CLI Reference¶
Complete command reference for awsinv, auto-generated from source.
awsinv¶
AWS Inventory Manager - Resource Snapshot & Delta Tracking CLI tool
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--storage-path |
text | Custom path for snapshot storage (default: ~/.snapshots or $AWS_INVENTORY_STORAGE_PATH) | None |
--verbose, -v |
boolean | Enable verbose logging | False |
--quiet, -q |
boolean | Suppress output except errors | False |
--no-color |
boolean | Disable colored output | False |
--help |
boolean | Show this message and exit. | False |
cleanup¶
Revert environment to baseline by removing resources added after a baseline snapshot
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
execute¶
DELETE resources created after a baseline snapshot.
Reverts environment to baseline by removing resources added after the baseline snapshot.
⚠️ DESTRUCTIVE OPERATION: This will permanently delete AWS resources!
Deletes resources that were created after the snapshot, returning your AWS environment to that baseline state. Protected resources are skipped.
See also: 'cleanup preview' for a safe dry-run, 'cleanup purge' to delete all unprotected resources regardless of snapshot baseline.
Examples: # Delete resources created after baseline, protecting tagged resources awsinv cleanup execute my-snapshot --protect-tag "project=baseline" --yes
# Use config file for protection rules
awsinv cleanup execute my-snapshot --config .awsinv-cleanup.yaml --yes
# Delete only EC2 instances, skip prompt
awsinv cleanup execute my-snapshot --yes --type AWS::EC2::Instance
# Delete in specific region with profile
awsinv cleanup execute my-snapshot --yes --region us-east-1 --profile prod
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--account-id |
text | AWS account ID (auto-detected if not provided) | None |
--profile |
text | AWS profile name | None |
--type |
text | Filter by resource types | None |
--region |
text | Filter by AWS regions | None |
--protect-tag |
text | Protect resources with tag (format: key=value, can repeat) | None |
--config |
text | Path to protection rules config file | None |
--yes, -y |
boolean | Skip confirmation prompt (REQUIRED for execution) | False |
--help |
boolean | Show this message and exit. | False |
preview¶
Preview resources that would be DELETED to return to a baseline snapshot.
Shows what resources have been created since the snapshot without performing any deletions. This is a safe dry-run operation.
See also: 'cleanup execute' to actually perform the deletion, 'cleanup purge' to delete all unprotected resources regardless of snapshot baseline.
Examples: # Preview resources created since a baseline snapshot awsinv cleanup preview prod-baseline
# Preview with tag-based protection
awsinv cleanup preview my-snapshot --protect-tag "project=baseline"
# Preview with multiple protection tags
awsinv cleanup preview my-snapshot --protect-tag "project=baseline" --protect-tag "env=prod"
# Preview with config file
awsinv cleanup preview my-snapshot --config .awsinv-cleanup.yaml
# Preview only EC2 instances in us-east-1
awsinv cleanup preview my-snapshot --type AWS::EC2::Instance --region us-east-1
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--account-id |
text | AWS account ID (auto-detected if not provided) | None |
--profile |
text | AWS profile name | None |
--type |
text | Filter by resource types (e.g., AWS::EC2::Instance) | None |
--region |
text | Filter by AWS regions | None |
--protect-tag |
text | Protect resources with tag (format: key=value, can repeat) | None |
--config |
text | Path to protection rules config file | None |
--format |
text | Output format: table, json, yaml | table |
--help |
boolean | Show this message and exit. | False |
purge¶
DELETE all resources EXCEPT those matching protection rules or exclusions.
⚠️ DESTRUCTIVE OPERATION: This will permanently delete AWS resources!
Unlike 'cleanup execute', this does NOT compare to a snapshot. It deletes ALL resources that don't match protection rules (tags, types, etc.).
Use this for lab/sandbox cleanup where baseline resources are tagged.
See also: 'cleanup preview' for a safe dry-run, 'cleanup execute' to delete only resources added since a baseline snapshot.
Exclusion Filters: Use --exclude-name and --exclude-tag to protect specific resources from deletion. Supports wildcards: * (any characters) and ? (single character). Can specify multiple exclusions (OR logic - excluded if ANY match).
Creator/Date Filters:
Use --from-snapshot with an enriched snapshot to filter by creator.
First run: awsinv snapshot enrich-creators
Examples: # Preview what would be deleted (safe) awsinv cleanup purge --protect-tag "project=baseline" --preview
# Delete everything except baseline-tagged resources
awsinv cleanup purge --protect-tag "project=baseline" --yes
# Multiple protection tags (OR logic - protected if ANY match)
awsinv cleanup purge --protect-tag "project=baseline" --protect-tag "env=prod" --yes
# Exclude specific resources by name pattern (wildcards supported)
awsinv cleanup purge --protect-tag "env=dev" --exclude-name "*-prod-*" --preview
awsinv cleanup purge --protect-tag "env=dev" --exclude-name "my-critical-function" --preview
# Exclude multiple resources by name (can repeat option)
awsinv cleanup purge --protect-tag "env=dev" -x "*-prod-*" -x "*-staging-*" -x "critical-*" --preview
# Exclude resources by tag pattern (wildcards on key and value)
awsinv cleanup purge --protect-tag "env=dev" --exclude-tag "Name=*production*" --preview
awsinv cleanup purge --protect-tag "env=dev" --exclude-tag "critical=true" --preview
# Exclude by tag key only (any value)
awsinv cleanup purge --protect-tag "env=dev" --exclude-tag "do-not-delete=*" --preview
# Combine name and tag exclusions
awsinv cleanup purge --protect-tag "env=dev" --exclude-name "*-prod-*" --exclude-tag "protected=yes" --preview
# Use config file for protection rules
awsinv cleanup purge --config .awsinv-cleanup.yaml --yes
# Purge only specific resource types
awsinv cleanup purge --protect-tag "project=baseline" --type AWS::EC2::Instance --yes
# Purge in specific region
awsinv cleanup purge --protect-tag "project=baseline" --region us-east-1 --yes
# Delete resources created by a specific user (requires enriched snapshot)
awsinv cleanup purge --from-snapshot my-snapshot --created-by "john.doe" --preview
# Delete resources created by a specific role
awsinv cleanup purge --from-snapshot my-snapshot --created-by "AWSReservedSSO_Developer" --yes
# Delete resources created after a specific date
awsinv cleanup purge --from-snapshot my-snapshot --created-after "2025-01-01" --preview
# Delete resources created within a date range
awsinv cleanup purge --from-snapshot my-snapshot \
--created-after "2025-01-01" --created-before "2025-01-15" --preview
# Combine creator and date filters
awsinv cleanup purge --from-snapshot my-snapshot \
--created-by "john" --created-after "2025-01-10" --preview
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--account-id |
text | AWS account ID (auto-detected if not provided) | None |
--profile |
text | AWS profile name | None |
--type |
text | Filter by resource types | None |
--region |
text | Filter by AWS regions | None |
--protect-tag |
text | Protect resources with tag (format: key=value, can repeat) | None |
--exclude-name, -x |
text | Exclude resources by name pattern (supports * and ? wildcards, can repeat) | None |
--exclude-tag |
text | Exclude resources by tag (format: key=value, supports wildcards, can repeat) | None |
--config |
text | Path to protection rules config file | None |
--from-snapshot |
text | Use resources from an enriched snapshot (required for --created-by filters) | None |
--created-by |
text | Only delete resources created by this user/role (substring match on creator ARN) | None |
--created-after |
text | Only delete resources created after this date (ISO format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS) | None |
--created-before |
text | Only delete resources created before this date (ISO format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS) | None |
--preview |
boolean | Preview mode - show what would be deleted without deleting | False |
--yes, -y |
boolean | Skip confirmation prompt (REQUIRED for execution) | False |
--help |
boolean | Show this message and exit. | False |
collection¶
Manage resource collections (named groupings of snapshots)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
create¶
Create a new collection for organizing snapshots.
Collections allow you to organize snapshots by purpose (e.g., baseline, team-a-resources) with optional tag-based filters that automatically apply to all snapshots in that collection.
Examples: # Create basic collection with no filters awsinv collection create baseline --description "Production baseline resources"
# Create filtered collection for team resources
awsinv collection create team-a-resources \
--description "Team Alpha project resources" \
--include-tags "team=alpha,env=prod" \
--exclude-tags "managed-by=terraform"
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--description, -d |
text | Human-readable description | None |
--include-tags |
text | Include only resources with ALL these tags (Key=Value,Key2=Value2) | None |
--exclude-tags |
text | Exclude resources with ANY of these tags (Key=Value,Key2=Value2) | None |
--profile, -p |
text | AWS profile name to use | None |
--help |
boolean | Show this message and exit. | False |
delete¶
Delete a collection, optionally deleting its snapshot files.
WARNING: This will remove the collection metadata. Snapshot files can be preserved or deleted.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--yes, -y |
boolean | Skip confirmation prompts | False |
--profile, -p |
text | AWS profile name to use | None |
--help |
boolean | Show this message and exit. | False |
list¶
List all collections for the current AWS account.
Displays a table showing all collections with their snapshot counts, filter settings, and descriptions.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name to use | None |
--help |
boolean | Show this message and exit. | False |
migrate¶
Migrate legacy snapshots to collection structure.
Scans for snapshots without collection assignment and adds them to the 'default' collection.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name to use | None |
--help |
boolean | Show this message and exit. | False |
show¶
Show detailed information for a specific collection.
Displays full details including filters, snapshots, and timestamps.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name to use | None |
--help |
boolean | Show this message and exit. | False |
compare¶
Compare inventory coverage against existing IaC code.
Validates how well existing Terraform/CDK code covers the resources in an inventory snapshot or export file. Useful for:
- Checking coverage of manually written IaC
- Re-validating after manual edits to generated code
- Comparing inventory against existing infrastructure-as-code
Examples: awsinv compare my-snapshot --iac-dir ./terraform awsinv compare --from-file inventory.yaml --iac-dir ./infra awsinv compare my-snapshot --iac-dir ./terraform --json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--iac-dir |
text | Directory containing IaC files | ./terraform |
--from-file |
text | Path to JSON/YAML inventory file (alternative to snapshot) | None |
--model-id, -m |
text | Bedrock model ID (default: from AWSINV_BEDROCK_MODEL_ID) | None |
--region, -r |
text | AWS region for Bedrock (default: from AWSINV_BEDROCK_REGION) | None |
--provider |
text | LLM provider: bedrock or openai (default: from AWSINV_LLM_PROVIDER or bedrock) | None |
--openai-model |
text | OpenAI model name (default: gpt-4o) | None |
--openai-api-key |
text | OpenAI API key (default: from AWSINV_OPENAI_API_KEY) | None |
--openai-base-url |
text | OpenAI-compatible base URL (default: from AWSINV_OPENAI_BASE_URL) | None |
--json |
boolean | Output results as JSON | False |
--help |
boolean | Show this message and exit. | False |
config¶
AWS Config integration (uses AWS Config service for resource collection)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
check¶
Check AWS Config availability and status.
Shows whether AWS Config is enabled in each region and what resource types are being recorded. This helps understand which collection method will be used.
Examples: awsinv config check awsinv config check --regions us-east-1,us-west-2 awsinv config check --verbose
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--region, -r |
text | Region to check (repeatable, e.g. --region us-east-1 --region us-west-2) | None |
--profile |
text | AWS profile name | None |
--verbose, -v |
boolean | Show detailed resource type support | False |
--help |
boolean | Show this message and exit. | False |
copilot¶
GitHub Copilot instructions and prompt management
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
install¶
Install GitHub Copilot instructions and prompts.
Installs the following files to .github/: - copilot-instructions.md: Base instructions with AWS schema context - prompts/generate-terraform.prompt.md: Single-pass Terraform generation - prompts/generate-cdk-typescript.prompt.md: CDK TypeScript prompt - prompts/generate-cdk-python.prompt.md: CDK Python prompt - prompts/plan-iac.prompt.md: Analyze inventory and create IaC checklist - prompts/generate-terraform-layer.prompt.md: Layer-by-layer Terraform generation - instructions/terraform.instructions.md: Terraform best practices (applyTo: *.tf)
For large inventories (3000+ lines), use plan-iac first, then generate-terraform-layer.
Existing files are backed up with .bak.{timestamp} suffix. Custom org instructions in copilot-custom.md are never touched.
Example: awsinv copilot install awsinv copilot install --path /path/to/project awsinv copilot install --json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--path |
text | Target project directory (defaults to current directory) | None |
--json |
boolean | Output results as JSON | False |
--help |
boolean | Show this message and exit. | False |
list¶
List installed GitHub Copilot files.
Shows installed files with version information from frontmatter: - Filename and type (instructions, prompt, custom) - Model version (e.g., gpt-4.1) - Last updated date
Example: awsinv copilot list awsinv copilot list --path /path/to/project awsinv copilot list --json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--path |
text | Target project directory (defaults to current directory) | None |
--json |
boolean | Output results as JSON | False |
--help |
boolean | Show this message and exit. | False |
uninstall¶
Remove installed GitHub Copilot files.
Removes installed template files but preserves: - copilot-custom.md (custom org instructions) - Backup files (.bak.*)
Example: awsinv copilot uninstall awsinv copilot uninstall --path /path/to/project
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--path |
text | Target project directory (defaults to current directory) | None |
--json |
boolean | Output results as JSON | False |
--help |
boolean | Show this message and exit. | False |
cost¶
Analyze costs for resources in a specific collection.
Shows costs for resources captured in the collection's active snapshot, enabling per-team, per-environment, or per-project cost tracking.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot |
text | Baseline snapshot name (default: active from collection) | None |
--collection |
text | Collection name (default: 'default') | None |
--start-date |
text | Start date (YYYY-MM-DD, default: snapshot date) | None |
--end-date |
text | End date (YYYY-MM-DD, default: today) | None |
--granularity |
text | Cost granularity: DAILY or MONTHLY | MONTHLY |
--show-services / --no-services |
boolean | Show service breakdown | True |
--output, -o |
text | Export to file (JSON or CSV based on extension) | None |
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
delta¶
View resource changes since snapshot.
Compares current AWS state to the snapshot and shows added, deleted, and modified resources. Use --show-diff to see field-level configuration changes.
See also: 'query compare' to compare two snapshots against each other.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot |
text | Baseline snapshot name (default: active from collection) | None |
--collection |
text | Collection name (default: 'default') | None |
--type, -t |
text | Filter by resource type | None |
--region |
text | Filter by region | None |
--show-details |
boolean | Show detailed resource information | False |
--show-diff |
boolean | Show field-level configuration differences | False |
--output, -o |
text | Export to file (JSON or CSV based on extension) | None |
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
generate¶
Generate IaC (Terraform/CDK) from an inventory snapshot or export file.
Uses AI (AWS Bedrock or OpenAI) for code generation.
Formats: terraform - HashiCorp Terraform (.tf files) cdk-typescript - AWS CDK TypeScript project cdk-python - AWS CDK Python project
Examples: # Terraform awsinv generate terraform my-snapshot awsinv generate terraform my-snapshot --output ./infra
# CDK TypeScript
awsinv generate cdk-typescript my-snapshot
awsinv generate cdk-typescript my-snapshot --output ./my-cdk-app
# CDK Python
awsinv generate cdk-python my-snapshot --output ./my-cdk-python
# From export file
awsinv generate terraform --from-file inventory.json
awsinv generate cdk-typescript --from-file export.yaml --output ./cdk-app
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--output, -o |
text | Output directory | ./terraform |
--from-file |
text | Path to JSON/YAML export file (alternative to snapshot) | None |
--model-id, -m |
text | Bedrock model ID (default: from AWSINV_BEDROCK_MODEL_ID) | None |
--region, -r |
text | AWS region for Bedrock (default: from AWSINV_BEDROCK_REGION) | None |
--provider |
text | LLM provider: bedrock or openai (default: from AWSINV_LLM_PROVIDER or bedrock) | None |
--openai-model |
text | OpenAI model name (default: gpt-4o) | None |
--openai-api-key |
text | OpenAI API key (default: from AWSINV_OPENAI_API_KEY) | None |
--openai-base-url |
text | OpenAI-compatible base URL (default: from AWSINV_OPENAI_BASE_URL) | None |
--verbose, -v |
boolean | Show detailed progress | False |
--dry-run |
boolean | Show what would be generated without creating files | False |
--no-best-practices |
boolean | Disable built-in best-practice guardrails (advisory warnings) | False |
--guardrails |
boolean | Enable guardrails policy evaluation | False |
--guardrails-policy |
text | Path to custom guardrails policy file (YAML) | None |
--guardrails-env |
text | Environment for guardrails policy overrides | default |
--guardrails-strict |
boolean | Strict mode: block on any violation (not just CRITICAL/HIGH) | False |
--guardrails-auto-fix / --no-guardrails-auto-fix |
boolean | Enable AI auto-fix for AUTO-FIX guardrails | True |
--guardrails-report |
text | Save guardrails report to file (JSON or YAML based on extension) | None |
--help |
boolean | Show this message and exit. | False |
group¶
Resource groups (user-defined collections for tracking, not IAM or Security Groups)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
add¶
Add a resource to a group manually.
Resources are specified as 'name:type' where type is the AWS resource type.
Examples: awsinv group add baseline --resource "my-bucket:s3:bucket" awsinv group add iam-baseline --resource "AdminRole:iam:role"
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--resource |
text | Resource to add as 'name:type' (e.g., 'my-bucket:s3:bucket') | _required |
--help |
boolean | Show this message and exit. | False |
compare¶
Compare a snapshot against a resource group.
Shows which resources from the group are present in the snapshot, which are missing, and which resources in the snapshot are not in the group.
Examples: awsinv group compare baseline --snapshot prod-account-2026-01 awsinv group compare baseline -s prod-account --format json awsinv group compare baseline -s prod-account --details
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Snapshot to compare against | _required |
--format, -f |
text | Output format: summary, table, json | summary |
--details |
boolean | Show individual resource details | False |
--help |
boolean | Show this message and exit. | False |
create¶
Create a new resource group.
Groups define a set of resources (by name + type) that should exist in every account. Use --from-snapshot to populate the group from an existing snapshot.
Examples: # Create empty group awsinv group create baseline --description "Production baseline resources"
# Create from snapshot
awsinv group create baseline --from-snapshot "empty-account-2026-01"
# Create with filters
awsinv group create iam-baseline --from-snapshot snap1 --type iam
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--from-snapshot |
text | Create group from resources in this snapshot | None |
--description, -d |
text | Group description | `` |
--type, -t |
text | Filter by resource type when creating from snapshot | None |
--region, -r |
text | Filter by region when creating from snapshot | None |
--help |
boolean | Show this message and exit. | False |
delete¶
Delete a resource group.
Examples: awsinv group delete baseline awsinv group delete baseline --yes
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--yes, -y |
boolean | Skip confirmation prompt | False |
--help |
boolean | Show this message and exit. | False |
export¶
Export a group definition.
Examples: awsinv group export baseline --format yaml awsinv group export baseline --format csv --output baseline.csv
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--format, -f |
text | Output format: yaml, csv, json | yaml |
--output, -o |
text | Output file (stdout if not specified) | None |
--help |
boolean | Show this message and exit. | False |
list¶
List all resource groups.
Examples: awsinv group list awsinv group list --format json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--format, -f |
text | Output format: table, json | table |
--help |
boolean | Show this message and exit. | False |
remove¶
Remove a resource from a group.
Examples: awsinv group remove baseline --resource "my-bucket:s3:bucket"
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--resource |
text | Resource to remove as 'name:type' | _required |
--help |
boolean | Show this message and exit. | False |
show¶
Show details of a resource group including its members.
Examples: awsinv group show baseline awsinv group show baseline --limit 100
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--limit, -l |
integer | Maximum members to display | 50 |
--help |
boolean | Show this message and exit. | False |
guardrails¶
IaC guardrails (policy checks for generated code, not AWS Control Tower guardrails)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
check¶
Evaluate guardrails against an inventory snapshot.
Checks resources for compliance with IaC policy guardrails without generating code. Useful for CI/CD gates and compliance audits.
See also: 'security scan' for runtime security configuration checks against AWS best practices.
Examples: awsinv guardrails check my-snapshot awsinv guardrails check my-snapshot --policy ./policy.yaml awsinv guardrails check --from-file inventory.yaml --strict awsinv guardrails check my-snapshot --output report.json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--policy |
text | Path to custom guardrails policy file (YAML) | None |
--env, -e |
text | Environment for policy overrides (e.g., dev, staging, prod) | default |
--from-file |
text | Path to JSON/YAML inventory file (alternative to snapshot) | None |
--output, -o |
text | Save report to file (JSON or YAML based on extension) | None |
--format |
text | Output format: table, json, yaml | table |
--strict |
boolean | Strict mode: exit 1 on any violation (not just CRITICAL/HIGH) | False |
--help |
boolean | Show this message and exit. | False |
export¶
Export built-in guardrails as a standard YAML policy file.
Outputs the built-in best-practice guardrails in the standard policy format so you can customize them.
Examples: awsinv guardrails export > my-policy.yaml awsinv guardrails export --output my-policy.yaml awsinv guardrails export --category encryption --output enc-policy.yaml
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--output, -o |
text | Save to file instead of stdout | None |
--category, -c |
text | Filter by category: encryption, network, tagging, logging | None |
--help |
boolean | Show this message and exit. | False |
generate¶
Generate guardrails from a requirement, description, or rules file.
Three modes: 1. Single requirement: awsinv guardrails generate "S3 must be encrypted" 2. Batch from description: awsinv guardrails generate "PCI baseline" --count 10 3. Bulk from file: awsinv guardrails generate --from-file rules.csv
Examples: awsinv guardrails generate "S3 buckets must have encryption enabled" awsinv guardrails generate "production security baseline" --count 5 awsinv guardrails generate --from-file rules.txt awsinv guardrails generate --from-file rules.csv --instructions "format is 'RULE_ID: description'" awsinv guardrails generate --from-file rules.json -o policy.yaml
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--from-file |
text | Path to rules file (TXT, JSON, or CSV) | None |
--format |
text | File format override: txt, json, csv (auto-detected by default) | None |
--instructions |
text | Instructions for how to interpret the rules in --from-file | None |
--count, -n |
integer | Number of guardrails to generate (used with description, not --from-file) | 1 |
--types |
text | Comma-separated resource types to focus on (e.g., s3,ec2,rds) | None |
--output, -o |
text | Save to policy file | None |
--help |
boolean | Show this message and exit. | False |
list¶
List available guardrails.
Shows all guardrails from built-in rules or a custom policy file.
Examples: awsinv guardrails list awsinv guardrails list --policy ./policy.yaml awsinv guardrails list --severity CRITICAL awsinv guardrails list --category ENC awsinv guardrails list --format json
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--policy |
text | Path to custom guardrails policy file (YAML) | None |
--env, -e |
text | Environment for policy overrides | default |
--severity |
text | Filter by severity: CRITICAL, HIGH, MEDIUM, LOW, INFO | None |
--category, -c |
text | Filter by category (e.g., ENC, NET, TAG, LOG) | None |
--format |
text | Output format: table, json, yaml | table |
--help |
boolean | Show this message and exit. | False |
validate¶
Validate a guardrails policy file.
Checks for syntax errors, invalid values, and common issues before using the policy.
Examples: awsinv guardrails validate ./policy.yaml awsinv guardrails validate ~/.awsinv/policies/production.yaml awsinv guardrails validate ./policy.yaml --verbose
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--verbose, -v |
boolean | Show detailed error context and suggestions | False |
--help |
boolean | Show this message and exit. | False |
lambda¶
Extract, view, and diff Lambda function code from snapshots
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
diff¶
Compare Lambda function code between two snapshots.
Shows what changed in the code between snapshots.
Examples: awsinv lambda diff my-function snapshot-v1 snapshot-v2 awsinv lambda diff my-function old new --file handler.py
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--file |
text | Diff specific file | None |
--help |
boolean | Show this message and exit. | False |
extract¶
Extract Lambda function code to disk.
Extracts the deployment package (zip) and unpacks it.
Examples: awsinv lambda extract my-function awsinv lambda extract all --output ./code awsinv lambda extract my-function -s my-snapshot -o ./extracted
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Snapshot name (defaults to active) | None |
--output, -o |
text | Output directory | ./lambda_code |
--flatten |
boolean | Extract all to single directory (no subdirs) | False |
--help |
boolean | Show this message and exit. | False |
fetch¶
Fetch Lambda code from AWS for an existing snapshot.
Downloads deployment packages for Lambda functions that don't have code stored, or re-fetches all code with --force.
Handles versioned functions - will fetch code for the specific version/alias if specified in the function ARN.
Examples: awsinv lambda fetch my-snapshot awsinv lambda fetch my-snapshot --function my-func awsinv lambda fetch my-snapshot --max-size 100 awsinv lambda fetch my-snapshot --force awsinv lambda fetch my-snapshot --no-ssl-verify
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--function |
text | Specific function name (default: all without code) | None |
--max-size |
integer | Max code size (MB) to store inline. Larger stored to files. -1 for unlimited. | 50 |
--force |
boolean | Re-fetch code even if already stored | False |
--profile, -p |
text | AWS profile name | None |
--no-ssl-verify |
boolean | Disable SSL certificate verification for S3 downloads | False |
--help |
boolean | Show this message and exit. | False |
list¶
List Lambda functions with code information.
Shows which functions have code stored, their size, and hash.
Example: awsinv lambda list my-snapshot awsinv lambda list --all
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--all, -a |
boolean | Show all lambdas including those without code | False |
--help |
boolean | Show this message and exit. | False |
show¶
Show Lambda function code with syntax highlighting.
View code directly in terminal without extracting to disk.
Examples: awsinv lambda show my-function --list awsinv lambda show my-function --file index.js awsinv lambda show my-function --file handler.py
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Snapshot name (defaults to active) | None |
--file |
text | Show specific file from package | None |
--list |
boolean | List files in package | False |
--help |
boolean | Show this message and exit. | False |
normalize¶
Re-run AI normalization on an existing snapshot.
This command updates the normalized_name column for all resources in the specified snapshot using AI-based name normalization.
Use this to: - Backfill normalized names for snapshots created before AI normalization - Re-normalize with updated AI models or prompts - Preview normalizations with --dry-run before committing
Example: awsinv normalize --snapshot my-snapshot-20260113 awsinv normalize --snapshot my-snapshot --dry-run awsinv normalize --snapshot my-snapshot --no-ai
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Snapshot name to normalize | _required |
--dry-run |
boolean | Preview normalizations without saving | False |
--ai / --no-ai |
boolean | Use AI for ambiguous names (default: enabled) | True |
--help |
boolean | Show this message and exit. | False |
patterns¶
Infrastructure pattern library (define, compare, and browse reusable architecture patterns)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
add¶
Add a pattern YAML file to the library.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
compare¶
Compare a snapshot against the pattern library.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot |
text | Snapshot to compare | _required |
--pattern |
text | Target single pattern | None |
--threshold |
float | Minimum score threshold | 0.25 |
--output |
text | Export results to file | None |
--format |
text | Export format (json/yaml) | None |
--no-guidance |
boolean | Skip AI guidance generation | False |
--guardrails-policy |
text | Custom guardrails policy | None |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
compliance¶
Run compliance report across multiple snapshots.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot |
text | Snapshot names (repeat for multiple) | [] |
--pattern |
text | Target single pattern | None |
--threshold |
float | Minimum score threshold | 0.25 |
--output |
text | Export results to file | None |
--format |
text | Export format (json/yaml) | None |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
delete¶
Delete a pattern from the library.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--version |
integer | Specific version | None |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
export¶
Export a pattern to a file.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--version |
integer | Specific version | None |
--output, -o |
text | Output file path | _required |
--format, -f |
text | Export format (json/yaml) | yaml |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
generate¶
Generate a pattern using AI.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--from-snapshot |
text | Generate from snapshot | None |
--instructions |
text | AI instructions | None |
--output, -o |
text | Output file path | None |
--guardrails |
text | Comma-separated guardrail names | None |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
generate-iac¶
Generate IaC (Terraform/CDK) from a pattern.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--format, -f |
text | Output format: terraform, cdk-typescript, cdk-python | terraform |
--output-dir |
text | Output directory | ./output |
--version |
integer | Pattern version | None |
--guardrails |
boolean | Enable guardrails | False |
--guardrails-policy |
text | Custom guardrails policy | None |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
list¶
List all patterns in the library.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--tag |
text | Filter by tag | None |
--type |
text | Filter by resource type | None |
--search |
text | Search name/description | None |
--json |
boolean | JSON output | False |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
show¶
Show detailed information about a pattern.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--version |
integer | Specific version | None |
--json |
boolean | JSON output | False |
--library |
text | Override library location | None |
--help |
boolean | Show this message and exit. | False |
query¶
Query resources across snapshots using SQL
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
diff¶
Compare resources between two snapshots.
Shows resources that were added, removed, or modified between snapshots.
Example: awsinv query diff baseline-2024 current-2024 awsinv query diff snap1 snap2 --type s3:bucket
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--type, -t |
text | Filter by resource type | None |
--format, -f |
text | Output format: table, json, summary | table |
--help |
boolean | Show this message and exit. | False |
history¶
Show snapshot history for a specific resource.
Tracks when a resource appeared in snapshots and whether its configuration changed.
Example: awsinv query history "arn:aws:s3:::my-bucket"
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--format, -f |
text | Output format: table, json | table |
--help |
boolean | Show this message and exit. | False |
resources¶
Search resources with filters across all snapshots.
Examples: awsinv query resources --type s3:bucket awsinv query resources --region us-east-1 --type ec2 awsinv query resources --tag Environment=production awsinv query resources --arn "arn:aws:s3:::my-bucket*" awsinv query resources --snapshot baseline-2024 --type lambda
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--type, -t |
text | Filter by resource type (e.g., 's3:bucket', 'ec2') | None |
--region, -r |
text | Filter by region | None |
--tag |
text | Filter by tag (Key=Value) | None |
--arn |
text | Filter by ARN pattern (supports wildcards) | None |
--snapshot, -s |
text | Limit to specific snapshot | None |
--limit, -l |
integer | Maximum results to return | 100 |
--format, -f |
text | Output format: table, json | table |
--help |
boolean | Show this message and exit. | False |
sql¶
Execute raw SQL query against the resource database.
Only SELECT queries are allowed for safety. The database contains tables: - snapshots: Snapshot metadata - resources: Resource details (arn, type, name, region, config_hash) - resource_tags: Tags for each resource (resource_id, key, value) - inventories: Inventory definitions - audit_operations: Audit operation logs - audit_records: Individual resource audit records
Examples: awsinv query sql "SELECT resource_type, COUNT(*) as count FROM resources GROUP BY resource_type" awsinv query sql "SELECT r.arn FROM resources r JOIN resource_tags t ON r.id = t.resource_id" # Use --snapshot to automatically filter by snapshot_id awsinv query sql "SELECT * FROM resources" --snapshot my-snapshot
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--format, -f |
text | Output format: table, json, csv | table |
--limit, -l |
integer | Maximum results to return | 100 |
--snapshot, -s |
text | Filter by snapshot name | None |
--help |
boolean | Show this message and exit. | False |
stats¶
Show resource statistics and counts.
Examples: awsinv query stats awsinv query stats --group-by region awsinv query stats --snapshot baseline-2024 --group-by service
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Specific snapshot (default: all) | None |
--group-by, -g |
text | Group by: type, region, service, snapshot | type |
--format, -f |
text | Output format: table, json | table |
--help |
boolean | Show this message and exit. | False |
security¶
Security scanning (checks resource configurations against best practices, not AWS Security Hub)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
scan¶
Scan a snapshot for security misconfigurations and compliance issues.
See also: 'guardrails check' for IaC policy compliance checks on generated code.
Performs comprehensive security checks including: - Public S3 buckets - Open security groups (SSH, RDP, databases) - Publicly accessible RDS instances - EC2 instances with IMDSv1 enabled - IAM credentials older than 90 days - Secrets Manager secrets not rotated in 90+ days
Examples: # Scan a specific snapshot awsinv security scan --snapshot my-snapshot
# Scan with severity filter
awsinv security scan --snapshot my-snapshot --severity critical
# Export findings to JSON
awsinv security scan --snapshot my-snapshot --export findings.json
# Export to CSV
awsinv security scan --snapshot my-snapshot --export findings.csv --format csv
# Show only CIS-mapped findings
awsinv security scan --snapshot my-snapshot --cis-only
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--snapshot, -s |
text | Snapshot name to scan | None |
--collection, -i |
text | Collection name (uses active snapshot) | None |
--storage-dir |
text | Snapshot storage directory | None |
--severity |
text | Filter by severity: critical, high, medium, low | None |
--output, -o |
text | Export findings to file | None |
--format, -f |
text | Export format: json or csv | json |
--cis-only |
boolean | Show only findings with CIS Benchmark mappings | False |
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
serve¶
Launch web-based resource browser.
Starts a local web server with a beautiful UI for browsing snapshots, exploring resources, running queries, and managing cleanup operations.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--host, -h |
text | Host to bind to | 127.0.0.1 |
--port |
integer | Port to bind to | 8080 |
--open / --no-open |
boolean | Open browser on startup | True |
--reload |
boolean | Enable auto-reload for development | False |
--help |
boolean | Show this message and exit. | False |
snapshot¶
Manage snapshots (point-in-time captures of AWS resource metadata, not EBS/RDS snapshots)
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |
create¶
Create a new snapshot of AWS resources.
Captures resources from 26 AWS services: - IAM: Roles, Users, Groups, Policies - Lambda: Functions, Layers - S3: Buckets - EC2: Instances, Volumes, VPCs, Security Groups, Subnets, VPC Endpoints - RDS: DB Instances, DB Clusters (including Aurora) - CloudWatch: Alarms, Log Groups - SNS: Topics - SQS: Queues - DynamoDB: Tables - ELB: Load Balancers (Classic, ALB, NLB, GWLB) - CloudFormation: Stacks - API Gateway: REST APIs, HTTP APIs, WebSocket APIs - EventBridge: Event Buses, Rules - Secrets Manager: Secrets - KMS: Customer-Managed Keys - Systems Manager: Parameters, Documents - Route53: Hosted Zones - ECS: Clusters, Services, Task Definitions - EKS: Clusters, Node Groups, Fargate Profiles - Step Functions: State Machines - WAF: Web ACLs (Regional & CloudFront) - CodePipeline: Pipelines - CodeBuild: Projects - Backup: Backup Plans, Backup Vaults - Glue: Databases, Tables, Crawlers, Jobs, Connections
Historical Baselines & Filtering: Use --before-date, --after-date, --include-tags, and/or --exclude-tags to create snapshots representing resources as they existed at specific points in time or with specific characteristics.
Examples: - Production only: --include-tags Environment=production - Exclude test/dev: --exclude-tags Environment=test,Environment=dev - Multiple filters: --include-tags Team=platform,Environment=prod --exclude-tags Status=archived
Derived Snapshots: Use --from-snapshot to create a new snapshot from an existing one (no AWS API calls). Combine with filters to extract subsets: - EC2 only: --from-snapshot base --type ec2 - By creator: --from-snapshot base --created-by "admin-role" - Combined: --from-snapshot base --type s3 --region us-east-1 --tag Environment=prod
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--region, -r |
text | Region to snapshot (repeatable, e.g. --region us-east-1 --region us-west-2) | None |
--profile |
text | AWS profile name to use | None |
--collection |
text | Inventory name to use for filters (conflicts with --include-tags/--exclude-tags) | None |
--set-active / --no-set-active |
boolean | Set as active snapshot | True |
--compress |
boolean | Compress snapshot with gzip | False |
--before-date |
text | Include only resources created before date (YYYY-MM-DD) | None |
--after-date |
text | Include only resources created on/after date (YYYY-MM-DD) | None |
--filter-tags |
text | DEPRECATED: use --include-tags instead | None |
--include-tags |
text | Include only resources with ALL these tags (Key=Value,Key2=Value2) | None |
--exclude-tags |
text | Exclude resources with ANY of these tags (Key=Value,Key2=Value2) | None |
--created-by-role |
text | Tag resources created by this IAM role with _created_by_role (queries CloudTrail, 90-day limit) | None |
--track-creators |
boolean | Query CloudTrail to tag ALL resources with their creator (_created_by, _created_by_type) | False |
--config |
boolean | Use AWS Config for collection when available (default: disabled, use direct API) | False |
--config-aggregator |
text | AWS Config Aggregator name for multi-account collection | None |
--verbose, -v |
boolean | Show detailed collection method breakdown | False |
--lambda-code-max-size |
integer | Max Lambda code size (MB) to store inline. Larger packages stored to files. Default: 10. Use 0 for external-only, -1 for unlimited inline. | None |
--from-snapshot |
text | Source snapshot to derive from (no AWS API calls needed) | None |
--type, -t |
text | Filter by resource type (repeatable, flexible matching). Requires --from-snapshot. | None |
--tag |
text | Filter by tag Key=Value (repeatable, AND logic). Requires --from-snapshot. | None |
--search |
text | Filter by ARN substring (case-insensitive). Requires --from-snapshot. | None |
--created-by |
text | Filter by creator (substring match on _created_by or _created_by_role tags). Requires --from-snapshot. | None |
--help |
boolean | Show this message and exit. | False |
creators¶
List all resource creators for a snapshot.
Shows a summary of who created resources in the snapshot, including resource counts by creator and resource type breakdown. Requires snapshots to have creator information (use --track-creators when creating or enrich-creators).
Examples: awsinv snapshot creators # Creators for active snapshot awsinv snapshot creators baseline-2025 # Creators for specific snapshot awsinv snapshot creators --detailed # Show individual resources awsinv snapshot creators --export out.json # Export to JSON awsinv snapshot creators --export out.csv # Export to CSV
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--storage-path |
text | Override storage location | None |
--detailed |
boolean | Show individual resources for each creator | False |
--output, -o |
text | Export to file (format detected from extension: .json, .csv) | None |
--help |
boolean | Show this message and exit. | False |
delete¶
Delete a snapshot.
Cannot delete the active snapshot - set another snapshot as active first.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--yes, -y |
boolean | Skip confirmation prompt | False |
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
enrich-creators¶
Enrich an existing snapshot with creator information from CloudTrail.
Queries CloudTrail for resource creation events and tags resources with: - _created_by: ARN of the creator (role/user) - _created_by_type: Type of creator (AssumedRole, IAMUser, etc.) - _created_at: When the resource was created
Example: awsinv snapshot enrich-creators my-snapshot --regions us-east-1,us-west-2 awsinv snapshot enrich-creators # uses active snapshot
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--region, -r |
text | Region to query CloudTrail (repeatable) | None |
--profile, -p |
text | AWS profile name | None |
--days |
integer | Days to look back in CloudTrail (max 90) | 90 |
--no-cache |
boolean | Skip creator cache, force fresh CloudTrail queries | False |
--debug |
boolean | Enable verbose debug logging for matching diagnostics | False |
--help |
boolean | Show this message and exit. | False |
export¶
Export snapshot resources to YAML, JSON, or CSV.
Exports full resource data including raw_config, tags, and metadata. Supports filtering by type, region, tag, and ARN search.
See also: 'snapshot report' for an aggregated summary view (counts by service/region/type).
Output format is auto-detected from file extension, or defaults to YAML for stdout.
Examples: awsinv snapshot export # YAML to stdout awsinv snapshot export -o resources.yaml # YAML to file awsinv snapshot export -o resources.json # JSON (auto-detected) awsinv snapshot export --format csv -o resources.csv # CSV awsinv snapshot export --type ec2 --type s3 # Filter by type awsinv snapshot export --region us-east-1 # Filter by region awsinv snapshot export --tag Environment=production # Filter by tag awsinv snapshot export --search "my-bucket" # Filter by ARN pattern awsinv snapshot export --no-config -o slim.yaml # Exclude raw config
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--collection |
text | Use most recent snapshot from collection | None |
--output, -o |
text | Output file path (stdout if omitted) | None |
--format, -f |
text | Output format: yaml, json, csv | None |
--type, -t |
text | Filter by resource type (repeatable) | None |
--region, -r |
text | Filter by region (repeatable) | None |
--tag |
text | Filter by tag Key=Value (repeatable) | None |
--search |
text | Filter by ARN substring | None |
--no-config |
boolean | Exclude raw config from output | False |
--storage-path |
text | Override storage location | None |
--profile |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
list¶
List all available snapshots.
See also: 'snapshot show' for detailed resource contents, 'snapshot report' for aggregated summary.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
rename¶
Rename a snapshot.
Example: awsinv snapshot rename old-snapshot-name new-snapshot-name
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
report¶
Display resource summary report for a snapshot.
Shows aggregated resource counts by service, region, and type with visual progress bars and formatted output. Can export to JSON, CSV, or TXT formats.
See also: 'snapshot export' for full resource data export (including raw_config and tags).
Snapshot Selection (in order of precedence): 1. Explicit snapshot name argument 2. Most recent snapshot from specified --collection 3. Active snapshot (set via 'awsinv snapshot set-active')
Examples: awsinv snapshot report # Report on active snapshot awsinv snapshot report baseline-2025-01 # Report on specific snapshot awsinv snapshot report --collection prod # Most recent snapshot from 'prod' collection awsinv snapshot report --type ec2 # Filter by resource type awsinv snapshot report --region us-east-1 # Filter by region awsinv snapshot report --type ec2 --type lambda # Multiple filters awsinv snapshot report --output report.json # Export full report to JSON awsinv snapshot report --output resources.csv # Export resources to CSV awsinv snapshot report --export summary.txt # Export summary to TXT awsinv snapshot report --detailed --export details.json # Export detailed view
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--collection |
text | Collection name (required if multiple exist) | None |
--profile |
text | AWS profile name | None |
--storage-path |
text | Override storage location | None |
--type, -t |
text | Filter by resource type (repeatable) | None |
--region |
text | Filter by region (can specify multiple) | None |
--detailed |
boolean | Show detailed resource information (ARN, tags, creation date) | False |
--page-size |
integer | Resources per page in detailed view (default: 100) | 100 |
--output, -o |
text | Export report to file (format detected from extension: .json, .csv, .txt) | None |
--help |
boolean | Show this message and exit. | False |
set-active¶
Set a snapshot as the active snapshot.
The active snapshot is used by default for delta and cost analysis.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
show¶
Display detailed information about a snapshot.
See also: 'snapshot list' for all snapshots, 'snapshot report' for aggregated summary.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--profile, -p |
text | AWS profile name | None |
--help |
boolean | Show this message and exit. | False |
version¶
Show version information.
Usage:
Options:
| Name | Type | Description | Default |
|---|---|---|---|
--help |
boolean | Show this message and exit. | False |