inventory.lz-cross-validate
Type: commands | Track: Enterprise | Version: 1.0.0
Run the Landing Zone Inventory 4-Way Cross-Validation pipeline across all AWS accounts. Orchestrates multi-account inventory with persona reports (CFO/CTO/CloudOps/FinOps), decommission candidate analysis, and 3-agent scoring (PO+CA+QA sequential). Docker-first execution via nnthanh101/runbooks:cloudops.
Quick Start
pip install runbooks
# Full inventory with all persona reports and decommission analysis
runbooks inventory workflow-multi-account --cross-validate --persona all
# FinOps persona only, no decommission analysis
runbooks inventory workflow-multi-account --cross-validate --persona finops --decommission false
For the full ADLC pipeline (coordination enforcement, 4-way cross-validation, 3-agent scoring), invoke /inventory:lz-cross-validate from the ADLC command interface.
Parameter Reference
| Parameter | CLI Flag | Default | Description |
|---|---|---|---|
| Persona | --persona | all | cfo, cto, cloudops, finops, all — generates all 4 reports |
| Decommission | --decommission | true | Include decommission candidate analysis |
| Dry run | --dry-run | false | Show what would be collected without executing |
Phase Overview
| Phase | Name | Description |
|---|---|---|
| 0-COORD | Coordination gate | product-owner and cloud-architect logs required (BLOCKING) |
| 0A | SSO preflight | Profile validity check across all LZ profiles |
| 1 | Org-wide discovery | Config Aggregator P1 path — all accounts in single query |
| 2 | Cross-validation | 4-way variance check (Config Aggregator vs Resource Explorer vs direct API vs runbooks CLI) |
| 3 | Persona reports | CFO / CTO / CloudOps / FinOps formatted output |
| 4 | Decommission analysis | Signal-scored candidates (E1-E7, S1-S7) per account |
| 5 | 3-agent scoring | PO + CA + QA sequential (not parallel — prevents race conditions) |
Deliverables
| Artifact | Format | Audience |
|---|---|---|
| Inventory summary | Markdown | HITL, CxO |
| CFO report | Markdown | CFO |
| CTO report | Markdown | CTO |
| CloudOps report | Markdown | CloudOps team |
| FinOps report | Markdown | FinOps team |
| Decommission candidates | CSV | CloudOps, FinOps |
| Cross-validation result | JSON | QA, Evidence |
| 3-agent scoring | JSON | Governance audit |
Benefits
- Config Aggregator P1 path — org-wide inventory in a single query (prevents
NARROW_SEARCH_SCOPE) - 4-way cross-validation verifies inventory completeness — not just one data source
- Decommission analysis uses validated signals (E1-E7, S1-S7) — not estimated figures
- 3-agent scoring runs SEQUENTIALLY — prevents
RACE_CONDITION_SCORINGanti-pattern
When to Use
| Attribute | Detail |
|---|---|
| Persona | CloudOps Engineer |
| Trigger | Multi-account inventory needed — monthly FinOps review requiring a validated count of all resources across the Landing Zone, or when a new account was added and the inventory baseline needs refreshing |
| Business Value | 4-way cross-validated inventory across all AWS accounts with persona-specific reports — replaces per-account manual inventory (67 accounts would take hours) with a single pipeline that runs in under 3 minutes and validates completeness |
| Frequency | Monthly |
Example: As a CloudOps Engineer, I need a validated inventory across all Landing Zone accounts because the FinOps team requires a monthly resource count with decommission candidates identified before the cost optimization sprint. I run /inventory:lz-cross-validate which discovers all resources via Config Aggregator, cross-validates against 3 other sources, generates persona-specific reports, and produces a decommission candidate list with signal scores and savings attribution.
Enterprise-only. Contact sales for licensing details.