cloudops.weekly-cert-report
Type: commands | Track: Enterprise | Version: 1.0.0
Weekly certificate status report with cross-validation, persona-aware triage, and CxO stakeholder email. Mirrors the finops:aws-monthly enterprise pattern for certificate lifecycle governance. Delegates to security-compliance-engineer.
Quick Start
pip install runbooks
# Weekly cert report (default: 90-day window, all modes)
runbooks cert report --ops-profile $AWS_OPERATIONS_PROFILE --all-accounts
# Executive mode with stakeholder email
runbooks cert report --ops-profile $AWS_OPERATIONS_PROFILE --all-accounts --mode executive
For the full ADLC pipeline, invoke /cloudops:weekly-cert-report from the ADLC command interface.
Parameter Reference
| Parameter | CLI Flag | Default | Description |
|---|---|---|---|
| Days window | --days | 90 | Show certs expiring within N days |
| Ops profile | --ops-profile | $AWS_OPERATIONS_PROFILE | AWS profile with Config Aggregator access |
| Mode | --mode | all | executive, cto, sre, cloudops — persona output |
| Azure | --azure | false | Include Azure Key Vault certificates |
Deliverables
| Artifact | Format | Audience |
|---|---|---|
| Cert status report | Markdown | HITL, Security team |
| Stakeholder email | Plain text | CxO, management |
| Expiry triage | Rich table | CloudOps |
| Cross-validation result | JSON | QA, Evidence |
Benefits
- Weekly cadence prevents certificate expiry surprises — 90-day window with CRITICAL bucket for expired + in-use certs
- Persona-aware output — executive summary for CxO, detailed triage for CloudOps
- CxO stakeholder email generated — ready for copy-paste distribution
- Cross-validated against CLI ground truth (prevents silent Config Aggregator drift)
When to Use
| Attribute | Detail |
|---|---|
| Persona | Security Engineer / HITL |
| Trigger | Weekly certificate monitoring cycle — every Monday, or when a cert within the 90-day window needs CxO-level awareness before a critical expiry |
| Business Value | Cross-validated cert status with CxO stakeholder email — replaces manual ACM console navigation with a single command that produces a HITL-ready report and a draft email for management distribution |
| Frequency | Weekly |
Example: As a Security Engineer, I need the weekly certificate report because a CRITICAL cert (expired + in-use) appeared in the triage last week and the CTO needs a weekly status email until all CRITICAL certs are renewed. I run /cloudops:weekly-cert-report which produces the persona-formatted triage, cross-validates cert counts, and generates the CxO stakeholder email as cert-email.txt ready for distribution.
Enterprise-only. Contact sales for licensing details.