runbooks 0.9.9__py3-none-any.whl → 1.0.1__py3-none-any.whl

runbooks/finops/finops_dashboard.py

@@ -22,7 +22,8 @@ AWS_AVAILABLE = True
 
 def get_aws_profiles() -> List[str]:
     """Stub implementation - use dashboard_runner.py instead."""
-    return ["default", "ams-admin-Billing-ReadOnlyAccess-909135376185"]
+    import os
+    return ["default", os.getenv("BILLING_PROFILE", "default-billing-profile")]
 
 
 def get_account_id(profile: str = "default") -> str:
@@ -46,10 +47,10 @@ class FinOpsConfig:
     include_budget_data: bool = True
     include_resource_analysis: bool = True
     
-    # Legacy compatibility properties with environment variable support
-    billing_profile: str = "ams-admin-Billing-ReadOnlyAccess-909135376185"
-    management_profile: str = "ams-admin-ReadOnlyAccess-909135376185"
-    operational_profile: str = "ams-centralised-ops-ReadOnlyAccess-335083429030"
+    # Legacy compatibility properties with universal environment support
+    billing_profile: str = field(default_factory=lambda: os.getenv("BILLING_PROFILE", "default-billing-profile"))
+    management_profile: str = field(default_factory=lambda: os.getenv("MANAGEMENT_PROFILE", "default-management-profile"))
+    operational_profile: str = field(default_factory=lambda: os.getenv("CENTRALISED_OPS_PROFILE", "default-ops-profile"))
     
     # Additional expected attributes from tests
     time_range_days: int = 30

runbooks/finops/iam_guidance.py

@@ -11,6 +11,8 @@ from rich.console import Console
 from rich.panel import Panel
 from rich.table import Table
 
+from runbooks.common import get_aws_cli_example_period
+
 console = Console()
 
 
@@ -311,6 +313,9 @@ def handle_cost_explorer_error(error: Exception, profile_name: Optional[str] = N
 
 def _display_single_account_cost_explorer_guidance(error: Exception, profile_name: Optional[str] = None):
     """Display context-aware guidance for single account Cost Explorer limitations."""
+    
+    # Get dynamic date period for CLI examples
+    start_date, end_date = get_aws_cli_example_period()
 
     # Main explanation panel
     explanation_panel = Panel(
@@ -354,7 +359,7 @@ def _display_single_account_cost_explorer_guidance(error: Exception, profile_nam
         f"[green]✅ Recommended Solutions:[/green]\n\n"
         f"{solution_commands}\n\n"
         f"[bold]🎯 Quick Test Commands:[/bold]\n"
-        f"• Test billing access: `aws ce get-cost-and-usage --time-period Start=2024-01-01,End=2024-01-02 --granularity MONTHLY --metrics UnblendedCost --profile your-billing-profile`\n"
+        f"• Test billing access: `aws ce get-cost-and-usage --time-period Start={start_date},End={end_date} --granularity MONTHLY --metrics UnblendedCost --profile your-billing-profile`\n"
         f"• List available profiles: `aws configure list-profiles`\n"
         f"• Check current identity: `aws sts get-caller-identity --profile {profile_name or 'your-profile'}`\n\n"
         f"[bold]💡 Alternative Approach:[/bold]\n"

runbooks/finops/markdown_exporter.py

@@ -458,7 +458,7 @@ class MarkdownExporter:
             "| " + " | ".join(["---" for _ in headers]) + " |"
         ]
         
-        # Process each VPC candidate
+        # Process each VPC candidate with enhanced data extraction
         for candidate in vpc_candidates:
             # Extract data with safe attribute access and formatting
             account_id = getattr(candidate, 'account_id', 'Unknown')
@@ -466,7 +466,44 @@ class MarkdownExporter:
             vpc_name = getattr(candidate, 'vpc_name', '') or 'Unnamed'
             cidr_block = getattr(candidate, 'cidr_block', 'Unknown')
             
-            # Handle overlapping logic - may need to calculate from CIDR analysis
+            # Handle overlapping logic - check CIDR conflicts
+            overlapping = self._check_cidr_overlapping(cidr_block, vpc_candidates)
+            
+            # Enhanced is_default handling
+            is_default = getattr(candidate, 'is_default', False)
+            is_default_display = "⚠️ Yes" if is_default else "No"
+            
+            # Enhanced ENI count
+            dependency_analysis = getattr(candidate, 'dependency_analysis', None)
+            eni_count = dependency_analysis.eni_count if dependency_analysis else 0
+            
+            # Enhanced tags with owner focus
+            tags_dict = getattr(candidate, 'tags', {}) or {}
+            tags_display = self._format_tags_for_owners_display(tags_dict)
+            
+            # Flow logs detection
+            flow_logs = self._detect_flow_logs(candidate)
+            
+            # TGW/Peering detection
+            tgw_peering = self._detect_tgw_peering(candidate)
+            
+            # Load balancers detection
+            lbs_present = self._detect_load_balancers(candidate)
+            
+            # IaC detection from tags
+            iac_detected = self._detect_iac_from_tags(tags_dict)
+            
+            # Timeline estimation based on VPC state
+            timeline = self._estimate_cleanup_timeline(candidate)
+            
+            # Decision based on bucket classification
+            decision = self._determine_cleanup_decision(candidate)
+            
+            # Enhanced owners/approvals extraction
+            owners_approvals = self._extract_owners_approvals(tags_dict, is_default)
+            
+            # Notes based on VPC characteristics
+            notes = self._generate_vpc_notes(candidate)
             overlapping = "Yes" if getattr(candidate, 'overlapping', False) else "No"
             
             # Format boolean indicators with emoji
@@ -649,6 +686,184 @@ class MarkdownExporter:
             print_warning(f"❌ Failed to export VPC analysis: {e}")
             return ""
 
+    def _check_cidr_overlapping(self, cidr_block: str, vpc_candidates: List[Any]) -> str:
+        """Check for CIDR block overlapping across VPCs."""
+        if not cidr_block or not vpc_candidates:
+            return "No"
+        
+        # Simple overlapping check - in enterprise scenario, this would use more sophisticated logic
+        current_cidr = cidr_block
+        for candidate in vpc_candidates:
+            other_cidr = getattr(candidate, 'cidr_block', None)
+            if other_cidr and other_cidr != current_cidr and current_cidr.startswith(other_cidr.split('/')[0].rsplit('.', 1)[0]):
+                return "Yes"
+        
+        return "No"
+
+    def _detect_flow_logs(self, candidate: Any) -> str:
+        """Detect if VPC has flow logs enabled."""
+        return "Yes" if getattr(candidate, 'flow_logs_enabled', False) else "No"
+
+    def _detect_tgw_peering(self, candidate: Any) -> str:
+        """Analyze Transit Gateway and VPC peering connections."""
+        # Check for TGW attachments and peering connections
+        tgw_attachments = getattr(candidate, 'tgw_attachments', []) or []
+        peering_connections = getattr(candidate, 'peering_connections', []) or []
+        
+        if tgw_attachments or peering_connections:
+            connection_count = len(tgw_attachments) + len(peering_connections)
+            return f"Yes ({connection_count})"
+        return "No"
+
+    def _detect_load_balancers(self, candidate: Any) -> str:
+        """Detect load balancers in the VPC."""
+        load_balancers = getattr(candidate, 'load_balancers', []) or []
+        return "Yes" if load_balancers else "No"
+
+    def _detect_iac_from_tags(self, tags_dict: dict) -> str:
+        """Detect Infrastructure as Code management from tags."""
+        iac_keys = ['aws:cloudformation:stack-name', 'terraform:module', 'cdktf:stack', 'pulumi:project']
+        for key in iac_keys:
+            if key in tags_dict and tags_dict[key]:
+                return "Yes"
+        return "No"
+
+    def _estimate_cleanup_timeline(self, candidate: Any) -> str:
+        """Estimate cleanup timeline based on complexity."""
+        # Simple heuristic based on dependencies
+        if hasattr(candidate, 'dependency_analysis') and candidate.dependency_analysis:
+            eni_count = getattr(candidate.dependency_analysis, 'eni_count', 0)
+        else:
+            eni_count = 0
+            
+        if eni_count == 0:
+            return "1-2 days"
+        elif eni_count < 5:
+            return "3-5 days" 
+        else:
+            return "1-2 weeks"
+
+    def _format_cleanup_decision(self, candidate: Any) -> str:
+        """Format cleanup decision recommendation."""
+        recommendation = getattr(candidate, 'cleanup_recommendation', 'unknown')
+        if recommendation == 'delete':
+            return "Delete"
+        elif recommendation == 'keep':
+            return "Keep"
+        elif recommendation == 'review':
+            return "Review"
+        else:
+            return "TBD"
+
+    def _format_tags_for_owners_display(self, tags_dict: dict) -> str:
+        """Format tags for display with priority on ownership information."""
+        if not tags_dict:
+            return "No tags"
+        
+        # Priority keys focusing on ownership and approvals
+        priority_keys = ['Name', 'Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact']
+        relevant_tags = []
+        
+        for key in priority_keys:
+            if key in tags_dict and tags_dict[key]:
+                relevant_tags.append(f"{key}:{tags_dict[key]}")
+                if len(relevant_tags) >= 3:  # Limit for table readability
+                    break
+        
+        return "; ".join(relevant_tags) if relevant_tags else f"({len(tags_dict)} tags)"
+
+    def _determine_cleanup_decision(self, candidate: Any) -> str:
+        """Determine cleanup decision based on VPC analysis."""
+        # Check the cleanup bucket from three-bucket strategy
+        cleanup_bucket = getattr(candidate, 'cleanup_bucket', 'unknown')
+        
+        if cleanup_bucket == 'bucket_1':
+            return "Delete"
+        elif cleanup_bucket == 'bucket_2': 
+            return "Review"
+        elif cleanup_bucket == 'bucket_3':
+            return "Keep"
+        else:
+            # Fallback logic based on other attributes
+            is_default = getattr(candidate, 'is_default', False)
+            has_eni = getattr(candidate, 'eni_count', 0) > 0
+            
+            if is_default and not has_eni:
+                return "Delete"
+            elif has_eni:
+                return "Review"
+            else:
+                return "TBD"
+
+    def _extract_owners_approvals(self, tags_dict: dict, is_default: bool) -> str:
+        """Extract owners and approval information from tags and VPC status."""
+        # Extract from tags with enhanced owner detection
+        owner_keys = ['Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact', 'CreatedBy', 'ManagedBy']
+        
+        extracted_owners = []
+        for key in owner_keys:
+            if key in tags_dict and tags_dict[key]:
+                value = tags_dict[key]
+                if 'business' in key.lower():
+                    extracted_owners.append(f"{value} (Business)")
+                elif 'technical' in key.lower():
+                    extracted_owners.append(f"{value} (Technical)")
+                elif 'team' in key.lower():
+                    extracted_owners.append(f"{value} (Team)")
+                else:
+                    extracted_owners.append(f"{value} ({key})")
+                
+                if len(extracted_owners) >= 2:  # Limit for table readability
+                    break
+        
+        if extracted_owners:
+            return "; ".join(extracted_owners)
+        
+        # Fallback based on VPC type
+        if is_default:
+            return "System Default VPC"
+        else:
+            # Check for IaC tags
+            iac_keys = ['aws:cloudformation:stack-name', 'terraform:module', 'cdktf:stack', 'pulumi:project']
+            for key in iac_keys:
+                if key in tags_dict and tags_dict[key]:
+                    return "IaC Managed"
+            return "No owner tags found"
+
+    def _generate_vpc_notes(self, candidate: Any) -> str:
+        """Generate comprehensive notes for VPC candidate."""
+        notes = []
+        
+        # Add bucket classification note
+        cleanup_bucket = getattr(candidate, 'cleanup_bucket', 'unknown')
+        if cleanup_bucket == 'bucket_1':
+            notes.append("Internal data plane - safe for cleanup")
+        elif cleanup_bucket == 'bucket_2':
+            notes.append("External interconnects - requires analysis")
+        elif cleanup_bucket == 'bucket_3':
+            notes.append("Control plane - manual review required")
+            
+        # Add ENI count if significant
+        if hasattr(candidate, 'dependency_analysis') and candidate.dependency_analysis:
+            eni_count = getattr(candidate.dependency_analysis, 'eni_count', 0)
+            if eni_count > 0:
+                notes.append(f"{eni_count} ENI attachments")
+        
+        # Add default VPC note
+        if getattr(candidate, 'is_default', False):
+            notes.append("Default VPC (CIS compliance issue)")
+            
+        # Add IaC detection
+        if getattr(candidate, 'iac_detected', False):
+            notes.append("IaC managed")
+            
+        # Add security concerns
+        risk_level = getattr(candidate, 'risk_level', 'unknown')
+        if risk_level == 'high':
+            notes.append("High security risk")
+            
+        return "; ".join(notes) if notes else "Standard VPC cleanup candidate"
+
 
 def export_finops_to_markdown(
     profile_data: Union[Dict[str, Any], List[Dict[str, Any]]],

runbooks/finops/nat_gateway_optimizer.py

@@ -49,6 +49,7 @@ from ..common.rich_utils import (
     console, print_header, print_success, print_error, print_warning, print_info,
     create_table, create_progress_bar, format_cost, create_panel, STATUS_INDICATORS
 )
+from ..common.aws_pricing import get_service_monthly_cost, calculate_annual_cost
 from .embedded_mcp_validator import EmbeddedMCPValidator
 from ..common.profile_utils import get_profile_for_operation
 
@@ -139,14 +140,24 @@ class NATGatewayOptimizer:
             profile_name=get_profile_for_operation("operational", profile_name)
         )
         
-        # NAT Gateway pricing (per hour, as of 2024)
-        self.nat_gateway_hourly_cost = 0.045  # $0.045/hour
-        self.nat_gateway_data_processing_cost = 0.045  # $0.045/GB
+        # NAT Gateway pricing - using dynamic pricing engine
+        # Base monthly cost calculation (will be applied per region)
+        self._base_monthly_cost_us_east_1 = get_service_monthly_cost("nat_gateway", "us-east-1")
+        self.nat_gateway_data_processing_cost = get_service_monthly_cost("data_transfer", "us-east-1")  # Dynamic data transfer pricing
         
         # Enterprise thresholds for optimization recommendations
         self.low_usage_threshold_connections = 10  # Active connections per day
         self.low_usage_threshold_bytes = 1_000_000  # 1MB per day
         self.analysis_period_days = 7  # CloudWatch analysis period
+    
+    def _get_regional_monthly_cost(self, region: str) -> float:
+        """Get dynamic monthly NAT Gateway cost for specified region."""
+        try:
+            return get_service_monthly_cost("nat_gateway", region)
+        except Exception:
+            # Fallback to regional cost calculation using dynamic pricing
+            from ..common.aws_pricing import calculate_regional_cost
+            return calculate_regional_cost(self._base_monthly_cost_us_east_1, region, "nat_gateway", self.profile_name)
         
     async def analyze_nat_gateways(self, dry_run: bool = True) -> NATGatewayOptimizerResults:
         """
@@ -413,9 +424,9 @@ class NATGatewayOptimizer:
                 metrics = usage_metrics.get(nat_gateway.nat_gateway_id)
                 route_tables = dependencies.get(nat_gateway.nat_gateway_id, [])
                 
-                # Calculate current costs
-                monthly_cost = self.nat_gateway_hourly_cost * 24 * 30  # Base hourly cost
-                annual_cost = monthly_cost * 12
+                # Calculate current costs using dynamic pricing
+                monthly_cost = self._get_regional_monthly_cost(nat_gateway.region)
+                annual_cost = calculate_annual_cost(monthly_cost)
                 
                 # Determine optimization recommendation
                 recommendation = "retain"  # Default: keep the NAT Gateway
@@ -724,9 +735,9 @@ class TransitGatewayCostAnalysis(BaseModel):
     """Transit Gateway cost analysis results"""  
     transit_gateway_id: str
     region: str
-    monthly_base_cost: float = 36.50  # $36.50/month base cost
+    monthly_base_cost: float = 0.0  # Will be calculated dynamically based on region
     attachment_count: int = 0
-    attachment_hourly_cost: float = 0.05  # $0.05/hour per attachment
+    attachment_hourly_cost: float = 0.05  # $0.05/hour per attachment (attachment pricing)
     data_processing_cost: float = 0.0
     total_monthly_cost: float = 0.0
     annual_cost: float = 0.0
@@ -737,7 +748,7 @@ class NetworkDataTransferCostAnalysis(BaseModel):
     """Network data transfer cost analysis"""
     region_pair: str  # e.g., "us-east-1 -> us-west-2"
     monthly_gb_transferred: float = 0.0
-    cost_per_gb: float = 0.02  # Varies by region pair
+    cost_per_gb: float = 0.0  # Will be calculated dynamically based on region pair
     monthly_transfer_cost: float = 0.0
     annual_transfer_cost: float = 0.0
     optimization_recommendations: List[str] = Field(default_factory=list)
@@ -763,17 +774,62 @@ class EnhancedVPCCostOptimizer:
         self.profile = profile
         self.nat_optimizer = NATGatewayOptimizer(profile=profile)
         
-        # Cost model from vpc cost_engine.py
-        self.cost_model = {
-            "nat_gateway_hourly": 0.045,
-            "nat_gateway_data_processing": 0.045,  # per GB
-            "transit_gateway_monthly": 36.50,
-            "transit_gateway_attachment_hourly": 0.05,
-            "vpc_endpoint_interface_hourly": 0.01,
-            "data_transfer_regional": 0.01,  # per GB within region
-            "data_transfer_cross_region": 0.02,  # per GB cross-region
-            "data_transfer_internet": 0.09  # per GB to internet
-        }
+        # Dynamic cost model using AWS pricing engine
+        self.cost_model = self._initialize_dynamic_cost_model()
+    
+    def _initialize_dynamic_cost_model(self) -> Dict[str, float]:
+        """Initialize dynamic cost model using AWS pricing engine with universal compatibility."""
+        try:
+            # Get base pricing for us-east-1, then apply regional multipliers as needed
+            base_region = "us-east-1"
+            
+            return {
+                "nat_gateway_monthly": get_service_monthly_cost("nat_gateway", base_region, self.profile),
+                "nat_gateway_data_processing": get_service_monthly_cost("data_transfer", base_region, self.profile),
+                "transit_gateway_monthly": get_service_monthly_cost("transit_gateway", base_region, self.profile),
+                "vpc_endpoint_monthly": get_service_monthly_cost("vpc_endpoint", base_region, self.profile),
+                "vpc_endpoint_interface_hourly": get_service_monthly_cost("vpc_endpoint_interface", base_region, self.profile) / (24 * 30),
+                "transit_gateway_attachment_hourly": get_service_monthly_cost("transit_gateway_attachment", base_region, self.profile) / (24 * 30),
+                "data_transfer_regional": get_service_monthly_cost("data_transfer", base_region, self.profile),
+                "data_transfer_internet": get_service_monthly_cost("data_transfer", base_region, self.profile) * 4.5,  # Internet is ~4.5x higher
+            }
+        except Exception as e:
+            print_warning(f"Dynamic pricing initialization failed: {e}")
+            print_warning("Attempting AWS Pricing API fallback with universal profile support")
+            # Enhanced fallback with AWS Pricing API integration
+            from ..common.aws_pricing import get_aws_pricing_engine, AWSOfficialPricingEngine
+            
+            try:
+                # Use AWS Pricing API with profile support for universal compatibility
+                pricing_engine = get_aws_pricing_engine(profile=self.profile, enable_fallback=True)
+                
+                # Get actual AWS pricing instead of hardcoded values
+                nat_gateway_pricing = pricing_engine.get_nat_gateway_pricing("us-east-1")
+                transit_gateway_pricing = pricing_engine.get_transit_gateway_pricing("us-east-1")
+                vpc_endpoint_pricing = pricing_engine.get_vpc_endpoint_pricing("us-east-1")
+                data_transfer_pricing = pricing_engine.get_data_transfer_pricing("us-east-1", "internet")
+                
+                return {
+                    "nat_gateway_monthly": nat_gateway_pricing.monthly_cost,
+                    "nat_gateway_data_processing": data_transfer_pricing.cost_per_gb,
+                    "transit_gateway_monthly": transit_gateway_pricing.monthly_cost,
+                    "transit_gateway_attachment_hourly": transit_gateway_pricing.attachment_hourly_cost,
+                    "vpc_endpoint_interface_hourly": vpc_endpoint_pricing.interface_hourly_cost,
+                    "data_transfer_regional": data_transfer_pricing.cost_per_gb * 0.1,  # Regional is ~10% of internet cost
+                    "data_transfer_cross_region": data_transfer_pricing.cost_per_gb * 0.2,  # Cross-region is ~20% of internet cost
+                    "data_transfer_internet": data_transfer_pricing.cost_per_gb
+                }
+                
+            except Exception as pricing_error:
+                print_error(f"ENTERPRISE COMPLIANCE VIOLATION: Cannot determine pricing without AWS API access: {pricing_error}")
+                print_warning("Universal compatibility requires dynamic pricing - hardcoded values not permitted")
+                
+                # Return error state instead of hardcoded values to maintain enterprise compliance
+                raise RuntimeError(
+                    "Universal compatibility mode requires dynamic AWS pricing API access. "
+                    "Please ensure your AWS profile has pricing:GetProducts permissions or configure "
+                    "appropriate billing/management profile access."
+                )
         
     async def analyze_comprehensive_vpc_costs(self, profile: Optional[str] = None, 
                                             regions: Optional[List[str]] = None) -> Dict[str, Any]:

runbooks/finops/tests/test_integration.py

@@ -34,6 +34,8 @@ try:
     except ImportError:
         # Define mock_costexplorer as a no-op decorator for compatibility
         def mock_costexplorer(func):
+    # Dynamic test period for consistent test data
+    test_period = get_test_date_period(30)
             def wrapper(*args, **kwargs):
                 return func(*args, **kwargs)
 
@@ -128,7 +130,7 @@ class TestAWSIntegrationWithMoto:
         mock_cost_data = {
             "ResultsByTime": [
                 {
-                    "TimePeriod": {"Start": "2024-01-01", "End": "2024-01-31"},
+                    "TimePeriod": {"Start": test_period["Start"], "End": test_period["End"]},
                     "Total": {"UnblendedCost": {"Amount": "50000.00", "Unit": "USD"}},
                     "Groups": [
                         {"Keys": ["EC2-Instance"], "Metrics": {"UnblendedCost": {"Amount": "20000.00", "Unit": "USD"}}},

runbooks/finops/vpc_cleanup_exporter.py

@@ -19,20 +19,28 @@ from .markdown_exporter import MarkdownExporter
 
 
 def _format_tags_for_display(tags_dict: Dict[str, str]) -> str:
-    """Format tags for display with priority order."""
+    """Format tags for display with priority order, emphasizing ownership tags."""
     if not tags_dict:
         return "No tags"
     
-    priority_keys = ['Name', 'Environment', 'Project', 'Owner', 'BusinessOwner', 'Team', 'CostCenter']
+    # Enhanced priority keys with focus on ownership and approvals
+    priority_keys = ['Name', 'Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact', 
+                    'Environment', 'Project', 'CostCenter', 'CreatedBy', 'ManagedBy']
     relevant_tags = []
     
     for key in priority_keys:
         if key in tags_dict and tags_dict[key]:
             relevant_tags.append(f"{key}:{tags_dict[key]}")
     
+    # Add CloudFormation/Terraform tags for IaC detection
+    iac_keys = ['aws:cloudformation:stack-name', 'terraform:module', 'cdktf:stack', 'pulumi:project']
+    for key in iac_keys:
+        if key in tags_dict and tags_dict[key] and len(relevant_tags) < 6:
+            relevant_tags.append(f"IaC:{tags_dict[key]}")
+    
     # Add other important tags
     for key, value in tags_dict.items():
-        if key not in priority_keys and value and len(relevant_tags) < 5:
+        if key not in priority_keys + iac_keys and value and len(relevant_tags) < 5:
             relevant_tags.append(f"{key}:{value}")
     
     return "; ".join(relevant_tags) if relevant_tags else f"({len(tags_dict)} tags)"
@@ -118,40 +126,34 @@ def _export_vpc_candidates_csv(vpc_candidates: List[Any], output_dir: str) -> st
             # Extract data with enhanced tag and owner handling
             tags_dict = getattr(candidate, 'tags', {}) or {}
             
-            # Enhanced tag display - prioritize important tags
-            if tags_dict:
-                priority_keys = ['Name', 'Environment', 'Project', 'Owner', 'BusinessOwner', 'Team']
-                relevant_tags = []
-                for key in priority_keys:
-                    if key in tags_dict and tags_dict[key]:
-                        relevant_tags.append(f"{key}:{tags_dict[key]}")
-                
-                # Add other important tags
-                for key, value in tags_dict.items():
-                    if key not in priority_keys and value and len(relevant_tags) < 5:
-                        relevant_tags.append(f"{key}:{value}")
-                
-                tags_str = "; ".join(relevant_tags)
-            else:
-                tags_str = "No tags"
+            # Use enhanced tag formatting function
+            tags_str = _format_tags_for_display(tags_dict)
             
             load_balancers = getattr(candidate, 'load_balancers', []) or []
             lbs_present = "Yes" if load_balancers else "No"
             
-            # Enhanced owner extraction
+            # Enhanced owner extraction from multiple sources
             owners = getattr(candidate, 'owners_approvals', []) or []
             
-            # If no owners found via attributes, extract from tags directly
+            # Extract owners from tags with enhanced logic
             if not owners and tags_dict:
                 owner_keys = ['Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Contact', 'CreatedBy', 'ManagedBy']
                 for key in owner_keys:
                     if key in tags_dict and tags_dict[key]:
-                        if 'business' in key.lower() or 'manager' in tags_dict[key].lower():
-                            owners.append(f"{tags_dict[key]} (Business)")
-                        elif 'technical' in key.lower() or any(tech in tags_dict[key].lower() for tech in ['ops', 'devops', 'engineering']):
-                            owners.append(f"{tags_dict[key]} (Technical)")
+                        value = tags_dict[key]
+                        if 'business' in key.lower() or 'manager' in value.lower():
+                            owners.append(f"{value} (Business)")
+                        elif 'technical' in key.lower() or 'engineer' in value.lower():
+                            owners.append(f"{value} (Technical)")
+                        elif 'team' in key.lower():
+                            owners.append(f"{value} (Team)")
                         else:
-                            owners.append(tags_dict[key])
+                            owners.append(f"{value} ({key})")
+            
+            # For default VPCs, add system indicator
+            is_default = getattr(candidate, 'is_default', False)
+            if is_default and not owners:
+                owners.append("System Default")
             
             if owners:
                 owners_str = "; ".join(owners)