The AWS logs don’t lie.

When a change slips through your infrastructure or a resource drifts out of compliance, CloudTrail holds the record. The challenge is turning that raw history into fast, reliable answers. This is where Infrastructure Resource Profiles, CloudTrail Query, and Runbooks come together as one system of control.

Infrastructure Resource Profiles define the known, correct state of your cloud environment. They outline the specific attributes, configurations, and dependencies for each resource. When profiles are kept accurate, you can detect deviations instantly.

CloudTrail Query gives you the ability to slice into event history with precision. Instead of scrolling through JSON dumps or scanning endless log lines, you run targeted queries: who changed what, when, and from where. When combined with profiles, a CloudTrail query becomes a compliance check in real time — pinpointing unauthorized changes or actions outside policy.

Runbooks automate the response. They take the query results and trigger defined remediation steps: rolling back changes, locking permissions, or sending escalation alerts. No manual digging, no duplicated effort. Resource Profiles define the desired state, CloudTrail Query finds the divergence, Runbooks lock it back into place.

Together, these three components form a repeatable pattern:

1. Define the resource profiles.
2. Query CloudTrail for drift or suspicious activity.
3. Execute runbooks to restore compliance.

This workflow cuts delay, reduces human error, and keeps audit trails tight. It scales across accounts and regions because each step is machine-readable and testable. When infrastructure changes, you don’t guess. You verify. You correct. You move on.

Build it once and run it when needed — or schedule it to run continuously. The moment a resource drifts, you’ll know. And you’ll fix it before it becomes a problem.

See how it works at hoop.dev and run it live in minutes.