runbooks 1.0.0__py3-none-any.whl → 1.0.2__py3-none-any.whl

runbooks/main.py

@@ -104,9 +104,31 @@ from runbooks.common.rich_utils import console, create_table, print_banner, prin
 from runbooks.config import load_config, save_config
 from runbooks.inventory.core.collector import InventoryCollector
 from runbooks.utils import setup_logging, setup_enhanced_logging
+from runbooks.finops.business_case_config import get_business_case_config, format_business_achievement
 
 console = Console()
 
+# ============================================================================
+# CLI ARGUMENT FIXES - Handle Profile Tuples and Export Format Issues
+# ============================================================================
+
+def normalize_profile_parameter(profile_param):
+    """
+    Normalize profile parameter from Click multiple=True tuple to string.
+    
+    Args:
+        profile_param: Profile parameter from Click (could be tuple, list, or string)
+        
+    Returns:
+        str: Single profile name for AWS operations
+    """
+    if isinstance(profile_param, (tuple, list)) and profile_param:
+        return profile_param[0]  # Take first profile from tuple/list
+    elif isinstance(profile_param, str):
+        return profile_param
+    else:
+        return "default"
+
 # ============================================================================
 # ACCOUNT ID RESOLUTION HELPER
 # ============================================================================
@@ -219,7 +241,6 @@ def common_aws_options(f):
     f = click.option(
         "--profile",
         multiple=True,
-        default=("default",),  # Tuple default for multiple=True
         help="AWS profile(s) - supports: --profile prof1 prof2 OR --profile prof1 --profile prof2 OR --profile prof1,prof2",
     )(f)
     f = click.option("--region", default="ap-southeast-2", help="AWS region (default: 'ap-southeast-2')")(f)
@@ -283,7 +304,7 @@ def common_filter_options(f):
     Examples:
         ```bash
         runbooks inventory ec2 --tags Environment=production Team=platform
-        runbooks inventory s3 --accounts 123456789012 987654321098
+        runbooks inventory s3 --accounts 111111111111 222222222222
         runbooks inventory vpc --regions us-east-1 us-west-2 --tags CostCenter=engineering
         ```
     """
@@ -376,15 +397,23 @@ def main(ctx, debug, log_level, json_output, profile, region, dry_run, config):
 @click.pass_context
 def inventory(ctx, profile, region, dry_run, output, output_file, tags, accounts, regions):
     """
-    Multi-account AWS resource discovery and inventory.
+    Universal AWS resource discovery and inventory - works with ANY AWS environment.
 
-    Read-only operations for comprehensive resource discovery across
-    AWS services, accounts, and regions with advanced filtering.
+    ✅ Universal Compatibility: Works with single accounts, Organizations, and any profile setup
+    🔍 Read-only operations for safe resource discovery across AWS services
+    🚀 Intelligent fallback: Organizations → standalone account detection
+    
+    Profile Options:
+        --profile PROFILE       Use specific AWS profile (highest priority)
+        No --profile           Uses AWS_PROFILE environment variable
+        No configuration       Uses 'default' profile (universal AWS CLI compatibility)
 
     Examples:
-        runbooks inventory collect --resources ec2,rds
-        runbooks inventory collect --accounts 123456789012 --regions us-east-1
-        runbooks inventory collect --tags Environment=prod --output json
+        runbooks inventory collect                           # Use default profile
+        runbooks inventory collect --profile my-profile      # Use specific profile
+        runbooks inventory collect --resources ec2,rds       # Specific resources
+        runbooks inventory collect --all-accounts            # Multi-account (if Organizations access)
+        runbooks inventory collect --tags Environment=prod   # Filtered discovery
     """
     # Update context with inventory-specific options
     ctx.obj.update(
@@ -427,29 +456,35 @@ def inventory(ctx, profile, region, dry_run, output, output_file, tags, accounts
 def collect(ctx, profile, region, dry_run, resources, all_resources, all_accounts, include_costs, parallel, validate, validate_all,
            all, combine, csv, json, pdf, markdown, export_format, output_dir, report_name):
     """
-    🔍 Comprehensive AWS resource inventory collection with enhanced exports and validation.
+    🔍 Universal AWS resource inventory collection - works with ANY AWS environment.
     
-    Upgraded to match proven finops/vpc best practices:
-    - Profile override priority (User > Environment > Default)
-    - Multi-format exports (CSV, JSON, PDF, Markdown, YAML)
-    - Multi-account support with --all pattern  
-    - Rich CLI integration with enterprise UX standards
+    ✅ Universal Compatibility Features:
+    - Works with single accounts, AWS Organizations, and standalone setups
+    - Profile override priority: User > Environment > Default ('default' profile fallback)
+    - Intelligent Organizations detection with graceful standalone fallback
+    - 50+ AWS services discovery across any account configuration
+    - Multi-format exports: CSV, JSON, PDF, Markdown, YAML
     - MCP validation for ≥99.5% accuracy
-    - 3-way comprehensive validation: runbooks + MCP + terraform
     
-    Export Format Precedence (following finops/vpc patterns):
-    1. PRIORITY: Convenience flags (--csv, --json, --pdf, --markdown)
-    2. FALLBACK: --export-format option (when convenience flags not used)
-    3. Multiple formats supported simultaneously
+    Universal Profile Usage:
+    - ANY AWS profile works (no hardcoded assumptions)
+    - Organizations permissions auto-detected (graceful fallback to single account)
+    - AWS_PROFILE environment variable used when available
+    - 'default' profile used as universal fallback
     
     Examples:
-        runbooks inventory collect --csv --json
-        runbooks inventory collect --all --markdown  
-        runbooks inventory collect --profile prod --resources ec2 s3 --pdf
-        runbooks inventory collect --all-accounts --validate --export-format csv
-        runbooks inventory collect --resources ec2,rds,lambda --combine --pdf
-        runbooks inventory collect --validate-all --csv --json --markdown
-        runbooks inventory collect --profile enterprise --validate-all --export-format json
+        # Universal compatibility - works with any AWS setup
+        runbooks inventory collect                                    # Default profile
+        runbooks inventory collect --profile my-aws-profile           # Any profile
+        runbooks inventory collect --all-accounts                     # Auto-detects Organizations
+        
+        # Resource-specific discovery
+        runbooks inventory collect --resources ec2,rds,s3             # Specific services
+        runbooks inventory collect --all-resources                    # All 50+ services
+        
+        # Multi-format exports
+        runbooks inventory collect --csv --json --pdf                 # Multiple formats
+        runbooks inventory collect --profile prod --validate --markdown
     """
     try:
         console.print(f"[blue]📊 Starting AWS Resource Inventory Collection[/blue]")
@@ -466,9 +501,7 @@ def collect(ctx, profile, region, dry_run, resources, all_resources, all_account
         from runbooks.common.profile_utils import get_profile_for_operation
         
         # Handle profile tuple (multiple=True in common_aws_options)
-        profile_value = profile
-        if isinstance(profile_value, tuple) and profile_value:
-            profile_value = profile_value[0]  # Take first profile from tuple
+        profile_value = normalize_profile_parameter(profile)
         
         resolved_profile = get_profile_for_operation("management", profile_value)
         
@@ -3674,30 +3707,58 @@ def security(ctx, profile, region, dry_run, language, output, output_file):
 
 @security.command()
 @common_aws_options
+@click.option(
+    "--frameworks",
+    multiple=True,
+    type=click.Choice([
+        "aws-well-architected",
+        "soc2-type-ii", 
+        "pci-dss",
+        "hipaa",
+        "iso27001",
+        "nist-cybersecurity",
+        "cis-benchmarks"
+    ]),
+    help="Compliance frameworks to assess (supports multiple)"
+)
 @click.option("--checks", multiple=True, help="Specific security checks to run")
-@click.option("--export-formats", multiple=True, default=["json", "csv"], help="Export formats (json, csv, pdf)")
+@click.option("--export-formats", multiple=True, help="Export formats (json, csv, pdf)")
 @click.pass_context
-def assess(ctx, profile, region, dry_run, checks, export_formats):
+def assess(ctx, profile, region, dry_run, frameworks, checks, export_formats):
     """Run comprehensive security baseline assessment with Rich CLI output."""
     try:
         from runbooks.security.security_baseline_tester import SecurityBaselineTester
 
         # Use command-level profile with fallback to context profile
-        resolved_profile = profile or ctx.obj.get('profile', 'default')
+        # Handle profile tuple (multiple=True in common_aws_options) - CRITICAL CLI FIX  
+        profile_str = normalize_profile_parameter(profile)
+        resolved_profile = profile_str or ctx.obj.get('profile', 'default')
         resolved_region = region or ctx.obj.get('region', 'us-east-1')
+        
+        # CRITICAL FIX: Handle empty export_formats after removing default value
+        if not export_formats:
+            export_formats = ["json", "csv"]
+        
+        # CRITICAL FIX: Handle empty frameworks after removing default value
+        if not frameworks:
+            frameworks = ["aws-well-architected"]
 
         console.print(f"[blue]🔒 Starting Security Assessment[/blue]")
         console.print(
-            f"[dim]Profile: {resolved_profile} | Language: {ctx.obj['language']} | Export: {', '.join(export_formats)}[/dim]"
+            f"[dim]Profile: {resolved_profile} | Language: {ctx.obj['language']} | Frameworks: {', '.join(frameworks)} | Export: {', '.join(export_formats)}[/dim]"
         )
 
         # Initialize tester with export formats
+        # TODO: Add frameworks support to SecurityBaselineTester for SOC2, PCI-DSS, HIPAA compliance
         tester = SecurityBaselineTester(
             profile=resolved_profile,
             lang_code=ctx.obj["language"],
             output_dir=ctx.obj.get("output_file"),
             export_formats=list(export_formats),
         )
+        
+        # Store frameworks for future enhancement (currently using default aws-well-architected)
+        console.print(f"[dim]Note: Using AWS Well-Architected baseline checks (frameworks parameter accepted for future enhancement)[/dim]")
 
         # Run assessment with Rich CLI
         tester.run()
@@ -5488,8 +5549,8 @@ def cost():
     pass
 
 @cost.command()
-@click.option('--billing-profile', default=None, help='AWS billing profile with Cost Explorer access (uses AWS_BILLING_PROFILE env var if not specified)')
-@click.option('--management-profile', default=None, help='AWS management profile with Organizations access (uses AWS_MANAGEMENT_PROFILE env var if not specified)')
+@click.option('--billing-profile', default=None, help='AWS profile for Cost Explorer access (uses universal profile selection if not specified)')
+@click.option('--management-profile', default=None, help='AWS profile for Organizations access (uses universal profile selection if not specified)')
 @click.option('--tolerance-percent', default=5.0, help='MCP cross-validation tolerance percentage')
 @click.option('--performance-target-ms', default=30000.0, help='Performance target in milliseconds')
 @click.option('--export-evidence/--no-export', default=True, help='Export DoD validation evidence')
@@ -5857,7 +5918,7 @@ def workspaces(profile, region, dry_run, analyze, calculate_savings, unused_days
     
     try:
         # Handle profile tuple (multiple=True in common_aws_options)
-        active_profile = profile[0] if isinstance(profile, tuple) and profile else "default"
+        active_profile = normalize_profile_parameter(profile)
         
         # Call enhanced workspaces analysis
         ctx = click.Context(get_workspaces)
@@ -5906,7 +5967,7 @@ def rds_snapshots(profile, region, dry_run, manual_only, older_than, calculate_s
     
     try:
         # Handle profile tuple (multiple=True in common_aws_options)
-        active_profile = profile[0] if isinstance(profile, tuple) and profile else "default"
+        active_profile = normalize_profile_parameter(profile)
         
         # Call enhanced RDS snapshot analysis
         ctx = click.Context(get_rds_snapshot_details)
@@ -5935,25 +5996,34 @@ def rds_snapshots(profile, region, dry_run, manual_only, older_than, calculate_s
 
 @cost_optimization.command()
 @common_aws_options
-@click.option("--account", default="637423383469", help="Commvault backup account ID (JIRA FinOps-25)")
+@click.option("--account", help="Commvault backup account ID (JIRA FinOps-25). If not specified, uses current AWS account.")
 @click.option("--investigate-utilization", is_flag=True, help="Investigate EC2 utilization patterns")
 @click.option("--output-file", default="./tmp/commvault_ec2_analysis.csv", help="Output CSV file path")
 def commvault_ec2(profile, region, dry_run, account, investigate_utilization, output_file):
     """
     FinOps-25: Commvault EC2 investigation for cost optimization.
     
-    Account: 637423383469 (Commvault backup account)
     Challenge: Determine if EC2 instances are actively used for backups or idle
     """
     from runbooks.remediation.commvault_ec2_analysis import investigate_commvault_ec2
     from runbooks.common.rich_utils import console, print_header
     
     print_header("JIRA FinOps-25: Commvault EC2 Investigation", "v0.9.1")
-    console.print(f"[cyan]Account: {account} - Investigating EC2 usage patterns[/cyan]")
     
     try:
         # Handle profile tuple (multiple=True in common_aws_options)
-        active_profile = profile[0] if isinstance(profile, tuple) and profile else "default"
+        active_profile = normalize_profile_parameter(profile)
+        
+        # If no account specified, detect current account from profile
+        if not account:
+            from runbooks.common.profile_utils import create_operational_session
+            session = create_operational_session(active_profile)
+            sts = session.client('sts')
+            identity = sts.get_caller_identity()
+            account = identity['Account']
+            console.print(f"[dim cyan]Auto-detected account: {account}[/dim cyan]")
+        
+        console.print(f"[cyan]Account: {account} - Investigating EC2 usage patterns[/cyan]")
         
         # Call enhanced Commvault EC2 investigation
         ctx = click.Context(investigate_commvault_ec2)
@@ -6039,10 +6109,31 @@ def comprehensive_analysis(profile, region, dry_run, all_scenarios, output_dir):
             ]
         )
         
-        summary_table.add_row("FinOps-24", "WorkSpaces Cleanup", "$12,518/year", "Analysis Complete")
-        summary_table.add_row("FinOps-23", "RDS Snapshots", "$5K-24K/year", "Analysis Complete")  
-        summary_table.add_row("FinOps-25", "Commvault EC2", "TBD", "Investigation Complete")
-        summary_table.add_row("📊 TOTAL", "All Scenarios", "$17.5K-36.5K/year", "Ready for Implementation")
+        # Use dynamic configuration for summary table
+        config = get_business_case_config()
+        workspaces_scenario = config.get_scenario('workspaces')
+        rds_scenario = config.get_scenario('rds-snapshots')
+        backup_scenario = config.get_scenario('backup-investigation')
+        
+        summary_table.add_row(
+            workspaces_scenario.scenario_id if workspaces_scenario else "workspaces",
+            workspaces_scenario.display_name if workspaces_scenario else "WorkSpaces Resource Optimization", 
+            workspaces_scenario.savings_range_display if workspaces_scenario else "$12K-15K/year",
+            "Analysis Complete"
+        )
+        summary_table.add_row(
+            rds_scenario.scenario_id if rds_scenario else "rds-snapshots",
+            rds_scenario.display_name if rds_scenario else "RDS Storage Optimization",
+            rds_scenario.savings_range_display if rds_scenario else "$5K-24K/year", 
+            "Analysis Complete"
+        )
+        summary_table.add_row(
+            backup_scenario.scenario_id if backup_scenario else "backup-investigation",
+            backup_scenario.display_name if backup_scenario else "Backup Infrastructure Analysis",
+            "Framework Ready",
+            "Investigation Complete"
+        )
+        summary_table.add_row("📊 TOTAL", "All Scenarios", "Dynamic Configuration", "Ready for Implementation")
         
         console.print(summary_table)
         
@@ -6084,7 +6175,7 @@ def _parse_profiles_parameter(profiles_tuple):
     return [p for p in all_profiles if p]  # Remove empty strings
 
 
-@main.command()
+@main.group(invoke_without_command=True)
 @common_aws_options
 @click.option("--time-range", type=int, help="Time range in days (default: current month)")
 @click.option("--report-type", type=click.Choice(["csv", "json", "pdf", "markdown"]), help="Report type for export")
@@ -6143,7 +6234,7 @@ def _parse_profiles_parameter(profiles_tuple):
 @click.option(
     "--scenario", 
     type=click.Choice(["workspaces", "snapshots", "commvault", "nat-gateway", "elastic-ip", "ebs", "vpc-cleanup"], case_sensitive=False),
-    help="Business scenario analysis: workspaces (FinOps-24: $13,020 savings), snapshots (FinOps-23: $119,700 savings), commvault (FinOps-25: investigation), nat-gateway (FinOps-26: $8K-$12K potential), elastic-ip (FinOps-EIP: $3.65/month direct savings), ebs (FinOps-EBS: 15-20% storage optimization), vpc-cleanup (AWSO-05: $5,869.20 VPC cleanup savings)"
+    help="Business scenario analysis with dynamic configuration - use 'runbooks finops --help-scenarios' for current scenario details"
 )
 @click.pass_context
 def finops(
@@ -6183,14 +6274,16 @@ def finops(
     Comprehensive cost analysis supporting both UnblendedCost (technical) 
     and AmortizedCost (financial) perspectives for enterprise reporting.
 
-    BUSINESS SCENARIOS ($138,589+ proven savings):
-        runbooks finops --scenario workspaces    # FinOps-24: WorkSpaces cleanup ($13,020 annual)
-        runbooks finops --scenario snapshots     # FinOps-23: RDS snapshots ($119,700 annual)
-        runbooks finops --scenario commvault     # FinOps-25: EC2 investigation framework
-        runbooks finops --scenario nat-gateway   # FinOps-26: NAT Gateway optimization ($8K-$12K potential)
-        runbooks finops --scenario elastic-ip    # FinOps-EIP: Elastic IP cleanup ($3.65/month per EIP)
-        runbooks finops --scenario ebs           # FinOps-EBS: Storage optimization (15-20% cost reduction)
-        runbooks finops --scenario vpc-cleanup   # AWSO-05: VPC cleanup ($5,869.20 annual savings)
+    BUSINESS SCENARIOS (Dynamic Configuration):
+        runbooks finops --scenario workspaces    # WorkSpaces Resource Optimization
+        runbooks finops --scenario snapshots     # RDS Storage Optimization  
+        runbooks finops --scenario commvault     # Backup Infrastructure Analysis
+        runbooks finops --scenario nat-gateway   # Network Gateway Optimization
+        runbooks finops --scenario elastic-ip    # IP Address Resource Management
+        runbooks finops --scenario ebs           # Storage Volume Optimization
+        runbooks finops --scenario vpc-cleanup   # Network Infrastructure Cleanup
+        
+    Use --help-scenarios to see current configured targets and savings ranges.
 
     GENERAL ANALYTICS:
         runbooks finops --audit --csv --report-name audit_report
@@ -6201,6 +6294,14 @@ def finops(
         runbooks finops --dual-metrics --csv --json  # Comprehensive analysis (default)
     """
 
+    # Handle group behavior: if no subcommand invoked, execute main functionality
+    if ctx.invoked_subcommand is None:
+        # Continue with original finops functionality
+        pass
+    else:
+        # Subcommand will handle execution
+        return
+
     # Business Scenario Dispatch Logic (Strategic Objective #1: Unified CLI)
     if scenario:
         from runbooks.common.rich_utils import console, print_header, print_success, print_info
@@ -6218,7 +6319,7 @@ def finops(
             # Initialize CloudOps cost optimizer with enterprise patterns
             execution_mode = ExecutionMode.DRY_RUN if dry_run else ExecutionMode.EXECUTE
             # Ensure profile is a string, not a tuple
-            profile_str = profile[0] if isinstance(profile, (tuple, list)) and profile else profile or "default"
+            profile_str = normalize_profile_parameter(profile) or "default"
             cost_optimizer = CostOptimizer(
                 profile=profile_str,
                 dry_run=dry_run,
@@ -6226,7 +6327,10 @@ def finops(
             )
             
             if scenario.lower() == "workspaces":
-                print_info("FinOps-24: WorkSpaces cleanup analysis ($13,020 annual savings - 104% target achievement)")
+                config = get_business_case_config()
+                workspaces_scenario = config.get_scenario('workspaces')
+                scenario_info = f"{workspaces_scenario.display_name} ({workspaces_scenario.savings_range_display})" if workspaces_scenario else "WorkSpaces Resource Optimization"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enhanced with CloudOps enterprise integration")
                 
                 # Use CloudOps cost optimizer for enterprise-grade analysis
@@ -6235,10 +6339,10 @@ def finops(
                     dry_run=dry_run
                 ))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration  
                 results = {
-                    "scenario": "FinOps-24",
-                    "business_case": "WorkSpaces Cleanup",
+                    "scenario": workspaces_scenario.scenario_id if workspaces_scenario else "workspaces",
+                    "business_case": workspaces_scenario.display_name if workspaces_scenario else "WorkSpaces Resource Optimization",
                     "annual_savings": workspaces_result.annual_savings,
                     "monthly_savings": workspaces_result.total_monthly_savings,
                     "affected_resources": workspaces_result.affected_resources,
@@ -6248,7 +6352,10 @@ def finops(
                 }
                 
             elif scenario.lower() == "snapshots":
-                print_info("FinOps-23: RDS snapshots optimization ($119,700 annual savings - 498% target achievement)")
+                config = get_business_case_config()
+                rds_scenario = config.get_scenario('rds-snapshots')
+                scenario_info = f"{rds_scenario.display_name} ({rds_scenario.savings_range_display})" if rds_scenario else "RDS Storage Optimization"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enhanced with CloudOps enterprise integration")
                 
                 # Use CloudOps cost optimizer for enterprise-grade analysis
@@ -6257,10 +6364,10 @@ def finops(
                     dry_run=dry_run
                 ))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "FinOps-23", 
-                    "business_case": "RDS Snapshots Cleanup",
+                    "scenario": rds_scenario.scenario_id if rds_scenario else "rds-snapshots",
+                    "business_case": rds_scenario.display_name if rds_scenario else "RDS Storage Optimization",
                     "annual_savings": snapshots_result.annual_savings,
                     "monthly_savings": snapshots_result.total_monthly_savings,
                     "affected_resources": snapshots_result.affected_resources,
@@ -6270,7 +6377,10 @@ def finops(
                 }
                 
             elif scenario.lower() == "commvault":
-                print_info("FinOps-25: Commvault EC2 investigation framework (Real AWS integration)")
+                config = get_business_case_config()
+                backup_scenario = config.get_scenario('backup-investigation')
+                scenario_info = f"{backup_scenario.display_name}" if backup_scenario else "Backup Infrastructure Analysis"
+                print_info(f"{scenario_info} (Real AWS integration)")
                 print_info("🚀 Enhanced with CloudOps enterprise integration")
                 
                 # Use CloudOps cost optimizer for enterprise-grade investigation
@@ -6279,10 +6389,10 @@ def finops(
                     dry_run=True  # Always dry-run for investigations
                 ))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "FinOps-25",
-                    "business_case": "Commvault EC2 Investigation", 
+                    "scenario": backup_scenario.scenario_id if backup_scenario else "backup-investigation",
+                    "business_case": backup_scenario.display_name if backup_scenario else "Backup Infrastructure Analysis", 
                     "annual_savings": commvault_result.annual_savings,
                     "monthly_savings": commvault_result.total_monthly_savings,
                     "affected_resources": commvault_result.affected_resources,
@@ -6293,13 +6403,16 @@ def finops(
                 }
                 
             elif scenario.lower() == "nat-gateway":
-                print_info("FinOps-26: NAT Gateway cost optimization ($8K-$12K potential annual savings)")
+                config = get_business_case_config()
+                nat_scenario = config.get_scenario('nat-gateway')
+                scenario_info = f"{nat_scenario.display_name} ({nat_scenario.savings_range_display})" if nat_scenario else "Network Gateway Optimization"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enterprise multi-region analysis with network dependency validation")
                 
                 # Use dedicated NAT Gateway optimizer for specialized analysis
                 from runbooks.finops.nat_gateway_optimizer import NATGatewayOptimizer
                 
-                profile_str = profile[0] if isinstance(profile, (tuple, list)) and profile else profile or "default"
+                profile_str = normalize_profile_parameter(profile) or "default"
                 nat_optimizer = NATGatewayOptimizer(
                     profile_name=profile_str,
                     regions=regions or ["us-east-1", "us-west-2", "eu-west-1"]
@@ -6307,10 +6420,10 @@ def finops(
                 
                 nat_result = asyncio.run(nat_optimizer.analyze_nat_gateways(dry_run=dry_run))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "FinOps-26", 
-                    "business_case": "NAT Gateway Cost Optimization",
+                    "scenario": nat_scenario.scenario_id if nat_scenario else "nat-gateway",
+                    "business_case": nat_scenario.display_name if nat_scenario else "Network Gateway Optimization",
                     "annual_savings": nat_result.potential_annual_savings,
                     "monthly_savings": nat_result.potential_monthly_savings,
                     "total_nat_gateways": nat_result.total_nat_gateways,
@@ -6328,13 +6441,16 @@ def finops(
                 }
                 
             elif scenario.lower() == "elastic-ip":
-                print_info("FinOps-EIP: Elastic IP cost optimization ($3.65/month per unattached EIP)")
+                config = get_business_case_config()
+                eip_scenario = config.get_scenario('elastic-ip')
+                scenario_info = f"{eip_scenario.display_name} ({eip_scenario.savings_range_display})" if eip_scenario else "IP Address Resource Management"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enterprise multi-region analysis with DNS dependency validation")
                 
                 # Use dedicated Elastic IP optimizer for specialized analysis
                 from runbooks.finops.elastic_ip_optimizer import ElasticIPOptimizer
                 
-                profile_str = profile[0] if isinstance(profile, (tuple, list)) and profile else profile or "default"
+                profile_str = normalize_profile_parameter(profile) or "default"
                 eip_optimizer = ElasticIPOptimizer(
                     profile_name=profile_str,
                     regions=regions or ["us-east-1", "us-west-2", "eu-west-1", "us-east-2"]
@@ -6342,10 +6458,10 @@ def finops(
                 
                 eip_result = asyncio.run(eip_optimizer.analyze_elastic_ips(dry_run=dry_run))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "FinOps-EIP", 
-                    "business_case": "Elastic IP Cost Optimization",
+                    "scenario": eip_scenario.scenario_id if eip_scenario else "elastic-ip",
+                    "business_case": eip_scenario.display_name if eip_scenario else "IP Address Resource Management",
                     "annual_savings": eip_result.potential_annual_savings,
                     "monthly_savings": eip_result.potential_monthly_savings,
                     "total_elastic_ips": eip_result.total_elastic_ips,
@@ -6365,13 +6481,16 @@ def finops(
                 }
             
             elif scenario.lower() == "ebs":
-                print_info("FinOps-EBS: EBS Volume storage optimization (15-20% cost reduction potential)")
+                config = get_business_case_config()
+                ebs_scenario = config.get_scenario('ebs-optimization')
+                scenario_info = f"{ebs_scenario.display_name}" if ebs_scenario else "Storage Volume Optimization (15-20% cost reduction potential)"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enterprise comprehensive analysis: GP2→GP3 + Usage + Orphaned cleanup")
                 
                 # Use dedicated EBS optimizer for specialized analysis
                 from runbooks.finops.ebs_optimizer import EBSOptimizer
                 
-                profile_str = profile[0] if isinstance(profile, (tuple, list)) and profile else profile or "default"
+                profile_str = normalize_profile_parameter(profile) or "default"
                 ebs_optimizer = EBSOptimizer(
                     profile_name=profile_str,
                     regions=regions or ["us-east-1", "us-west-2", "eu-west-1"]
@@ -6379,10 +6498,10 @@ def finops(
                 
                 ebs_result = asyncio.run(ebs_optimizer.analyze_ebs_volumes(dry_run=dry_run))
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "FinOps-EBS", 
-                    "business_case": "EBS Volume Storage Optimization",
+                    "scenario": ebs_scenario.scenario_id if ebs_scenario else "ebs-optimization",
+                    "business_case": ebs_scenario.display_name if ebs_scenario else "Storage Volume Optimization",
                     "annual_savings": ebs_result.total_potential_annual_savings,
                     "monthly_savings": ebs_result.total_potential_monthly_savings,
                     "total_volumes": ebs_result.total_volumes,
@@ -6410,13 +6529,16 @@ def finops(
                 }
             
             elif scenario.lower() == "vpc-cleanup":
-                print_info("AWSO-05: VPC Cleanup cost optimization ($5,869.20 annual savings)")
+                config = get_business_case_config()
+                vpc_scenario = config.get_scenario('vpc-cleanup')
+                scenario_info = f"{vpc_scenario.display_name} ({vpc_scenario.savings_range_display})" if vpc_scenario else "Network Infrastructure Cleanup"
+                print_info(f"{scenario_info}")
                 print_info("🚀 Enterprise three-bucket strategy with dependency validation")
                 
                 # Use dedicated VPC Cleanup optimizer for AWSO-05 analysis
                 from runbooks.finops.vpc_cleanup_optimizer import VPCCleanupOptimizer
                 
-                profile_str = profile[0] if isinstance(profile, (tuple, list)) and profile else profile or "default"
+                profile_str = normalize_profile_parameter(profile) or "default"
                 vpc_optimizer = VPCCleanupOptimizer(
                     profile=profile_str
                 )
@@ -6431,10 +6553,10 @@ def finops(
                     filter_type=filter_type
                 )
                 
-                # Convert to legacy format for backward compatibility
+                # Convert to dynamic format using business case configuration
                 results = {
-                    "scenario": "AWSO-05", 
-                    "business_case": "VPC Cleanup Cost Optimization",
+                    "scenario": vpc_scenario.scenario_id if vpc_scenario else "vpc-cleanup",
+                    "business_case": vpc_scenario.display_name if vpc_scenario else "Network Infrastructure Cleanup",
                     "annual_savings": vpc_result.total_annual_savings,
                     "monthly_savings": vpc_result.total_annual_savings / 12,
                     "total_vpcs_analyzed": vpc_result.total_vpcs_analyzed,
@@ -6604,7 +6726,7 @@ def finops(
     # CRITICAL FIX: Ensure single profile is correctly handled for downstream processing
     # When multiple profiles are provided via --profile, use the first one as primary profile
     primary_profile = (
-        parsed_profiles[0] if parsed_profiles else (profile[0] if isinstance(profile, tuple) and profile else profile)
+        parsed_profiles[0] if parsed_profiles else normalize_profile_parameter(profile)
     )
 
     args = argparse.Namespace(
@@ -6644,6 +6766,45 @@ def finops(
         return run_dashboard(args)
 
 
+# ============================================================================
+# FINOPS SUBCOMMANDS - Enhanced CLI Structure
+# ============================================================================
+
+@finops.command()
+@click.option("--profile", help="AWS profile to use")
+@click.option("--region", help="AWS region")
+@click.option("--dry-run", is_flag=True, help="Run in dry-run mode")
+@click.option("--output", type=click.Choice(["json", "csv", "pdf", "html"]), help="Output format")
+def dashboard(profile, region, dry_run, output):
+    """
+    FinOps cost analytics dashboard.
+    
+    Interactive cost analysis with Rich CLI formatting and enterprise-grade reporting.
+    """
+    from runbooks.common.rich_utils import console, print_header
+    from runbooks.finops.dashboard_runner import run_dashboard
+    import argparse
+    
+    print_header("FinOps Dashboard", "Cost Analytics & Optimization")
+    
+    # Create args namespace compatible with existing dashboard runner
+    args = argparse.Namespace(
+        profile=profile or "default",
+        region=region or "ap-southeast-2",
+        dry_run=dry_run,
+        time_range=30,
+        report_type=output,
+        csv=(output == "csv") if output else False,
+        json=(output == "json") if output else False, 
+        pdf=(output == "pdf") if output else False,
+        audit=False,
+        trend=False,
+        validate=False
+    )
+    
+    return run_dashboard(args)
+
+
 # ============================================================================
 # FINOPS BUSINESS SCENARIOS - MANAGER PRIORITY COST OPTIMIZATION
 # ============================================================================
@@ -7343,7 +7504,9 @@ def scan(ctx, profile, region, dry_run, resources):
     from runbooks.inventory.core.collector import InventoryCollector
 
     try:
-        collector = InventoryCollector(profile=profile, region=region)
+        # Handle profile tuple (multiple=True in common_aws_options) - CRITICAL CLI FIX
+        profile_str = normalize_profile_parameter(profile)
+        collector = InventoryCollector(profile=profile_str, region=region)
 
         # Get current account ID
         account_ids = [collector.get_current_account_id()]
@@ -7675,7 +7838,7 @@ def vpc(ctx, profile, region, dry_run, all, billing_profile, management_profile,
     # If no subcommand is specified, run cleanup analysis by default (KISS principle)
     if ctx.invoked_subcommand is None:
         # Handle profile tuple like other commands
-        active_profile = profile[0] if isinstance(profile, tuple) and profile else "default"
+        active_profile = normalize_profile_parameter(profile)
         
         console.print("[cyan]🧹 VPC Cleanup Analysis - Enterprise Safety Controls Enabled[/cyan]")
         console.print(f"[dim]Using AWS profile: {active_profile}[/dim]")
@@ -7802,7 +7965,7 @@ def analyze(ctx, profile, region, dry_run, vpc_ids, output_dir, generate_evidenc
         runbooks vpc analyze --vpc-ids vpc-123 vpc-456 --generate-evidence
     """
     # Fix profile tuple handling like other commands (lines 5567-5568 pattern)
-    active_profile = profile[0] if isinstance(profile, tuple) and profile else "default"
+    active_profile = normalize_profile_parameter(profile)
     
     console.print("[cyan]🔍 VPC Analysis - Enhanced with VPC Module Integration[/cyan]")
     console.print(f"[dim]Using AWS profile: {active_profile}[/dim]")