Validate a disaster-recovery runbook against actual infrastructure by checking every step references a real, currently-deployed component.
Reads a disaster-recovery runbook and verifies that each named component (S3 bucket, RDS instance, Kubernetes service, IAM role) actually exists in the live infrastructure. Flags steps referencing components that have been renamed or retired.
runbook_path: markdown file containing the runbook.cloud: aws, gcp, or azure.infra_state: a Terraform state file or terraform show -json output as a fallback inventory source.s3://[a-z0-9.\-]{3,63} and arn:aws:s3:::....arn:aws:rds:... or db-identifier patterns.service/<name>, deployment/<name>, namespace <ns>.arn:aws:iam::*:role/....aws s3api head-bucket --bucket <name>.aws rds describe-db-instances --db-instance-identifier <id>.kubectl get <kind>/<name> -n <ns>.aws iam get-role --role-name <name>.exists or not-found per identifier, plus the step number where it appears.infra_state if provided to disambiguate "not-found via API but expected to be created lazily".aws iam attach-role-policy flags exist; aws s3 deprecated forms; kubectl API versions removed in target cluster's K8s version.dr-runbook-validation.md with: a Pass/Warn/Fail verdict, table of identifiers and their status, deprecated-command list, and a "Manual Review" section for items the script can't validate automatically.
For each exists identifier, run a second non-destructive verification (e.g., aws s3api list-objects --max-keys 1) to confirm the bucket is not just present but accessible. For not-found identifiers, search Terraform state to determine whether the component was renamed; if so, suggest the new name. Re-run the validator after the runbook is updated; expected outcome is zero not-found rows.
<env>-bucket): substitute from a known env list and validate each substitution.unverified.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/dr-runbook-validator.
Read-only AWS surface — list/describe EC2, S3 buckets, IAM users, and Lambda functions. Auth via STS-assumed role; no mutating tools.
Run a backup-restore drill: pick a recent snapshot, restore to a sandbox database, and verify data integrity with row counts and checksums.
Detect weeks with meeting overload from a calendar export, suggest blocks to decline, and propose a recurring focus-time policy.
Read-only Cloudflare surface — list zones, DNS records, deployed Workers, and page rules. Auth via scoped API token; no mutating tools.
Identify imports and module-init code that contribute to Cloudflare Worker cold starts and propose lazy-load rewrites.
Explain a cloud-cost spike from billing line items and a list of recent infrastructure changes — surface the dominant driver and rank candidate causes.