aws-inventory-manager 0.13.2__py3-none-any.whl

aws_inventory_manager-0.13.2.dist-info/RECORD

@@ -0,0 +1,145 @@
+src/__init__.py,sha256=DMK4jB1kbfaPjMeyFvozB7wOQmpsX41md4fINtVJsyk,75
+src/aws/__init__.py,sha256=FcFY2cn8ZQCnActrZYH1hD0x4uFkM9bMBDOmuHA3_mw,253
+src/aws/client.py,sha256=CjqCxEsbgxQYWx_HF6g9_W-pfXl7yr1Z9armXyzuYpM,4089
+src/aws/credentials.py,sha256=mxj8lQf7TRG5dznQJ37rGQqfB-viHh_5VCt1C4xgqG0,6374
+src/aws/rate_limiter.py,sha256=b3dV4A9ftUsGgVMOQmv3IVO0Fkym2o1QDHKpFOdSYbg,5464
+src/cli/__init__.py,sha256=zstPcm000JdpuUuMRuqL2TkC-bnCpm0syHjAyu8ELcY,387
+src/cli/config.py,sha256=to_hVDxQh0WNANPDQKYlnZzCsFS6_bnrE745wZgRQe4,4286
+src/cli/main.py,sha256=7g1AFowwBXZQj0PrShQxq3FlLTRwUp6e7U-CiezMPFY,147763
+src/config_service/__init__.py,sha256=fqYfceBP_kPnp8PjYW9D_FqsWqrrOzsQTftBgp7-aTE,585
+src/config_service/collector.py,sha256=uW6m1feceYCOgANGWvxhbw23etcaqSQpmdIu-DTsWuk,12254
+src/config_service/detector.py,sha256=BoJC32DXN2f8x8U8RiOmjkGtnrTQrRuO568FHcMt_xU,8531
+src/config_service/resource_type_mapping.py,sha256=DyxmPcP0vQ2ouZ0hRS-oXUcViSNYSfzwXYuvoUu8cu8,8726
+src/cost/__init__.py,sha256=WpTwsWAm8wyCkB65gsCnzu89-r5G_hgrbL9zTqvQ8j8,122
+src/cost/analyzer.py,sha256=02WFkZErD-zfu1Jp8UDym3wTjuB0c3l5jadZmbGbBJk,10201
+src/cost/explorer.py,sha256=c4Yj7w5gmvoeD9iY7hseinj3Ij-g9Rh8YXWYZVkO6u4,6847
+src/cost/reporter.py,sha256=JPisT4C8YIt3vaQ1wD4VOAsRu5STNhp5Grs0ugQ0zA4,9609
+src/delta/__init__.py,sha256=ypHqn-VKswWWisVQC1sY_23VqHC_LIaSdQv6HIwYU4Y,120
+src/delta/calculator.py,sha256=5KKUKYiCQdTtfqB84llwej52Ev0r9B5SZfJ4aNuq37E,7833
+src/delta/differ.py,sha256=-7MESqWyO8srPhs9OlsLJjYx57qPwQRh93GsatqnoW8,6692
+src/delta/formatters.py,sha256=xhzph_iLGLD8yyflYCMTFZqWPmW9tB7hZsVHsgQDrzM,9209
+src/delta/models.py,sha256=_biiC136e-C2GljlIeW7ql5vC47Ss1M8a-jgw9K9rFg,5103
+src/delta/reporter.py,sha256=yqzof9snkJyJiOeGoLAla2pmnFNIPlR3brg7xrstpNA,8775
+src/models/__init__.py,sha256=5DFL_8ZgLE28EG8ORumMT3EfhFAxXrFa3yzQpQBSQxc,533
+src/models/config_diff.py,sha256=elh4oUgoln_sDC6lmkqfSd8k1pX9oqBPqTEgTksw5f8,4237
+src/models/cost_report.py,sha256=BzyWrMewHau7EpQyLm4WoesVY3WDPBOtGVdk_H8USuM,3079
+src/models/deletion_operation.py,sha256=bb2TiY_UsHEBk-B6qp1_miXOePTphhIAWRMnhYrh3k8,3468
+src/models/deletion_record.py,sha256=OxA3oDRKhGct_D0apaOBg5lPQqc5CdICswpXipCrnes,3311
+src/models/delta_report.py,sha256=TD0Jk2I9D5Fw2oXEkN6oUwMzGeIVfQzsRY-LK_MR8to,4854
+src/models/efs_resource.py,sha256=Jq8bzDKEYo8vB6M-Zz1RVowteD0nyxUhF8C6gumWe7E,2665
+src/models/elasticache_resource.py,sha256=WRHOjZ7m4cT7OwfL8GQp5Ays9S8i9RLGynkAr5aAB3o,3201
+src/models/group.py,sha256=suBBtO4ipRjZP1XptNfcMMkERcAtYTYf3YIkcYYRoeU,11452
+src/models/inventory.py,sha256=hEg5qQy_K8HvgtM7AyU1y1MX6c9xzsOefbCShCaH8PI,5157
+src/models/protection_rule.py,sha256=DjGJ6il9y6fPe5WTZzlq0BJwfAOyQf6vEwmT-SjDYsc,3929
+src/models/report.py,sha256=Qb9OKdPNRFxcfxk-9vFEnVctKaVWgg4aP-QTEBgJlxo,9288
+src/models/resource.py,sha256=jTpdJabrn0KRU6aGEiJZyUtZFTvXIDNgPDWx5MmIVZs,3882
+src/models/security_finding.py,sha256=RyTobHFg6n0eomCDVuL89zYevpmSInneZ4RtDHtms9U,3451
+src/models/snapshot.py,sha256=-kj9LYSrZSfSY44sc-TyJBNfjCYgegol8uCTXSJbNx8,4841
+src/restore/__init__.py,sha256=iTghVKlfBxzzIxaun_AafOXHNLbyMwimJGtSwZZIyYY,563
+src/restore/audit.py,sha256=XQH7iBrEFfSsewBesa677DZw1YXaqLqbvwByDq2vuTc,6538
+src/restore/cleaner.py,sha256=o_4jeLgHIku54rKkiNNVowdVw5LY8UdxTT9ikQnnAx0,16589
+src/restore/config.py,sha256=6MiqaIo_0x5V3F8XRKTvu24ij15IUiuQku39otySU7s,6536
+src/restore/deleter.py,sha256=mqsg0w6vWeGBqVcvz82VjsHTeAltgS65Kevxv0eie_o,41483
+src/restore/dependency.py,sha256=WNEgJAQHqpOF6ir9cjiUtGVbckQfRvToOWeJCtzR76U,9190
+src/restore/safety.py,sha256=_LIlkcJdCJCXx9aopZuRrd18R8Ag-rv5G-xG20TOf14,3971
+src/security/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+src/security/cis_mapper.py,sha256=rLSQobH1a1fa_tc9nQpaOPGSx1Wt7vlomxSyyyNwdqI,3147
+src/security/models.py,sha256=IASZUo9_35W3nwnehmpiW-X19WaJANYOpB_OUHEltHk,1579
+src/security/reporter.py,sha256=oe84rm0-FRhUgIHERyozkWIJpg7LIA-TPsxG8FiZOGw,5543
+src/security/scanner.py,sha256=JGWHYZJ2VHXzas6nvsqSlkd3PsU6dg6VnAfJZABmvEY,3293
+src/security/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+src/security/checks/base.py,sha256=2e-i55dVO-0N8squB6vUg5DEPZnTvW6XPpLPQLW5s0I,1371
+src/security/checks/ec2_checks.py,sha256=hUO1cTN-zd45WEGy7xZIzb7LMOjdggTc8YfLyEVA38M,3113
+src/security/checks/elasticache_checks.py,sha256=CGkF-6e5Z7iCKj3dvghyMsU9aF9abnLs7Xu7MPFvy4I,6108
+src/security/checks/iam_checks.py,sha256=k-kSf4zmVZ7svrajt_-jPW5bDGyLrswAX2E9KhfqXbU,3952
+src/security/checks/rds_checks.py,sha256=oRmflzwLf3_JeMEJt-pCoPKGFgwC2BdItzuUQYyyXEo,5112
+src/security/checks/s3_checks.py,sha256=usHrGBmmIZc4PEDSMRRE1H8A_NwUxV2kiIVeLaPCauc,3387
+src/security/checks/secrets_checks.py,sha256=2bJY0Hqb1PwUYid5XZCC6y4hgWle3sRtwYNVh4jmUBw,3631
+src/security/checks/sg_checks.py,sha256=BmipY31beybajxSbS_HoDkSXFYTQFhjXWNxuYYPEP2U,4731
+src/snapshot/__init__.py,sha256=trHfRe_8jxjQVb48cDLVH3gs2Y7YQtsX2gFL4OB9qRc,237
+src/snapshot/capturer.py,sha256=DZqDnyeum9m4AzSH-jj6wrz5I3QpHcdAHWRAE-LL4qc,17975
+src/snapshot/filter.py,sha256=UPVTi23NHJYKFTD4ss8PazDHh-NIC2lWLvjJnr9Y7QY,9158
+src/snapshot/inventory_storage.py,sha256=eOwGzYhUrvnv_usgEaUF-0_cDGGf21k-vjRRKP7Z5Hs,7739
+src/snapshot/report_formatter.py,sha256=WR7Adqq5FjJqu3iIWAnOZ9yp6AuJH1kA6uKKpT7jrT4,8266
+src/snapshot/reporter.py,sha256=CZp5fj6RcHoD5a3-1unwq5KKIxrQA38rLWCjspnyvvI,6628
+src/snapshot/storage.py,sha256=29zyNelW4QeH0C5E-GYnD5N4sQvyXtiZgPG8OYw4R7c,11826
+src/snapshot/resource_collectors/__init__.py,sha256=QSJiStvbmqd_uCI6c4T03-3PMb0UmxAROZwVHPk25gc,94
+src/snapshot/resource_collectors/apigateway.py,sha256=X916NdfRzUMNmMuyJdB_BrgTu1p7P7NwslPxWcPW4CU,4748
+src/snapshot/resource_collectors/backup.py,sha256=mWySnU_47Se88uJN33scZovpUYPYwGRNMo3ur_yyqT0,4795
+src/snapshot/resource_collectors/base.py,sha256=kpn0gRbf6PBb_1CA-0e6lnaI7jCm7mXPEsFwVNGSY-k,2369
+src/snapshot/resource_collectors/cloudformation.py,sha256=YqMwzEF9neoXebRRfN0s8BT8ex66hWOPJQXk0aaLmxQ,1892
+src/snapshot/resource_collectors/cloudwatch.py,sha256=JW4RMWl4hD_NTuAWtOV4v5FIPRY-opKuJeIecKxmzWI,4095
+src/snapshot/resource_collectors/codebuild.py,sha256=VQjw-KSu4lA5kN7ci63vaphpPIgY4ZelYaFWTV7uD7M,2485
+src/snapshot/resource_collectors/codepipeline.py,sha256=-1Dait_7Yzz-a_B9OtbsKNNzovbns0YKuFSifY0b5OU,3372
+src/snapshot/resource_collectors/dynamodb.py,sha256=QRtEH5uLwrqF0yBIeHX_RLnOYovSnbcdTy6oo4xg9ZY,2463
+src/snapshot/resource_collectors/ec2.py,sha256=hvor4Z0ofznR8sLvrK_OdvNh7-mvuDZeDOXPr1-X-qg,8441
+src/snapshot/resource_collectors/ecs.py,sha256=90uj0FBU9uF03OZ7RkkS1Mc3g5YSz0v2hWYCOYS5NXw,8379
+src/snapshot/resource_collectors/efs_collector.py,sha256=58ouqtCF16bxDO66-M1LojyVpJASyhv6D7RJ2KQC3DQ,4015
+src/snapshot/resource_collectors/eks.py,sha256=T7Rh4ij3frxYgIfAcZNk0xNpoahwBfsQWcs14xcB5rE,7746
+src/snapshot/resource_collectors/elasticache_collector.py,sha256=g7mVa9ZlE0DBITnA-i565REZRpumWMnqZuLVHcVO0Gw,2830
+src/snapshot/resource_collectors/elb.py,sha256=af3IeKUv_FUfcLwYcnDajh4_4eSWtelvoazKCptehnQ,5125
+src/snapshot/resource_collectors/eventbridge.py,sha256=abHxh0Iob6YrumdzmFugpRGWFqE0uVRVt89gajdq5q4,6062
+src/snapshot/resource_collectors/iam.py,sha256=N5QQO7E5opV-3CiOuoW_W0x-m_2alOjYs0-Q_loS-rQ,6732
+src/snapshot/resource_collectors/kms.py,sha256=ioJUO2C7XawrGGnvpNA1pVT0GdHDI4pmbeqpACgf7Dc,4524
+src/snapshot/resource_collectors/lambda_func.py,sha256=bjlWj_orHlU7vVT91c9ZcEAsXSPB7f4jgUWAMfa3C1w,5289
+src/snapshot/resource_collectors/rds.py,sha256=Q4kdYZ4eDyLwAVTTM49PWh8Gg1NII-NBiY4_h5YafKw,4127
+src/snapshot/resource_collectors/route53.py,sha256=oCFoEba-f80cf6e4R69Ovzp0eDgAZl_nNx4AkZ1L7zk,3311
+src/snapshot/resource_collectors/s3.py,sha256=de90KYNHZ3b9UZ0csJlrw-Z5p1VgtU4sHyF0-5eft34,3749
+src/snapshot/resource_collectors/secretsmanager.py,sha256=0daVuZE_VEk185boKM09Pc0A7E4b83jRztWYNMQm6bM,2673
+src/snapshot/resource_collectors/sns.py,sha256=rsRyA95iBkildU2ytNeKihxOzwnwpUGkgZON2MOLTrY,2539
+src/snapshot/resource_collectors/sqs.py,sha256=BK4LZJWjP7y2sItVEnn1-OHmDyNlhKlp--Bs2YIw7Mk,3112
+src/snapshot/resource_collectors/ssm.py,sha256=EhyeGfK_17cqhDGuEM-KBg6TpAYj4kSNUvuNnfpeWes,6258
+src/snapshot/resource_collectors/stepfunctions.py,sha256=I8TYniEzSX2jKZbSX6WI02eet5uP5ekn63uKnMaStEc,2950
+src/snapshot/resource_collectors/vpcendpoints.py,sha256=tclcLPRxFmE5vwQQPwFQv2nbOc-4qVFnUaSJ4oDMU7w,2994
+src/snapshot/resource_collectors/waf.py,sha256=HUNshQ_WHbIK3nAyNwhb21uHkMC7ywSOke28b-5ECRg,6461
+src/storage/__init__.py,sha256=4LrT-bm45zLK6VUyKsx3jyK_L270A48t-w2-0ceb9PM,554
+src/storage/audit_store.py,sha256=zO7L9o-8N31PsiLJ72wvmodoDrFtFeya05Ebfes8a5Y,14123
+src/storage/database.py,sha256=j-IJ4LiNs7PgXH0L3FtMlmbId1TaGjNCcYjgn3dt7sQ,9465
+src/storage/group_store.py,sha256=6sCqKwFTNHUOin08V1AXlN2scam2khSwf_cgisvD-M0,24832
+src/storage/inventory_store.py,sha256=hRxdL2oqDTvtIuyNiR9IoBFjH1jOe3DV43C8Ybt-aTU,10601
+src/storage/resource_store.py,sha256=MB8JVvlq5zZJcjLbIL6R6dtPfqK6hpV0JhzSjiofez0,13111
+src/storage/schema.py,sha256=PFDVbC12RGh-VP1CNLqFc6V_QCmblGkf63VCaHuPKGU,10274
+src/storage/snapshot_store.py,sha256=TI87NQmpMRG1lXcx8HvcKGPJuOyhzH0WmaUK0C2blZc,11855
+src/utils/__init__.py,sha256=1qjjL3wxB7ye6s3AT4h5hQ9Xgi7y0WllUMmTpiZWC54,284
+src/utils/export.py,sha256=lBUxLGkvtdzTFq2VKRmHgf18ZROiorHGGHlbeG7ixxc,8929
+src/utils/hash.py,sha256=w6jJqNR64IEcgMIrIY-M1QXuo_CkH0sbT8I6JcFQJqo,1747
+src/utils/logging.py,sha256=D39u9xrDSr_HlqedKa2yz-vmbCKulNAkJNVfG571UXY,2558
+src/utils/pagination.py,sha256=BoMk2lP65-tGP1U6aUAuJPU7M-JroSvyfpScLKcGYxg,1153
+src/utils/paths.py,sha256=EgO41-XE1KOmF0drY2YlJkzNQIb3WPsrGtPvsc0hVqY,1607
+src/utils/progress.py,sha256=H8_6AtVsw-_-P40E57ECofkFw0v1Lq6uEVSofuxCXxY,936
+src/utils/unsupported_resources.py,sha256=wN2fkN4Vpq2X_CXhpN2K0ewojeghrY3H4ARAL6lvCk4,10349
+src/web/__init__.py,sha256=JIdxc2oP_DBW6BK8MFeYMCGGI-DO1K0ybUkML36Dg1A,100
+src/web/app.py,sha256=G-cVVCakvBI3ErsHfE_RYznrjm6dnOeTbd0x6glypT4,2819
+src/web/dependencies.py,sha256=Fp2J05-9rFYshs-fN_mlTPFPqpOsp5V3ilI5ReqwW6c,1736
+src/web/routes/__init__.py,sha256=sFFDPD60smOOMalYMdiSFy0cmTM8co00A3ZZiP-915Q,26
+src/web/routes/pages.py,sha256=TZjTMgQw88cpakJsYf4D3HdCTC5PgdoWXLH-zXg6oCs,5717
+src/web/routes/api/__init__.py,sha256=q1ysdpJ1-3-Ux5sM3eH9nJCXya5AjeB077KnClVj1CI,712
+src/web/routes/api/charts.py,sha256=V-2MtmsihptC9eikpw_u2VbJIyhMl-stUEO6QT27mSA,4136
+src/web/routes/api/cleanup.py,sha256=27HOlGZJa4lh5cbuBWuVbtUgji7YVka-ojjswG-vhz8,6695
+src/web/routes/api/filters.py,sha256=ILQmkxtpQjRh1XsRSmzet62Mfg-uVfl6UfLCDKzEqhM,7708
+src/web/routes/api/groups.py,sha256=5ipRMBU8xpQHYtu29aJwfOmHYUMhu3kZWNxWVIRrQvg,8890
+src/web/routes/api/inventories.py,sha256=dN2WSLlQB2HrDwOM9XdpM3dpoC2zDDE1V8O-Anculv4,2541
+src/web/routes/api/queries.py,sha256=vETfCAaLk_HX9IQNbmKpc5XD4-cbs3UYrQA_uGjzkYw,5444
+src/web/routes/api/resources.py,sha256=C2lXj3FqFmptIeUTWChJEEG8Z5MC_R-LSPUBrSX1tJg,12958
+src/web/routes/api/snapshots.py,sha256=rZHifGAB8abop1iungV8ubYE7bwMf5u55zyypbHy-uo,9860
+src/web/routes/api/views.py,sha256=MSFr6woupQA3-ftwv0zhwNadlYlQAsBzTjfb3o-KwGg,7843
+src/web/services/__init__.py,sha256=CdQNRtr3v5VA5wpZ2d4SqhxwtfaDacxs29IYrVlaCFg,28
+src/web/templates/base.html,sha256=EueO9AnupiS52R-jmLU35DkUC_7Bel24QyGRWVFaUK0,34109
+src/web/templates/components/navbar.html,sha256=GX-rtm2vDSAcvY-lGaXvemTT04m9X5OIm9W60STl4Do,1997
+src/web/templates/components/sidebar.html,sha256=TCclf5c3ss0f_D9P4H7R_uJLoqUxkUzTInCJZQ1f5No,9131
+src/web/templates/pages/audit_logs.html,sha256=0shhlDlQ0Ghlxqu7wlAbSvEwv15G1V3gSratDVu1_nY,4930
+src/web/templates/pages/cleanup.html,sha256=SzJPTY10ax_9T1XEM0juFLf1b5dyHcKHPQTIAUn-0cg,16204
+src/web/templates/pages/dashboard.html,sha256=t6FKnpdkk6Um4JrtE5IJKF81KRMifVttCp09HjddXGs,10581
+src/web/templates/pages/diff.html,sha256=UeRqKd6Op2XXNkNg916km7KICMPngh8FVxiaSQuxoO8,8489
+src/web/templates/pages/error.html,sha256=rCnXvdqhrXQX8RungpL35q6iAU77ntQTnC-B52zYkdo,1715
+src/web/templates/pages/groups.html,sha256=N2Bj44Bx5hTiXap9b_dIPjan_CS_9pAqJeJYAs5o-z0,43176
+src/web/templates/pages/queries.html,sha256=sf167CjkCQmx0jZQsEorgSO2N3zVyISdEIpxkhZVr7E,12443
+src/web/templates/pages/resources.html,sha256=fygTKEcER7e_L2jDKZD6G3MewWFWBvIHGMbBxW8GqMY,123801
+src/web/templates/pages/snapshot_detail.html,sha256=hHoM_smOhVnDhsqHRrjv_Bk3V2WsUcsjOhFEy6qqDDs,12457
+src/web/templates/pages/snapshots.html,sha256=3b47IQgkN4mxJpqjUaJ_lPqYUqM2Icz44Ad8CesZpvM,22536
+aws_inventory_manager-0.13.2.dist-info/LICENSE,sha256=-lY65BqqcGV9QVjIoTpYEB0Jaddm9j-cS5ICDRBRQo0,1071
+aws_inventory_manager-0.13.2.dist-info/METADATA,sha256=F4QepgckeuJ9n529xrQrLlBBztr7uzSuNTchDF_sxtw,42531
+aws_inventory_manager-0.13.2.dist-info/WHEEL,sha256=beeZ86-EfXScwlR_HKu4SllMC9wUEj_8Z_4FJ3egI2w,91
+aws_inventory_manager-0.13.2.dist-info/entry_points.txt,sha256=Ktdhto-PER5BtwWKYBtU_-FS3ngiGtAGGeoLzRW2qUw,44
+aws_inventory_manager-0.13.2.dist-info/top_level.txt,sha256=74rtVfumQlgAPzR5_2CgYN24MB0XARCg0t-gzk6gTrM,4
+aws_inventory_manager-0.13.2.dist-info/RECORD,,

aws_inventory_manager-0.13.2.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (76.1.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

aws_inventory_manager-0.13.2.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+awsinv = src.cli:cli_main

aws_inventory_manager-0.13.2.dist-info/top_level.txt

@@ -0,0 +1 @@
+src

src/__init__.py

@@ -0,0 +1,3 @@
+"""AWS Baseline Snapshot & Delta Tracking tool."""
+
+__version__ = "0.13.1"

src/aws/__init__.py

@@ -0,0 +1,11 @@
+"""AWS client utilities and wrappers."""
+
+from .client import create_boto_client
+from .credentials import validate_credentials
+from .rate_limiter import RateLimiter
+
+__all__ = [
+    "create_boto_client",
+    "validate_credentials",
+    "RateLimiter",
+]

src/aws/client.py

@@ -0,0 +1,128 @@
+"""Boto3 client wrapper with retry configuration and error handling."""
+
+import logging
+from typing import Any, List, Optional
+
+import boto3
+from botocore.config import Config
+from botocore.exceptions import ClientError, NoCredentialsError
+
+logger = logging.getLogger(__name__)
+
+
+# Aggressive retry configuration for batch operations
+DEFAULT_RETRY_CONFIG = Config(
+    retries={"max_attempts": 10, "mode": "adaptive"},  # Adaptive retry mode (boto3 1.16+)
+    max_pool_connections=50,
+    connect_timeout=60,
+    read_timeout=60,
+)
+
+
+def create_boto_client(
+    service_name: str,
+    region_name: str = "us-east-1",
+    profile_name: Optional[str] = None,
+    retry_config: Optional[Config] = None,
+) -> Any:
+    """Create boto3 client with retry configuration and error handling.
+
+    Args:
+        service_name: AWS service name (e.g., 'ec2', 'iam', 'lambda')
+        region_name: AWS region (default: 'us-east-1')
+        profile_name: AWS profile name from ~/.aws/config (optional)
+        retry_config: Custom botocore Config object (optional)
+
+    Returns:
+        Configured boto3 client
+
+    Raises:
+        NoCredentialsError: If AWS credentials are not found
+        ClientError: If client creation fails
+    """
+    if retry_config is None:
+        retry_config = DEFAULT_RETRY_CONFIG
+
+    try:
+        # Create session (with or without profile)
+        if profile_name:
+            session = boto3.Session(profile_name=profile_name)
+            client = session.client(service_name, region_name=region_name, config=retry_config)
+        else:
+            client = boto3.client(service_name, region_name=region_name, config=retry_config)
+
+        logger.debug(f"Created {service_name} client for region {region_name}")
+        return client
+
+    except NoCredentialsError:
+        logger.error("AWS credentials not found")
+        raise
+    except ClientError as e:
+        logger.error(f"Failed to create {service_name} client: {e}")
+        raise
+    except Exception as e:
+        logger.error(f"Unexpected error creating {service_name} client: {e}")
+        raise
+
+
+def get_enabled_regions(profile_name: Optional[str] = None) -> List[str]:  # type: ignore
+    """Get list of enabled AWS regions for the account.
+
+    Args:
+        profile_name: AWS profile name (optional)
+
+    Returns:
+        List of enabled region names
+    """
+    try:
+        ec2_client = create_boto_client("ec2", region_name="us-east-1", profile_name=profile_name)
+        response = ec2_client.describe_regions(AllRegions=False)  # Only enabled regions
+        regions = [region["RegionName"] for region in response["Regions"]]
+        logger.info(f"Found {len(regions)} enabled regions")
+        return regions
+    except Exception as e:
+        logger.warning(f"Could not retrieve enabled regions: {e}")
+        # Return default set of common regions
+        return [
+            "us-east-1",
+            "us-east-2",
+            "us-west-1",
+            "us-west-2",
+            "eu-west-1",
+            "eu-central-1",
+            "ap-southeast-1",
+            "ap-northeast-1",
+        ]
+
+
+def check_client_connection(client: Any) -> bool:
+    """Test if a boto3 client can connect to AWS.
+
+    Args:
+        client: Boto3 client instance
+
+    Returns:
+        True if connection successful, False otherwise
+    """
+    try:
+        # Different services have different test methods
+        service_name = client._service_model.service_name
+
+        if service_name == "sts":
+            client.get_caller_identity()
+        elif service_name == "ec2":
+            client.describe_regions(MaxResults=1)
+        elif service_name == "iam":
+            client.list_users(MaxItems=1)
+        elif service_name == "lambda":
+            client.list_functions(MaxItems=1)
+        elif service_name == "s3":
+            client.list_buckets()
+        else:
+            # Generic test - just try to get service metadata
+            client._make_api_call("ListObjects", {})
+
+        return True
+    except Exception as e:
+        logger.debug(f"Client connection test failed: {e}")
+        return False

src/aws/credentials.py

@@ -0,0 +1,191 @@
+"""AWS credential validation and permission checking."""
+
+import logging
+from typing import Any, Dict, List, Optional
+
+import boto3
+from botocore.exceptions import ClientError, NoCredentialsError, PartialCredentialsError
+
+logger = logging.getLogger(__name__)
+
+
+class CredentialValidationError(Exception):
+    """Raised when AWS credentials are invalid or missing."""
+
+    pass
+
+
+def validate_credentials(profile_name: Optional[str] = None) -> Dict[str, Any]:
+    """Validate AWS credentials and return caller identity information.
+
+    Args:
+        profile_name: AWS profile name from ~/.aws/config (optional)
+
+    Returns:
+        Dictionary with account ID, user ID, and ARN
+
+    Raises:
+        CredentialValidationError: If credentials are invalid or missing
+    """
+    try:
+        if profile_name:
+            session = boto3.Session(profile_name=profile_name)
+            sts_client = session.client("sts")
+        else:
+            sts_client = boto3.client("sts")
+
+        # Get caller identity to validate credentials
+        identity = sts_client.get_caller_identity()
+
+        logger.debug(f"Validated credentials for account {identity['Account']}")
+
+        return {
+            "account_id": identity["Account"],
+            "user_id": identity["UserId"],
+            "arn": identity["Arn"],
+        }
+
+    except NoCredentialsError:
+        error_msg = (
+            "AWS credentials not found. Please configure credentials using one of these methods:\n"
+            "  1. Run: aws configure\n"
+            "  2. Set environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY\n"
+            "  3. Use --profile option with a configured profile\n\n"
+            "For more info: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html"
+        )
+        logger.error("No AWS credentials found")
+        raise CredentialValidationError(error_msg)
+
+    except PartialCredentialsError as e:
+        error_msg = f"Incomplete AWS credentials: {e}"
+        logger.error(error_msg)
+        raise CredentialValidationError(error_msg)
+
+    except ClientError as e:
+        error_code = e.response.get("Error", {}).get("Code", "Unknown")
+        if error_code == "InvalidClientTokenId":
+            error_msg = "AWS credentials are invalid. Please check your access key ID."
+        elif error_code == "SignatureDoesNotMatch":
+            error_msg = "AWS credentials signature mismatch. Please check your secret access key."
+        elif error_code == "ExpiredToken":
+            error_msg = "AWS credentials have expired. Please refresh your temporary credentials."
+        else:
+            error_msg = f"AWS credential validation failed: {e}"
+
+        logger.error(error_msg)
+        raise CredentialValidationError(error_msg)
+
+    except Exception as e:
+        error_msg = f"Unexpected error validating credentials: {e}"
+        logger.error(error_msg)
+        raise CredentialValidationError(error_msg)
+
+
+def check_required_permissions(
+    profile_name: Optional[str] = None, required_actions: Optional[List[str]] = None
+) -> Dict[str, bool]:
+    """Check if credentials have required IAM permissions.
+
+    Note: This is a best-effort check using IAM policy simulation.
+    Some permissions may not be accurately detected.
+
+    Args:
+        profile_name: AWS profile name (optional)
+        required_actions: List of IAM actions to check (e.g., ['ec2:DescribeInstances'])
+
+    Returns:
+        Dictionary mapping action names to permission status (True/False)
+    """
+    if required_actions is None:
+        # Default minimum required permissions for snapshot operations
+        required_actions = [
+            "ec2:DescribeInstances",
+            "ec2:DescribeRegions",
+            "iam:ListRoles",
+            "lambda:ListFunctions",
+            "s3:ListAllMyBuckets",
+        ]
+
+    try:
+        # Get caller identity first
+        identity = validate_credentials(profile_name)
+
+        if profile_name:
+            session = boto3.Session(profile_name=profile_name)
+            iam_client = session.client("iam")
+        else:
+            iam_client = boto3.client("iam")
+
+        results = {}
+
+        # Try to simulate policy for each action
+        for action in required_actions:
+            try:
+                response = iam_client.simulate_principal_policy(
+                    PolicySourceArn=identity["arn"],
+                    ActionNames=[action],
+                )
+
+                # Check if action is allowed
+                eval_results = response.get("EvaluationResults", [])
+                if eval_results:
+                    decision = eval_results[0].get("EvalDecision", "deny")
+                    results[action] = decision.lower() == "allowed"
+                else:
+                    results[action] = False
+
+            except ClientError as e:
+                # If simulation fails (e.g., lack of iam:SimulatePrincipalPolicy permission),
+                # we can't determine the permission status
+                logger.debug(f"Could not check permission for {action}: {e}")
+                results[action] = None  # Unknown
+
+        return results
+
+    except Exception as e:
+        logger.warning(f"Permission check failed: {e}")
+        return {action: None for action in required_actions}  # type: ignore
+
+
+def get_account_id(profile_name: Optional[str] = None) -> str:
+    """Get AWS account ID for the current credentials.
+
+    Args:
+        profile_name: AWS profile name (optional)
+
+    Returns:
+        12-digit AWS account ID
+
+    Raises:
+        CredentialValidationError: If credentials are invalid
+    """
+    identity = validate_credentials(profile_name)
+    return identity["account_id"]
+
+
+def get_credential_summary(profile_name: Optional[str] = None) -> str:
+    """Get a human-readable summary of current AWS credentials.
+
+    Args:
+        profile_name: AWS profile name (optional)
+
+    Returns:
+        Formatted string with credential information
+    """
+    try:
+        identity = validate_credentials(profile_name)
+
+        summary = f"""
+AWS Credentials Valid
+Account ID: {identity['account_id']}
+User/Role: {identity['arn'].split('/')[-1]}
+ARN: {identity['arn']}
+"""
+
+        if profile_name:
+            summary += f"Profile: {profile_name}\n"
+
+        return summary.strip()
+
+    except CredentialValidationError as e:
+        return f"Credential Validation Failed:\n{e}"

src/aws/rate_limiter.py

@@ -0,0 +1,177 @@
+"""Rate limiter utility using token bucket algorithm."""
+
+import logging
+import time
+from threading import Lock
+from typing import Dict, Optional
+
+logger = logging.getLogger(__name__)
+
+
+# Service-specific rate limits (calls per second)
+# Based on AWS API throttling limits
+SERVICE_RATE_LIMITS: Dict[str, float] = {
+    "iam": 5.0,  # IAM has strict rate limits (global service)
+    "cloudformation": 2.0,  # CloudFormation is particularly slow
+    "sts": 10.0,  # STS is also rate-limited
+    "default": 10.0,  # Conservative default for other services
+}
+
+
+class RateLimiter:
+    """Token bucket rate limiter for controlling API call frequency.
+
+    This prevents hitting AWS API rate limits by throttling client-side
+    before the request is even made.
+    """
+
+    def __init__(self, rate: float):
+        """Initialize rate limiter.
+
+        Args:
+            rate: Maximum number of calls per second
+        """
+        self.rate = rate
+        self.tokens = rate
+        self.last_update = time.time()
+        self.lock = Lock()
+
+        logger.debug(f"Initialized rate limiter with rate {rate} calls/sec")
+
+    def acquire(self, blocking: bool = True) -> bool:
+        """Acquire permission to make an API call.
+
+        This method will block until a token is available (if blocking=True)
+        or return immediately (if blocking=False).
+
+        Args:
+            blocking: If True, wait until token available. If False, return immediately.
+
+        Returns:
+            True if token acquired, False if blocking=False and no token available
+        """
+        with self.lock:
+            now = time.time()
+            elapsed = now - self.last_update
+
+            # Refill tokens based on elapsed time
+            self.tokens = min(self.rate, self.tokens + elapsed * self.rate)
+            self.last_update = now
+
+            if self.tokens >= 1:
+                # Token available
+                self.tokens -= 1
+                return True
+            else:
+                # No token available
+                if not blocking:
+                    return False
+
+                # Calculate how long to sleep
+                sleep_time = (1 - self.tokens) / self.rate
+                logger.debug(f"Rate limiter sleeping for {sleep_time:.3f}s")
+
+        # Sleep outside the lock to allow other threads
+        time.sleep(sleep_time)
+
+        # Acquire token after sleeping
+        with self.lock:
+            self.tokens = 0
+            self.last_update = time.time()
+            return True
+
+    def try_acquire(self) -> bool:
+        """Try to acquire a token without blocking.
+
+        Returns:
+            True if token acquired, False otherwise
+        """
+        return self.acquire(blocking=False)
+
+
+class ServiceRateLimiter:
+    """Manages rate limiters for different AWS services."""
+
+    def __init__(self, rate_limits: Optional[Dict[str, float]] = None):
+        """Initialize service rate limiter.
+
+        Args:
+            rate_limits: Dictionary mapping service names to rates (optional)
+        """
+        self.rate_limits = rate_limits or SERVICE_RATE_LIMITS
+        self._limiters: Dict[str, RateLimiter] = {}
+        self._lock = Lock()
+
+    def get_limiter(self, service_name: str) -> RateLimiter:
+        """Get or create a rate limiter for a service.
+
+        Args:
+            service_name: AWS service name (e.g., 'iam', 'ec2')
+
+        Returns:
+            RateLimiter instance for the service
+        """
+        with self._lock:
+            if service_name not in self._limiters:
+                rate = self.rate_limits.get(service_name, self.rate_limits["default"])
+                self._limiters[service_name] = RateLimiter(rate)
+                logger.debug(f"Created rate limiter for {service_name} ({rate} calls/sec)")
+
+            return self._limiters[service_name]
+
+    def acquire(self, service_name: str, blocking: bool = True) -> bool:
+        """Acquire permission to call an AWS service API.
+
+        Args:
+            service_name: AWS service name
+            blocking: Whether to block until token available
+
+        Returns:
+            True if token acquired
+        """
+        limiter = self.get_limiter(service_name)
+        return limiter.acquire(blocking=blocking)
+
+    def try_acquire(self, service_name: str) -> bool:
+        """Try to acquire permission without blocking.
+
+        Args:
+            service_name: AWS service name
+
+        Returns:
+            True if token acquired, False otherwise
+        """
+        return self.acquire(service_name, blocking=False)
+
+
+# Global service rate limiter instance
+_global_limiter: Optional[ServiceRateLimiter] = None
+
+
+def get_global_rate_limiter() -> ServiceRateLimiter:
+    """Get the global service rate limiter instance.
+
+    Returns:
+        Global ServiceRateLimiter instance
+    """
+    global _global_limiter
+    if _global_limiter is None:
+        _global_limiter = ServiceRateLimiter()
+    return _global_limiter
+
+
+def rate_limited_call(service_name: str, func, *args, **kwargs):  # type: ignore[no-untyped-def]
+    """Execute a function with rate limiting applied.
+
+    Args:
+        service_name: AWS service name for rate limiting
+        func: Function to call
+        *args: Positional arguments to pass to func
+        **kwargs: Keyword arguments to pass to func
+
+    Returns:
+        Result of func(*args, **kwargs)
+    """
+    limiter = get_global_rate_limiter()
+    limiter.acquire(service_name)
+    return func(*args, **kwargs)