runbooks 0.9.9__py3-none-any.whl → 1.0.1__py3-none-any.whl

runbooks/vpc/vpc_cleanup_integration.py

@@ -26,7 +26,7 @@ from rich.progress import Progress, SpinnerColumn, TextColumn, BarColumn, TimeRe
 from rich.table import Table
 from rich.tree import Tree
 
-from runbooks.common.profile_utils import create_operational_session
+from runbooks.common.profile_utils import create_operational_session, create_cost_session, create_management_session
 from runbooks.common.performance_monitor import get_performance_benchmark
 from runbooks.common.enhanced_exception_handler import create_exception_handler, ErrorContext
 from .cost_engine import NetworkingCostEngine
@@ -251,10 +251,13 @@ class VPCCleanupFramework:
             console=console
         )
         
-        # Initialize cost engine for financial impact analysis
-        self.cost_engine = NetworkingCostEngine(
-            session=self.session
-        ) if self.session else None
+        # Initialize cost engine for financial impact analysis with billing session
+        try:
+            billing_session = create_cost_session(profile=profile)
+            self.cost_engine = NetworkingCostEngine(session=billing_session)
+        except Exception as e:
+            self.console.log(f"[yellow]Warning: Cost analysis unavailable - {e}[/]")
+            self.cost_engine = None
         
         # Results storage
         self.cleanup_candidates: List[VPCCleanupCandidate] = []
@@ -320,13 +323,22 @@ class VPCCleanupFramework:
                     )
                 
                 # Enhanced performance target validation
-                self._validate_performance_targets(metrics)
+                try:
+                    self._validate_performance_targets(metrics)
+                except Exception as e:
+                    logger.error(f"Error in performance validation: {e}")
                 
                 # Display comprehensive performance summary
-                self._display_enhanced_performance_summary()
+                try:
+                    self._display_enhanced_performance_summary()
+                except Exception as e:
+                    logger.error(f"Error in performance summary display: {e}")
                 
                 # Log DORA metrics for compliance
-                self._log_dora_metrics(start_time, len(candidates), True)
+                try:
+                    self._log_dora_metrics(start_time, len(candidates), True)
+                except Exception as e:
+                    logger.error(f"Error in DORA metrics logging: {e}")
                 
                 return candidates
                 
@@ -525,7 +537,16 @@ class VPCCleanupFramework:
             
         except Exception as e:
             circuit_breaker.record_failure()
-            logger.error(f"VPC analysis failed for {vpc_id}: {e}")
+            # Add detailed debugging for format string errors
+            import traceback
+            if "unsupported format string passed to NoneType.__format__" in str(e):
+                logger.error(f"FORMAT STRING ERROR in VPC analysis for {vpc_id}:")
+                logger.error(f"Exception type: {type(e)}")
+                logger.error(f"Exception message: {e}")
+                logger.error("Full traceback:")
+                logger.error(traceback.format_exc())
+            else:
+                logger.error(f"VPC analysis failed for {vpc_id}: {e}")
             raise
 
     def _analyze_vpc_dependencies_optimized(self, candidate: VPCCleanupCandidate, ec2_client) -> None:
@@ -545,34 +566,53 @@ class VPCCleanupFramework:
         dependency_start_time = time.time()
         
         try:
-            # Batch dependency analysis operations for better performance
+            # Batch dependency analysis operations with enhanced error handling
             if self.enable_parallel_processing and self.executor:
-                # Parallel dependency analysis
-                dependency_futures = {
-                    'nat_gateways': self.executor.submit(self._analyze_nat_gateways, vpc_id, ec2_client),
-                    'vpc_endpoints': self.executor.submit(self._analyze_vpc_endpoints, vpc_id, ec2_client),
-                    'route_tables': self.executor.submit(self._analyze_route_tables, vpc_id, ec2_client),
-                    'security_groups': self.executor.submit(self._analyze_security_groups, vpc_id, ec2_client),
-                    'network_acls': self.executor.submit(self._analyze_network_acls, vpc_id, ec2_client),
-                    'vpc_peering': self.executor.submit(self._analyze_vpc_peering, vpc_id, ec2_client),
-                    'tgw_attachments': self.executor.submit(self._analyze_transit_gateway_attachments, vpc_id, ec2_client),
-                    'internet_gateways': self.executor.submit(self._analyze_internet_gateways, vpc_id, ec2_client),
-                    'vpn_gateways': self.executor.submit(self._analyze_vpn_gateways, vpc_id, ec2_client),
-                    'elastic_ips': self.executor.submit(self._analyze_elastic_ips, vpc_id, ec2_client),
-                    'load_balancers': self.executor.submit(self._analyze_load_balancers, vpc_id, ec2_client),
-                    'network_interfaces': self.executor.submit(self._analyze_network_interfaces, vpc_id, ec2_client),
-                    'rds_subnet_groups': self.executor.submit(self._analyze_rds_subnet_groups, vpc_id),
-                    'elasticache_subnet_groups': self.executor.submit(self._analyze_elasticache_subnet_groups, vpc_id),
-                }
+                dependency_futures = {}
                 
-                # Collect results
-                for dep_type, future in dependency_futures.items():
-                    try:
-                        deps = future.result(timeout=30)  # 30 second timeout per dependency type
-                        dependencies.extend(deps)
-                    except Exception as e:
-                        logger.warning(f"Failed to analyze {dep_type} for VPC {vpc_id}: {e}")
-                        self.performance_metrics.error_count += 1
+                try:
+                    # Check executor state before submitting tasks
+                    if self.executor._shutdown:
+                        logger.warning("Executor is shutdown, falling back to sequential processing")
+                        raise Exception("Executor unavailable")
+                        
+                    # Parallel dependency analysis with enhanced error handling
+                    dependency_futures = {
+                        'nat_gateways': self.executor.submit(self._analyze_nat_gateways, vpc_id, ec2_client),
+                        'vpc_endpoints': self.executor.submit(self._analyze_vpc_endpoints, vpc_id, ec2_client),
+                        'route_tables': self.executor.submit(self._analyze_route_tables, vpc_id, ec2_client),
+                        'security_groups': self.executor.submit(self._analyze_security_groups, vpc_id, ec2_client),
+                        'network_acls': self.executor.submit(self._analyze_network_acls, vpc_id, ec2_client),
+                        'vpc_peering': self.executor.submit(self._analyze_vpc_peering, vpc_id, ec2_client),
+                        'tgw_attachments': self.executor.submit(self._analyze_transit_gateway_attachments, vpc_id, ec2_client),
+                        'internet_gateways': self.executor.submit(self._analyze_internet_gateways, vpc_id, ec2_client),
+                        'vpn_gateways': self.executor.submit(self._analyze_vpn_gateways, vpc_id, ec2_client),
+                        'elastic_ips': self.executor.submit(self._analyze_elastic_ips, vpc_id, ec2_client),
+                        'load_balancers': self.executor.submit(self._analyze_load_balancers, vpc_id, ec2_client),
+                        'network_interfaces': self.executor.submit(self._analyze_network_interfaces, vpc_id, ec2_client),
+                        'rds_subnet_groups': self.executor.submit(self._analyze_rds_subnet_groups, vpc_id),
+                        'elasticache_subnet_groups': self.executor.submit(self._analyze_elasticache_subnet_groups, vpc_id),
+                    }
+                    
+                    # Collect results with enhanced timeout and error handling
+                    for dep_type, future in dependency_futures.items():
+                        try:
+                            deps = future.result(timeout=30)  # 30 second timeout per dependency type
+                            if deps:  # Only extend if not None
+                                dependencies.extend(deps)
+                        except concurrent.futures.TimeoutError:
+                            logger.warning(f"Timeout analyzing {dep_type} for VPC {vpc_id} (>30s)")
+                            self.performance_metrics.error_count += 1
+                        except AttributeError as e:
+                            logger.error(f"Executor attribute error for {dep_type} in VPC {vpc_id}: {e}")
+                            self.performance_metrics.error_count += 1
+                        except Exception as e:
+                            logger.warning(f"Failed to analyze {dep_type} for VPC {vpc_id}: {e}")
+                            self.performance_metrics.error_count += 1
+                            
+                except Exception as executor_error:
+                    logger.error(f"Executor initialization/submission failed: {executor_error}")
+                    # Fall through to sequential processing
                         
             else:
                 # Sequential analysis (fallback)
@@ -673,10 +713,26 @@ class VPCCleanupFramework:
         
         self.console.print(f"[cyan]🌐 Multi-account analysis across {len(account_profiles)} accounts[/cyan]")
         
-        for profile in account_profiles:
+        for account_item in account_profiles:
             try:
-                # Create session for this account
-                account_session = create_operational_session(profile=profile)
+                # Handle both AccountSession objects and profile strings for backward compatibility
+                if hasattr(account_item, 'session') and hasattr(account_item, 'account_id'):
+                    # New AccountSession object from cross-account session manager
+                    account_session = account_item.session
+                    account_id = account_item.account_id
+                    account_name = getattr(account_item, 'account_name', account_id)
+                    profile_display = f"{account_name} ({account_id})"
+                else:
+                    # Legacy profile string - use old method for backward compatibility
+                    profile = account_item
+                    try:
+                        from runbooks.finops.aws_client import get_cached_session
+                        account_session = get_cached_session(profile)
+                    except ImportError:
+                        # Extract profile name from Organizations API format (profile@accountId)
+                        actual_profile = profile.split("@")[0] if "@" in profile else profile
+                        account_session = create_operational_session(profile=actual_profile)
+                    profile_display = profile
                 
                 # Temporarily update session for analysis
                 original_session = self.session
@@ -1276,7 +1332,7 @@ class VPCCleanupFramework:
                 if dep.resource_type == 'NatGateway':
                     # Base NAT Gateway cost
                     monthly_cost += 45.0  # $0.05/hour * 24 * 30
-                elif dep.resource_type == 'VpcEndpoint' and 'Interface' in dep.description:
+                elif dep.resource_type == 'VpcEndpoint' and 'Interface' in (dep.description or ''):
                     # Interface endpoint cost (estimated 1 AZ)
                     monthly_cost += 10.0
                 elif dep.resource_type == 'LoadBalancer':
@@ -1325,10 +1381,10 @@ class VPCCleanupFramework:
         for candidate in candidates:
             phases[candidate.cleanup_phase].append(candidate)
         
-        # Calculate totals
+        # Calculate totals with None-safe calculations
         total_vpcs = len(candidates)
-        total_cost_savings = sum(candidate.annual_savings for candidate in candidates)
-        total_blocking_deps = sum(candidate.blocking_dependencies for candidate in candidates)
+        total_cost_savings = sum((candidate.annual_savings or 0.0) for candidate in candidates)
+        total_blocking_deps = sum((candidate.blocking_dependencies or 0) for candidate in candidates)
         
         # Enhanced Three-Bucket Logic Implementation
         three_bucket_classification = self._apply_three_bucket_logic(candidates)
@@ -1362,7 +1418,7 @@ class VPCCleanupFramework:
                 cleanup_plan['phases'][phase.value] = {
                     'candidate_count': len(phase_candidates),
                     'candidates': [self._serialize_candidate(c) for c in phase_candidates],
-                    'total_savings': sum(c.annual_savings for c in phase_candidates),
+                    'total_savings': sum((c.annual_savings or 0.0) for c in phase_candidates),
                     'average_timeline': self._calculate_average_timeline(phase_candidates),
                     'risk_distribution': self._analyze_risk_distribution(phase_candidates)
                 }
@@ -1466,21 +1522,21 @@ class VPCCleanupFramework:
                 'count': len(bucket_1_safe),
                 'percentage': round(safe_percentage, 1),
                 'vpc_ids': [c.vpc_id for c in bucket_1_safe],
-                'total_savings': sum(c.annual_savings for c in bucket_1_safe),
+                'total_savings': sum((c.annual_savings or 0.0) for c in bucket_1_safe),
                 'criteria': 'Zero ENIs, no dependencies, no IaC (default/non-default both allowed)'
             },
             'bucket_2_analysis_required': {
                 'count': len(bucket_2_analysis), 
                 'percentage': round(analysis_percentage, 1),
                 'vpc_ids': [c.vpc_id for c in bucket_2_analysis],
-                'total_savings': sum(c.annual_savings for c in bucket_2_analysis),
+                'total_savings': sum((c.annual_savings or 0.0) for c in bucket_2_analysis),
                 'criteria': 'Limited dependencies, low-medium risk, analysis needed'
             },
             'bucket_3_complex_approval': {
                 'count': len(bucket_3_complex),
                 'percentage': round(complex_percentage, 1), 
                 'vpc_ids': [c.vpc_id for c in bucket_3_complex],
-                'total_savings': sum(c.annual_savings for c in bucket_3_complex),
+                'total_savings': sum((c.annual_savings or 0.0) for c in bucket_3_complex),
                 'criteria': 'Multiple dependencies, IaC managed, or high risk'
             },
             'safety_gates': {
@@ -1528,7 +1584,7 @@ class VPCCleanupFramework:
                     'name': phase.value,
                     'duration': self._calculate_average_timeline(candidates),
                     'vpc_count': len(candidates),
-                    'savings_potential': sum(c.annual_savings for c in candidates),
+                    'savings_potential': sum((c.annual_savings or 0.0) for c in candidates),
                     'key_activities': self._get_phase_activities(phase),
                     'success_criteria': self._get_phase_success_criteria(phase),
                     'stakeholders': self._get_phase_stakeholders(phase)
@@ -1543,7 +1599,7 @@ class VPCCleanupFramework:
         return {
             'security_improvement': {
                 'default_vpcs_eliminated': default_vpc_count,
-                'attack_surface_reduction': f"{(len([c for c in candidates if c.blocking_dependencies == 0]) / len(candidates) * 100):.1f}%" if candidates else "0%",
+                'attack_surface_reduction': f"{(len([c for c in candidates if (c.blocking_dependencies or 0) == 0]) / len(candidates) * 100):.1f}%" if candidates else "0%",
                 'compliance_benefit': 'CIS Benchmark compliance' if default_vpc_count > 0 else 'Network governance improvement'
             },
             'operational_benefits': {
@@ -1553,10 +1609,10 @@ class VPCCleanupFramework:
                 'enhanced_incident_response': True
             },
             'financial_impact': {
-                'total_annual_savings': sum(c.annual_savings for c in candidates),
+                'total_annual_savings': sum((c.annual_savings or 0.0) for c in candidates),
                 'implementation_cost_estimate': 5000,  # Conservative estimate
-                'roi_percentage': ((sum(c.annual_savings for c in candidates) / 5000) * 100) if sum(c.annual_savings for c in candidates) > 0 else 0,
-                'payback_period_months': max(1, 5000 / max(sum(c.monthly_cost for c in candidates), 1))
+                'roi_percentage': ((sum((c.annual_savings or 0.0) for c in candidates) / 5000) * 100) if sum((c.annual_savings or 0.0) for c in candidates) > 0 else 0,
+                'payback_period_months': max(1, 5000 / max(sum((c.monthly_cost or 0.0) for c in candidates), 1))
             }
         }
 
@@ -1689,7 +1745,7 @@ class VPCCleanupFramework:
         return stakeholders.get(phase, [])
 
     def display_cleanup_analysis(self, candidates: Optional[List[VPCCleanupCandidate]] = None) -> None:
-        """Display comprehensive VPC cleanup analysis with Rich formatting"""
+        """Display comprehensive VPC cleanup analysis with Rich formatting and 16-column business-ready table"""
         if not candidates:
             candidates = self.cleanup_candidates
             
@@ -1700,12 +1756,13 @@ class VPCCleanupFramework:
         # Summary panel
         total_vpcs = len(candidates)
         immediate_count = len([c for c in candidates if c.cleanup_phase == VPCCleanupPhase.IMMEDIATE])
-        total_savings = sum(c.annual_savings for c in candidates)
+        total_savings = sum((c.annual_savings or 0.0) for c in candidates)
         
+        percentage = (immediate_count/total_vpcs*100) if total_vpcs > 0 else 0
         summary = (
             f"[bold blue]📊 VPC CLEANUP ANALYSIS SUMMARY[/bold blue]\n"
             f"Total VPCs Analyzed: [yellow]{total_vpcs}[/yellow]\n"
-            f"Immediate Cleanup Ready: [green]{immediate_count}[/green] ({(immediate_count/total_vpcs*100):.1f}%)\n"
+            f"Immediate Cleanup Ready: [green]{immediate_count}[/green] ({percentage:.1f}%)\n"
             f"Total Annual Savings: [bold green]${total_savings:,.2f}[/bold green]\n"
             f"Default VPCs Found: [red]{len([c for c in candidates if c.is_default])}[/red]\n"
             f"Safety Mode: [cyan]{'ENABLED' if self.safety_mode else 'DISABLED'}[/cyan]"
@@ -1713,7 +1770,11 @@ class VPCCleanupFramework:
         
         self.console.print(Panel(summary, title="VPC Cleanup Analysis", style="white", width=80))
         
-        # Candidates by phase
+        # Display comprehensive 16-column analysis table
+        self._display_comprehensive_analysis_table(candidates)
+        
+        # Display phase-grouped candidates (legacy view)
+        self.console.print(f"\n[dim]💡 Displaying phase-grouped analysis below...[/dim]")
         phases = {}
         for candidate in candidates:
             phase = candidate.cleanup_phase
@@ -1725,6 +1786,351 @@ class VPCCleanupFramework:
             if phase_candidates:
                 self._display_phase_candidates(phase, phase_candidates)
 
+    def _display_comprehensive_analysis_table(self, candidates: List[VPCCleanupCandidate]) -> None:
+        """Display comprehensive 16-column business-ready VPC cleanup analysis table"""
+        self.console.print(f"\n[bold blue]📋 COMPREHENSIVE VPC CLEANUP ANALYSIS TABLE[/bold blue]")
+        
+        # Detect CIDR overlaps
+        cidr_overlaps = self._detect_cidr_overlaps(candidates)
+        
+        # Create comprehensive table with all 16 columns (optimized widths for better readability)
+        table = Table(
+            show_header=True, 
+            header_style="bold magenta",
+            title="VPC Cleanup Decision Table - Business Approval Ready",
+            show_lines=True,
+            width=200  # Allow wider table for better display
+        )
+        
+        # Add all 16 required columns with optimized widths and shortened names for better visibility
+        table.add_column("#", style="dim", width=2, justify="right")
+        table.add_column("Account", style="cyan", width=8)
+        table.add_column("VPC_ID", style="yellow", width=12)
+        table.add_column("VPC_Name", style="green", width=12)
+        table.add_column("CIDR", style="blue", width=11)
+        table.add_column("Overlap", style="red", width=7, justify="center")
+        table.add_column("Default", style="magenta", width=7, justify="center")
+        table.add_column("ENIs", style="orange1", width=4, justify="right")
+        table.add_column("Tags", style="dim", width=18)
+        table.add_column("FlowLog", style="purple", width=7, justify="center")
+        table.add_column("TGW/Peer", style="bright_red", width=8, justify="center")
+        table.add_column("LBs", style="bright_green", width=6, justify="center")
+        table.add_column("IaC", style="bright_blue", width=4, justify="center")
+        table.add_column("Timeline", style="bright_cyan", width=8)
+        table.add_column("Decision", style="bold white", width=10)
+        table.add_column("Owners", style="bright_yellow", width=12)
+        table.add_column("Notes", style="dim", width=12)
+        
+        # Add data rows
+        for idx, candidate in enumerate(candidates, 1):
+            # Extract comprehensive metadata
+            tags_str = self._format_tags_string(candidate.tags)
+            owners_str = self._extract_owner_information(candidate.tags)
+            overlapping = "YES" if candidate.vpc_id in cidr_overlaps else "NO"
+            tgw_peering = self._check_tgw_peering_connections(candidate)
+            lbs_present = self._check_load_balancers(candidate)
+            decision = self._determine_cleanup_decision(candidate)
+            notes = self._generate_analysis_notes(candidate)
+            
+            # Defensive handling for None values in table row
+            try:
+                table.add_row(
+                    str(idx),
+                    (candidate.account_id[-6:] if candidate.account_id and candidate.account_id != "unknown" else "N/A"),
+                    self._truncate_text(candidate.vpc_id or "N/A", 11),
+                    self._truncate_text(candidate.vpc_name or "N/A", 11),
+                    self._truncate_text(candidate.cidr_block or "N/A", 10),
+                    overlapping or "N/A",
+                    "YES" if candidate.is_default else "NO",
+                    str(candidate.eni_count or 0),
+                    self._truncate_text(tags_str or "N/A", 17),
+                    "YES" if candidate.flow_logs_enabled else "NO",
+                    tgw_peering or "NO",
+                    lbs_present or "NO", 
+                    "YES" if candidate.iac_managed else "NO",
+                    self._truncate_text(candidate.implementation_timeline or "TBD", 7),
+                    decision or "REVIEW",
+                    self._truncate_text(owners_str or "N/A", 11),
+                    self._truncate_text(notes or "N/A", 11)
+                )
+            except Exception as e:
+                logger.error(f"Error adding table row for VPC {candidate.vpc_id}: {e}")
+                # Add a minimal safe row
+                table.add_row(
+                    str(idx),
+                    "ERROR",
+                    candidate.vpc_id or "N/A",
+                    "ERROR",
+                    "N/A",
+                    "N/A", 
+                    "N/A",
+                    "0",
+                    "ERROR",
+                    "N/A",
+                    "N/A",
+                    "N/A",
+                    "N/A", 
+                    "N/A",
+                    "ERROR",
+                    "N/A",
+                    f"Row error: {str(e)[:10]}"
+                )
+        
+        self.console.print(table)
+        
+        # Display information about table completeness
+        self.console.print(f"\n[dim]💡 16-column comprehensive table displayed above. For full data export, use --export option.[/dim]")
+        self.console.print(f"[dim]   Additional columns: Tags, FlowLog, TGW/Peer, LBs, IaC, Timeline, Decision, Owners, Notes[/dim]")
+        
+        # Display business impact summary
+        self._display_business_impact_summary(candidates, cidr_overlaps)
+
+    def export_16_column_analysis_csv(self, candidates: Optional[List[VPCCleanupCandidate]] = None, output_file: str = "./vpc_cleanup_16_column_analysis.csv") -> str:
+        """Export comprehensive 16-column VPC cleanup analysis to CSV format"""
+        import csv
+        from pathlib import Path
+        
+        if not candidates:
+            candidates = self.cleanup_candidates
+            
+        if not candidates:
+            self.console.print("[red]❌ No VPC candidates available for export[/red]")
+            return ""
+        
+        # Detect CIDR overlaps
+        cidr_overlaps = self._detect_cidr_overlaps(candidates)
+        
+        # Prepare CSV data
+        csv_data = []
+        headers = [
+            "#", "Account_ID", "VPC_ID", "VPC_Name", "CIDR_Block", "Overlapping", 
+            "Is_Default", "ENI_Count", "Tags", "Flow Logs", "TGW/Peering", 
+            "LBs Present", "IaC", "Timeline", "Decision", "Owners / Approvals", "Notes"
+        ]
+        
+        csv_data.append(headers)
+        
+        # Add data rows
+        for idx, candidate in enumerate(candidates, 1):
+            # Extract comprehensive metadata
+            tags_str = self._format_tags_string(candidate.tags)
+            owners_str = self._extract_owner_information(candidate.tags)
+            overlapping = "YES" if candidate.vpc_id in cidr_overlaps else "NO"
+            tgw_peering = self._check_tgw_peering_connections(candidate)
+            lbs_present = self._check_load_balancers(candidate)
+            decision = self._determine_cleanup_decision(candidate)
+            notes = self._generate_analysis_notes(candidate)
+            
+            row = [
+                str(idx),
+                candidate.account_id,
+                candidate.vpc_id,
+                candidate.vpc_name or "N/A",
+                candidate.cidr_block,
+                overlapping,
+                "YES" if candidate.is_default else "NO",
+                str(candidate.eni_count),
+                tags_str,
+                "YES" if candidate.flow_logs_enabled else "NO",
+                tgw_peering,
+                lbs_present,
+                "YES" if candidate.iac_managed else "NO",
+                candidate.implementation_timeline,
+                decision,
+                owners_str,
+                notes
+            ]
+            
+            csv_data.append(row)
+        
+        # Write to CSV file
+        output_path = Path(output_file)
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        
+        with open(output_path, 'w', newline='', encoding='utf-8') as csvfile:
+            writer = csv.writer(csvfile)
+            writer.writerows(csv_data)
+        
+        self.console.print(f"[green]✅ 16-column VPC cleanup analysis exported to: {output_path.absolute()}[/green]")
+        self.console.print(f"[dim]   Contains {len(candidates)} VPCs with comprehensive metadata and business approval information[/dim]")
+        
+        return str(output_path.absolute())
+
+    def _detect_cidr_overlaps(self, candidates: List[VPCCleanupCandidate]) -> Set[str]:
+        """Detect CIDR block overlaps between VPCs (both within and across accounts)"""
+        overlapping_vpcs = set()
+        
+        try:
+            from ipaddress import IPv4Network
+            
+            # Create list of all VPC networks for comprehensive overlap checking
+            vpc_networks = []
+            for candidate in candidates:
+                try:
+                    network = IPv4Network(candidate.cidr_block, strict=False)
+                    vpc_networks.append((candidate.vpc_id, network, candidate.account_id, candidate.region))
+                except Exception:
+                    continue
+            
+            # Check for overlaps between all VPC pairs (comprehensive check)
+            for i, (vpc1_id, network1, account1, region1) in enumerate(vpc_networks):
+                for j, (vpc2_id, network2, account2, region2) in enumerate(vpc_networks[i+1:], i+1):
+                    # Explicit same-VPC exclusion (prevent false positives)
+                    if vpc1_id == vpc2_id:
+                        continue
+                        
+                    # Check overlaps within same region (cross-account overlaps are also important)
+                    if region1 == region2 and network1.overlaps(network2):
+                        overlapping_vpcs.add(vpc1_id)
+                        overlapping_vpcs.add(vpc2_id)
+                        # Enhanced overlap logging with account context
+                        if self.console:
+                            account_context = f" (Account: {account1}->{account2})" if account1 != account2 else f" (Account: {account1})"
+                            self.console.log(f"[yellow]CIDR Overlap detected: {vpc1_id}({network1}) overlaps with {vpc2_id}({network2}){account_context}[/yellow]")
+                            
+        except ImportError:
+            self.console.print("[yellow]⚠️  ipaddress module not available - CIDR overlap detection disabled[/yellow]")
+        except Exception as e:
+            self.console.print(f"[yellow]⚠️  CIDR overlap detection failed: {e}[/yellow]")
+            
+        return overlapping_vpcs
+
+    def _format_tags_string(self, tags: Dict[str, str]) -> str:
+        """Format tags as 'key=value,key2=value2' string"""
+        if not tags:
+            return "none"
+        
+        # Limit to most important tags to avoid overwhelming display
+        important_tags = ['Name', 'Environment', 'Owner', 'Team', 'Department', 'CostCenter']
+        filtered_tags = {}
+        
+        # First include important tags
+        for key in important_tags:
+            if key in tags:
+                filtered_tags[key] = tags[key]
+        
+        # Then add remaining tags up to a reasonable limit
+        remaining_count = 6 - len(filtered_tags)
+        for key, value in tags.items():
+            if key not in filtered_tags and remaining_count > 0:
+                filtered_tags[key] = value
+                remaining_count -= 1
+        
+        return ",".join([f"{k}={v}" for k, v in filtered_tags.items()])
+
+    def _extract_owner_information(self, tags: Dict[str, str]) -> str:
+        """Extract owner information from AWS tags"""
+        owner_keys = ['Owner', 'BusinessOwner', 'TechnicalOwner', 'Team', 'Department', 'CostCenter']
+        owners = []
+        
+        for key in owner_keys:
+            if key in tags and tags[key]:
+                owners.append(f"{key}:{tags[key]}")
+                
+        return ";".join(owners) if owners else "unknown"
+
+    def _check_tgw_peering_connections(self, candidate: VPCCleanupCandidate) -> str:
+        """Check for Transit Gateway and Peering connections"""
+        connections = []
+        
+        # Check dependencies for TGW and peering connections
+        for dep in candidate.dependencies:
+            if dep.resource_type in ['TransitGatewayAttachment', 'VpcPeeringConnection']:
+                connections.append(dep.resource_type[:3])  # TGW or VPC
+                
+        return ",".join(connections) if connections else "NO"
+
+    def _check_load_balancers(self, candidate: VPCCleanupCandidate) -> str:
+        """Check for Load Balancers in VPC"""
+        lb_types = []
+        
+        # Check dependencies for load balancers
+        for dep in candidate.dependencies:
+            if 'LoadBalancer' in dep.resource_type or 'ELB' in dep.resource_type:
+                if 'Application' in dep.resource_type:
+                    lb_types.append('ALB')
+                elif 'Network' in dep.resource_type:
+                    lb_types.append('NLB')
+                elif 'Classic' in dep.resource_type:
+                    lb_types.append('CLB')
+                else:
+                    lb_types.append('LB')
+                    
+        return ",".join(set(lb_types)) if lb_types else "NO"
+
+    def _determine_cleanup_decision(self, candidate: VPCCleanupCandidate) -> str:
+        """Determine cleanup decision based on analysis"""
+        if candidate.cleanup_phase == VPCCleanupPhase.IMMEDIATE:
+            if candidate.iac_managed:
+                return "DELETE (IaC)"
+            else:
+                return "DELETE (Manual)"
+        elif candidate.cleanup_phase == VPCCleanupPhase.INVESTIGATION:
+            return "INVESTIGATE"
+        elif candidate.cleanup_phase == VPCCleanupPhase.GOVERNANCE:
+            return "HOLD"
+        elif candidate.cleanup_phase == VPCCleanupPhase.COMPLEX:
+            return "COMPLEX"
+        else:
+            return "REVIEW"
+
+    def _generate_analysis_notes(self, candidate: VPCCleanupCandidate) -> str:
+        """Generate analysis notes for the VPC"""
+        notes = []
+        
+        if candidate.is_default:
+            notes.append("Default VPC")
+            
+        if candidate.risk_level == VPCCleanupRisk.HIGH:
+            notes.append("High Risk")
+        elif candidate.risk_level == VPCCleanupRisk.CRITICAL:
+            notes.append("Critical Risk")
+            
+        if candidate.blocking_dependencies > 0:
+            notes.append(f"{candidate.blocking_dependencies} blocking deps")
+            
+        if candidate.annual_savings > 1000:
+            notes.append(f"${candidate.annual_savings:,.0f}/yr savings")
+            
+        return ";".join(notes) if notes else "standard cleanup"
+
+    def _display_business_impact_summary(self, candidates: List[VPCCleanupCandidate], cidr_overlaps: Set[str]) -> None:
+        """Display business impact summary for stakeholder approval"""
+        
+        # Calculate comprehensive metrics
+        immediate_vpcs = [c for c in candidates if c.cleanup_phase == VPCCleanupPhase.IMMEDIATE]
+        investigation_vpcs = [c for c in candidates if c.cleanup_phase == VPCCleanupPhase.INVESTIGATION]
+        governance_vpcs = [c for c in candidates if c.cleanup_phase == VPCCleanupPhase.GOVERNANCE]
+        complex_vpcs = [c for c in candidates if c.cleanup_phase == VPCCleanupPhase.COMPLEX]
+        
+        default_vpcs = [c for c in candidates if c.is_default]
+        zero_eni_vpcs = [c for c in candidates if c.eni_count == 0]
+        total_savings = sum(c.annual_savings or 0.0 for c in candidates)
+        
+        summary = (
+            f"[bold green]💰 BUSINESS IMPACT SUMMARY[/bold green]\n\n"
+            f"[bold blue]Step 1: Immediate Deletion Candidates ({len(immediate_vpcs)} VPCs - {(len(immediate_vpcs)/len(candidates)*100):.1f}%)[/bold blue]\n"
+            f"[bold yellow]Step 2: Investigation Required ({len(investigation_vpcs)} VPCs)[/bold yellow]\n"
+            f"[bold cyan]Step 3: Governance Approval ({len(governance_vpcs)} VPCs)[/bold cyan]\n"
+            f"[bold red]Step 4: Complex Migration ({len(complex_vpcs)} VPCs)[/bold red]\n\n"
+            f"[green]✅ Immediate Security Value:[/green] {(len(zero_eni_vpcs)/len(candidates)*100):.1f}% of VPCs ({len(zero_eni_vpcs)} out of {len(candidates)}) ready for immediate deletion with zero dependencies\n"
+            f"[red]🛡️  Default VPC Elimination:[/red] {len(default_vpcs)} default VPCs eliminated for CIS Benchmark compliance\n"
+            f"[blue]📉 Attack Surface Reduction:[/blue] {(len(zero_eni_vpcs)/len(candidates)*100):.1f}% of VPCs have zero blocking dependencies\n"
+            f"[magenta]🎯 CIDR Overlap Detection:[/magenta] {len(cidr_overlaps)} VPCs with overlapping CIDR blocks identified\n"
+            f"[bold green]💵 Annual Savings Potential:[/bold green] ${total_savings:,.2f}\n"
+            f"[cyan]⏱️  Implementation Timeline:[/cyan] Phase 1 (Immediate), Investigation, Complex Migration phases defined"
+        )
+        
+        self.console.print(Panel(summary, title="Executive Summary - VPC Cleanup Business Case", style="green", width=120))
+
+    def _truncate_text(self, text: Optional[str], max_length: int) -> str:
+        """Truncate text to specified length with ellipsis"""
+        if text is None:
+            return ""
+        if not text or len(text) <= max_length:
+            return text or ""
+        return text[:max_length-3] + "..."
+
     def _display_phase_candidates(self, phase: VPCCleanupPhase, candidates: List[VPCCleanupCandidate]) -> None:
         """Display candidates for a specific cleanup phase"""
         # Phase header
@@ -1755,16 +2161,16 @@ class VPCCleanupFramework:
                 candidate.vpc_id,
                 (candidate.vpc_name or "N/A")[:18] + ("..." if len(candidate.vpc_name or "") > 18 else ""),
                 "✅" if candidate.is_default else "❌",
-                str(candidate.blocking_dependencies),
-                candidate.risk_level.value,
-                f"${candidate.annual_savings:,.0f}",
+                str(candidate.blocking_dependencies or 0),
+                (candidate.risk_level.value if candidate.risk_level else "LOW"),
+                f"${(candidate.annual_savings or 0.0):,.0f}",
                 candidate.implementation_timeline
             )
         
         self.console.print(table)
         
         # Phase summary
-        phase_savings = sum(c.annual_savings for c in candidates)
+        phase_savings = sum((c.annual_savings or 0.0) for c in candidates)
         phase_risk_high = len([c for c in candidates if c.risk_level in [VPCCleanupRisk.HIGH, VPCCleanupRisk.CRITICAL]])
         
         phase_summary = (
@@ -2083,43 +2489,61 @@ class VPCCleanupFramework:
         if self.enable_parallel_processing and len(account_profiles) > 1:
             account_futures = {}
             
-            for profile in account_profiles:
-                future = self.executor.submit(self._analyze_account_with_circuit_breaker, profile, vpc_ids)
-                account_futures[profile] = future
+            for account_item in account_profiles:
+                future = self.executor.submit(self._analyze_account_with_circuit_breaker, account_item, vpc_ids)
+                # Use account ID for tracking if available, otherwise use the profile string
+                profile_key = account_item.account_id if hasattr(account_item, 'account_id') else str(account_item)
+                account_futures[profile_key] = future
             
             # Collect results
-            for profile, future in account_futures.items():
+            for profile_key, future in account_futures.items():
                 try:
                     account_candidates = future.result(timeout=300)  # 5 minute timeout per account
                     all_candidates.extend(account_candidates)
                 except Exception as e:
-                    self.console.print(f"[red]❌ Error analyzing account {profile}: {e}[/red]")
-                    logger.error(f"Multi-account analysis failed for {profile}: {e}")
+                    self.console.print(f"[red]❌ Error analyzing account {profile_key}: {e}[/red]")
+                    logger.error(f"Multi-account analysis failed for {profile_key}: {e}")
         else:
             # Sequential account processing
-            for profile in account_profiles:
+            for account_item in account_profiles:
                 try:
-                    account_candidates = self._analyze_account_with_circuit_breaker(profile, vpc_ids)
+                    account_candidates = self._analyze_account_with_circuit_breaker(account_item, vpc_ids)
                     all_candidates.extend(account_candidates)
                 except Exception as e:
-                    self.console.print(f"[red]❌ Error analyzing account {profile}: {e}[/red]")
-                    logger.error(f"Multi-account analysis failed for {profile}: {e}")
+                    profile_key = account_item.account_id if hasattr(account_item, 'account_id') else str(account_item)
+                    self.console.print(f"[red]❌ Error analyzing account {profile_key}: {e}[/red]")
+                    logger.error(f"Multi-account analysis failed for {profile_key}: {e}")
         
         self.cleanup_candidates = all_candidates
         return all_candidates
 
-    def _analyze_account_with_circuit_breaker(self, profile: str, vpc_ids: Optional[List[str]]) -> List[VPCCleanupCandidate]:
+    def _analyze_account_with_circuit_breaker(self, account_item, vpc_ids: Optional[List[str]]) -> List[VPCCleanupCandidate]:
         """Analyze single account with circuit breaker protection."""
-        circuit_breaker = self.circuit_breakers[f"account_analysis_{profile}"]
+        # Handle both AccountSession objects and profile strings
+        if hasattr(account_item, 'session') and hasattr(account_item, 'account_id'):
+            # New AccountSession object from cross-account session manager
+            account_session = account_item.session
+            account_id = account_item.account_id
+            profile_key = account_id
+        else:
+            # Legacy profile string
+            profile = account_item
+            profile_key = profile
+            try:
+                from runbooks.finops.aws_client import get_cached_session
+                account_session = get_cached_session(profile)
+            except ImportError:
+                # Extract profile name from Organizations API format (profile@accountId)
+                actual_profile = profile.split("@")[0] if "@" in profile else profile
+                account_session = create_operational_session(profile=actual_profile)
+        
+        circuit_breaker = self.circuit_breakers[f"account_analysis_{profile_key}"]
         
         if not circuit_breaker.should_allow_request():
-            logger.warning(f"Circuit breaker open for account {profile}, skipping analysis")
+            logger.warning(f"Circuit breaker open for account {profile_key}, skipping analysis")
             return []
         
         try:
-            # Create session for this account
-            account_session = create_operational_session(profile=profile)
-            
             # Temporarily update session for analysis
             original_session = self.session
             self.session = account_session
@@ -2308,7 +2732,12 @@ class VPCCleanupFramework:
         """Enhanced performance target validation with detailed analysis."""
         target_time = 30.0  # <30s requirement
         
-        if metrics.duration and metrics.duration > target_time:
+        # Defensive check for None values
+        if not hasattr(metrics, 'duration') or metrics.duration is None:
+            logger.warning("Performance metrics duration is None, skipping performance validation")
+            return
+        
+        if metrics.duration > target_time:
             performance_degradation = {
                 "execution_time": metrics.duration,
                 "target_time": target_time,
@@ -2625,5 +3054,10 @@ class VPCCleanupFramework:
     
     def __del__(self):
         """Cleanup resources when framework is destroyed."""
-        if self.executor:
-            self.executor.shutdown(wait=True)
+        try:
+            if hasattr(self, 'executor') and self.executor:
+                if not self.executor._shutdown:
+                    self.executor.shutdown(wait=True)
+        except Exception as e:
+            # Silently handle cleanup errors to avoid issues during garbage collection
+            pass