runbooks 1.0.1__py3-none-any.whl → 1.0.3__py3-none-any.whl

runbooks/vpc/config.py

@@ -81,24 +81,33 @@ class AWSCostModel:
     
     @staticmethod
     def _get_nat_gateway_hourly() -> float:
-        """Get NAT Gateway hourly cost from AWS Pricing API with universal compatibility."""
+        """Get NAT Gateway hourly cost from AWS Pricing API with enhanced enterprise fallback."""
         if AWS_PRICING_AVAILABLE:
             try:
-                return pricing_api.get_nat_gateway_monthly_cost() / (24 * 30)
-            except Exception:
-                pass
+                # Use enhanced pricing API with regional fallback and graceful degradation
+                current_region = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
+                monthly_cost = pricing_api.get_nat_gateway_monthly_cost(current_region)
+                return monthly_cost / (24 * 30)
+            except Exception as e:
+                print(f"⚠️ NAT Gateway pricing API fallback: {e}")
+        
         # Universal compatibility: standard AWS pricing when API unavailable
+        print("ℹ️ Using universal compatibility NAT Gateway rate")
         return 0.045  # AWS standard NAT Gateway hourly rate
     
     @staticmethod
     def _get_nat_gateway_monthly() -> float:
-        """Get NAT Gateway monthly cost from AWS Pricing API with universal compatibility."""
+        """Get NAT Gateway monthly cost from AWS Pricing API with enhanced enterprise fallback."""
         if AWS_PRICING_AVAILABLE:
             try:
-                return pricing_api.get_nat_gateway_monthly_cost()
-            except Exception:
-                pass
+                # Use enhanced pricing API with regional fallback and graceful degradation
+                current_region = os.getenv('AWS_DEFAULT_REGION', 'us-east-1')
+                return pricing_api.get_nat_gateway_monthly_cost(current_region)
+            except Exception as e:
+                print(f"⚠️ NAT Gateway monthly pricing API fallback: {e}")
+        
         # Universal compatibility: calculate from hourly rate
+        print("ℹ️ Calculating monthly cost from universal compatibility hourly rate")
         return AWSCostModel._get_nat_gateway_hourly() * 24 * 30
     
     @staticmethod

runbooks/vpc/heatmap_engine.py

@@ -15,6 +15,8 @@ from botocore.exceptions import ClientError
 from .config import VPCNetworkingConfig
 from .cost_engine import NetworkingCostEngine
 from ..common.env_utils import get_required_env_float
+from ..common.aws_pricing_api import AWSPricingAPI
+from ..common.rich_utils import console
 
 logger = logging.getLogger(__name__)
 
@@ -253,22 +255,23 @@ class NetworkingCostHeatMapEngine:
 
         for category, details in account_categories.items():
             for i in range(details["count"]):
-                # Generate account costs
+                # Generate account costs with dynamic pricing (no hardcoded fallbacks)
                 account_matrix = self._generate_account_costs(str(account_id), category, details["cost_multiplier"])
 
-                # Add to aggregated
-                aggregated_matrix += account_matrix
-
-                # Store breakdown
-                account_breakdown.append(
-                    {
-                        "account_id": str(account_id),
-                        "category": category,
-                        "monthly_cost": float(np.sum(account_matrix)),
-                        "primary_region": self.config.regions[int(np.argmax(np.sum(account_matrix, axis=1)))],
-                        "top_service": list(NETWORKING_SERVICES.keys())[int(np.argmax(np.sum(account_matrix, axis=0)))],
-                    }
-                )
+                # Add to aggregated only if pricing data is available
+                if np.sum(account_matrix) > 0:  # Only include accounts with valid pricing
+                    aggregated_matrix += account_matrix
+
+                    # Store breakdown
+                    account_breakdown.append(
+                        {
+                            "account_id": str(account_id),
+                            "category": category,
+                            "monthly_cost": float(np.sum(account_matrix)),
+                            "primary_region": self.config.regions[int(np.argmax(np.sum(account_matrix, axis=1)))],
+                            "top_service": list(NETWORKING_SERVICES.keys())[int(np.argmax(np.sum(account_matrix, axis=0)))],
+                        }
+                    )
 
                 account_id += 1
 
@@ -304,8 +307,8 @@ class NetworkingCostHeatMapEngine:
         time_series_data = {}
 
         for period_name, days in periods.items():
-            # Dynamic base daily cost from environment variable with fallback
-            base_daily_cost = float(os.getenv('VPC_BASE_DAILY_COST', '10.0'))
+            # Dynamic base daily cost - calculate from dynamic pricing (no hardcoded fallback)
+            base_daily_cost = self._calculate_dynamic_base_daily_cost()
 
             if period_name == "forecast_90_days":
                 # Forecast with growth trend
@@ -382,11 +385,15 @@ class NetworkingCostHeatMapEngine:
             region_total = 0
 
             for service_idx, (service_key, service_name) in enumerate(NETWORKING_SERVICES.items()):
-                base_cost = base_service_costs.get(service_key, 10.0)
-                # REMOVED: Random variation violates enterprise standards
-                final_cost = base_cost * region_multiplier
-                regional_matrix[region_idx, service_idx] = max(0, final_cost)
-                region_total += final_cost
+                base_cost = base_service_costs.get(service_key, 0.0)  # Default to free (no hardcoded fallback)
+                # Only calculate final cost if base cost is available
+                if base_cost > 0:
+                    final_cost = base_cost * region_multiplier
+                    regional_matrix[region_idx, service_idx] = max(0, final_cost)
+                    region_total += final_cost
+                else:
+                    # No pricing data available - set to zero
+                    regional_matrix[region_idx, service_idx] = 0.0
 
                 # Track service breakdown
                 if service_key not in service_regional_breakdown:
@@ -528,18 +535,28 @@ class NetworkingCostHeatMapEngine:
 
         pattern = patterns.get(category, patterns["development"])
 
-        # Apply costs based on pattern
+        # Apply costs based on pattern using dynamic pricing (NO hardcoded fallbacks)
+        region = self.config.regions[0] if self.config.regions else "us-east-1"  # Use first configured region
+        
+        # Get dynamic service pricing
+        service_pricing = self._get_dynamic_service_pricing(region)
+        
         for service_idx, service_key in enumerate(NETWORKING_SERVICES.keys()):
             for region_idx in range(len(self.config.regions)):
-                if service_key == "nat_gateway" and region_idx < pattern["nat_gateways"]:
-                    base_nat_cost = float(os.getenv("NAT_GATEWAY_MONTHLY_COST", "45.0"))
-                    matrix[region_idx, service_idx] = base_nat_cost * multiplier
-                elif service_key == "transit_gateway" and pattern["transit_gateway"] and region_idx == 0:
-                    base_tgw_cost = float(os.getenv("TRANSIT_GATEWAY_MONTHLY_COST", "36.5"))
-                    matrix[region_idx, service_idx] = base_tgw_cost * multiplier
-                elif service_key == "vpc_endpoint" and region_idx < pattern["vpc_endpoints"]:
-                    base_endpoint_cost = float(os.getenv("VPC_ENDPOINT_MONTHLY_COST", "10.0"))
-                    matrix[region_idx, service_idx] = base_endpoint_cost * multiplier
+                cost = 0.0  # Default to free
+                
+                # Only apply costs if we have valid pricing data
+                if service_key in service_pricing and service_pricing[service_key] > 0:
+                    if service_key == "nat_gateway" and region_idx < pattern["nat_gateways"]:
+                        cost = service_pricing[service_key] * multiplier
+                    elif service_key == "transit_gateway" and pattern["transit_gateway"] and region_idx == 0:
+                        cost = service_pricing[service_key] * multiplier
+                    elif service_key == "vpc_endpoint" and region_idx < pattern["vpc_endpoints"]:
+                        cost = service_pricing[service_key] * multiplier
+                    elif service_key == "elastic_ip" and region_idx < pattern.get("elastic_ips", 0):
+                        cost = service_pricing[service_key] * multiplier
+                
+                matrix[region_idx, service_idx] = cost
 
         return matrix
 
@@ -620,10 +637,14 @@ class NetworkingCostHeatMapEngine:
 
     def _get_dynamic_service_pricing(self, region: str) -> Dict[str, float]:
         """
-        Get dynamic AWS service pricing from AWS Pricing API or Cost Explorer.
+        Get dynamic AWS service pricing following enterprise cascade:
+        
+        a. ✅ Try Runbooks API with boto3 (dynamic) 
+        b. ✅ Try MCP-Servers (dynamic) & gaps analysis with real AWS data
+           → If failed, identify WHY option 'a' didn't work, then UPGRADE option 'a'
+        c. ✅ Fail gracefully with user guidance (NO hardcoded fallback)
         
-        ENTERPRISE COMPLIANCE: Zero tolerance for hardcoded values.
-        All pricing must be fetched from AWS APIs.
+        ENTERPRISE COMPLIANCE: Zero tolerance for hardcoded pricing fallbacks.
         
         Args:
             region: AWS region for pricing lookup
@@ -631,30 +652,381 @@ class NetworkingCostHeatMapEngine:
         Returns:
             Dictionary of service pricing (monthly USD)
         """
+        service_costs = {}
+        pricing_errors = []
+        
+        # VPC itself is always free
+        service_costs["vpc"] = 0.0
+        
+        # Step A: Try Runbooks Pricing API (Enhanced)
+        console.print(f"[blue]🔄 Step A: Attempting Runbooks Pricing API for {region}[/blue]")
         try:
-            # Try to get pricing from AWS Pricing API
-            pricing_client = boto3.client('pricing', region_name='us-east-1')  # Pricing API only in us-east-1
+            from ..common.aws_pricing_api import AWSPricingAPI
             
-            # For now, return error to force proper implementation
-            logging.error("ENTERPRISE VIOLATION: Dynamic pricing not yet implemented")
-            raise NotImplementedError(
-                "CRITICAL: Dynamic pricing integration required. "
-                "Hardcoded values violate enterprise zero-tolerance policy. "
-                "Must integrate AWS Pricing API or Cost Explorer."
-            )
+            # Initialize with proper session management
+            profile = getattr(self, 'profile', None)
+            pricing_api = AWSPricingAPI(profile=profile)
+            
+            # NAT Gateway pricing (primary VPC cost component)
+            try:
+                service_costs["nat_gateway"] = pricing_api.get_nat_gateway_monthly_cost(region)
+                console.print(f"[green]✅ NAT Gateway pricing: ${service_costs['nat_gateway']:.2f}/month from Runbooks API[/green]")
+            except Exception as e:
+                pricing_errors.append(f"NAT Gateway: {str(e)}")
+                logger.warning(f"Runbooks API NAT Gateway pricing failed: {e}")
+            
+            # Try other services with existing API methods
+            for service_key in ["vpc_endpoint", "transit_gateway", "elastic_ip"]:
+                try:
+                    # Check if API method exists for this service
+                    if hasattr(pricing_api, f"get_{service_key}_monthly_cost"):
+                        method = getattr(pricing_api, f"get_{service_key}_monthly_cost")
+                        service_costs[service_key] = method(region)
+                        console.print(f"[green]✅ {service_key} pricing: ${service_costs[service_key]:.2f}/month from Runbooks API[/green]")
+                    else:
+                        pricing_errors.append(f"{service_key}: API method not implemented")
+                except Exception as e:
+                    pricing_errors.append(f"{service_key}: {str(e)}")
+            
+            # Data transfer pricing (if API available)
+            if "data_transfer" not in service_costs:
+                pricing_errors.append("data_transfer: API method not implemented")
             
         except Exception as e:
-            logging.error(f"Failed to get dynamic pricing: {e}")
-            # TEMPORARY: Return minimal structure to prevent crashes
-            # THIS MUST BE REPLACED WITH REAL AWS PRICING API INTEGRATION
-            return {
-                "vpc": 0.0,  # VPC itself is free
-                "nat_gateway": 0.0,  # MUST be calculated from AWS Pricing API
-                "vpc_endpoint": 0.0,  # MUST be calculated from AWS Pricing API
-                "transit_gateway": 0.0,  # MUST be calculated from AWS Pricing API
-                "elastic_ip": 0.0,  # MUST be calculated from AWS Pricing API
-                "data_transfer": 0.0,  # MUST be calculated from AWS Pricing API
+            pricing_errors.append(f"Runbooks API initialization failed: {str(e)}")
+            console.print(f"[yellow]⚠️ Runbooks Pricing API unavailable: {e}[/yellow]")
+        
+        # Step B: MCP Gap Analysis & Validation
+        console.print(f"[blue]🔄 Step B: MCP Gap Analysis for missing pricing data[/blue]")
+        try:
+            missing_services = []
+            for required_service in ["nat_gateway", "vpc_endpoint", "transit_gateway", "elastic_ip", "data_transfer"]:
+                if required_service not in service_costs:
+                    missing_services.append(required_service)
+            
+            if missing_services:
+                # Use MCP to identify why Runbooks API failed
+                mcp_analysis = self._perform_mcp_pricing_gap_analysis(missing_services, region, pricing_errors)
+                
+                # Display MCP analysis results
+                console.print(f"[cyan]📊 MCP Gap Analysis Results:[/cyan]")
+                for service, analysis in mcp_analysis.items():
+                    if analysis.get('mcp_validated_cost'):
+                        service_costs[service] = analysis['mcp_validated_cost']
+                        console.print(f"[green]✅ {service}: ${analysis['mcp_validated_cost']:.2f}/month via MCP validation[/green]")
+                    else:
+                        console.print(f"[yellow]⚠️ {service}: {analysis.get('gap_reason', 'Unknown gap')}[/yellow]")
+            
+        except Exception as e:
+            pricing_errors.append(f"MCP gap analysis failed: {str(e)}")
+            console.print(f"[yellow]⚠️ MCP gap analysis failed: {e}[/yellow]")
+        
+        # Step C: Graceful Failure with User Guidance (NO hardcoded fallback)
+        missing_services = []
+        for required_service in ["nat_gateway", "vpc_endpoint", "transit_gateway", "elastic_ip", "data_transfer"]:
+            if required_service not in service_costs:
+                missing_services.append(required_service)
+        
+        if missing_services:
+            console.print(f"[red]🚫 ENTERPRISE COMPLIANCE: Cannot proceed with missing pricing data[/red]")
+            
+            # Generate comprehensive guidance
+            self._provide_pricing_resolution_guidance(missing_services, pricing_errors, region)
+            
+            # Return empty dict to signal failure - DO NOT use hardcoded fallback
+            return {"vpc": 0.0}  # Only VPC (free) can be returned
+        
+        logger.info(f"✅ Successfully retrieved all service pricing for region: {region}")
+        console.print(f"[green]✅ Complete dynamic pricing loaded for {region} - {len(service_costs)} services[/green]")
+        return service_costs
+
+    def _calculate_dynamic_base_daily_cost(self) -> float:
+        """
+        Calculate dynamic base daily cost from current pricing data.
+        
+        Returns:
+            Daily cost estimate based on dynamic pricing, or 0.0 if unavailable
+        """
+        try:
+            # Use primary region for calculation
+            region = self.config.regions[0] if self.config.regions else "us-east-1"
+            
+            # Get dynamic service pricing
+            service_pricing = self._get_dynamic_service_pricing(region)
+            
+            if not service_pricing or len(service_pricing) <= 1:  # Only VPC (free) available
+                console.print(f"[yellow]⚠️ No dynamic pricing available for daily cost calculation[/yellow]")
+                return 0.0
+            
+            # Calculate daily cost from monthly costs
+            monthly_total = sum(cost for cost in service_pricing.values() if cost > 0)
+            daily_cost = monthly_total / 30.0  # Convert monthly to daily
+            
+            console.print(f"[cyan]📊 Dynamic daily cost calculated: ${daily_cost:.2f}/day from available services[/cyan]")
+            return daily_cost
+            
+        except Exception as e:
+            logger.warning(f"Dynamic daily cost calculation failed: {e}")
+            console.print(f"[yellow]⚠️ Dynamic daily cost calculation failed: {e}[/yellow]")
+            return 0.0
+
+    def _perform_mcp_pricing_gap_analysis(self, missing_services: List[str], region: str, pricing_errors: List[str]) -> Dict[str, Dict[str, Any]]:
+        """
+        Perform MCP gap analysis to identify why Runbooks API failed and validate alternatives.
+        
+        Args:
+            missing_services: List of services missing pricing data
+            region: AWS region for analysis
+            pricing_errors: List of errors from previous attempts
+            
+        Returns:
+            Dictionary of gap analysis results per service
+        """
+        gap_analysis = {}
+        
+        try:
+            # Initialize MCP integration if available
+            from ..common.mcp_integration import EnterpriseMCPIntegrator
+            
+            # Get profile for MCP integration
+            profile = getattr(self, 'profile', None)
+            mcp_integrator = EnterpriseMCPIntegrator(user_profile=profile, console_instance=console)
+            
+            console.print(f"[cyan]🔍 MCP analyzing {len(missing_services)} missing services...[/cyan]")
+            
+            for service in missing_services:
+                analysis = {
+                    'service': service,
+                    'mcp_validated_cost': None,
+                    'gap_reason': None,
+                    'resolution_steps': [],
+                    'cost_explorer_available': False
+                }
+                
+                try:
+                    # Step 1: Try Cost Explorer for historical cost data
+                    if 'billing' in mcp_integrator.aws_sessions:
+                        billing_session = mcp_integrator.aws_sessions['billing']
+                        cost_client = billing_session.client('ce')
+                        
+                        # Query for service-specific historical costs
+                        historical_cost = self._query_cost_explorer_for_service(cost_client, service, region)
+                        
+                        if historical_cost > 0:
+                            analysis['mcp_validated_cost'] = historical_cost
+                            analysis['cost_explorer_available'] = True
+                            console.print(f"[green]✅ MCP: {service} cost validated via Cost Explorer: ${historical_cost:.2f}/month[/green]")
+                        else:
+                            analysis['gap_reason'] = f"No historical cost data found in Cost Explorer for {service}"
+                    
+                    # Step 2: Analyze why Runbooks API failed for this service
+                    service_errors = [err for err in pricing_errors if service in err.lower()]
+                    if service_errors:
+                        analysis['gap_reason'] = f"Runbooks API issue: {service_errors[0]}"
+                        
+                        # Determine resolution steps based on error pattern
+                        if 'not implemented' in service_errors[0]:
+                            analysis['resolution_steps'] = [
+                                f"Add get_{service}_monthly_cost() method to AWSPricingAPI class",
+                                f"Implement AWS Pricing API query for {service}",
+                                "Test with enterprise profiles"
+                            ]
+                        elif 'permission' in service_errors[0].lower() or 'access' in service_errors[0].lower():
+                            analysis['resolution_steps'] = [
+                                "Add pricing:GetProducts permission to IAM policy",
+                                "Ensure profile has Cost Explorer access",
+                                f"Test pricing API access for {region} region"
+                            ]
+                    
+                except Exception as e:
+                    analysis['gap_reason'] = f"MCP analysis failed: {str(e)}"
+                    logger.warning(f"MCP gap analysis failed for {service}: {e}")
+                
+                gap_analysis[service] = analysis
+            
+            return gap_analysis
+            
+        except ImportError:
+            console.print(f"[yellow]⚠️ MCP integration not available - basic gap analysis only[/yellow]")
+            # Provide basic gap analysis without MCP
+            for service in missing_services:
+                gap_analysis[service] = {
+                    'service': service,
+                    'mcp_validated_cost': None,
+                    'gap_reason': 'MCP integration not available',
+                    'resolution_steps': [
+                        'Install MCP dependencies',
+                        'Configure MCP integration',
+                        'Retry with MCP validation'
+                    ]
+                }
+            return gap_analysis
+        
+        except Exception as e:
+            console.print(f"[yellow]⚠️ MCP gap analysis error: {e}[/yellow]")
+            # Return basic analysis on error
+            for service in missing_services:
+                gap_analysis[service] = {
+                    'service': service,
+                    'mcp_validated_cost': None,
+                    'gap_reason': f'MCP analysis error: {str(e)}',
+                    'resolution_steps': ['Check MCP configuration', 'Verify AWS profiles', 'Retry analysis']
+                }
+            return gap_analysis
+
+    def _query_cost_explorer_for_service(self, cost_client, service: str, region: str) -> float:
+        """
+        Query Cost Explorer for historical service costs to validate pricing.
+        
+        Args:
+            cost_client: Boto3 Cost Explorer client
+            service: Service key (nat_gateway, vpc_endpoint, etc.)
+            region: AWS region
+            
+        Returns:
+            Monthly cost estimate based on historical data
+        """
+        try:
+            from datetime import datetime, timedelta
+            
+            # Map service keys to AWS Cost Explorer service names
+            service_mapping = {
+                'nat_gateway': 'Amazon Virtual Private Cloud',
+                'vpc_endpoint': 'Amazon Virtual Private Cloud', 
+                'transit_gateway': 'Amazon VPC',
+                'elastic_ip': 'Amazon Elastic Compute Cloud - Compute',
+                'data_transfer': 'Amazon CloudFront'
             }
+            
+            aws_service_name = service_mapping.get(service)
+            if not aws_service_name:
+                return 0.0
+            
+            # Query last 3 months for more reliable average
+            end_date = datetime.now().date()
+            start_date = end_date - timedelta(days=90)
+            
+            response = cost_client.get_cost_and_usage(
+                TimePeriod={
+                    'Start': start_date.strftime('%Y-%m-%d'),
+                    'End': end_date.strftime('%Y-%m-%d')
+                },
+                Granularity='MONTHLY',
+                Metrics=['BlendedCost'],
+                GroupBy=[
+                    {'Type': 'DIMENSION', 'Key': 'SERVICE'},
+                    {'Type': 'DIMENSION', 'Key': 'REGION'}
+                ],
+                Filter={
+                    'And': [
+                        {'Dimensions': {'Key': 'SERVICE', 'Values': [aws_service_name]}},
+                        {'Dimensions': {'Key': 'REGION', 'Values': [region]}}
+                    ]
+                }
+            )
+            
+            total_cost = 0.0
+            months_with_data = 0
+            
+            for result in response['ResultsByTime']:
+                for group in result['Groups']:
+                    cost_amount = float(group['Metrics']['BlendedCost']['Amount'])
+                    if cost_amount > 0:
+                        total_cost += cost_amount
+                        months_with_data += 1
+            
+            # Calculate average monthly cost
+            if months_with_data > 0:
+                average_monthly_cost = total_cost / months_with_data
+                console.print(f"[cyan]📊 Cost Explorer: {service} average ${average_monthly_cost:.2f}/month over {months_with_data} months[/cyan]")
+                return average_monthly_cost
+            
+            return 0.0
+            
+        except Exception as e:
+            logger.warning(f"Cost Explorer query failed for {service}: {e}")
+            return 0.0
+
+    def _provide_pricing_resolution_guidance(self, missing_services: List[str], pricing_errors: List[str], region: str) -> None:
+        """
+        Provide comprehensive guidance for resolving pricing issues.
+        
+        Args:
+            missing_services: List of services missing pricing data
+            pricing_errors: List of errors encountered
+            region: AWS region being analyzed
+        """
+        console.print(f"\n[bold red]🚫 VPC HEAT MAP PRICING RESOLUTION REQUIRED[/bold red]")
+        console.print(f"[red]Cannot generate accurate heat map without dynamic pricing for {len(missing_services)} services[/red]\n")
+        
+        # Display comprehensive resolution steps
+        resolution_panel = f"""[bold yellow]📋 ENTERPRISE RESOLUTION STEPS:[/bold yellow]
+
+[bold cyan]1. IAM Permissions (Most Common Fix):[/bold cyan]
+   Add these policies to your AWS profile:
+   • pricing:GetProducts
+   • ce:GetCostAndUsage  
+   • ce:GetDimensionValues
+   
+[bold cyan]2. Runbooks API Enhancement:[/bold cyan]
+   Missing API methods for: {', '.join(missing_services)}
+   
+   Add to src/runbooks/common/aws_pricing_api.py:
+   """
+        
+        for service in missing_services:
+            resolution_panel += f"\n   • def get_{service}_monthly_cost(self, region: str) -> float"
+        
+        resolution_panel += f"""
+
+[bold cyan]3. Alternative Region Testing:[/bold cyan]
+   Try with regions with better Pricing API support:
+   • --region us-east-1 (best support)
+   • --region us-west-2 (good support)
+   • --region eu-west-1 (EU support)
+
+[bold cyan]4. Enterprise Override (Temporary):[/bold cyan]"""
+        
+        for service in missing_services:
+            service_upper = service.upper()
+            resolution_panel += f"\n   export AWS_PRICING_OVERRIDE_{service_upper}_MONTHLY=<cost>"
+        
+        resolution_panel += f"""
+
+[bold cyan]5. MCP Server Integration:[/bold cyan]
+   Ensure MCP servers are accessible and operational
+   Check .mcp.json configuration
+
+[bold cyan]6. Profile Validation:[/bold cyan]
+   Current region: {region}
+   Verify profile has access to:
+   • AWS Pricing API (pricing:GetProducts)
+   • Cost Explorer API (ce:GetCostAndUsage)
+
+💡 [bold green]QUICK TEST:[/bold green]
+   aws pricing get-products --service-code AmazonVPC --region {region}
+
+🔧 [bold green]DEBUG ERRORS:[/bold green]"""
+
+        for i, error in enumerate(pricing_errors[:5], 1):  # Show first 5 errors
+            resolution_panel += f"\n   {i}. {error}"
+        
+        from rich.panel import Panel
+        guidance_panel = Panel(
+            resolution_panel,
+            title="🔧 VPC Pricing Resolution Guide",
+            style="bold yellow",
+            expand=True
+        )
+        
+        console.print(guidance_panel)
+        
+        # Specific next steps
+        console.print(f"\n[bold green]✅ IMMEDIATE NEXT STEPS:[/bold green]")
+        console.print(f"1. Run: aws pricing get-products --service-code AmazonVPC --region {region}")
+        console.print(f"2. Check IAM permissions for your current profile")
+        console.print(f"3. Try alternative region: runbooks vpc --region us-east-1")
+        console.print(f"4. Contact CloudOps team if pricing API access is restricted\n")
 
     def _add_mcp_validation(self, heat_maps: Dict) -> Dict:
         """Add MCP validation results"""