runbooks 1.1.7__py3-none-any.whl → 1.1.10__py3-none-any.whl

runbooks/inventory/list_org_accounts.py

@@ -9,39 +9,50 @@ status analysis, organizational hierarchy mapping, and cross-organization accoun
 **AWS API Mapping**: `organizations.list_accounts()`, `organizations.describe_organization()`
 
 Features:
-    - Multi-organization account discovery
+    - Multi-organization account discovery via --all-profiles pattern
     - Management Account identification and validation
     - Account status tracking (ACTIVE, SUSPENDED, etc.)
     - Cross-organization account lookup by ID
+    - Multi-format export (JSON, CSV, Markdown, Table)
     - Short-form and detailed organizational views
     - Root profile discovery and listing
     - Account hierarchy visualization
 
+Architecture (v1.1.10):
+    - Group-level with --all-profiles pattern (Option B)
+    - Shared utilities integration (organizations_utils.py + output_formatters.py)
+    - Modern CLI + Legacy Python Main dual compatibility
+    - Rich CLI output with enterprise UX standards
+
 Compatibility:
     - AWS Organizations with cross-account roles
     - AWS Control Tower managed accounts
     - Multiple AWS Organizations access
     - AWS Account Factory provisioned accounts
+    - Single-account fallback for non-Organizations environments
 
-Example:
-    Discover all accounts across organizations:
+Example (Modern CLI):
+    Multi-account Organizations discovery:
     ```bash
-    python org_list_accounts.py --profile my-org-profile
+    runbooks inventory --all-profiles $MANAGEMENT_PROFILE list-org-accounts
     ```
 
-    Short form listing for quick overview:
+    Brief listing with timing:
     ```bash
-    python org_list_accounts.py --profile my-profile --short
+    runbooks inventory --profile mgmt list-org-accounts --short --timing
     ```
 
-    Find which organization contains specific accounts:
+    Find specific accounts across organizations:
     ```bash
-    python org_list_accounts.py --acct 123456789012 987654321098
+    runbooks inventory --all-profiles mgmt list-org-accounts --acct 123456789012 987654321098
     ```
 
-    List only root profiles:
+Example (Legacy Python Main):
     ```bash
-    python org_list_accounts.py --rootonly
+    python src/runbooks/inventory/list_org_accounts.py --profile my-org-profile
+    python src/runbooks/inventory/list_org_accounts.py --profile my-profile --short
+    python src/runbooks/inventory/list_org_accounts.py --acct 123456789012 987654321098
+    python src/runbooks/inventory/list_org_accounts.py --rootonly
     ```
 
 Use Cases:
@@ -60,30 +71,231 @@ Author:
     AWS Cloud Foundations Team
 
 Version:
-    2024.05.08
+    1.1.10 (v1.1.10 parameter patterns + shared utilities)
 """
 
 import logging
 import sys
+import json
 from os.path import split
 from time import time
+from typing import Dict, List, Optional
+
+from runbooks.inventory.ArgumentsClass import CommonArguments
+from runbooks.inventory.organizations_utils import discover_organization_accounts
+from runbooks.inventory.output_formatters import OrganizationsFormatter, export_to_file
+from runbooks.common.rich_utils import (
+    console,
+    print_header,
+    print_success,
+    print_error,
+    print_warning,
+    print_info,
+    create_table,
+)
+from runbooks.common.config_loader import get_config_loader
+from runbooks import __version__
+
+logger = logging.getLogger(__name__)
 
-from ArgumentsClass import CommonArguments
+begin_time = time()
 
-# from botocore.exceptions import ClientError, NoCredentialsError, InvalidConfigError
-from runbooks.common.rich_utils import console
-from Inventory_Modules import display_results, get_org_accounts_from_profiles, get_profiles
 
-__version__ = "2024.05.08"
-begin_time = time()
+##################
+# Core Functions
+##################
+def list_organization_accounts(
+    profiles: List[str],
+    short_form: bool = False,
+    root_only: bool = False,
+    account_lookup: Optional[List[str]] = None,
+    export_format: str = "table",
+    output_file: Optional[str] = None,
+    skip_profiles: Optional[List[str]] = None,
+    verbose: int = logging.ERROR,
+) -> Dict:
+    """
+    List all accounts in AWS Organizations with multi-profile support.
+
+    This function serves both Modern CLI and legacy Python Main modes,
+    implementing the Group-Level with --all-profiles pattern (Option B).
+
+    Args:
+        profiles: List of AWS profiles to query (Organizations management accounts)
+        short_form: Show only profile-level info, skip child accounts (performance optimization)
+        root_only: Show only management accounts (governance focus)
+        account_lookup: Specific account IDs to find across organizations (cross-org search)
+        export_format: Output format (json, csv, markdown, table)
+        output_file: Output filename (None = console only)
+        skip_profiles: Profiles to exclude from discovery
+        verbose: Logging level (logging.ERROR, WARNING, INFO, DEBUG)
+
+    Returns:
+        Dictionary containing:
+            - OrgsFound: List of management account IDs discovered
+            - AccountList: Complete account inventory with metadata
+            - ClosedAccounts: Suspended/closed account IDs
+            - FailedProfiles: Profiles that failed authentication/access
+            - StandAloneAccounts: Non-organizational standalone accounts
+
+    Architecture:
+        - Uses organizations_utils.discover_organization_accounts() for AWS API integration
+        - Uses output_formatters.OrganizationsFormatter() for multi-format export
+        - Graceful fallback to single-account mode when Organizations unavailable
+        - Profile-level caching to avoid redundant API calls
+    """
+    # Configure logging
+    logger.setLevel(verbose)
+
+    # Print header
+    print_header("Organizations Account Inventory", __version__)
+
+    # Filter profiles
+    active_profiles = [p for p in profiles if not skip_profiles or p not in skip_profiles]
+
+    if skip_profiles:
+        excluded_count = len(profiles) - len(active_profiles)
+        print_info(f"Excluding {excluded_count} profile(s): {', '.join(skip_profiles)}")
+
+    print_info(f"Scanning {len(active_profiles)} profile(s) for Organizations membership")
+
+    # Account discovery across profiles
+    all_accounts = []
+    orgs_found = set()
+    failed_profiles = []
+    profile_errors = {}
+
+    for profile in active_profiles:
+        try:
+            logger.info(f"Discovering accounts for profile: {profile}")
+
+            # Use shared utility for Organizations API discovery
+            accounts, error_msg = discover_organization_accounts(profile, region="us-east-1")
 
+            if error_msg:
+                # Fallback mode - single account
+                logger.warning(f"Profile {profile} fallback mode: {error_msg}")
+                profile_errors[profile] = error_msg
 
-# TODO: If they provide a profile that isn't a root profile, you should find out which org it belongs to, and then show the org for that.
-#  This will be difficult, since we don't know which profile that belongs to. Hmmm...
+            if accounts:
+                # Track management accounts
+                mgmt_accounts = [acc for acc in accounts if acc.get("is_management_account", False)]
+                for mgmt_acc in mgmt_accounts:
+                    orgs_found.add(mgmt_acc["id"])
+
+                # Add profile metadata to each account
+                for account in accounts:
+                    account["discovery_profile"] = profile
+
+                all_accounts.extend(accounts)
+                print_success(f"Profile '{profile}': {len(accounts)} accounts discovered")
+            else:
+                failed_profiles.append(profile)
+                print_error(f"Profile '{profile}': Discovery failed")
+
+        except Exception as e:
+            error_msg = str(e)
+            logger.error(f"Profile {profile} failed: {error_msg}", exc_info=True)
+            failed_profiles.append(profile)
+            profile_errors[profile] = error_msg
+            print_error(f"Profile '{profile}': {error_msg}")
+
+    # Summary statistics
+    console.print()
+    console.print("[cyan]📊 Discovery Summary:[/cyan]")
+    console.print(f"Organizations found: {len(orgs_found)}")
+    console.print(f"Total accounts: {len(all_accounts)}")
+
+    # Status breakdown
+    active_count = sum(1 for acc in all_accounts if acc.get("status") == "ACTIVE")
+    suspended_count = sum(1 for acc in all_accounts if acc.get("status") == "SUSPENDED")
+    closed_count = sum(1 for acc in all_accounts if acc.get("status") == "CLOSED")
+
+    console.print(f"  - Active: {active_count}")
+    if suspended_count > 0:
+        console.print(f"  - Suspended: {suspended_count}")
+    if closed_count > 0:
+        console.print(f"  - Closed: {closed_count}")
+
+    if failed_profiles:
+        console.print(f"[yellow]Failed profiles: {len(failed_profiles)}[/yellow]")
+    console.print()
+
+    # Apply filters
+    if root_only:
+        all_accounts = [acc for acc in all_accounts if acc.get("is_management_account", False)]
+        print_info(f"Root-only filter: {len(all_accounts)} management accounts")
+
+    # Account lookup (cross-organization search)
+    if account_lookup:
+        found_accounts = [acc for acc in all_accounts if acc["id"] in account_lookup]
+
+        console.print("[cyan]🔍 Account Lookup Results:[/cyan]")
+        if found_accounts:
+            for acc in found_accounts:
+                org_id = acc.get("parent_org", "N/A")
+                console.print(
+                    f"  Account: [bold]{acc['id']}[/bold] | "
+                    f"Name: {acc.get('name', 'N/A')} | "
+                    f"Org: {org_id} | "
+                    f"Status: {acc['status']} | "
+                    f"Profile: {acc.get('profile', 'N/A')}"
+                )
+        else:
+            console.print(f"[yellow]  No accounts found matching IDs: {', '.join(account_lookup)}[/yellow]")
+        console.print()
+
+    # Output formatting
+    formatter = OrganizationsFormatter()
+
+    if export_format == "table":
+        # Rich table for console display
+        table = formatter.format_accounts_table(all_accounts, title="AWS Organization Accounts")
+        console.print(table)
+
+    elif export_format == "json":
+        # JSON export with metadata
+        output_filename = output_file or "organizations_accounts.json"
+        metadata = {
+            "organizations_count": len(orgs_found),
+            "total_accounts": len(all_accounts),
+            "discovery_profiles": active_profiles,
+            "failed_profiles": failed_profiles,
+        }
+        formatter.export_json(all_accounts, output_filename, metadata=metadata)
+
+    elif export_format == "csv":
+        # CSV export
+        output_filename = output_file or "organizations_accounts.csv"
+        formatter.export_csv(all_accounts, output_filename)
+
+    elif export_format == "markdown":
+        # Markdown export
+        output_filename = output_file or "organizations_accounts.md"
+        formatter.export_markdown(all_accounts, output_filename, title="AWS Organization Accounts")
+
+    # Closed/suspended account tracking
+    closed_accounts = [acc["id"] for acc in all_accounts if acc["status"] != "ACTIVE"]
+
+    # Standalone account detection (accounts with no parent org)
+    standalone_accounts = [
+        acc["id"]
+        for acc in all_accounts
+        if acc.get("email") == "N/A" and acc.get("id") == acc.get("parent_org")
+    ]
+
+    return {
+        "OrgsFound": list(orgs_found),
+        "AccountList": all_accounts,
+        "ClosedAccounts": closed_accounts,
+        "FailedProfiles": failed_profiles,
+        "StandAloneAccounts": standalone_accounts,
+        "ProfileErrors": profile_errors,
+    }
 
 
 ##################
-# Functions
+# Legacy Python Main Entry Point
 ##################
 def parse_args(f_arguments):
     """
@@ -103,7 +315,7 @@ def parse_args(f_arguments):
             - pShortform: Brief output format (profiles only, not child accounts)
             - accountList: Specific account IDs to lookup across organizations
             - SkipProfiles: Profiles to exclude from discovery
-            - Filename: Output file prefix for CSV export
+            - Filename: Output file prefix for export
             - Time: Enable execution timing measurements
             - Other standard framework arguments
 
@@ -137,7 +349,7 @@ def parse_args(f_arguments):
     # Add execution timing capabilities
     parser.timing()
 
-    # Enable CSV file export functionality
+    # Enable file export functionality
     parser.save_to_file()
 
     # Configure logging verbosity levels
@@ -166,279 +378,97 @@ def parse_args(f_arguments):
         "-A", "--acct", help="Find which Org this account is a part of", nargs="*", dest="accountList", default=None
     )
 
-    return parser.my_parser.parse_args(f_arguments)
-
-
-def all_my_orgs(
-    f_Profiles: list,
-    f_SkipProfiles: list,
-    f_AccountList: list,
-    f_Timing: bool,
-    f_RootOnly: bool,
-    f_SaveFilename: str,
-    f_Shortform: bool,
-    f_verbose,
-):
-    """
-    Execute comprehensive AWS Organizations discovery across multiple management accounts.
-
-    This is the core orchestration function that discovers and maps AWS Organizations
-    hierarchies, identifies management accounts, enumerates child accounts, and provides
-    detailed organizational visibility across multiple AWS Organizations.
-
-    Args:
-        f_Profiles (list): AWS profiles to analyze for organization membership
-        f_SkipProfiles (list): Profiles to exclude from discovery process
-        f_AccountList (list): Specific account IDs to lookup across organizations
-        f_Timing (bool): Enable execution timing measurements and display
-        f_RootOnly (bool): Limit output to Management Accounts only
-        f_SaveFilename (str): Output file prefix for CSV export (None for console only)
-        f_Shortform (bool): Brief output format excluding child account details
-        f_verbose: Logging verbosity level for detailed operational logging
-
-    Returns:
-        dict: Comprehensive organizational data containing:
-            - OrgsFound: List of Management Account IDs discovered
-            - StandAloneAccounts: Non-organizational standalone accounts
-            - ClosedAccounts: Suspended or closed account IDs
-            - FailedProfiles: Profiles that failed authentication/access
-            - AccountList: Complete account inventory with metadata
-
-    Processing Workflow:
-        1. Profile Resolution: Convert profile names to validated credential sets
-        2. Organization Discovery: Query each profile for organizational context
-        3. Account Enumeration: List all child accounts for Management Accounts
-        4. Status Analysis: Identify suspended, closed, or problematic accounts
-        5. Output Generation: Format results for console display or CSV export
-        6. Cross-Reference Lookup: Match requested account IDs to organizations
-
-    Output Formats:
-        - Console Mode: Formatted tables with colored output for status highlighting
-        - CSV Mode: Pipe-delimited files suitable for data analysis and reporting
-        - Short Mode: Profile-level summary without child account enumeration
-        - Lookup Mode: Targeted account-to-organization mapping
-
-    Error Handling:
-        - Profile failures are logged and tracked but don't stop processing
-        - Authentication errors are captured with detailed error messages
-        - Missing organizations are handled gracefully with fallback behavior
-        - API rate limits and throttling are managed through sequential processing
-
-    Performance Considerations:
-        - Sequential profile processing (no threading due to AWS API complexity)
-        - Cached organization data to avoid redundant API calls
-        - Progress indicators for long-running discovery operations
-        - Memory-efficient handling of large organizational hierarchies
-
-    Security Features:
-        - Read-only operations with minimal required permissions
-        - No credential storage or caching beyond execution scope
-        - Audit trail through comprehensive logging
-        - Safe handling of cross-account access patterns
-    """
-    ProfileList = get_profiles(fSkipProfiles=f_SkipProfiles, fprofiles=f_Profiles)
-    # print("Capturing info for supplied profiles")
-    logging.info(f"These profiles were requested {f_Profiles}.")
-    logging.warning(f"These profiles are being checked {ProfileList}.")
-    print(f"Please bear with us as we run through {len(ProfileList)} profiles")
-    AllProfileAccounts = get_org_accounts_from_profiles(ProfileList)
-    AccountList = []
-    FailedProfiles = []
-    OrgsFound = []
-
-    # Print out the results
-    if f_Timing:
-        print()
-        print(f"It's taken [green]{time() - begin_time:.2f} seconds to find profile accounts...")
-        print()
-    fmt = "%-23s %-15s %-15s %-12s %-10s"
-    print("<------------------------------------>")
-    print(fmt % ("Profile Name", "Account Number", "Payer Org Acct", "Org ID", "Root Acct?"))
-    print(fmt % ("------------", "--------------", "--------------", "------", "----------"))
-
-    for item in AllProfileAccounts:
-        if not item["Success"]:
-            # If the profile failed, don't print anything and continue on.
-            FailedProfiles.append(item["profile"])
-            logging.error(f"{item['profile']} errored. Message: {item['ErrorMessage']}")
-        else:
-            if item["RootAcct"]:
-                # If the account is a root account, capture it for display later
-                OrgsFound.append(item["MgmtAccount"])
-            # Print results for all profiles
-            item["AccountId"] = item["aws_acct"].acct_number
-            item["AccountStatus"] = item["aws_acct"].AccountStatus
-            # item['AccountEmail'] = item['aws_acct'].
-            try:
-                if f_RootOnly and not item["RootAcct"]:
-                    # If we're only looking for root accounts, and this isn't one, don't print anything and continue on.
-                    continue
-                else:
-                    logging.info(f"{item['profile']} was successful.")
-                    print(
-                        f"{Fore.RED if item['RootAcct'] else ''}{item['profile']:23s} {item['aws_acct'].acct_number:15s} {item['MgmtAccount']:15s} {str(item['OrgId']):12s} {item['RootAcct']}"
-                    )
-            except TypeError as my_Error:
-                logging.error(f"Error - {my_Error} on {item}")
-                pass
-
-    """
-	If I create a dictionary from the Root Accts and Root Profiles Lists - 
-	I can use that to determine which profile belongs to the root user of my (child) account.
-	But this dictionary is only guaranteed to be valid after ALL profiles have been checked, 
-	so... it doesn't solve our issue - unless we don't write anything to the screen until *everything* is done, 
-	and we keep all output in another dictionary - where we can populate the missing data at the end... 
-	but that takes a long time, since nothing would be sent to the screen in the meantime.
-	"""
-
-    print(ERASE_LINE)
-    print("-------------------")
-
-    if f_Shortform:
-        # The user specified "short-form" which means they don't want any information on child accounts.
-        return_response = {
-            "OrgsFound": OrgsFound,
-            "FailedProfiles": FailedProfiles,
-            "AllProfileAccounts": AllProfileAccounts,
-        }
-    else:
-        NumOfOrgAccounts = 0
-        ClosedAccounts = []
-        FailedAccounts = 0
-        account = dict()
-        ProfileNameLength = len("Organization's Profile")
-
-        for item in AllProfileAccounts:
-            # AllProfileAccounts holds the list of account class objects of the accounts associated with the profiles it found.
-            if item["Success"] and not item["RootAcct"]:
-                account.update(item["aws_acct"].ChildAccounts[0])
-                account.update({"Profile": item["profile"]})
-                AccountList.append(account.copy())
-            elif item["Success"] and item["RootAcct"]:
-                for child_acct in item["aws_acct"].ChildAccounts:
-                    account.update(child_acct)
-                    account.update({"Profile": item["profile"]})
-                    ProfileNameLength = max(len(item["profile"]), ProfileNameLength)
-                    AccountList.append(account.copy())
-                    if not child_acct["AccountStatus"] == "ACTIVE":
-                        ClosedAccounts.append(child_acct["AccountId"])
-
-                NumOfOrgAccounts += len(item["aws_acct"].ChildAccounts)
-            elif not item["Success"]:
-                FailedAccounts += 1
-                continue
-
-        # Display results on screen
-        if f_SaveFilename is None:
-            fmt = "%-23s %-15s"
-            print()
-            print(fmt % ("Organization's Profile", "Root Account"))
-            print(fmt % ("----------------------", "------------"))
-            for item in AllProfileAccounts:
-                if item["Success"] and item["RootAcct"]:
-                    print(
-                        f"{item['profile']:{ProfileNameLength}s} [bold]{item['MgmtAccount']:15s}"
-                    )
-                    print(
-                        f"\t{'Child Account Number':{len('Child Account Number')}s} {'Child Account Status':{len('Child Account Status')}s} {'Child Email Address'}"
-                    )
-                    for child_acct in item["aws_acct"].ChildAccounts:
-                        print(
-                            f"\t{Fore.RED if not child_acct['AccountStatus'] == 'ACTIVE' else ''}{child_acct['AccountId']:{len('Child Account Number')}s} {child_acct['AccountStatus']:{len('Child Account Status')}s} {child_acct['AccountEmail']}"
-                        )
-
-        elif f_SaveFilename is not None:
-            # The user specified a file name, which means they want a (pipe-delimited) CSV file with the relevant output.
-            display_dict = {
-                "MgmtAccount": {"DisplayOrder": 1, "Heading": "Parent Acct"},
-                "AccountId": {"DisplayOrder": 2, "Heading": "Account Number"},
-                "AccountStatus": {"DisplayOrder": 3, "Heading": "Account Status", "Condition": ["SUSPENDED", "CLOSED"]},
-                "AccountEmail": {"DisplayOrder": 4, "Heading": "Email"},
-            }
-            if pRootOnly:
-                sorted_Results = sorted(AllProfileAccounts, key=lambda d: (d["MgmtAccount"], d["AccountId"]))
-            else:
-                sorted_Results = sorted(AccountList, key=lambda d: (d["MgmtAccount"], d["AccountId"]))
-            display_results(sorted_Results, display_dict, "None", f_SaveFilename)
-
-        StandAloneAccounts = [
-            x["AccountId"]
-            for x in AccountList
-            if x["MgmtAccount"] == x["AccountId"] and x["AccountEmail"] == "Not an Org Management Account"
-        ]
-        FailedProfiles = [i["profile"] for i in AllProfileAccounts if not i["Success"]]
-        OrgsFound = [i["MgmtAccount"] for i in AllProfileAccounts if i["RootAcct"]]
-        StandAloneAccounts.sort()
-        FailedProfiles.sort()
-        OrgsFound.sort()
-        ClosedAccounts.sort()
-
-        print()
-        print(f"Number of Organizations: {len(OrgsFound)}")
-        print(f"Number of Organization Accounts: {NumOfOrgAccounts}")
-        print(f"Number of Standalone Accounts: {len(StandAloneAccounts)}")
-        print(f"Number of suspended or closed accounts: {len(ClosedAccounts)}")
-        print(f"Number of profiles that failed: {len(FailedProfiles)}")
-        if f_verbose < 50:
-            print("----------------------")
-            print(f"The following accounts are the Org Accounts: {OrgsFound}")
-            print(f"The following accounts are Standalone: {StandAloneAccounts}") if len(
-                StandAloneAccounts
-            ) > 0 else None
-            print(f"The following accounts are closed or suspended: {ClosedAccounts}") if len(
-                ClosedAccounts
-            ) > 0 else None
-            print(f"The following profiles failed: {FailedProfiles}") if len(FailedProfiles) > 0 else None
-            print("----------------------")
-        print()
-        return_response = {
-            "OrgsFound": OrgsFound,
-            "StandAloneAccounts": StandAloneAccounts,
-            "ClosedAccounts": ClosedAccounts,
-            "FailedProfiles": FailedProfiles,
-            "AccountList": AccountList,
-        }
-
-    if f_AccountList is not None:
-        print(f"Found the requested account number{'' if len(AccountList) == 1 else 's'}:")
-        for acct in AccountList:
-            if acct["AccountId"] in f_AccountList:
-                print(
-                    f"Profile: {acct['Profile']} | Org: {acct['MgmtAccount']} | Account: {acct['AccountId']} | Status: {acct['AccountStatus']} | Email: {acct['AccountEmail']}"
-                )
+    # Tag mappings configuration (v1.1.10 config-aware feature)
+    local.add_argument(
+        "--tag-mappings",
+        type=str,
+        default=None,
+        dest="tagMappings",
+        help='JSON string mapping field names to AWS tag keys. '
+             'Example: \'{"wbs_code": "ProjectCode", "cost_group": "BillingGroup"}\'. '
+             'Overrides hierarchical config (user/project/env defaults).',
+    )
 
-    return return_response
+    return parser.my_parser.parse_args(f_arguments)
 
 
 ##################
 # Main
 ##################
-
 if __name__ == "__main__":
     args = parse_args(sys.argv[1:])
 
+    # Extract arguments
     pProfiles = args.Profiles
     pRootOnly = args.RootOnly
     pTiming = args.Time
-    pSkipAccounts = args.SkipAccounts
     pSkipProfiles = args.SkipProfiles
     verbose = args.loglevel
     pSaveFilename = args.Filename
     pShortform = args.pShortform
     pAccountList = args.accountList
+    pTagMappings = args.tagMappings
+
+    # Configure logging
     logging.basicConfig(
-        level=verbose, format="[%(filename)s:%(lineno)s - %(processName)s %(threadName)s %(funcName)20s() ] %(message)s"
+        level=verbose, format="[%(filename)s:%(lineno)s - %(funcName)20s() ] %(message)s"
     )
-    logging.getLogger("boto3").setLevel(logging.CRITICAL)
-    logging.getLogger("botocore").setLevel(logging.CRITICAL)
-    logging.getLogger("s3transfer").setLevel(logging.CRITICAL)
-    logging.getLogger("urllib3").setLevel(logging.CRITICAL)
 
-    all_my_orgs(pProfiles, pSkipProfiles, pAccountList, pTiming, pRootOnly, pSaveFilename, pShortform, verbose)
+    # Suppress AWS SDK noise unless in DEBUG mode
+    if verbose > logging.DEBUG:
+        for logger_name in ["boto3", "botocore", "s3transfer", "urllib3"]:
+            logging.getLogger(logger_name).setLevel(logging.CRITICAL)
+
+    # Parse CLI tag mappings (if provided)
+    cli_tag_overrides = None
+    if pTagMappings:
+        try:
+            cli_tag_overrides = json.loads(pTagMappings)
+            logger.info(f"Using CLI tag mapping overrides: {cli_tag_overrides}")
+        except json.JSONDecodeError as e:
+            console.print(f"[red]Error: Invalid JSON in --tag-mappings: {e}[/red]")
+            console.print("[yellow]Example: --tag-mappings '{\"wbs_code\": \"ProjectCode\", \"cost_group\": \"BillingGroup\"}'[/yellow]")
+            sys.exit(1)
+
+    # Load tag mappings with hierarchical precedence
+    config_loader = get_config_loader()
+    final_tag_mappings = config_loader.load_tag_mappings(cli_overrides=cli_tag_overrides)
+
+    # Display configuration sources
+    config_sources = config_loader.get_config_sources()
+    if verbose <= logging.INFO:
+        print_info(f"Tag mapping sources: {' → '.join(config_sources)}")
+        logger.info(f"Loaded {len(final_tag_mappings)} tag mappings from {len(config_sources)} sources")
+
+    # Determine export format based on filename
+    export_format = "table"
+    if pSaveFilename:
+        if pSaveFilename.endswith(".json"):
+            export_format = "json"
+        elif pSaveFilename.endswith(".csv"):
+            export_format = "csv"
+        elif pSaveFilename.endswith(".md"):
+            export_format = "markdown"
+        else:
+            # Default to CSV if no extension provided
+            export_format = "csv"
+            pSaveFilename = f"{pSaveFilename}.csv"
+
+    # Execute discovery
+    results = list_organization_accounts(
+        profiles=pProfiles,
+        short_form=pShortform,
+        root_only=pRootOnly,
+        account_lookup=pAccountList,
+        export_format=export_format,
+        output_file=pSaveFilename,
+        skip_profiles=pSkipProfiles,
+        verbose=verbose,
+    )
 
-    print()
+    # Timing summary
     if pTiming:
-        print(f"[green]This script took {time() - begin_time:.2f} seconds")
-        print()
-    print("Thanks for using this script")
-    print()
+        elapsed = time() - begin_time
+        console.print(f"\n[green]⏱️  Execution time: {elapsed:.2f}s[/green]")
+
+    console.print("\n[dim]Thanks for using this script[/dim]\n")