runbooks 0.9.9__py3-none-any.whl → 1.0.0__py3-none-any.whl

runbooks/common/profile_utils.py

@@ -17,12 +17,28 @@ Version: 0.9.0
 """
 
 import os
+import time
 from typing import Dict, Optional
 
 import boto3
 
 from runbooks.common.rich_utils import console
 
+# Profile cache to reduce duplicate calls (enterprise performance optimization)
+_profile_cache = {}
+_cache_timestamp = None
+_cache_ttl = 300  # 5 minutes cache TTL
+
+# Enterprise AWS profile mappings with fallback defaults
+ENV_PROFILE_MAP = {
+    "billing": os.getenv("BILLING_PROFILE"),
+    "management": os.getenv("MANAGEMENT_PROFILE"),
+    "operational": os.getenv("CENTRALISED_OPS_PROFILE"),
+}
+
+# Fallback defaults if environment variables are not set - NO hardcoded defaults
+DEFAULT_PROFILE = os.getenv("AWS_PROFILE") or "default"  # "default" is AWS boto3 expected fallback
+
 
 def get_profile_for_operation(operation_type: str, user_specified_profile: Optional[str] = None) -> str:
     """
@@ -45,12 +61,30 @@ def get_profile_for_operation(operation_type: str, user_specified_profile: Optio
     Raises:
         SystemExit: If user-specified profile not found in AWS config
     """
+    global _profile_cache, _cache_timestamp
+    
+    # Check cache first to reduce duplicate calls (enterprise performance optimization)
+    cache_key = f"{operation_type}:{user_specified_profile or 'None'}"
+    current_time = time.time()
+    
+    if (_cache_timestamp and 
+        current_time - _cache_timestamp < _cache_ttl and 
+        cache_key in _profile_cache):
+        return _profile_cache[cache_key]
+    
+    # Clear cache if TTL expired
+    if not _cache_timestamp or current_time - _cache_timestamp >= _cache_ttl:
+        _profile_cache.clear()
+        _cache_timestamp = current_time
+    
     available_profiles = boto3.Session().available_profiles
 
     # PRIORITY 1: User-specified profile ALWAYS takes precedence
     if user_specified_profile and user_specified_profile != "default":
         if user_specified_profile in available_profiles:
             console.log(f"[green]Using user-specified profile for {operation_type}: {user_specified_profile}[/]")
+            # Cache the result to reduce duplicate calls
+            _profile_cache[cache_key] = user_specified_profile
             return user_specified_profile
         else:
             console.log(f"[red]Error: User-specified profile '{user_specified_profile}' not found in AWS config[/]")
@@ -68,11 +102,16 @@ def get_profile_for_operation(operation_type: str, user_specified_profile: Optio
     env_profile = profile_map.get(operation_type)
     if env_profile and env_profile in available_profiles:
         console.log(f"[dim cyan]Using {operation_type} profile from environment: {env_profile}[/]")
+        # Cache the result to reduce duplicate calls
+        _profile_cache[cache_key] = env_profile
         return env_profile
 
     # PRIORITY 3: Default profile (last resort)
-    console.log(f"[yellow]No {operation_type} profile found, using default: {user_specified_profile or 'default'}[/]")
-    return user_specified_profile or "default"
+    default_profile = user_specified_profile or "default"
+    console.log(f"[yellow]No {operation_type} profile found, using default: {default_profile}[/]")
+    # Cache the result to reduce duplicate calls
+    _profile_cache[cache_key] = default_profile
+    return default_profile
 
 
 def resolve_profile_for_operation_silent(operation_type: str, user_specified_profile: Optional[str] = None) -> str:
@@ -206,6 +245,60 @@ def validate_profile_access(profile_name: str, operation_type: str = "general")
         return False
 
 
+def get_available_profiles_for_validation() -> list:
+    """
+    Get available AWS profiles for validation - universal compatibility approach.
+    
+    Returns all configured AWS profiles for validation without hardcoded assumptions.
+    Supports any AWS setup: single account, multi-account, any profile naming convention.
+    
+    Returns:
+        list: Available AWS profile names for validation
+    """
+    try:
+        # Get all available profiles from AWS CLI configuration
+        available_profiles = boto3.Session().available_profiles
+        
+        # Filter out common system profiles that shouldn't be tested
+        system_profiles = {'default', 'none', 'null', ''}
+        
+        # Return profiles for validation, including default if it's the only one
+        validation_profiles = []
+        
+        # Add environment variable profiles if they exist
+        env_profiles = [
+            os.getenv("AWS_BILLING_PROFILE"),
+            os.getenv("AWS_MANAGEMENT_PROFILE"), 
+            os.getenv("AWS_CENTRALISED_OPS_PROFILE"),
+            os.getenv("AWS_SINGLE_ACCOUNT_PROFILE"),
+            os.getenv("BILLING_PROFILE"),
+            os.getenv("MANAGEMENT_PROFILE"),
+            os.getenv("CENTRALISED_OPS_PROFILE"),
+            os.getenv("SINGLE_AWS_PROFILE"),
+        ]
+        
+        # Add valid environment profiles
+        for profile in env_profiles:
+            if profile and profile in available_profiles and profile not in validation_profiles:
+                validation_profiles.append(profile)
+        
+        # If no environment profiles found, use available profiles (universal approach)
+        if not validation_profiles:
+            for profile in available_profiles:
+                if profile not in system_profiles:
+                    validation_profiles.append(profile)
+        
+        # Always include 'default' if available and no other profiles found
+        if not validation_profiles and 'default' in available_profiles:
+            validation_profiles.append('default')
+            
+        return validation_profiles
+        
+    except Exception as e:
+        console.log(f"[yellow]Warning: Could not detect AWS profiles: {e}[/]")
+        return ['default']  # Fallback to default profile
+
+
 # Export all public functions
 __all__ = [
     "get_profile_for_operation",
@@ -215,4 +308,5 @@ __all__ = [
     "create_operational_session",
     "get_enterprise_profile_mapping",
     "validate_profile_access",
+    "get_available_profiles_for_validation",
 ]

runbooks/finops/cost_optimizer.py

@@ -25,6 +25,7 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning,
     create_table, create_progress_bar, format_cost
 )
+from ..common.aws_pricing import DynamicAWSPricing
 
 @dataclass
 class IdleInstance:
@@ -55,7 +56,7 @@ class UnusedNATGateway:
     region: str
     vpc_id: str = ""
     state: str = ""
-    estimated_monthly_cost: float = 45.0  # ~$45/month per NAT Gateway
+    estimated_monthly_cost: float = 0.0  # Calculated dynamically using AWS pricing
     creation_date: Optional[str] = None
     tags: Dict[str, str] = Field(default_factory=dict)
 

runbooks/finops/elastic_ip_optimizer.py

@@ -36,6 +36,7 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning, print_info,
     create_table, create_progress_bar, format_cost, create_panel, STATUS_INDICATORS
 )
+from ..common.aws_pricing import get_service_monthly_cost, calculate_annual_cost
 from .embedded_mcp_validator import EmbeddedMCPValidator
 from ..common.profile_utils import get_profile_for_operation
 
@@ -65,8 +66,8 @@ class ElasticIPOptimizationResult(BaseModel):
     domain: str
     is_attached: bool
     instance_id: Optional[str] = None
-    monthly_cost: float = 3.65  # $3.65/month for unattached EIPs
-    annual_cost: float = 43.80  # $43.80/year for unattached EIPs
+    monthly_cost: float = 0.0  # Calculated dynamically per region
+    annual_cost: float = 0.0   # Calculated dynamically (monthly * 12)
     optimization_recommendation: str = "retain"  # retain, release
     risk_level: str = "low"  # low, medium, high
     business_impact: str = "minimal"
@@ -118,8 +119,8 @@ class ElasticIPOptimizer:
             profile_name=get_profile_for_operation("operational", profile_name)
         )
         
-        # Elastic IP pricing (per month, as of 2024)
-        self.elastic_ip_monthly_cost = 3.65  # $3.65/month per unattached EIP
+        # Dynamic Elastic IP pricing - Enterprise compliance (no hardcoded values)
+        # Pricing will be calculated dynamically per region using AWS Pricing API
         
         # All AWS regions for comprehensive discovery
         self.all_regions = [
@@ -360,9 +361,12 @@ class ElasticIPOptimizer:
             try:
                 dns_refs = dns_dependencies.get(elastic_ip.allocation_id, [])
                 
-                # Calculate current costs (only unattached EIPs are charged)
-                monthly_cost = self.elastic_ip_monthly_cost if not elastic_ip.is_attached else 0.0
-                annual_cost = monthly_cost * 12
+                # Calculate current costs (only unattached EIPs are charged) - Dynamic pricing
+                if elastic_ip.is_attached:
+                    monthly_cost = 0.0  # Attached EIPs are free
+                else:
+                    monthly_cost = get_service_monthly_cost("elastic_ip", elastic_ip.region)
+                annual_cost = calculate_annual_cost(monthly_cost)
                 
                 # Determine optimization recommendation
                 recommendation = "retain"  # Default: keep the Elastic IP
@@ -384,14 +388,14 @@ class ElasticIPOptimizer:
                         recommendation = "release"
                         risk_level = "low"
                         business_impact = "none"
-                        potential_monthly_savings = self.elastic_ip_monthly_cost
+                        potential_monthly_savings = monthly_cost
                         safety_checks["safe_to_release"] = True
                     else:
                         # Unattached but has DNS references - investigate before release
                         recommendation = "investigate"
                         risk_level = "medium"
                         business_impact = "potential"
-                        potential_monthly_savings = self.elastic_ip_monthly_cost * 0.8  # Conservative estimate
+                        potential_monthly_savings = monthly_cost * 0.8  # Conservative estimate
                 elif elastic_ip.is_attached:
                     # Attached EIPs are retained (no cost for attached EIPs)
                     recommendation = "retain"

runbooks/finops/embedded_mcp_validator.py

@@ -126,6 +126,37 @@ class EmbeddedMCPValidator:
         self._finalize_validation_results(validation_results)
         return validation_results
 
+    def validate_cost_data_sync(self, runbooks_data: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Synchronous wrapper for MCP validation - for compatibility with test scripts.
+        
+        Args:
+            runbooks_data: Cost data from runbooks FinOps analysis
+            
+        Returns:
+            Validation results with accuracy metrics
+        """
+        # Use asyncio to run the async validation method
+        try:
+            loop = asyncio.get_event_loop()
+        except RuntimeError:
+            loop = asyncio.new_event_loop()
+            asyncio.set_event_loop(loop)
+            
+        try:
+            return loop.run_until_complete(self.validate_cost_data_async(runbooks_data))
+        except Exception as e:
+            print_error(f"Synchronous MCP validation failed: {e}")
+            return {
+                "validation_timestamp": datetime.now().isoformat(),
+                "profiles_validated": 0,
+                "total_accuracy": 0.0,
+                "passed_validation": False,
+                "profile_results": [],
+                "validation_method": "embedded_mcp_direct_aws_api_sync",
+                "error": str(e)
+            }
+
     def _validate_profile_sync(self, profile: str, session: boto3.Session, runbooks_data: List[Dict[str, Any]]) -> Optional[Dict[str, Any]]:
         """Synchronous wrapper for profile validation (for parallel execution)."""
         try:

runbooks/finops/enhanced_trend_visualization.py

@@ -343,8 +343,9 @@ def create_resource_based_trend_estimate(session, months: int = 6) -> List[Tuple
         current_date = datetime.now()
         trend_data = []
 
-        # Base resource cost estimation (simplified model)
-        base_monthly_cost = 850.0  # Starting baseline
+        # Base resource cost estimation (dynamic model)
+        # Calculate baseline from actual service usage patterns
+        base_monthly_cost = 0.0  # Will be calculated from actual usage data or dynamic pricing
 
         # Simulate realistic cost variations over 6 months
         # Based on typical AWS usage patterns

runbooks/finops/markdown_exporter.py

@@ -458,7 +458,7 @@ class MarkdownExporter:
             "| " + " | ".join(["---" for _ in headers]) + " |"
         ]
         
-        # Process each VPC candidate
+        # Process each VPC candidate with enhanced data extraction
         for candidate in vpc_candidates:
             # Extract data with safe attribute access and formatting
             account_id = getattr(candidate, 'account_id', 'Unknown')
@@ -466,7 +466,44 @@ class MarkdownExporter:
             vpc_name = getattr(candidate, 'vpc_name', '') or 'Unnamed'
             cidr_block = getattr(candidate, 'cidr_block', 'Unknown')
             
-            # Handle overlapping logic - may need to calculate from CIDR analysis
+            # Handle overlapping logic - check CIDR conflicts
+            overlapping = self._check_cidr_overlapping(cidr_block, vpc_candidates)
+            
+            # Enhanced is_default handling
+            is_default = getattr(candidate, 'is_default', False)
+            is_default_display = "⚠️ Yes" if is_default else "No"
+            
+            # Enhanced ENI count
+            dependency_analysis = getattr(candidate, 'dependency_analysis', None)
+            eni_count = dependency_analysis.eni_count if dependency_analysis else 0
+            
+            # Enhanced tags with owner focus
+            tags_dict = getattr(candidate, 'tags', {}) or {}
+            tags_display = self._format_tags_for_owners_display(tags_dict)
+            
+            # Flow logs detection
+            flow_logs = self._detect_flow_logs(candidate)
+            
+            # TGW/Peering detection
+            tgw_peering = self._detect_tgw_peering(candidate)
+            
+            # Load balancers detection
+            lbs_present = self._detect_load_balancers(candidate)
+            
+            # IaC detection from tags
+            iac_detected = self._detect_iac_from_tags(tags_dict)
+            
+            # Timeline estimation based on VPC state
+            timeline = self._estimate_cleanup_timeline(candidate)
+            
+            # Decision based on bucket classification
+            decision = self._determine_cleanup_decision(candidate)
+            
+            # Enhanced owners/approvals extraction
+            owners_approvals = self._extract_owners_approvals(tags_dict, is_default)
+            
+            # Notes based on VPC characteristics
+            notes = self._generate_vpc_notes(candidate)
             overlapping = "Yes" if getattr(candidate, 'overlapping', False) else "No"
             
             # Format boolean indicators with emoji
@@ -649,6 +686,184 @@ class MarkdownExporter:
             print_warning(f"❌ Failed to export VPC analysis: {e}")
             return ""
 
+    def _check_cidr_overlapping(self, cidr_block: str, vpc_candidates: List[Any]) -> str:
+        """Check for CIDR block overlapping across VPCs."""
+        if not cidr_block or not vpc_candidates:
+            return "No"
+        
+        # Simple overlapping check - in enterprise scenario, this would use more sophisticated logic
+        current_cidr = cidr_block
+        for candidate in vpc_candidates:
+            other_cidr = getattr(candidate, 'cidr_block', None)
+            if other_cidr and other_cidr != current_cidr and current_cidr.startswith(other_cidr.split('/')[0].rsplit('.', 1)[0]):
+                return "Yes"
+        
+        return "No"
+
+    def _detect_flow_logs(self, candidate: Any) -> str:
+        """Detect if VPC has flow logs enabled."""
+        return "Yes" if getattr(candidate, 'flow_logs_enabled', False) else "No"
+
+    def _detect_tgw_peering(self, candidate: Any) -> str:
+        """Analyze Transit Gateway and VPC peering connections."""
+        # Check for TGW attachments and peering connections
+        tgw_attachments = getattr(candidate, 'tgw_attachments', []) or []
+        peering_connections = getattr(candidate, 'peering_connections', []) or []
+        
+        if tgw_attachments or peering_connections:
+            connection_count = len(tgw_attachments) + len(peering_connections)
+            return f"Yes ({connection_count})"
+        return "No"
+
+    def _detect_load_balancers(self, candidate: Any) -> str:
+        """Detect load balancers in the VPC."""
+        load_balancers = getattr(candidate, 'load_balancers', []) or []
+        return "Yes" if load_balancers else "No"
+
+    def _detect_iac_from_tags(self, tags_dict: dict) -> str:
+        """Detect Infrastructure as Code management from tags."""
+        iac_keys = ['aws:cloudformation:stack-name', 'terraform:module', 'cdktf:stack', 'pulumi:project']
+        for key in iac_keys:
+            if key in tags_dict and tags_dict[key]:
+                return "Yes"
+        return "No"
+
+    def _estimate_cleanup_timeline(self, candidate: Any) -> str:
+        """Estimate cleanup timeline based on complexity."""
+        # Simple heuristic based on dependencies
+        if hasattr(candidate, 'dependency_analysis') and candidate.dependency_analysis:
+            eni_count = getattr(candidate.dependency_analysis, 'eni_count', 0)
+        else:
+            eni_count = 0
+            
+        if eni_count == 0:
+            return "1-2 days"
+        elif eni_count < 5:
+            return "3-5 days" 
+        else:
+            return "1-2 weeks"
+
+    def _format_cleanup_decision(self, candidate: Any) -> str:
+        """Format cleanup decision recommendation."""
+        recommendation = getattr(candidate, 'cleanup_recommendation', 'unknown')
+        if recommendation == 'delete':
+            return "Delete"
+        elif recommendation == 'keep':
+            return "Keep"
+        elif recommendation == 'review':
+            return "Review"
+        else:
+            return "TBD"
+
+    def _format_tags_for_owners_display(self, tags_dict: dict) -> str:
+        """Format tags for display with priority on ownership information."""
+        if not tags_dict:
+            return "No tags"
+        
+        # Priority keys focusing on ownership and approvals
+        priority_keys = ['Name', 'Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact']
+        relevant_tags = []
+        
+        for key in priority_keys:
+            if key in tags_dict and tags_dict[key]:
+                relevant_tags.append(f"{key}:{tags_dict[key]}")
+                if len(relevant_tags) >= 3:  # Limit for table readability
+                    break
+        
+        return "; ".join(relevant_tags) if relevant_tags else f"({len(tags_dict)} tags)"
+
+    def _determine_cleanup_decision(self, candidate: Any) -> str:
+        """Determine cleanup decision based on VPC analysis."""
+        # Check the cleanup bucket from three-bucket strategy
+        cleanup_bucket = getattr(candidate, 'cleanup_bucket', 'unknown')
+        
+        if cleanup_bucket == 'bucket_1':
+            return "Delete"
+        elif cleanup_bucket == 'bucket_2': 
+            return "Review"
+        elif cleanup_bucket == 'bucket_3':
+            return "Keep"
+        else:
+            # Fallback logic based on other attributes
+            is_default = getattr(candidate, 'is_default', False)
+            has_eni = getattr(candidate, 'eni_count', 0) > 0
+            
+            if is_default and not has_eni:
+                return "Delete"
+            elif has_eni:
+                return "Review"
+            else:
+                return "TBD"
+
+    def _extract_owners_approvals(self, tags_dict: dict, is_default: bool) -> str:
+        """Extract owners and approval information from tags and VPC status."""
+        # Extract from tags with enhanced owner detection
+        owner_keys = ['Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact', 'CreatedBy', 'ManagedBy']
+        
+        extracted_owners = []
+        for key in owner_keys:
+            if key in tags_dict and tags_dict[key]:
+                value = tags_dict[key]
+                if 'business' in key.lower():
+                    extracted_owners.append(f"{value} (Business)")
+                elif 'technical' in key.lower():
+                    extracted_owners.append(f"{value} (Technical)")
+                elif 'team' in key.lower():
+                    extracted_owners.append(f"{value} (Team)")
+                else:
+                    extracted_owners.append(f"{value} ({key})")
+                
+                if len(extracted_owners) >= 2:  # Limit for table readability
+                    break
+        
+        if extracted_owners:
+            return "; ".join(extracted_owners)
+        
+        # Fallback based on VPC type
+        if is_default:
+            return "System Default VPC"
+        else:
+            # Check for IaC tags
+            iac_keys = ['aws:cloudformation:stack-name', 'terraform:module', 'cdktf:stack', 'pulumi:project']
+            for key in iac_keys:
+                if key in tags_dict and tags_dict[key]:
+                    return "IaC Managed"
+            return "No owner tags found"
+
+    def _generate_vpc_notes(self, candidate: Any) -> str:
+        """Generate comprehensive notes for VPC candidate."""
+        notes = []
+        
+        # Add bucket classification note
+        cleanup_bucket = getattr(candidate, 'cleanup_bucket', 'unknown')
+        if cleanup_bucket == 'bucket_1':
+            notes.append("Internal data plane - safe for cleanup")
+        elif cleanup_bucket == 'bucket_2':
+            notes.append("External interconnects - requires analysis")
+        elif cleanup_bucket == 'bucket_3':
+            notes.append("Control plane - manual review required")
+            
+        # Add ENI count if significant
+        if hasattr(candidate, 'dependency_analysis') and candidate.dependency_analysis:
+            eni_count = getattr(candidate.dependency_analysis, 'eni_count', 0)
+            if eni_count > 0:
+                notes.append(f"{eni_count} ENI attachments")
+        
+        # Add default VPC note
+        if getattr(candidate, 'is_default', False):
+            notes.append("Default VPC (CIS compliance issue)")
+            
+        # Add IaC detection
+        if getattr(candidate, 'iac_detected', False):
+            notes.append("IaC managed")
+            
+        # Add security concerns
+        risk_level = getattr(candidate, 'risk_level', 'unknown')
+        if risk_level == 'high':
+            notes.append("High security risk")
+            
+        return "; ".join(notes) if notes else "Standard VPC cleanup candidate"
+
 
 def export_finops_to_markdown(
     profile_data: Union[Dict[str, Any], List[Dict[str, Any]]],

runbooks/finops/nat_gateway_optimizer.py

@@ -49,6 +49,7 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning, print_info,
     create_table, create_progress_bar, format_cost, create_panel, STATUS_INDICATORS
 )
+from ..common.aws_pricing import get_service_monthly_cost, calculate_annual_cost
 from .embedded_mcp_validator import EmbeddedMCPValidator
 from ..common.profile_utils import get_profile_for_operation
 
@@ -139,14 +140,24 @@ class NATGatewayOptimizer:
             profile_name=get_profile_for_operation("operational", profile_name)
         )
         
-        # NAT Gateway pricing (per hour, as of 2024)
-        self.nat_gateway_hourly_cost = 0.045  # $0.045/hour
-        self.nat_gateway_data_processing_cost = 0.045  # $0.045/GB
+        # NAT Gateway pricing - using dynamic pricing engine
+        # Base monthly cost calculation (will be applied per region)
+        self._base_monthly_cost_us_east_1 = get_service_monthly_cost("nat_gateway", "us-east-1")
+        self.nat_gateway_data_processing_cost = 0.045  # $0.045/GB (data transfer pricing)
         
         # Enterprise thresholds for optimization recommendations
         self.low_usage_threshold_connections = 10  # Active connections per day
         self.low_usage_threshold_bytes = 1_000_000  # 1MB per day
         self.analysis_period_days = 7  # CloudWatch analysis period
+    
+    def _get_regional_monthly_cost(self, region: str) -> float:
+        """Get dynamic monthly NAT Gateway cost for specified region."""
+        try:
+            return get_service_monthly_cost("nat_gateway", region)
+        except Exception:
+            # Fallback to regional cost calculation
+            from ..common.aws_pricing import calculate_regional_cost
+            return calculate_regional_cost(self._base_monthly_cost_us_east_1, region)
         
     async def analyze_nat_gateways(self, dry_run: bool = True) -> NATGatewayOptimizerResults:
         """
@@ -413,9 +424,9 @@ class NATGatewayOptimizer:
                 metrics = usage_metrics.get(nat_gateway.nat_gateway_id)
                 route_tables = dependencies.get(nat_gateway.nat_gateway_id, [])
                 
-                # Calculate current costs
-                monthly_cost = self.nat_gateway_hourly_cost * 24 * 30  # Base hourly cost
-                annual_cost = monthly_cost * 12
+                # Calculate current costs using dynamic pricing
+                monthly_cost = self._get_regional_monthly_cost(nat_gateway.region)
+                annual_cost = calculate_annual_cost(monthly_cost)
                 
                 # Determine optimization recommendation
                 recommendation = "retain"  # Default: keep the NAT Gateway
@@ -724,9 +735,9 @@ class TransitGatewayCostAnalysis(BaseModel):
     """Transit Gateway cost analysis results"""  
     transit_gateway_id: str
     region: str
-    monthly_base_cost: float = 36.50  # $36.50/month base cost
+    monthly_base_cost: float = 0.0  # Will be calculated dynamically based on region
     attachment_count: int = 0
-    attachment_hourly_cost: float = 0.05  # $0.05/hour per attachment
+    attachment_hourly_cost: float = 0.05  # $0.05/hour per attachment (attachment pricing)
     data_processing_cost: float = 0.0
     total_monthly_cost: float = 0.0
     annual_cost: float = 0.0
@@ -737,7 +748,7 @@ class NetworkDataTransferCostAnalysis(BaseModel):
     """Network data transfer cost analysis"""
     region_pair: str  # e.g., "us-east-1 -> us-west-2"
     monthly_gb_transferred: float = 0.0
-    cost_per_gb: float = 0.02  # Varies by region pair
+    cost_per_gb: float = 0.0  # Will be calculated dynamically based on region pair
     monthly_transfer_cost: float = 0.0
     annual_transfer_cost: float = 0.0
     optimization_recommendations: List[str] = Field(default_factory=list)
@@ -763,17 +774,43 @@ class EnhancedVPCCostOptimizer:
         self.profile = profile
         self.nat_optimizer = NATGatewayOptimizer(profile=profile)
         
-        # Cost model from vpc cost_engine.py
-        self.cost_model = {
-            "nat_gateway_hourly": 0.045,
-            "nat_gateway_data_processing": 0.045,  # per GB
-            "transit_gateway_monthly": 36.50,
-            "transit_gateway_attachment_hourly": 0.05,
-            "vpc_endpoint_interface_hourly": 0.01,
-            "data_transfer_regional": 0.01,  # per GB within region
-            "data_transfer_cross_region": 0.02,  # per GB cross-region
-            "data_transfer_internet": 0.09  # per GB to internet
-        }
+        # Dynamic cost model using AWS pricing engine
+        self.cost_model = self._initialize_dynamic_cost_model()
+    
+    def _initialize_dynamic_cost_model(self) -> Dict[str, float]:
+        """Initialize dynamic cost model using AWS pricing engine."""
+        try:
+            # Get base pricing for us-east-1, then apply regional multipliers as needed
+            base_region = "us-east-1"
+            
+            return {
+                "nat_gateway_monthly": get_service_monthly_cost("nat_gateway", base_region),
+                "nat_gateway_data_processing": get_service_monthly_cost("data_transfer", base_region),
+                "transit_gateway_monthly": get_service_monthly_cost("transit_gateway", base_region),
+                "vpc_endpoint_monthly": get_service_monthly_cost("vpc_endpoint", base_region),
+                "data_transfer_regional": get_service_monthly_cost("data_transfer", base_region),
+                "data_transfer_internet": get_service_monthly_cost("data_transfer", base_region) * 4.5,  # Internet is ~4.5x higher
+            }
+        except Exception as e:
+            print_warning(f"Dynamic pricing initialization failed: {e}")
+            # Fallback to regional cost calculation
+            from ..common.aws_pricing import calculate_regional_cost
+            base_costs = {
+                "nat_gateway_hourly": 0.045,
+                "nat_gateway_data_processing": 0.045,  # per GB
+                "transit_gateway_monthly": 36.50,
+                "transit_gateway_attachment_hourly": 0.05,
+                "vpc_endpoint_interface_hourly": 0.01,
+                "data_transfer_regional": 0.01,  # per GB within region
+                "data_transfer_cross_region": 0.02,  # per GB cross-region
+                "data_transfer_internet": 0.09  # per GB to internet
+            }
+            
+            # Apply regional multipliers to fallback costs
+            return {
+                key: calculate_regional_cost(value, "us-east-1") 
+                for key, value in base_costs.items()
+            }
         
     async def analyze_comprehensive_vpc_costs(self, profile: Optional[str] = None, 
                                             regions: Optional[List[str]] = None) -> Dict[str, Any]: