runbooks 0.9.8__py3-none-any.whl → 1.0.0__py3-none-any.whl

runbooks/finops/vpc_cleanup_optimizer.py

@@ -47,9 +47,11 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning, print_info,
     create_table, create_progress_bar, format_cost, create_panel, STATUS_INDICATORS
 )
+from ..common.aws_pricing import DynamicAWSPricing
 from .embedded_mcp_validator import EmbeddedMCPValidator
 from ..common.profile_utils import get_profile_for_operation
-from ..enterprise.security import EnterpriseSecurityModule
+from ..security.enterprise_security_framework import EnterpriseSecurityFramework
+from ..vpc.mcp_no_eni_validator import NOENIVPCMCPValidator, DynamicDiscoveryResults
 
 logger = logging.getLogger(__name__)
 
@@ -87,6 +89,28 @@ class VPCCleanupCandidate(BaseModel):
     risk_assessment: str = "medium"  # low, medium, high
     business_impact: str = "minimal"  # minimal, moderate, significant
     tags: Dict[str, str] = Field(default_factory=dict)
+    
+    # Enhanced fields for advanced filtering
+    account_id: Optional[str] = None
+    flow_logs_enabled: bool = False
+    load_balancers: List[str] = Field(default_factory=list)
+    iac_detected: bool = False
+    owners_approvals: List[str] = Field(default_factory=list)
+    
+    @property
+    def is_no_eni_vpc(self) -> bool:
+        """Check if VPC has zero ENI attachments (safe for cleanup)."""
+        return self.dependency_analysis.eni_count == 0
+    
+    @property
+    def is_nil_vpc(self) -> bool:
+        """Check if VPC has no resources (empty VPC)."""
+        return (
+            self.dependency_analysis.eni_count == 0 and
+            len(self.dependency_analysis.route_tables) <= 1 and  # Only default route table
+            len(self.dependency_analysis.nat_gateways) == 0 and
+            len(self.dependency_analysis.vpc_endpoints) == 0
+        )
 
 
 class VPCCleanupResults(BaseModel):
@@ -102,6 +126,7 @@ class VPCCleanupResults(BaseModel):
     evidence_hash: Optional[str] = None
     safety_assessment: str = "graduated_risk_approach"
     security_assessment: Optional[Dict[str, Any]] = None
+    multi_account_context: Optional[Dict[str, Any]] = Field(default_factory=dict)
 
 
 class VPCCleanupOptimizer:
@@ -129,7 +154,55 @@ class VPCCleanupOptimizer:
         
         print_info(f"VPC Cleanup Optimizer initialized with profile: {self.profile}")
 
-    def analyze_vpc_cleanup_opportunities(self) -> VPCCleanupResults:
+    def filter_vpcs_by_criteria(self, candidates: List[VPCCleanupCandidate], 
+                               no_eni_only: bool = False,
+                               filter_type: str = "all") -> List[VPCCleanupCandidate]:
+        """
+        Filter VPC candidates based on specified criteria.
+        
+        Args:
+            candidates: List of VPC cleanup candidates
+            no_eni_only: If True, show only VPCs with zero ENI attachments
+            filter_type: Filter type - 'none', 'default', or 'all'
+        
+        Returns:
+            Filtered list of VPC candidates
+        """
+        filtered_candidates = candidates.copy()
+        
+        # Apply no-ENI-only filter
+        if no_eni_only:
+            filtered_candidates = [
+                candidate for candidate in filtered_candidates 
+                if candidate.is_no_eni_vpc
+            ]
+            print_info(f"🔍 No-ENI filter applied - {len(filtered_candidates)} VPCs with zero ENI attachments")
+        
+        # Apply type-based filters
+        if filter_type == "none":
+            # Show only VPCs with no resources (nil VPCs)
+            filtered_candidates = [
+                candidate for candidate in filtered_candidates
+                if candidate.is_nil_vpc
+            ]
+            print_info(f"📋 'None' filter applied - {len(filtered_candidates)} VPCs with no resources")
+        
+        elif filter_type == "default":
+            # Show only default VPCs
+            filtered_candidates = [
+                candidate for candidate in filtered_candidates
+                if candidate.is_default
+            ]
+            print_info(f"🏠 'Default' filter applied - {len(filtered_candidates)} default VPCs")
+        
+        elif filter_type == "all":
+            # Show all VPCs (no additional filtering)
+            print_info(f"📊 'All' filter applied - {len(filtered_candidates)} total VPCs")
+        
+        return filtered_candidates
+
+    def analyze_vpc_cleanup_opportunities(self, no_eni_only: bool = False, 
+                                        filter_type: str = "all") -> VPCCleanupResults:
         """
         Comprehensive VPC cleanup analysis with three-bucket strategy.
         
@@ -143,7 +216,7 @@ class VPCCleanupOptimizer:
         
         Returns: Comprehensive cleanup analysis with validated savings
         """
-        print_header("VPC Cleanup Cost Optimization Engine", "v0.9.1")
+        print_header("VPC Cleanup Cost Optimization Engine", "v0.9.9")
         print_info("AWSO-05 Implementation - Three-Bucket Strategy")
         
         # Initialize MCP validator for accuracy validation
@@ -155,12 +228,22 @@ class VPCCleanupOptimizer:
         # Step 2: Dependency analysis for each VPC
         analyzed_candidates = self._analyze_vpc_dependencies(vpc_candidates)
         
+        # Step 2.5: Apply filtering based on criteria
+        filtered_candidates = self.filter_vpcs_by_criteria(
+            analyzed_candidates, 
+            no_eni_only=no_eni_only,
+            filter_type=filter_type
+        )
+        
         # Step 3: Three-bucket classification
-        bucket_classification = self._classify_three_bucket_strategy(analyzed_candidates)
+        bucket_classification = self._classify_three_bucket_strategy(filtered_candidates)
         
         # Step 4: Enhanced VPC security assessment integration
         security_assessment = self._perform_vpc_security_assessment(analyzed_candidates)
         
+        # Step 4.5: Re-classify buckets after security assessment (ensure NO-ENI VPCs stay in Bucket 1)
+        bucket_classification = self._ensure_no_eni_bucket_1_classification(bucket_classification)
+        
         # Step 5: Cost calculation and savings estimation
         cost_analysis = self._calculate_vpc_cleanup_costs(bucket_classification)
         
@@ -175,6 +258,295 @@ class VPCCleanupOptimizer:
         
         return results
 
+    def analyze_vpc_cleanup_opportunities_multi_account(self, 
+                                                       account_ids: List[str],
+                                                       accounts_info: Dict[str, Any],
+                                                       no_eni_only: bool = False, 
+                                                       filter_type: str = "all",
+                                                       progress_callback=None) -> 'VPCCleanupResults':
+        """
+        ENHANCED: Multi-account VPC cleanup analysis with Organizations integration.
+        
+        Critical Fix: Instead of assuming cross-account access, this method aggregates
+        VPC discovery from the current profile's accessible scope, which may span
+        multiple accounts if the profile has appropriate permissions.
+        
+        Args:
+            account_ids: List of account IDs from Organizations discovery
+            accounts_info: Account metadata from Organizations API
+            no_eni_only: Filter to only VPCs with zero ENI attachments
+            filter_type: Filter criteria ("all", "no-eni", "default", "tagged")
+            progress_callback: Optional callback for progress updates
+            
+        Returns: Aggregated VPC cleanup analysis across accessible accounts
+        """
+        print_header("Multi-Account VPC Cleanup Analysis", "v0.9.9")
+        print_info(f"🏢 Analyzing VPCs across {len(account_ids)} organization accounts")
+        print_info(f"🔐 Using profile: {self.profile} (scope: accessible accounts only)")
+        
+        # Initialize analysis timing
+        self.analysis_start_time = time.time()
+        
+        # Initialize MCP validator for accuracy validation
+        self.mcp_validator = EmbeddedMCPValidator([self.profile])
+        
+        if progress_callback:
+            progress_callback("Initializing multi-account discovery...")
+        
+        # Enhanced VPC discovery with organization context
+        vpc_candidates = self._discover_vpc_candidates_multi_account(account_ids, accounts_info, progress_callback)
+        
+        if progress_callback:
+            progress_callback("Analyzing VPC dependencies...")
+            
+        # Follow standard analysis pipeline
+        analyzed_candidates = self._analyze_vpc_dependencies(vpc_candidates)
+        filtered_candidates = self.filter_vpcs_by_criteria(
+            analyzed_candidates, 
+            no_eni_only=no_eni_only,
+            filter_type=filter_type
+        )
+        
+        if progress_callback:
+            progress_callback("Performing three-bucket classification...")
+            
+        bucket_classification = self._classify_three_bucket_strategy(filtered_candidates)
+        security_assessment = self._perform_vpc_security_assessment(analyzed_candidates)
+        bucket_classification = self._ensure_no_eni_bucket_1_classification(bucket_classification)
+        
+        if progress_callback:
+            progress_callback("Calculating cost analysis...")
+            
+        cost_analysis = self._calculate_vpc_cleanup_costs(bucket_classification)
+        validation_results = self._validate_analysis_with_mcp(cost_analysis)
+        
+        if progress_callback:
+            progress_callback("Generating comprehensive results...")
+            
+        # Generate results with multi-account context
+        results = self._generate_comprehensive_results(cost_analysis, validation_results, security_assessment)
+        
+        # Add multi-account metadata
+        results.multi_account_context = {
+            'total_accounts_analyzed': len(account_ids),
+            'accounts_with_vpcs': len(set(candidate.account_id for candidate in vpc_candidates if candidate.account_id)),
+            'organization_id': accounts_info.get('organization_id', 'unknown'),
+            'accounts': [
+                {
+                    'account_id': account_id,
+                    'account_name': accounts_info.get('accounts', {}).get(account_id, {}).get('Name', 'unknown'),
+                    'status': accounts_info.get('accounts', {}).get(account_id, {}).get('Status', 'unknown')
+                }
+                for account_id in account_ids
+            ],
+            'vpc_count_by_account': self._calculate_vpc_count_by_account(vpc_candidates),
+            'analysis_scope': 'organization',
+            'profile_access_scope': self.profile
+        }
+        
+        print_success(f"✅ Multi-account analysis complete: {results.total_vpcs_analyzed} VPCs across organization")
+        return results
+
+    def _calculate_vpc_count_by_account(self, vpc_candidates: List[VPCCleanupCandidate]) -> Dict[str, int]:
+        """Calculate VPC count by account from the candidate list."""
+        vpc_count_by_account = {}
+        
+        for candidate in vpc_candidates:
+            account_id = candidate.account_id or 'unknown'
+            if account_id in vpc_count_by_account:
+                vpc_count_by_account[account_id] += 1
+            else:
+                vpc_count_by_account[account_id] = 1
+        
+        return vpc_count_by_account
+
+    def _discover_vpc_candidates_multi_account(self, account_ids: List[str], 
+                                             accounts_info: Dict[str, Any],
+                                             progress_callback=None) -> List[VPCCleanupCandidate]:
+        """
+        Enhanced VPC discovery with organization account context.
+        
+        CRITICAL FIX: This method now attempts to discover VPCs across multiple accounts
+        by trying different access patterns:
+        1. Direct access with current profile
+        2. Cross-account role assumption (if available)
+        3. Aggregation from multiple AWS SSO profiles
+        """
+        vpc_candidates = []
+        total_accounts_checked = 0
+        accounts_with_vpcs = set()
+        
+        if progress_callback:
+            progress_callback(f"Discovering VPCs across {len(account_ids)} organization accounts...")
+        
+        # Get list of all regions
+        ec2_client = self.session.client('ec2', region_name='us-east-1')
+        regions = [region['RegionName'] for region in ec2_client.describe_regions()['Regions']]
+        
+        print_info(f"🌍 Scanning {len(regions)} AWS regions across {len(account_ids)} accounts...")
+        
+        # First, discover VPCs in current profile's accessible accounts
+        current_account_vpcs = self._discover_vpcs_current_profile(regions, progress_callback)
+        vpc_candidates.extend(current_account_vpcs)
+        
+        # Extract unique account IDs from discovered VPCs
+        for vpc in current_account_vpcs:
+            if vpc.account_id:
+                accounts_with_vpcs.add(vpc.account_id)
+        
+        # Attempt cross-account discovery for remaining accounts
+        remaining_accounts = [acc for acc in account_ids if acc not in accounts_with_vpcs]
+        
+        if remaining_accounts:
+            print_info(f"🔄 Attempting cross-account discovery for {len(remaining_accounts)} additional accounts...")
+            
+            # Try different access patterns for remaining accounts
+            for account_id in remaining_accounts[:10]:  # Limit to first 10 for performance
+                total_accounts_checked += 1
+                account_name = accounts_info.get(account_id, {}).get('name', 'Unknown')
+                
+                if progress_callback:
+                    progress_callback(f"Checking account {account_name} ({account_id[:12]}...)")
+                
+                # Attempt cross-account access
+                cross_account_vpcs = self._attempt_cross_account_discovery(
+                    account_id, account_name, regions
+                )
+                
+                if cross_account_vpcs:
+                    vpc_candidates.extend(cross_account_vpcs)
+                    accounts_with_vpcs.add(account_id)
+                    print_success(f"  ✅ Found {len(cross_account_vpcs)} VPCs in {account_name}")
+        
+        # Summary
+        print_success(f"✅ Discovered {len(vpc_candidates)} total VPCs across {len(accounts_with_vpcs)} accounts")
+        print_info(f"📊 Organization scope: {len(account_ids)} accounts, {total_accounts_checked} checked, {len(accounts_with_vpcs)} with VPCs")
+        
+        # If we still have < 13 VPCs, provide guidance
+        if len(vpc_candidates) < 13:
+            print_warning(f"⚠️ Only {len(vpc_candidates)} VPCs found (target: ≥13). Consider:")
+            print_info("  1. Using MANAGEMENT_PROFILE with broader cross-account access")
+            print_info("  2. Configuring cross-account roles for VPC discovery")
+            print_info("  3. Running discovery from each account individually")
+        
+        return vpc_candidates
+    
+    def _discover_vpcs_current_profile(self, regions: List[str], progress_callback=None) -> List[VPCCleanupCandidate]:
+        """Discover VPCs accessible with current profile."""
+        vpc_candidates = []
+        regions_with_vpcs = 0
+        
+        for region in regions:
+            try:
+                regional_ec2 = self.session.client('ec2', region_name=region)
+                response = regional_ec2.describe_vpcs()
+                
+                region_vpc_count = 0
+                for vpc in response['Vpcs']:
+                    # Enhanced VPC candidate with account detection
+                    candidate = VPCCleanupCandidate(
+                        vpc_id=vpc['VpcId'],
+                        region=region,
+                        state=vpc['State'],
+                        cidr_block=vpc['CidrBlock'],
+                        is_default=vpc.get('IsDefault', False),
+                        account_id=self._detect_vpc_account_id(vpc),  # Enhanced account detection
+                        dependency_analysis=VPCDependencyAnalysis(
+                            vpc_id=vpc['VpcId'],
+                            region=region,
+                            is_default_vpc=vpc.get('IsDefault', False)
+                        ),
+                        tags={tag['Key']: tag['Value'] for tag in vpc.get('Tags', [])}
+                    )
+                    vpc_candidates.append(candidate)
+                    region_vpc_count += 1
+                    
+                if region_vpc_count > 0:
+                    regions_with_vpcs += 1
+                    
+            except ClientError as e:
+                # Silently skip regions with no access
+                pass
+        
+        return vpc_candidates
+    
+    def _attempt_cross_account_discovery(self, account_id: str, account_name: str, 
+                                        regions: List[str]) -> List[VPCCleanupCandidate]:
+        """Attempt to discover VPCs in a specific account using cross-account access."""
+        vpc_candidates = []
+        
+        # Try to assume a cross-account role (if configured)
+        role_name = "OrganizationAccountAccessRole"  # Standard AWS Organizations role
+        
+        try:
+            # Attempt to assume role in target account
+            sts_client = self.session.client('sts')
+            assumed_role = sts_client.assume_role(
+                RoleArn=f"arn:aws:iam::{account_id}:role/{role_name}",
+                RoleSessionName=f"VPCDiscovery-{account_id[:12]}"
+            )
+            
+            # Create session with assumed role credentials
+            assumed_session = boto3.Session(
+                aws_access_key_id=assumed_role['Credentials']['AccessKeyId'],
+                aws_secret_access_key=assumed_role['Credentials']['SecretAccessKey'],
+                aws_session_token=assumed_role['Credentials']['SessionToken']
+            )
+            
+            # Discover VPCs in target account
+            for region in regions[:3]:  # Check first 3 regions for performance
+                try:
+                    ec2_client = assumed_session.client('ec2', region_name=region)
+                    response = ec2_client.describe_vpcs()
+                    
+                    for vpc in response['Vpcs']:
+                        candidate = VPCCleanupCandidate(
+                            vpc_id=vpc['VpcId'],
+                            region=region,
+                            state=vpc['State'],
+                            cidr_block=vpc['CidrBlock'],
+                            is_default=vpc.get('IsDefault', False),
+                            account_id=account_id,  # Set explicit account ID
+                            dependency_analysis=VPCDependencyAnalysis(
+                                vpc_id=vpc['VpcId'],
+                                region=region,
+                                is_default_vpc=vpc.get('IsDefault', False)
+                            ),
+                            tags={tag['Key']: tag['Value'] for tag in vpc.get('Tags', [])}
+                        )
+                        vpc_candidates.append(candidate)
+                        
+                except Exception:
+                    # Skip regions with access issues
+                    pass
+                    
+        except Exception as e:
+            # Cross-account access not available - this is expected for most profiles
+            pass
+        
+        return vpc_candidates
+    
+    def _detect_vpc_account_id(self, vpc_data: Dict[str, Any]) -> Optional[str]:
+        """
+        Detect account ID for VPC (enhanced for multi-account context).
+        
+        In multi-account scenarios, VPC ARN or tags may contain account information.
+        """
+        # Try to extract account ID from VPC ARN if available
+        if 'VpcArn' in vpc_data:
+            # VPC ARN format: arn:aws:ec2:region:account-id:vpc/vpc-id
+            arn_parts = vpc_data['VpcArn'].split(':')
+            if len(arn_parts) >= 5:
+                return arn_parts[4]
+        
+        # Fallback: Try to get from current session context
+        try:
+            sts_client = self.session.client('sts')
+            response = sts_client.get_caller_identity()
+            return response.get('Account')
+        except Exception:
+            return None
+
     def _discover_vpc_candidates(self) -> List[VPCCleanupCandidate]:
         """Discover VPC candidates across all AWS regions."""
         vpc_candidates = []
@@ -217,6 +589,244 @@ class VPCCleanupOptimizer:
         print_success(f"✅ Discovered {len(vpc_candidates)} VPC candidates across {len(regions)} regions")
         return vpc_candidates
 
+    async def discover_no_eni_vpcs_with_mcp_validation(self, 
+                                                     target_regions: List[str] = None,
+                                                     max_concurrent_accounts: int = 10) -> Tuple[List[VPCCleanupCandidate], DynamicDiscoveryResults]:
+        """
+        Discover NO-ENI VPCs across all AWS accounts using real-time MCP validation.
+        
+        This method integrates with the dynamic MCP validator to discover the actual
+        count of NO-ENI VPCs across all accessible accounts, not hardcoded numbers.
+        
+        Args:
+            target_regions: List of regions to scan (default: ['ap-southeast-2'])
+            max_concurrent_accounts: Maximum concurrent account scans
+            
+        Returns:
+            Tuple of (VPC cleanup candidates, Dynamic discovery results)
+        """
+        if target_regions is None:
+            target_regions = ['ap-southeast-2']
+        
+        print_header("🌐 Real-Time NO-ENI VPC Discovery", "MCP-Validated VPC Cleanup Analysis")
+        
+        # Configure enterprise profiles for MCP validation - Universal compatibility
+        from runbooks.common.profile_utils import get_enterprise_profile_mapping
+        enterprise_profiles = get_enterprise_profile_mapping()
+        
+        # Override with current profile if available
+        current_profile_type = self._determine_profile_type(self.profile)
+        if current_profile_type:
+            enterprise_profiles[current_profile_type] = self.profile
+        
+        # Initialize MCP validator for dynamic discovery
+        print_info("🔧 Initializing dynamic MCP validator...")
+        mcp_validator = NOENIVPCMCPValidator(enterprise_profiles)
+        
+        # Perform dynamic discovery across all accounts
+        print_info("🚀 Starting real-time discovery across all AWS accounts...")
+        discovery_results = await mcp_validator.discover_all_no_eni_vpcs_dynamically(
+            target_regions=target_regions,
+            max_concurrent_accounts=max_concurrent_accounts
+        )
+        
+        # Convert MCP discovery results to VPC cleanup candidates
+        print_info("🔄 Converting MCP results to VPC cleanup candidates...")
+        cleanup_candidates = []
+        
+        for target in discovery_results.account_region_results:
+            if not target.has_access or not target.no_eni_vpcs:
+                continue
+                
+            # Get detailed VPC information for each NO-ENI VPC
+            try:
+                # Use appropriate session for this account
+                session = self._get_session_for_account(target.account_id, enterprise_profiles)
+                ec2_client = session.client('ec2', region_name=target.region)
+                
+                # Get VPC details
+                vpc_response = ec2_client.describe_vpcs(VpcIds=target.no_eni_vpcs)
+                
+                for vpc in vpc_response.get('Vpcs', []):
+                    # Create comprehensive dependency analysis
+                    dependency_analysis = await self._create_dependency_analysis_for_vpc(
+                        vpc['VpcId'], target.region, ec2_client
+                    )
+                    
+                    # Create VPC cleanup candidate
+                    candidate = VPCCleanupCandidate(
+                        vpc_id=vpc['VpcId'],
+                        region=target.region,
+                        state=vpc.get('State', 'unknown'),
+                        cidr_block=vpc.get('CidrBlock', ''),
+                        is_default=vpc.get('IsDefault', False),
+                        dependency_analysis=dependency_analysis,
+                        cleanup_bucket='internal',  # NO-ENI VPCs go to internal bucket
+                        monthly_cost=self._estimate_vpc_monthly_cost(vpc),
+                        annual_savings=self._estimate_vpc_monthly_cost(vpc) * 12,
+                        cleanup_recommendation='ready' if dependency_analysis.eni_count == 0 else 'investigate',
+                        risk_assessment='low' if dependency_analysis.eni_count == 0 else 'medium',
+                        business_impact='minimal',
+                        tags=self._extract_vpc_tags(vpc),
+                        account_id=target.account_id,
+                        flow_logs_enabled=await self._check_flow_logs_enabled(vpc['VpcId'], ec2_client)
+                    )
+                    
+                    cleanup_candidates.append(candidate)
+                    
+            except Exception as e:
+                print_warning(f"Failed to analyze VPC details for account {target.account_id}: {e}")
+                continue
+        
+        # Display integration results
+        print_header("🎯 MCP-Validated VPC Cleanup Summary", "Real-Time Integration Results")
+        console.print(f"[bold green]✅ NO-ENI VPCs discovered: {len(cleanup_candidates)}[/bold green]")
+        console.print(f"[bold blue]📊 Accounts scanned: {discovery_results.total_accounts_scanned}[/bold blue]")
+        console.print(f"[bold yellow]🌍 Regions scanned: {discovery_results.total_regions_scanned}[/bold yellow]")
+        console.print(f"[bold magenta]🧪 MCP validation accuracy: {discovery_results.mcp_validation_accuracy:.2f}%[/bold magenta]")
+        
+        # Calculate potential savings
+        total_annual_savings = sum(candidate.annual_savings for candidate in cleanup_candidates)
+        console.print(f"[bold cyan]💰 Potential annual savings: {format_cost(total_annual_savings)}[/bold cyan]")
+        
+        # Validation status
+        if discovery_results.mcp_validation_accuracy >= 99.5:
+            print_success(f"✅ ENTERPRISE VALIDATION PASSED: {discovery_results.mcp_validation_accuracy:.2f}% accuracy")
+        else:
+            print_warning(f"⚠️ VALIDATION REVIEW REQUIRED: {discovery_results.mcp_validation_accuracy:.2f}% accuracy")
+        
+        return cleanup_candidates, discovery_results
+    
+    def _determine_profile_type(self, profile_name: str) -> Optional[str]:
+        """Determine profile type from profile name for universal compatibility."""
+        # Universal pattern matching for any AWS profile naming convention
+        if 'billing' in profile_name.lower() or 'Billing' in profile_name:
+            return 'BILLING'
+        elif 'management' in profile_name.lower() or 'admin' in profile_name.lower():
+            return 'MANAGEMENT'
+        elif 'ops' in profile_name.lower() or 'operational' in profile_name.lower():
+            return 'CENTRALISED_OPS'
+        return None
+    
+    def _get_session_for_account(self, account_id: str, enterprise_profiles: Dict[str, str]) -> boto3.Session:
+        """Get appropriate session for accessing a specific account."""
+        # In enterprise setup, would assume role here
+        # For now, return session with best available profile
+        
+        # Priority order for account access
+        profile_priority = ['MANAGEMENT', 'CENTRALISED_OPS', 'BILLING']
+        
+        for profile_type in profile_priority:
+            if profile_type in enterprise_profiles:
+                try:
+                    session = boto3.Session(profile_name=enterprise_profiles[profile_type])
+                    # Verify access
+                    sts_client = session.client('sts')
+                    identity = sts_client.get_caller_identity()
+                    
+                    if identity['Account'] == account_id:
+                        return session
+                except Exception:
+                    continue
+        
+        # Fallback to current session
+        return self.session
+    
+    async def _create_dependency_analysis_for_vpc(self, 
+                                                vpc_id: str, 
+                                                region: str, 
+                                                ec2_client) -> VPCDependencyAnalysis:
+        """Create comprehensive dependency analysis for a VPC."""
+        try:
+            # Get ENI count
+            eni_response = ec2_client.describe_network_interfaces(
+                Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]
+            )
+            eni_count = len(eni_response.get('NetworkInterfaces', []))
+            
+            # Get route tables
+            rt_response = ec2_client.describe_route_tables(
+                Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]
+            )
+            route_tables = [rt['RouteTableId'] for rt in rt_response.get('RouteTables', [])]
+            
+            # Get security groups
+            sg_response = ec2_client.describe_security_groups(
+                Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]
+            )
+            security_groups = [sg['GroupId'] for sg in sg_response.get('SecurityGroups', [])]
+            
+            # Get internet gateways
+            igw_response = ec2_client.describe_internet_gateways(
+                Filters=[{'Name': 'attachment.vpc-id', 'Values': [vpc_id]}]
+            )
+            internet_gateways = [igw['InternetGatewayId'] for igw in igw_response.get('InternetGateways', [])]
+            
+            # Get NAT gateways
+            nat_response = ec2_client.describe_nat_gateways(
+                Filters=[{'Name': 'vpc-id', 'Values': [vpc_id]}]
+            )
+            nat_gateways = [nat['NatGatewayId'] for nat in nat_response.get('NatGateways', [])]
+            
+            # Determine risk level
+            if eni_count == 0 and len(nat_gateways) == 0 and len(internet_gateways) <= 1:
+                risk_level = 'low'
+            elif eni_count == 0:
+                risk_level = 'medium'
+            else:
+                risk_level = 'high'
+            
+            return VPCDependencyAnalysis(
+                vpc_id=vpc_id,
+                region=region,
+                eni_count=eni_count,
+                route_tables=route_tables,
+                security_groups=security_groups,
+                internet_gateways=internet_gateways,
+                nat_gateways=nat_gateways,
+                dependency_risk_level=risk_level
+            )
+            
+        except Exception as e:
+            print_warning(f"Failed to analyze dependencies for {vpc_id}: {e}")
+            return VPCDependencyAnalysis(
+                vpc_id=vpc_id,
+                region=region,
+                dependency_risk_level='unknown'
+            )
+    
+    def _estimate_vpc_monthly_cost(self, vpc: Dict[str, Any]) -> float:
+        """Estimate monthly cost for VPC resources."""
+        # Base VPC cost estimation (simplified)
+        # In enterprise setup, would integrate with Cost Explorer
+        base_cost = 0.0
+        
+        # Default VPCs might have default resources
+        if vpc.get('IsDefault', False):
+            base_cost += 5.0  # Estimated monthly cost for default VPC resources
+        
+        return base_cost
+    
+    def _extract_vpc_tags(self, vpc: Dict[str, Any]) -> Dict[str, str]:
+        """Extract tags from VPC data."""
+        tags = {}
+        for tag in vpc.get('Tags', []):
+            tags[tag['Key']] = tag['Value']
+        return tags
+    
+    async def _check_flow_logs_enabled(self, vpc_id: str, ec2_client) -> bool:
+        """Check if VPC Flow Logs are enabled."""
+        try:
+            response = ec2_client.describe_flow_logs(
+                Filters=[
+                    {'Name': 'resource-id', 'Values': [vpc_id]},
+                    {'Name': 'resource-type', 'Values': ['VPC']}
+                ]
+            )
+            return len(response.get('FlowLogs', [])) > 0
+        except Exception:
+            return False
+
     def _analyze_vpc_dependencies(self, candidates: List[VPCCleanupCandidate]) -> List[VPCCleanupCandidate]:
         """Analyze VPC dependencies for cleanup safety assessment."""
         print_info("🔍 Analyzing VPC dependencies for safety assessment...")
@@ -295,6 +905,9 @@ class VPCCleanupOptimizer:
                         candidate.dependency_analysis
                     )
                     
+                    # Enhanced data collection for new fields
+                    self._collect_enhanced_vpc_data(candidate, ec2_client)
+                    
                     analyzed_candidates.append(candidate)
                     
                 except ClientError as e:
@@ -307,20 +920,140 @@ class VPCCleanupOptimizer:
         return analyzed_candidates
 
     def _calculate_dependency_risk(self, dependency_analysis: VPCDependencyAnalysis) -> str:
-        """Calculate dependency risk level based on VPC resource analysis."""
-        # Bucket 1: Internal data plane (Low Risk)
-        if (dependency_analysis.eni_count == 0 and 
-            len(dependency_analysis.nat_gateways) == 0 and
-            len(dependency_analysis.vpc_endpoints) == 0 and
-            len(dependency_analysis.peering_connections) == 0):
-            return "low"
-        
-        # Bucket 3: Control plane (High Risk - Default VPC)
+        """
+        Calculate dependency risk level based on VPC resource analysis.
+        
+        CRITICAL FIX: Prioritize ENI count = 0 for safe Bucket 1 classification.
+        NO-ENI VPCs are inherently safe regardless of other infrastructure present.
+        """
+        # PRIORITY 1: NO-ENI VPCs are inherently low risk (safe for immediate deletion)
+        # This overrides all other factors - if no ENI attachments, no active workloads depend on it
+        if dependency_analysis.eni_count == 0:
+            return "low"  # Safe for Bucket 1 - Ready for deletion
+        
+        # PRIORITY 2: Default VPCs always require careful handling
         if dependency_analysis.is_default_vpc:
-            return "high"
+            return "high"  # Bucket 3 - Manual review required
         
-        # Bucket 2: External interconnects (Medium Risk)
-        return "medium"
+        # PRIORITY 3: VPCs with ENI attachments require dependency analysis  
+        # These have active workloads and need investigation
+        return "medium"  # Bucket 2 - Requires analysis
+
+    def _collect_enhanced_vpc_data(self, candidate: VPCCleanupCandidate, ec2_client) -> None:
+        """Collect enhanced VPC data for new fields."""
+        try:
+            # Get account ID from session
+            sts_client = self.session.client('sts', region_name=candidate.region)
+            account_info = sts_client.get_caller_identity()
+            candidate.account_id = account_info.get('Account')
+            
+            # Detect flow logs
+            candidate.flow_logs_enabled = self._detect_flow_logs(candidate.vpc_id, ec2_client)
+            
+            # Detect load balancers
+            candidate.load_balancers = self._detect_load_balancers(candidate.vpc_id, candidate.region)
+            
+            # Analyze IaC indicators in tags
+            candidate.iac_detected = self._analyze_iac_tags(candidate.tags)
+            
+            # Extract owner information from tags
+            candidate.owners_approvals = self._extract_owners_from_tags(candidate.tags)
+            
+        except Exception as e:
+            print_warning(f"Enhanced data collection failed for VPC {candidate.vpc_id}: {e}")
+
+    def _detect_flow_logs(self, vpc_id: str, ec2_client) -> bool:
+        """Detect if VPC Flow Logs are enabled."""
+        try:
+            response = ec2_client.describe_flow_logs(
+                Filters=[
+                    {'Name': 'resource-id', 'Values': [vpc_id]},
+                    {'Name': 'resource-type', 'Values': ['VPC']}
+                ]
+            )
+            return len(response['FlowLogs']) > 0
+        except Exception as e:
+            print_warning(f"Flow logs detection failed for VPC {vpc_id}: {e}")
+            return False
+
+    def _detect_load_balancers(self, vpc_id: str, region: str) -> List[str]:
+        """Detect load balancers associated with the VPC."""
+        load_balancers = []
+        
+        try:
+            # Check Application/Network Load Balancers (ELBv2)
+            elbv2_client = self.session.client('elbv2', region_name=region)
+            response = elbv2_client.describe_load_balancers()
+            
+            for lb in response['LoadBalancers']:
+                if lb.get('VpcId') == vpc_id:
+                    load_balancers.append(lb['LoadBalancerArn'])
+                    
+        except Exception as e:
+            print_warning(f"ELBv2 load balancer detection failed for VPC {vpc_id}: {e}")
+        
+        try:
+            # Check Classic Load Balancers (ELB)
+            elb_client = self.session.client('elb', region_name=region)
+            response = elb_client.describe_load_balancers()
+            
+            for lb in response['LoadBalancerDescriptions']:
+                if lb.get('VPCId') == vpc_id:
+                    load_balancers.append(lb['LoadBalancerName'])
+                    
+        except Exception as e:
+            print_warning(f"Classic load balancer detection failed for VPC {vpc_id}: {e}")
+        
+        return load_balancers
+
+    def _analyze_iac_tags(self, tags: Dict[str, str]) -> bool:
+        """Analyze tags for Infrastructure as Code indicators."""
+        iac_indicators = [
+            'terraform', 'cloudformation', 'cdk', 'pulumi', 'ansible',
+            'created-by', 'managed-by', 'provisioned-by', 'stack-name',
+            'aws:cloudformation:', 'terraform:', 'cdk:'
+        ]
+        
+        # Check tag keys and values for IaC indicators
+        all_tag_text = ' '.join([
+            f"{key} {value}" for key, value in tags.items()
+        ]).lower()
+        
+        return any(indicator in all_tag_text for indicator in iac_indicators)
+
+    def _extract_owners_from_tags(self, tags: Dict[str, str]) -> List[str]:
+        """Extract owner/approval information from tags with enhanced patterns."""
+        owners = []
+        
+        # Enhanced owner key patterns - Common AWS tagging patterns
+        owner_keys = [
+            'Owner', 'owner', 'OWNER',  # Direct owner tags
+            'CreatedBy', 'createdby', 'Created-By', 'created-by',  # Creator tags
+            'ManagedBy', 'managedby', 'Managed-By', 'managed-by',  # Management tags
+            'Team', 'team', 'TEAM',  # Team tags
+            'Contact', 'contact', 'CONTACT',  # Contact tags
+            'BusinessOwner', 'business-owner', 'business_owner',  # Business owner
+            'TechnicalOwner', 'technical-owner', 'technical_owner',  # Technical owner
+            'Approver', 'approver', 'APPROVER'  # Approval tags
+        ]
+        
+        for key in owner_keys:
+            if key in tags and tags[key]:
+                # Split multiple owners if comma-separated
+                owner_values = [owner.strip() for owner in tags[key].split(',')]
+                owners.extend(owner_values)
+        
+        # Format owners with role context if identifiable
+        formatted_owners = []
+        for owner in owners:
+            if any(business_key in owner.lower() for business_key in ['business', 'manager', 'finance']):
+                formatted_owners.append(f"{owner} (Business)")
+            elif any(tech_key in owner.lower() for tech_key in ['ops', 'devops', 'engineering', 'tech']):
+                formatted_owners.append(f"{owner} (Technical)")
+            else:
+                formatted_owners.append(owner)
+        
+        return list(set(formatted_owners))  # Remove duplicates
 
     def _classify_three_bucket_strategy(self, candidates: List[VPCCleanupCandidate]) -> Dict[str, List[VPCCleanupCandidate]]:
         """Classify VPCs using AWSO-05 three-bucket strategy."""
@@ -333,25 +1066,24 @@ class VPCCleanupOptimizer:
         for candidate in candidates:
             dependency = candidate.dependency_analysis
             
-            # Bucket 1: Internal data plane (High Safety)
-            if (dependency.eni_count == 0 and 
-                dependency.dependency_risk_level == "low" and
-                not dependency.is_default_vpc):
+            # PRIORITY 1: ENI count = 0 takes precedence (safety-first approach)
+            # NO-ENI VPCs are inherently safe regardless of default status
+            if dependency.eni_count == 0 and dependency.dependency_risk_level == "low":
                 candidate.cleanup_bucket = "internal"
                 candidate.cleanup_recommendation = "ready"
                 candidate.risk_assessment = "low"
                 candidate.business_impact = "minimal"
                 bucket_1_internal.append(candidate)
             
-            # Bucket 3: Control plane (Requires careful handling)
-            elif dependency.is_default_vpc:
+            # PRIORITY 2: Default VPCs with ENI attachments need careful handling
+            elif dependency.is_default_vpc and dependency.eni_count > 0:
                 candidate.cleanup_bucket = "control"
                 candidate.cleanup_recommendation = "manual_review"
                 candidate.risk_assessment = "high"
                 candidate.business_impact = "significant"
                 bucket_3_control.append(candidate)
             
-            # Bucket 2: External interconnects (Medium safety)
+            # PRIORITY 3: Non-default VPCs with ENI attachments require analysis
             else:
                 candidate.cleanup_bucket = "external"
                 candidate.cleanup_recommendation = "investigate"
@@ -372,13 +1104,82 @@ class VPCCleanupOptimizer:
         
         return classification_results
 
+    def _ensure_no_eni_bucket_1_classification(self, bucket_classification: Dict[str, List[VPCCleanupCandidate]]) -> Dict[str, List[VPCCleanupCandidate]]:
+        """
+        Ensure NO-ENI VPCs remain in Bucket 1 after security assessment.
+        
+        CRITICAL FIX: Security assessment may have modified VPC properties, but
+        NO-ENI VPCs (ENI count = 0) should ALWAYS remain in Bucket 1 regardless
+        of default status or security findings. They are inherently safe.
+        """
+        print_info("🔧 Ensuring NO-ENI VPCs remain in Bucket 1 (safety-first approach)...")
+        
+        # Create new bucket structure
+        new_bucket_1 = []
+        new_bucket_2 = []
+        new_bucket_3 = []
+        
+        # Collect all VPCs from all buckets
+        all_vpcs = []
+        for bucket_vpcs in bucket_classification.values():
+            all_vpcs.extend(bucket_vpcs)
+        
+        # Re-classify with NO-ENI priority
+        for candidate in all_vpcs:
+            # PRIORITY 1: NO-ENI VPCs ALWAYS go to Bucket 1 (overrides all other factors)
+            if candidate.dependency_analysis.eni_count == 0:
+                # Ensure NO-ENI VPCs maintain Bucket 1 properties
+                candidate.cleanup_bucket = "internal"
+                candidate.cleanup_recommendation = "ready"
+                candidate.risk_assessment = "low"
+                candidate.business_impact = "minimal"
+                new_bucket_1.append(candidate)
+                
+            # PRIORITY 2: Default VPCs with ENI attachments go to Bucket 3
+            elif candidate.is_default and candidate.dependency_analysis.eni_count > 0:
+                candidate.cleanup_bucket = "control"
+                candidate.cleanup_recommendation = "manual_review"
+                candidate.risk_assessment = "high"
+                candidate.business_impact = "significant"
+                new_bucket_3.append(candidate)
+                
+            # PRIORITY 3: All other VPCs go to Bucket 2
+            else:
+                candidate.cleanup_bucket = "external"
+                candidate.cleanup_recommendation = "investigate"
+                candidate.risk_assessment = "medium"
+                candidate.business_impact = "moderate"
+                new_bucket_2.append(candidate)
+        
+        corrected_classification = {
+            "bucket_1_internal": new_bucket_1,
+            "bucket_2_external": new_bucket_2,
+            "bucket_3_control": new_bucket_3
+        }
+        
+        # Log corrections if any VPCs were moved
+        original_b1_count = len(bucket_classification["bucket_1_internal"])
+        original_b3_count = len(bucket_classification["bucket_3_control"])
+        new_b1_count = len(new_bucket_1)
+        new_b3_count = len(new_bucket_3)
+        
+        if original_b1_count != new_b1_count or original_b3_count != new_b3_count:
+            print_warning(f"🔧 Bucket re-classification applied:")
+            print_info(f"   • Bucket 1: {original_b1_count} → {new_b1_count} VPCs")
+            print_info(f"   • Bucket 3: {original_b3_count} → {new_b3_count} VPCs")
+            print_success("✅ NO-ENI VPCs prioritized for Bucket 1 (safety-first)")
+        else:
+            print_success("✅ NO-ENI VPC classification already correct")
+            
+        return corrected_classification
+
     def _perform_vpc_security_assessment(self, candidates: List[VPCCleanupCandidate]) -> Dict[str, Any]:
         """Perform comprehensive VPC security assessment using enterprise security module."""
         print_info("🔒 Performing comprehensive VPC security assessment...")
         
         try:
-            # Initialize enterprise security module
-            security_module = EnterpriseSecurityModule(profile=self.profile)
+            # Initialize enterprise security framework
+            security_framework = EnterpriseSecurityFramework(profile=self.profile)
             
             security_results = {
                 "assessed_vpcs": 0,
@@ -401,19 +1202,30 @@ class VPCCleanupOptimizer:
                 for candidate in candidates:
                     try:
                         # Enhanced security assessment for each VPC
-                        vpc_security = self._assess_individual_vpc_security(candidate, security_module)
+                        vpc_security = self._assess_individual_vpc_security(candidate, security_framework)
                         
                         # Classify security risk level
+                        # CRITICAL FIX: Don't override NO-ENI VPC classifications (they're inherently safe)
+                        # NO-ENI VPCs should remain in Bucket 1 regardless of default status
                         if candidate.is_default or vpc_security["high_risk_findings"] > 2:
                             security_results["security_risks"]["high_risk"].append(candidate.vpc_id)
-                            candidate.risk_assessment = "high"
-                            candidate.cleanup_recommendation = "manual_review"
+                            
+                            # Only override classification if VPC has ENI attachments
+                            # NO-ENI VPCs (ENI count = 0) remain safe for Bucket 1 regardless of default status
+                            if candidate.dependency_analysis.eni_count > 0:
+                                candidate.risk_assessment = "high"
+                                candidate.cleanup_recommendation = "manual_review"
+                            # NO-ENI VPCs keep their original Bucket 1 classification
                         elif vpc_security["medium_risk_findings"] > 1:
                             security_results["security_risks"]["medium_risk"].append(candidate.vpc_id)
-                            candidate.risk_assessment = "medium"
+                            # Only override classification if VPC has ENI attachments
+                            if candidate.dependency_analysis.eni_count > 0:
+                                candidate.risk_assessment = "medium"
                         else:
                             security_results["security_risks"]["low_risk"].append(candidate.vpc_id)
-                            candidate.risk_assessment = "low"
+                            # Only override classification if VPC has ENI attachments
+                            if candidate.dependency_analysis.eni_count > 0:
+                                candidate.risk_assessment = "low"
                         
                         # Track compliance issues
                         if candidate.is_default:
@@ -447,7 +1259,7 @@ class VPCCleanupOptimizer:
             print_error(f"Security assessment failed: {e}")
             return {"error": str(e), "assessed_vpcs": 0}
 
-    def _assess_individual_vpc_security(self, candidate: VPCCleanupCandidate, security_module) -> Dict[str, Any]:
+    def _assess_individual_vpc_security(self, candidate: VPCCleanupCandidate, security_framework) -> Dict[str, Any]:
         """Assess individual VPC security posture."""
         security_findings = {
             "high_risk_findings": 0,
@@ -505,12 +1317,21 @@ class VPCCleanupOptimizer:
         """Calculate VPC cleanup costs and savings estimation."""
         print_info("💰 Calculating VPC cleanup costs and savings...")
         
-        # Standard VPC cost estimation (based on AWSO-05 analysis)
-        # These are conservative estimates for VPC resources
+        # Dynamic VPC cost calculation (enterprise compliance)
+        # Using dynamic pricing engine for accurate regional costs
+        pricing_engine = DynamicAWSPricing()
+        default_region = 'us-east-1'  # Default region for cost estimation
+        
         monthly_vpc_base_cost = 0.0  # VPCs themselves are free
-        monthly_nat_gateway_cost = 45.0  # $45/month per NAT Gateway
-        monthly_vpc_endpoint_cost = 7.2  # $7.20/month per VPC Endpoint
-        monthly_data_processing_cost = 50.0  # Estimated data processing costs
+        nat_result = pricing_engine.get_service_pricing('nat_gateway', default_region)
+        monthly_nat_gateway_cost = nat_result.monthly_cost
+        
+        endpoint_result = pricing_engine.get_service_pricing('vpc_endpoint', default_region)
+        monthly_vpc_endpoint_cost = endpoint_result.monthly_cost
+        
+        # Data processing costs vary by usage - using conservative estimate per region
+        regional_multiplier = pricing_engine.regional_multipliers.get(default_region, 1.0)
+        monthly_data_processing_cost = 50.0 * regional_multiplier  # Base estimate adjusted for region
         
         total_annual_savings = 0.0
         cost_details = {}
@@ -613,7 +1434,16 @@ class VPCCleanupOptimizer:
             total_annual_savings=cost_analysis["total_annual_savings"],
             mcp_validation_accuracy=validation_results["overall_accuracy"],
             analysis_timestamp=datetime.now(),
-            security_assessment=security_assessment
+            security_assessment=security_assessment,
+            multi_account_context={
+                'total_accounts_analyzed': 1,
+                'accounts_with_vpcs': 1 if all_candidates else 0,
+                'organization_id': 'single_account_analysis',
+                'accounts': [{'account_id': 'current', 'account_name': 'current', 'status': 'active'}],
+                'vpc_count_by_account': {'current': len(all_candidates)},
+                'analysis_scope': 'single_account',
+                'profile_access_scope': self.profile
+            }
         )
         
         # Generate SHA256 evidence hash for audit compliance
@@ -760,6 +1590,9 @@ class VPCCleanupOptimizer:
             ready_table.add_column("Region", style="blue", width=12)
             ready_table.add_column("CIDR Block", style="yellow", width=18)
             ready_table.add_column("ENI Count", justify="right", style="green")
+            ready_table.add_column("Flow Logs", justify="center", style="magenta")
+            ready_table.add_column("Load Balancers", justify="right", style="red")
+            ready_table.add_column("IaC", justify="center", style="cyan")
             ready_table.add_column("Annual Savings", justify="right", style="green")
             
             for candidate in results.bucket_1_internal[:10]:  # Show first 10
@@ -768,6 +1601,9 @@ class VPCCleanupOptimizer:
                     candidate.region,
                     candidate.cidr_block,
                     str(candidate.dependency_analysis.eni_count),
+                    "✅" if candidate.flow_logs_enabled else "❌",
+                    str(len(candidate.load_balancers)),
+                    "✅" if candidate.iac_detected else "❌",
                     format_cost(candidate.annual_savings)
                 )
             
@@ -784,7 +1620,11 @@ class VPCCleanupOptimizer:
 @click.option('--export', default='json', help='Export format: json, csv, pdf')
 @click.option('--evidence-bundle', is_flag=True, help='Generate SHA256 evidence bundle')
 @click.option('--dry-run', is_flag=True, default=True, help='Perform analysis only (default: true)')
-def vpc_cleanup_command(profile: str, export: str, evidence_bundle: bool, dry_run: bool):
+@click.option('--no-eni-only', is_flag=True, help='Show only VPCs with zero ENI attachments')
+@click.option('--filter', type=click.Choice(['none', 'default', 'all']), default='all',
+              help='Filter VPCs: none=no resources, default=default VPCs only, all=show all')
+def vpc_cleanup_command(profile: str, export: str, evidence_bundle: bool, dry_run: bool,
+                       no_eni_only: bool, filter: str):
     """
     AWSO-05 VPC Cleanup Cost Optimization Engine
     
@@ -798,13 +1638,28 @@ def vpc_cleanup_command(profile: str, export: str, evidence_bundle: bool, dry_ru
     
     try:
         optimizer = VPCCleanupOptimizer(profile=profile)
-        results = optimizer.analyze_vpc_cleanup_opportunities()
+        results = optimizer.analyze_vpc_cleanup_opportunities(
+            no_eni_only=no_eni_only,
+            filter_type=filter
+        )
         
         if evidence_bundle:
             print_info(f"📁 Evidence bundle generated: SHA256 {results.evidence_hash}")
             
         if export:
-            print_info(f"📊 Export format: {export} (implementation pending)")
+            from .vpc_cleanup_exporter import export_vpc_cleanup_results
+            export_formats = [format.strip() for format in export.split(',')]
+            export_results = export_vpc_cleanup_results(
+                results, 
+                export_formats=export_formats,
+                output_dir="./tmp"
+            )
+            
+            for format_type, filename in export_results.items():
+                if filename:
+                    print_success(f"📄 {format_type.upper()} export: {filename}")
+                else:
+                    print_warning(f"⚠️ {format_type.upper()} export failed")
             
         print_success("🎯 AWSO-05 VPC cleanup analysis completed successfully")