                f"Hardcoded values are prohibited. "
+                f"Ensure AWS credentials are configured and Pricing API is accessible."
+            ) from e
+
+
+
+
 def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
     """
     Calculate potential cost impact for EC2 instances.
@@ -33,21 +82,14 @@ def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
     running_instances = [i for i in instances_data if i.get("State", {}).get("Name") == "running"]
     idle_instances = [i for i in instances_data if i.get("CpuUtilization", 0) < 5.0]  # <5% CPU
     
-    # Rough cost estimation (simplified for investigation phase)
+    # Dynamic cost estimation using environment configuration
     estimated_monthly_cost = 0.0
     for instance in running_instances:
         instance_type = instance.get("InstanceType", "t3.micro")
-        # Simplified cost mapping (USD/month for common instance types)
-        cost_map = {
-            "t3.micro": 8.47,
-            "t3.small": 16.94,
-            "t3.medium": 33.87,
-            "m5.large": 70.08,
-            "m5.xlarge": 140.16,
-            "c5.large": 62.98,
-            "c5.xlarge": 125.95,
-        }
-        estimated_monthly_cost += cost_map.get(instance_type, 50.0)  # Default $50/month
+        
+        # Dynamic cost calculation based on instance type
+        # Using AWS pricing calculation: hours * daily_hours * monthly_days
+        estimated_monthly_cost += _calculate_instance_monthly_cost(instance_type)
     
     return {
         "total_instances": total_instances,
@@ -61,7 +103,7 @@ def calculate_ec2_cost_impact(instances_data: List[Dict]) -> Dict[str, float]:
 
 @click.command()
 @click.option("--output-file", default="./tmp/commvault_ec2_investigation.csv", help="Output CSV file path")
-@click.option("--account", default="637423383469", help="Commvault backup account ID (JIRA FinOps-25)")
+@click.option("--account", help="Commvault backup account ID (JIRA FinOps-25). If not specified, uses current AWS account.")
 @click.option("--investigate-utilization", is_flag=True, help="Investigate EC2 utilization patterns")
 @click.option("--days", default=7, help="Number of days to analyze for utilization metrics")
 @click.option("--dry-run", is_flag=True, default=True, help="Preview analysis without execution")
@@ -69,11 +111,22 @@ def investigate_commvault_ec2(output_file, account, investigate_utilization, day
     """
     FinOps-25: Commvault EC2 investigation for cost optimization.
     
-    Account: 637423383469 (Commvault backup account)
     Challenge: Determine if EC2 instances are actively used for backups or idle
     """
     print_header("JIRA FinOps-25: Commvault EC2 Investigation", "v0.9.1")
     
+    # Auto-detect account if not specified
+    if not account:
+        try:
+            session = create_operational_session()
+            sts = session.client('sts')
+            identity = sts.get_caller_identity()
+            account = identity['Account']
+            console.print(f"[dim cyan]Auto-detected account: {account}[/dim cyan]")
+        except Exception as e:
+            console.print(f"[red]Error detecting account: {e}[/red]")
+            raise click.ClickException("Could not determine AWS account. Please specify --account parameter.")
+    
     account_info = display_aws_account_info()
     console.print(f"[cyan]Account: {account} - Investigating EC2 usage patterns[/cyan]")
 

runbooks/remediation/config/accounts_example.json

@@ -0,0 +1,31 @@
+{
+  "target_accounts": [
+    {
+      "account_id": "111122223333",
+      "environment": "production",
+      "name": "Production Account",
+      "enabled": true
+    },
+    {
+      "account_id": "444455556666", 
+      "environment": "staging",
+      "name": "Staging Account",
+      "enabled": true
+    },
+    {
+      "account_id": "777788889999",
+      "environment": "development", 
+      "name": "Development Account",
+      "enabled": false
+    }
+  ],
+  "remediation_settings": {
+    "parallel_execution": true,
+    "max_workers": 5,
+    "timeout_seconds": 300,
+    "retry_attempts": 3
+  },
+  "description": "Configuration for multi-account remediation targets",
+  "last_updated": "2024-12-19",
+  "version": "1.0"
+}

runbooks/remediation/ec2_unattached_ebs_volumes.py

@@ -305,9 +305,12 @@ def detect_and_delete_volumes(dry_run: bool, max_age_days: int, output_file: Opt
                 else:
                     days_since_detached = volume_age_days  # Never attached
 
-                # Estimate monthly cost (rough approximation)
-                # GP3: $0.08/GB/month, GP2: $0.10/GB/month, IO1/IO2: varies
-                cost_per_gb = 0.08 if volume_type == "gp3" else 0.10
+                # Real-time EBS cost from AWS Pricing API - NO hardcoded defaults
+                from runbooks.common.aws_pricing_api import pricing_api
+                if volume_type == "gp3":
+                    cost_per_gb = pricing_api.get_ebs_gp3_cost_per_gb(region_name)
+                else:
+                    cost_per_gb = pricing_api.get_ebs_gp2_cost_per_gb(region_name)
                 monthly_cost = volume_size * cost_per_gb
                 total_cost_gb_month += monthly_cost
 

runbooks/remediation/multi_account.py

@@ -40,12 +40,9 @@ remediator = MultiAccountRemediator(
     max_workers=5
 )
 
-# Define target accounts
-accounts = [
-    AWSAccount("123456789012", "production"),
-    AWSAccount("987654321098", "staging"),
-    AWSAccount("456789012345", "development")
-]
+# Define target accounts using dynamic discovery
+# Example: Get accounts from AWS Organizations or environment configuration
+accounts = get_accounts_from_environment() or discover_organization_accounts()
 
 # Execute bulk S3 security remediation
 results = remediator.bulk_s3_security(
@@ -73,6 +70,8 @@ from loguru import logger
 
 from runbooks.inventory.models.account import AWSAccount
 from runbooks.remediation.base import BaseRemediation, RemediationContext, RemediationResult, RemediationStatus
+from runbooks.common.profile_utils import create_management_session
+from runbooks.remediation.universal_account_discovery import UniversalAccountDiscovery, AWSAccount as UniversalAWSAccount
 
 
 class MultiAccountRemediator:
@@ -167,7 +166,7 @@ class MultiAccountRemediator:
 
         try:
             # Create SSO OIDC client
-            sso_oidc = boto3.client("sso-oidc", region_name="us-east-1")
+            sso_oidc = boto3.client("sso-oidc", region_name=os.getenv("AWS_DEFAULT_REGION", "us-east-1"))
 
             # Register client
             client_creds = sso_oidc.register_client(clientName="CloudOpsRemediation", clientType="public")
@@ -567,3 +566,117 @@ class MultiAccountRemediator:
         compliance_summary["compliance_controls"] = list(compliance_summary["compliance_controls"])
 
         return compliance_summary
+
+
+# Dynamic account discovery functions for enterprise security operations
+def get_accounts_from_environment(profile: Optional[str] = None) -> Optional[List[AWSAccount]]:
+    """
+    Get AWS accounts using universal account discovery system.
+    
+    Uses enhanced discovery with support for:
+    - Environment variables (REMEDIATION_TARGET_ACCOUNTS)
+    - Configuration files (REMEDIATION_ACCOUNT_CONFIG)
+    - AWS Organizations API (automatic discovery)
+    - Current account fallback (single account mode)
+    
+    Args:
+        profile: AWS profile to use for discovery
+    
+    Returns:
+        List of AWSAccount objects or None if not configured
+    """
+    try:
+        # Use universal account discovery system
+        discovery = UniversalAccountDiscovery(profile=profile)
+        universal_accounts = discovery.discover_target_accounts()
+        
+        if not universal_accounts:
+            return None
+        
+        # Convert to legacy AWSAccount format for compatibility
+        legacy_accounts = []
+        for universal_account in universal_accounts:
+            legacy_account = AWSAccount(
+                universal_account.account_id,
+                universal_account.account_name or f"account-{universal_account.account_id}"
+            )
+            legacy_accounts.append(legacy_account)
+        
+        logger.info(f"Using {len(legacy_accounts)} accounts discovered via universal discovery system")
+        return legacy_accounts
+        
+    except Exception as e:
+        logger.warning(f"Failed to discover accounts using universal discovery: {e}")
+        return None
+
+
+def discover_organization_accounts(profile: Optional[str] = None) -> List[AWSAccount]:
+    """
+    Discover AWS accounts using universal discovery system.
+    
+    Enhanced to use the universal account discovery system which provides:
+    - Organizations API discovery (if available)
+    - Environment variable fallback
+    - Configuration file support
+    - Current account fallback
+    
+    Args:
+        profile: AWS profile for discovery (universal profile management)
+        
+    Returns:
+        List of discovered AWSAccount objects
+    """
+    try:
+        # Use universal account discovery system for Organizations discovery
+        discovery = UniversalAccountDiscovery(profile=profile)
+        universal_accounts = discovery._get_accounts_from_organizations()
+        
+        if not universal_accounts:
+            # Fallback to other discovery methods
+            logger.info("Organizations API not available, trying other discovery methods...")
+            universal_accounts = discovery.discover_target_accounts()
+        
+        # Convert to legacy AWSAccount format for compatibility
+        legacy_accounts = []
+        for universal_account in universal_accounts:
+            if universal_account.status == "ACTIVE":
+                legacy_account = AWSAccount(
+                    universal_account.account_id,
+                    universal_account.account_name or f"org-account-{universal_account.account_id}"
+                )
+                legacy_accounts.append(legacy_account)
+        
+        logger.info(f"Discovered {len(legacy_accounts)} active AWS accounts via universal discovery")
+        return legacy_accounts
+        
+    except Exception as e:
+        logger.warning(f"Failed to discover organization accounts: {e}")
+        # Universal discovery handles all fallback scenarios
+        return []
+
+
+def _determine_account_environment(account_name: str) -> str:
+    """
+    Determine account environment based on account name patterns.
+    
+    Args:
+        account_name: AWS account name
+        
+    Returns:
+        Environment classification
+    """
+    name_lower = account_name.lower()
+    
+    # Common environment patterns
+    if any(env in name_lower for env in ["prod", "production"]):
+        return "production"
+    elif any(env in name_lower for env in ["staging", "stage", "uat"]):
+        return "staging"  
+    elif any(env in name_lower for env in ["dev", "development"]):
+        return "development"
+    elif any(env in name_lower for env in ["test", "testing"]):
+        return "testing"
+    elif any(env in name_lower for env in ["sandbox", "sb"]):
+        return "sandbox"
+    else:
+        return "unknown"

runbooks/remediation/rds_snapshot_list.py

@@ -40,9 +40,11 @@ def estimate_snapshot_cost(allocated_storage, storage_type="gp2", days_old=1):
     JIRA FinOps-23: Enhanced cost estimation for $5K-24K annual savings target
     Based on AWS RDS snapshot pricing: https://aws.amazon.com/rds/pricing/
     """
-    # RDS Snapshot storage cost per GB per month (USD)
-    # Note: RDS snapshots are charged at $0.095/GB-month for all regions (simplified)
-    snapshot_cost_per_gb_month = 0.095
+    # Real-time RDS Snapshot cost from AWS Pricing API - NO hardcoded defaults
+    from runbooks.common.aws_pricing_api import pricing_api
+    # Get region from caller context or default to us-east-1
+    region = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
+    snapshot_cost_per_gb_month = pricing_api.get_rds_snapshot_cost_per_gb(region)
     
     # Calculate base monthly cost
     monthly_cost = allocated_storage * snapshot_cost_per_gb_month