replimap 0.1.0__tar.gz

replimap-0.1.0/.dockerignore

@@ -0,0 +1,39 @@
+# Git
+.git
+.gitignore
+
+# Python
+__pycache__
+*.py[cod]
+*$py.class
+*.so
+.Python
+.venv
+venv
+ENV
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+
+# Build
+dist
+build
+*.egg-info
+.eggs
+
+# Test
+.pytest_cache
+.coverage
+htmlcov
+.mypy_cache
+.ruff_cache
+
+# Project
+*.md
+!README.md
+tests
+docs
+Makefile

replimap-0.1.0/.github/workflows/release.yml

@@ -0,0 +1,91 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.11
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev
+
+      - name: Run tests
+        run: uv run pytest tests/ -v
+
+      - name: Build package
+        run: uv build
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+  publish-testpypi:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/replimap
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  publish-pypi:
+    needs: [build, publish-testpypi]
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/replimap
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  github-release:
+    needs: publish-pypi
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist/
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*
+          generate_release_notes: true
+          draft: false

replimap-0.1.0/.github/workflows/test.yml

@@ -0,0 +1,64 @@
+name: Test
+
+on:
+  push:
+    branches: [main, develop, "claude/*"]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12", "3.13", "3.14"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "latest"
+
+      - name: Set up Python ${{ matrix.python-version }}
+        run: uv python install ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev
+
+      - name: Run ruff format check
+        run: uv run ruff format --check .
+
+      - name: Run ruff lint
+        run: uv run ruff check .
+
+      - name: Run tests with coverage
+        run: uv run pytest tests/ -v --cov=replimap --cov-report=xml --cov-report=term
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        if: matrix.python-version == '3.12'
+        with:
+          files: ./coverage.xml
+          fail_ci_if_error: false
+
+  type-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "latest"
+
+      - name: Set up Python
+        run: uv python install 3.12
+
+      - name: Install dependencies
+        run: uv sync --all-extras --dev
+
+      - name: Run mypy
+        run: uv run mypy replimap --ignore-missing-imports
+        continue-on-error: true

replimap-0.1.0/.gitignore

@@ -0,0 +1,73 @@
+# Python
+__pycache__/
+.pypirc
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.nox/
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Generated outputs (can be regenerated with `replimap clone`)
+terraform/
+staging-tf/
+!templates/*.j2
+
+# Terraform
+.terraform/
+*.tfstate
+*.tfstate.*
+crash.log
+crash.*.log
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraformrc
+terraform.rc
+
+# Logs
+*.log
+
+# OS
+.DS_Store
+Thumbs.db

replimap-0.1.0/CHANGELOG.md

@@ -0,0 +1,140 @@
+# Changelog
+
+All notable changes to RepliMap will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+- Graph-based selection engine for intelligent resource filtering
+  - Selection modes: VPC_SCOPE, ENTRY_POINT, TAG_BASED
+  - Boundary handling for network, identity, and global resources
+  - Clone vs reference decision matrix
+  - YAML configuration file support for complex selection scenarios
+- New CLI options: `--scope`, `--entry`, `--config`
+- Scan result caching with `--cache` flag for incremental scans
+- **Makefile generation** for easier Terraform workflow management
+  - Targets: `init`, `plan`, `apply`, `destroy`, `validate`, `fmt`, `clean`, etc.
+  - Filtered planning: `plan-target`, `plan-include`, `plan-exclude`
+  - JSON output: `plan-json` for automation
+  - Quick validation: `quick-validate` (no tfvars needed)
+  - State management: `state-list`, `state-show`, `state-mv`, `state-rm`
+- **test-terraform.sh** script for automated validation
+  - Phases: fmt check → init → validate → plan (optional)
+  - Colored output with clear pass/fail indicators
+- **tfplan.txt** human-readable plan output alongside binary tfplan
+- **terraform fmt** integration - auto-formats generated files
+- **terraform.tfvars.example** with smart variable detection
+  - Includes AWS CLI commands for finding AMIs, certificates, etc.
+  - All dynamic variables with helpful comments
+
+### Changed
+- Legacy filter options (`--vpc`, `--types`) marked as deprecated but still supported
+- RDS password variables now have default placeholder for `terraform plan` to succeed
+
+### Fixed
+- **Boundary resource handling**: VPC Peering and Transit Gateway routes are now commented out with clear instructions (prevents staging→production routing)
+- **ASG Target Group ARNs**: Now searches graph by ARN and name, comments out if not found (prevents hardcoded production ARN leakage)
+- **EBS Snapshot IDs**: Commented out by default for staging (creates empty volumes)
+- **ElastiCache Redis 6+ version format**: Strips patch version (6.2.6 → 6.2) as required by Terraform
+- **S3 bucket name length**: Skips environment suffix if name would exceed 63 characters
+- **Security Group circular dependencies**: Rules referencing other SGs use separate `aws_security_group_rule` resources
+
+## [0.1.0] - 2025-01-XX
+
+### Added
+
+#### Core Features
+- Graph-based AWS resource scanning engine using NetworkX
+- Support for VPC, Subnet, Security Group, EC2, RDS, and S3 resources
+- Dependency tracking between resources (VPC → Subnet → EC2)
+- Topological sorting for correct Terraform resource ordering
+
+#### Scanners (24 Resource Types)
+- VPC Scanner: Scans VPCs, Subnets, and Security Groups
+- EC2 Scanner: Scans EC2 instances with AMI and security group associations
+- RDS Scanner: Scans RDS instances and DB Subnet Groups
+- S3 Scanner: Scans S3 bucket configurations
+- Networking Scanner: Internet Gateways, NAT Gateways, Route Tables, VPC Endpoints
+- Compute Scanner: Launch Templates, Auto Scaling Groups, ALB/NLB, Target Groups, Listeners
+- ElastiCache Scanner: ElastiCache Clusters and Subnet Groups, DB Parameter Groups
+- Storage Scanner: EBS Volumes, S3 Bucket Policies
+- Messaging Scanner: SQS Queues, SNS Topics
+- Async Scanner Base: Support for concurrent scanning with aiobotocore
+
+#### Transformers
+- Sanitization Transformer: Removes secrets, passwords, and sensitive data
+- Downsize Transformer: Reduces EC2, RDS, ElastiCache, Launch Template, and ASG sizes
+- Renaming Transformer: Converts prod → staging naming conventions
+- Network Remapper: Updates resource references for new environment
+
+#### Renderers
+- Terraform Renderer (Free+): Generates Terraform HCL files
+- CloudFormation Renderer (Solo+): Generates AWS CloudFormation YAML
+- Pulumi Renderer (Pro+): Generates Pulumi Python code
+
+#### Commercial Features
+- License management system with plan tiers (Free, Solo, Pro, Team, Enterprise)
+- Feature gating with `@feature_gate` and `@require_plan` decorators
+- Usage tracking with monthly quotas
+- Local license caching with offline grace period
+
+#### CLI Commands
+- `replimap scan`: Scan AWS resources and build dependency graph
+- `replimap clone`: Generate Infrastructure-as-Code from scan
+- `replimap load`: Load and display saved graphs
+- `replimap license activate`: Activate a license key
+- `replimap license status`: Show current license and plan
+- `replimap license usage`: Display usage statistics
+- `replimap license deactivate`: Remove license
+- `replimap profiles`: List available AWS profiles
+- `replimap cache status`: Show cached credentials
+- `replimap cache clear`: Clear credential cache
+
+#### CLI UX Improvements
+- Interactive mode (`-i`) for guided setup
+- AWS profile region auto-detection from `~/.aws/config`
+- MFA credential caching (12-hour TTL) to avoid repeated prompts
+- Short `-h` option for help on all commands
+
+#### Performance & Reliability
+- Parallel scanning with ThreadPoolExecutor (4 workers default)
+- AWS rate limit handling with exponential backoff retry
+- Configurable via environment variables (`REPLIMAP_MAX_WORKERS`, `REPLIMAP_MAX_RETRIES`)
+- Dev mode (`REPLIMAP_DEV_MODE=1`) for local development without license limits
+
+#### Developer Experience
+- Rich console output with progress spinners and tables
+- Comprehensive test suite with 331 tests
+- CI/CD with GitHub Actions (Python 3.11, 3.12, 3.13, 3.14)
+- ruff for formatting and linting
+- mypy for type checking
+- Timezone-aware datetime handling throughout
+
+### Security
+- Read-only AWS permissions only
+- Local data processing (no external uploads)
+- Automatic sensitive data sanitization
+- Minimal IAM policy requirements
+
+## Plan Comparison
+
+| Feature | Free | Solo ($49) | Pro ($99) | Team ($199) | Enterprise ($499+) |
+|---------|------|------------|-----------|-------------|-------------------|
+| Resources/Scan | 5 | ∞ | ∞ | ∞ | ∞ |
+| Scans/Month | 3 | ∞ | ∞ | ∞ | ∞ |
+| AWS Accounts | 1 | 1 | 3 | 10 | ∞ |
+| Terraform Output | ✅ | ✅ | ✅ | ✅ | ✅ |
+| CloudFormation | ❌ | ✅ | ✅ | ✅ | ✅ |
+| Pulumi | ❌ | ❌ | ✅ | ✅ | ✅ |
+| Async Scanning | ❌ | ✅ | ✅ | ✅ | ✅ |
+| Web Dashboard | ❌ | ❌ | ✅ | ✅ | ✅ |
+| Collaboration | ❌ | ❌ | ❌ | ✅ | ✅ |
+| SSO | ❌ | ❌ | ❌ | ❌ | ✅ |
+
+---
+
+[Unreleased]: https://github.com/replimap/replimap/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/replimap/replimap/releases/tag/v0.1.0

replimap-0.1.0/Dockerfile

@@ -0,0 +1,23 @@
+# RepliMap Docker Image
+# Build: docker build -t replimap/replimap .
+# Run:   docker run -v ~/.aws:/root/.aws replimap/replimap scan --profile prod
+
+FROM python:3.11-slim
+
+LABEL maintainer="RepliMap Team <team@replimap.dev>"
+LABEL description="AWS Infrastructure Staging Cloner"
+LABEL org.opencontainers.image.source="https://github.com/replimap/replimap"
+
+# Install replimap
+RUN pip install --no-cache-dir replimap
+
+# Create non-root user for security (optional, can run as root for AWS creds)
+# RUN useradd -m -s /bin/bash replimap
+# USER replimap
+
+# Set working directory
+WORKDIR /workspace
+
+# Default command shows help
+ENTRYPOINT ["replimap"]
+CMD ["--help"]

replimap-0.1.0/IAM_POLICY.md

@@ -0,0 +1,170 @@
+# RepliMap IAM Policy
+
+RepliMap requires **read-only** access to scan your AWS resources. This document provides the minimum required IAM permissions.
+
+## Recommended Policy
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "RepliMapReadOnly",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcs",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags",
+                "ec2:DescribeAvailabilityZones",
+                "ec2:DescribeRouteTables",
+                "ec2:DescribeInternetGateways",
+                "ec2:DescribeNatGateways",
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBSubnetGroups",
+                "rds:DescribeDBSecurityGroups",
+                "rds:ListTagsForResource",
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketLocation",
+                "s3:GetBucketTagging",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketEncryption",
+                "sts:GetCallerIdentity"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Setup Instructions
+
+### Option 1: Create a Dedicated IAM User
+
+1. Go to IAM Console → Users → Add User
+2. Name: `replimap-scanner`
+3. Access type: Programmatic access
+4. Attach the policy above
+5. Save the access keys
+
+```bash
+# Configure AWS CLI
+aws configure --profile replimap
+# Enter the access key ID and secret
+```
+
+### Option 2: Create an IAM Role (Recommended for EC2/ECS)
+
+1. Go to IAM Console → Roles → Create Role
+2. Select "AWS service" → EC2/ECS
+3. Attach the policy above
+4. Name: `replimap-scanner-role`
+
+### Option 3: Use Existing Profile with Restricted Permissions
+
+If you have an existing AWS profile, you can create a more restricted policy:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "RepliMapVPCRead",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcs",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeSecurityGroups"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "ec2:Region": "us-east-1"
+                }
+            }
+        }
+    ]
+}
+```
+
+## Verification
+
+Test your permissions with:
+
+```bash
+# Verify identity
+aws sts get-caller-identity --profile replimap
+
+# Test VPC access
+aws ec2 describe-vpcs --profile replimap --region us-east-1
+
+# Test with RepliMap
+replimap scan --profile replimap --region us-east-1
+```
+
+## Security Best Practices
+
+1. **Use Read-Only Permissions**: Never grant write permissions to RepliMap
+2. **Restrict by Region**: Limit access to specific regions if possible
+3. **Use IAM Roles**: Prefer roles over access keys when running on AWS
+4. **Rotate Credentials**: Regularly rotate access keys
+5. **Enable CloudTrail**: Monitor API calls made by RepliMap
+
+## What RepliMap Does NOT Do
+
+- ❌ Create, modify, or delete any AWS resources
+- ❌ Access S3 bucket contents (only metadata)
+- ❌ Read database contents
+- ❌ Access secrets or credentials
+- ❌ Make cross-account API calls
+- ❌ Upload any data to external services
+
+## Permissions by Resource Type
+
+| Resource | Actions Required | Purpose |
+|----------|-----------------|---------|
+| VPC | `ec2:DescribeVpcs` | Scan VPC configurations |
+| Subnet | `ec2:DescribeSubnets` | Scan subnet configurations |
+| Security Group | `ec2:DescribeSecurityGroups` | Scan security rules |
+| EC2 Instance | `ec2:DescribeInstances` | Scan instance configurations |
+| RDS Instance | `rds:DescribeDBInstances` | Scan database configurations |
+| S3 Bucket | `s3:ListAllMyBuckets`, `s3:GetBucket*` | Scan bucket configurations |
+| STS | `sts:GetCallerIdentity` | Verify authentication |
+
+## Troubleshooting
+
+### "Access Denied" Error
+
+```
+AccessDeniedException: User: arn:aws:iam::123456789012:user/replimap
+is not authorized to perform: ec2:DescribeVpcs
+```
+
+**Solution**: Ensure the IAM policy is correctly attached to your user/role.
+
+### "InvalidClientTokenId" Error
+
+```
+InvalidClientTokenId: The security token included in the request is invalid.
+```
+
+**Solution**: Check your AWS credentials are correctly configured:
+
+```bash
+aws configure list --profile replimap
+```
+
+### Region-Specific Issues
+
+If you only have access to specific regions:
+
+```bash
+# Specify the region explicitly
+replimap scan --profile replimap --region eu-west-1
+```
+
+## Questions?
+
+- Open an issue on [GitHub](https://github.com/replimap/replimap/issues)
+- Email: support@replimap.io

replimap-0.1.0/LICENSE

@@ -0,0 +1,31 @@
+RepliMap Proprietary License
+
+Copyright (c) 2024-2025 RepliMap. All rights reserved.
+
+This software and associated documentation files (the "Software") are the
+proprietary property of RepliMap and are protected by copyright law and
+international treaties.
+
+PERMITTED USE:
+- Personal evaluation and testing
+- Use in accordance with a valid commercial license agreement
+
+RESTRICTIONS:
+Without a valid commercial license, you may NOT:
+- Use the Software in production environments
+- Redistribute, sublicense, or sell copies of the Software
+- Modify, adapt, or create derivative works based on the Software
+- Remove or alter any proprietary notices or labels on the Software
+
+COMMERCIAL LICENSING:
+For commercial use, enterprise licensing, or custom deployments, please
+contact: licensing@replimap.io
+
+DISCLAIMER:
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

replimap-0.1.0/MANIFEST.in

@@ -0,0 +1,13 @@
+include LICENSE
+include README.md
+include CHANGELOG.md
+recursive-include replimap/templates *.tf *.tf.j2 *.jinja2
+recursive-include replimap *.py
+global-exclude __pycache__
+global-exclude *.pyc
+global-exclude *.pyo
+global-exclude .git*
+global-exclude .env*
+prune replimap-backend
+prune tests
+prune docs