runbooks 1.1.4__py3-none-any.whl → 1.1.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- runbooks/__init__.py +31 -2
- runbooks/__init___optimized.py +18 -4
- runbooks/_platform/__init__.py +1 -5
- runbooks/_platform/core/runbooks_wrapper.py +141 -138
- runbooks/aws2/accuracy_validator.py +812 -0
- runbooks/base.py +7 -0
- runbooks/cfat/assessment/compliance.py +1 -1
- runbooks/cfat/assessment/runner.py +1 -0
- runbooks/cfat/cloud_foundations_assessment.py +227 -239
- runbooks/cli/__init__.py +1 -1
- runbooks/cli/commands/cfat.py +64 -23
- runbooks/cli/commands/finops.py +1005 -54
- runbooks/cli/commands/inventory.py +135 -91
- runbooks/cli/commands/operate.py +9 -36
- runbooks/cli/commands/security.py +42 -18
- runbooks/cli/commands/validation.py +432 -18
- runbooks/cli/commands/vpc.py +81 -17
- runbooks/cli/registry.py +22 -10
- runbooks/cloudops/__init__.py +20 -27
- runbooks/cloudops/base.py +96 -107
- runbooks/cloudops/cost_optimizer.py +544 -542
- runbooks/cloudops/infrastructure_optimizer.py +5 -4
- runbooks/cloudops/interfaces.py +224 -225
- runbooks/cloudops/lifecycle_manager.py +5 -4
- runbooks/cloudops/mcp_cost_validation.py +252 -235
- runbooks/cloudops/models.py +78 -53
- runbooks/cloudops/monitoring_automation.py +5 -4
- runbooks/cloudops/notebook_framework.py +177 -213
- runbooks/cloudops/security_enforcer.py +125 -159
- runbooks/common/accuracy_validator.py +17 -12
- runbooks/common/aws_pricing.py +349 -326
- runbooks/common/aws_pricing_api.py +211 -212
- runbooks/common/aws_profile_manager.py +40 -36
- runbooks/common/aws_utils.py +74 -79
- runbooks/common/business_logic.py +126 -104
- runbooks/common/cli_decorators.py +36 -60
- runbooks/common/comprehensive_cost_explorer_integration.py +455 -463
- runbooks/common/cross_account_manager.py +197 -204
- runbooks/common/date_utils.py +27 -39
- runbooks/common/decorators.py +29 -19
- runbooks/common/dry_run_examples.py +173 -208
- runbooks/common/dry_run_framework.py +157 -155
- runbooks/common/enhanced_exception_handler.py +15 -4
- runbooks/common/enhanced_logging_example.py +50 -64
- runbooks/common/enhanced_logging_integration_example.py +65 -37
- runbooks/common/env_utils.py +16 -16
- runbooks/common/error_handling.py +40 -38
- runbooks/common/lazy_loader.py +41 -23
- runbooks/common/logging_integration_helper.py +79 -86
- runbooks/common/mcp_cost_explorer_integration.py +476 -493
- runbooks/common/mcp_integration.py +99 -79
- runbooks/common/memory_optimization.py +140 -118
- runbooks/common/module_cli_base.py +37 -58
- runbooks/common/organizations_client.py +175 -193
- runbooks/common/patterns.py +23 -25
- runbooks/common/performance_monitoring.py +67 -71
- runbooks/common/performance_optimization_engine.py +283 -274
- runbooks/common/profile_utils.py +111 -37
- runbooks/common/rich_utils.py +315 -141
- runbooks/common/sre_performance_suite.py +177 -186
- runbooks/enterprise/__init__.py +1 -1
- runbooks/enterprise/logging.py +144 -106
- runbooks/enterprise/security.py +187 -204
- runbooks/enterprise/validation.py +43 -56
- runbooks/finops/__init__.py +26 -30
- runbooks/finops/account_resolver.py +1 -1
- runbooks/finops/advanced_optimization_engine.py +980 -0
- runbooks/finops/automation_core.py +268 -231
- runbooks/finops/business_case_config.py +184 -179
- runbooks/finops/cli.py +660 -139
- runbooks/finops/commvault_ec2_analysis.py +157 -164
- runbooks/finops/compute_cost_optimizer.py +336 -320
- runbooks/finops/config.py +20 -20
- runbooks/finops/cost_optimizer.py +484 -618
- runbooks/finops/cost_processor.py +332 -214
- runbooks/finops/dashboard_runner.py +1006 -172
- runbooks/finops/ebs_cost_optimizer.py +991 -657
- runbooks/finops/elastic_ip_optimizer.py +317 -257
- runbooks/finops/enhanced_mcp_integration.py +340 -0
- runbooks/finops/enhanced_progress.py +32 -29
- runbooks/finops/enhanced_trend_visualization.py +3 -2
- runbooks/finops/enterprise_wrappers.py +223 -285
- runbooks/finops/executive_export.py +203 -160
- runbooks/finops/helpers.py +130 -288
- runbooks/finops/iam_guidance.py +1 -1
- runbooks/finops/infrastructure/__init__.py +80 -0
- runbooks/finops/infrastructure/commands.py +506 -0
- runbooks/finops/infrastructure/load_balancer_optimizer.py +866 -0
- runbooks/finops/infrastructure/vpc_endpoint_optimizer.py +832 -0
- runbooks/finops/markdown_exporter.py +337 -174
- runbooks/finops/mcp_validator.py +1952 -0
- runbooks/finops/nat_gateway_optimizer.py +1512 -481
- runbooks/finops/network_cost_optimizer.py +657 -587
- runbooks/finops/notebook_utils.py +226 -188
- runbooks/finops/optimization_engine.py +1136 -0
- runbooks/finops/optimizer.py +19 -23
- runbooks/finops/rds_snapshot_optimizer.py +367 -411
- runbooks/finops/reservation_optimizer.py +427 -363
- runbooks/finops/scenario_cli_integration.py +64 -65
- runbooks/finops/scenarios.py +1277 -438
- runbooks/finops/schemas.py +218 -182
- runbooks/finops/snapshot_manager.py +2289 -0
- runbooks/finops/types.py +3 -3
- runbooks/finops/validation_framework.py +259 -265
- runbooks/finops/vpc_cleanup_exporter.py +189 -144
- runbooks/finops/vpc_cleanup_optimizer.py +591 -573
- runbooks/finops/workspaces_analyzer.py +171 -182
- runbooks/integration/__init__.py +89 -0
- runbooks/integration/mcp_integration.py +1920 -0
- runbooks/inventory/CLAUDE.md +816 -0
- runbooks/inventory/__init__.py +2 -2
- runbooks/inventory/aws_decorators.py +2 -3
- runbooks/inventory/check_cloudtrail_compliance.py +2 -4
- runbooks/inventory/check_controltower_readiness.py +152 -151
- runbooks/inventory/check_landingzone_readiness.py +85 -84
- runbooks/inventory/cloud_foundations_integration.py +144 -149
- runbooks/inventory/collectors/aws_comprehensive.py +1 -1
- runbooks/inventory/collectors/aws_networking.py +109 -99
- runbooks/inventory/collectors/base.py +4 -0
- runbooks/inventory/core/collector.py +495 -313
- runbooks/inventory/core/formatter.py +11 -0
- runbooks/inventory/draw_org_structure.py +8 -9
- runbooks/inventory/drift_detection_cli.py +69 -96
- runbooks/inventory/ec2_vpc_utils.py +2 -2
- runbooks/inventory/find_cfn_drift_detection.py +5 -7
- runbooks/inventory/find_cfn_orphaned_stacks.py +7 -9
- runbooks/inventory/find_cfn_stackset_drift.py +5 -6
- runbooks/inventory/find_ec2_security_groups.py +48 -42
- runbooks/inventory/find_landingzone_versions.py +4 -6
- runbooks/inventory/find_vpc_flow_logs.py +7 -9
- runbooks/inventory/inventory_mcp_cli.py +48 -46
- runbooks/inventory/inventory_modules.py +103 -91
- runbooks/inventory/list_cfn_stacks.py +9 -10
- runbooks/inventory/list_cfn_stackset_operation_results.py +1 -3
- runbooks/inventory/list_cfn_stackset_operations.py +79 -57
- runbooks/inventory/list_cfn_stacksets.py +8 -10
- runbooks/inventory/list_config_recorders_delivery_channels.py +49 -39
- runbooks/inventory/list_ds_directories.py +65 -53
- runbooks/inventory/list_ec2_availability_zones.py +2 -4
- runbooks/inventory/list_ec2_ebs_volumes.py +32 -35
- runbooks/inventory/list_ec2_instances.py +23 -28
- runbooks/inventory/list_ecs_clusters_and_tasks.py +26 -34
- runbooks/inventory/list_elbs_load_balancers.py +22 -20
- runbooks/inventory/list_enis_network_interfaces.py +26 -33
- runbooks/inventory/list_guardduty_detectors.py +2 -4
- runbooks/inventory/list_iam_policies.py +2 -4
- runbooks/inventory/list_iam_roles.py +5 -7
- runbooks/inventory/list_iam_saml_providers.py +4 -6
- runbooks/inventory/list_lambda_functions.py +38 -38
- runbooks/inventory/list_org_accounts.py +6 -8
- runbooks/inventory/list_org_accounts_users.py +55 -44
- runbooks/inventory/list_rds_db_instances.py +31 -33
- runbooks/inventory/list_rds_snapshots_aggregator.py +192 -208
- runbooks/inventory/list_route53_hosted_zones.py +3 -5
- runbooks/inventory/list_servicecatalog_provisioned_products.py +37 -41
- runbooks/inventory/list_sns_topics.py +2 -4
- runbooks/inventory/list_ssm_parameters.py +4 -7
- runbooks/inventory/list_vpc_subnets.py +2 -4
- runbooks/inventory/list_vpcs.py +7 -10
- runbooks/inventory/mcp_inventory_validator.py +554 -468
- runbooks/inventory/mcp_vpc_validator.py +359 -442
- runbooks/inventory/organizations_discovery.py +63 -55
- runbooks/inventory/recover_cfn_stack_ids.py +7 -8
- runbooks/inventory/requirements.txt +0 -1
- runbooks/inventory/rich_inventory_display.py +35 -34
- runbooks/inventory/run_on_multi_accounts.py +3 -5
- runbooks/inventory/unified_validation_engine.py +281 -253
- runbooks/inventory/verify_ec2_security_groups.py +1 -1
- runbooks/inventory/vpc_analyzer.py +735 -697
- runbooks/inventory/vpc_architecture_validator.py +293 -348
- runbooks/inventory/vpc_dependency_analyzer.py +384 -380
- runbooks/inventory/vpc_flow_analyzer.py +1 -1
- runbooks/main.py +49 -34
- runbooks/main_final.py +91 -60
- runbooks/main_minimal.py +22 -10
- runbooks/main_optimized.py +131 -100
- runbooks/main_ultra_minimal.py +7 -2
- runbooks/mcp/__init__.py +36 -0
- runbooks/mcp/integration.py +679 -0
- runbooks/monitoring/performance_monitor.py +9 -4
- runbooks/operate/dynamodb_operations.py +3 -1
- runbooks/operate/ec2_operations.py +145 -137
- runbooks/operate/iam_operations.py +146 -152
- runbooks/operate/networking_cost_heatmap.py +29 -8
- runbooks/operate/rds_operations.py +223 -254
- runbooks/operate/s3_operations.py +107 -118
- runbooks/operate/vpc_operations.py +646 -616
- runbooks/remediation/base.py +1 -1
- runbooks/remediation/commons.py +10 -7
- runbooks/remediation/commvault_ec2_analysis.py +70 -66
- runbooks/remediation/ec2_unattached_ebs_volumes.py +1 -0
- runbooks/remediation/multi_account.py +24 -21
- runbooks/remediation/rds_snapshot_list.py +86 -60
- runbooks/remediation/remediation_cli.py +92 -146
- runbooks/remediation/universal_account_discovery.py +83 -79
- runbooks/remediation/workspaces_list.py +46 -41
- runbooks/security/__init__.py +19 -0
- runbooks/security/assessment_runner.py +1150 -0
- runbooks/security/baseline_checker.py +812 -0
- runbooks/security/cloudops_automation_security_validator.py +509 -535
- runbooks/security/compliance_automation_engine.py +17 -17
- runbooks/security/config/__init__.py +2 -2
- runbooks/security/config/compliance_config.py +50 -50
- runbooks/security/config_template_generator.py +63 -76
- runbooks/security/enterprise_security_framework.py +1 -1
- runbooks/security/executive_security_dashboard.py +519 -508
- runbooks/security/multi_account_security_controls.py +959 -1210
- runbooks/security/real_time_security_monitor.py +422 -444
- runbooks/security/security_baseline_tester.py +1 -1
- runbooks/security/security_cli.py +143 -112
- runbooks/security/test_2way_validation.py +439 -0
- runbooks/security/two_way_validation_framework.py +852 -0
- runbooks/sre/production_monitoring_framework.py +167 -177
- runbooks/tdd/__init__.py +15 -0
- runbooks/tdd/cli.py +1071 -0
- runbooks/utils/__init__.py +14 -17
- runbooks/utils/logger.py +7 -2
- runbooks/utils/version_validator.py +50 -47
- runbooks/validation/__init__.py +6 -6
- runbooks/validation/cli.py +9 -3
- runbooks/validation/comprehensive_2way_validator.py +745 -704
- runbooks/validation/mcp_validator.py +906 -228
- runbooks/validation/terraform_citations_validator.py +104 -115
- runbooks/validation/terraform_drift_detector.py +461 -454
- runbooks/vpc/README.md +617 -0
- runbooks/vpc/__init__.py +8 -1
- runbooks/vpc/analyzer.py +577 -0
- runbooks/vpc/cleanup_wrapper.py +476 -413
- runbooks/vpc/cli_cloudtrail_commands.py +339 -0
- runbooks/vpc/cli_mcp_validation_commands.py +480 -0
- runbooks/vpc/cloudtrail_audit_integration.py +717 -0
- runbooks/vpc/config.py +92 -97
- runbooks/vpc/cost_engine.py +411 -148
- runbooks/vpc/cost_explorer_integration.py +553 -0
- runbooks/vpc/cross_account_session.py +101 -106
- runbooks/vpc/enhanced_mcp_validation.py +917 -0
- runbooks/vpc/eni_gate_validator.py +961 -0
- runbooks/vpc/heatmap_engine.py +185 -160
- runbooks/vpc/mcp_no_eni_validator.py +680 -639
- runbooks/vpc/nat_gateway_optimizer.py +358 -0
- runbooks/vpc/networking_wrapper.py +15 -8
- runbooks/vpc/pdca_remediation_planner.py +528 -0
- runbooks/vpc/performance_optimized_analyzer.py +219 -231
- runbooks/vpc/runbooks_adapter.py +1167 -241
- runbooks/vpc/tdd_red_phase_stubs.py +601 -0
- runbooks/vpc/test_data_loader.py +358 -0
- runbooks/vpc/tests/conftest.py +314 -4
- runbooks/vpc/tests/test_cleanup_framework.py +1022 -0
- runbooks/vpc/tests/test_cost_engine.py +0 -2
- runbooks/vpc/topology_generator.py +326 -0
- runbooks/vpc/unified_scenarios.py +1297 -1124
- runbooks/vpc/vpc_cleanup_integration.py +1943 -1115
- runbooks-1.1.6.dist-info/METADATA +327 -0
- runbooks-1.1.6.dist-info/RECORD +489 -0
- runbooks/finops/README.md +0 -414
- runbooks/finops/accuracy_cross_validator.py +0 -647
- runbooks/finops/business_cases.py +0 -950
- runbooks/finops/dashboard_router.py +0 -922
- runbooks/finops/ebs_optimizer.py +0 -973
- runbooks/finops/embedded_mcp_validator.py +0 -1629
- runbooks/finops/enhanced_dashboard_runner.py +0 -527
- runbooks/finops/finops_dashboard.py +0 -584
- runbooks/finops/finops_scenarios.py +0 -1218
- runbooks/finops/legacy_migration.py +0 -730
- runbooks/finops/multi_dashboard.py +0 -1519
- runbooks/finops/single_dashboard.py +0 -1113
- runbooks/finops/unlimited_scenarios.py +0 -393
- runbooks-1.1.4.dist-info/METADATA +0 -800
- runbooks-1.1.4.dist-info/RECORD +0 -468
- {runbooks-1.1.4.dist-info → runbooks-1.1.6.dist-info}/WHEEL +0 -0
- {runbooks-1.1.4.dist-info → runbooks-1.1.6.dist-info}/entry_points.txt +0 -0
- {runbooks-1.1.4.dist-info → runbooks-1.1.6.dist-info}/licenses/LICENSE +0 -0
- {runbooks-1.1.4.dist-info → runbooks-1.1.6.dist-info}/top_level.txt +0 -0
|
@@ -0,0 +1,528 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
"""
|
|
3
|
+
🚀 VPC Remediation Planning Engine - Phase 3 Implementation
|
|
4
|
+
Enterprise-grade PDCA remediation planning with comprehensive proposal generation
|
|
5
|
+
|
|
6
|
+
Author: CloudOps-Runbooks Engineering Team
|
|
7
|
+
Epic: AWS-25 VPC Infrastructure Cleanup
|
|
8
|
+
Framework: PDCA remediation methodology with enterprise safety controls
|
|
9
|
+
"""
|
|
10
|
+
|
|
11
|
+
import json
|
|
12
|
+
from dataclasses import dataclass, asdict
|
|
13
|
+
from datetime import datetime, timedelta
|
|
14
|
+
from typing import Dict, List, Optional, Tuple
|
|
15
|
+
from enum import Enum
|
|
16
|
+
from decimal import Decimal
|
|
17
|
+
|
|
18
|
+
from rich.console import Console
|
|
19
|
+
from rich.table import Table
|
|
20
|
+
from rich.panel import Panel
|
|
21
|
+
from rich.tree import Tree
|
|
22
|
+
from rich.progress import Progress, SpinnerColumn, TextColumn
|
|
23
|
+
import yaml
|
|
24
|
+
|
|
25
|
+
console = Console()
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
class RiskLevel(Enum):
|
|
29
|
+
LOW = "LOW"
|
|
30
|
+
MEDIUM = "MEDIUM"
|
|
31
|
+
MEDIUM_HIGH = "MEDIUM-HIGH"
|
|
32
|
+
HIGH = "HIGH"
|
|
33
|
+
CRITICAL = "CRITICAL"
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
class DecisionType(Enum):
|
|
37
|
+
DELETE = "DELETE"
|
|
38
|
+
OPTIMIZE = "OPTIMIZE"
|
|
39
|
+
REPLACE = "REPLACE"
|
|
40
|
+
KEEP = "KEEP"
|
|
41
|
+
ANALYZE = "ANALYZE"
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
@dataclass
|
|
45
|
+
class VPCRemediationProposal:
|
|
46
|
+
"""Comprehensive VPC remediation proposal with safety assessment"""
|
|
47
|
+
|
|
48
|
+
vpc_id: str
|
|
49
|
+
name: str
|
|
50
|
+
region: str
|
|
51
|
+
account: str
|
|
52
|
+
decision: DecisionType
|
|
53
|
+
risk_level: RiskLevel
|
|
54
|
+
|
|
55
|
+
# Financial Impact
|
|
56
|
+
current_annual_cost: Decimal
|
|
57
|
+
projected_savings: Decimal
|
|
58
|
+
roi_percentage: float
|
|
59
|
+
|
|
60
|
+
# Technical Analysis
|
|
61
|
+
enis_count: int
|
|
62
|
+
cloudtrail_events: int
|
|
63
|
+
last_activity: datetime
|
|
64
|
+
dependency_blocking_factors: List[str]
|
|
65
|
+
|
|
66
|
+
# Implementation Details
|
|
67
|
+
implementation_phase: int
|
|
68
|
+
estimated_duration: str
|
|
69
|
+
rollback_complexity: str
|
|
70
|
+
stakeholder_approvals: List[str]
|
|
71
|
+
|
|
72
|
+
# Safety Controls
|
|
73
|
+
eni_gate_validation: bool
|
|
74
|
+
dependency_analysis_complete: bool
|
|
75
|
+
compliance_impact: str
|
|
76
|
+
business_continuity_risk: str
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
@dataclass
|
|
80
|
+
class RemediationRoadmap:
|
|
81
|
+
"""Four-phase implementation roadmap"""
|
|
82
|
+
|
|
83
|
+
total_vpcs: int
|
|
84
|
+
total_savings: Decimal
|
|
85
|
+
total_duration: str
|
|
86
|
+
|
|
87
|
+
phase_1_immediate: List[VPCRemediationProposal]
|
|
88
|
+
phase_2_infrastructure: List[VPCRemediationProposal]
|
|
89
|
+
phase_3_advanced: List[VPCRemediationProposal]
|
|
90
|
+
phase_4_control_plane: List[VPCRemediationProposal]
|
|
91
|
+
|
|
92
|
+
safety_assessment: Dict[str, any]
|
|
93
|
+
compliance_validation: Dict[str, str]
|
|
94
|
+
raci_matrix: Dict[str, List[str]]
|
|
95
|
+
|
|
96
|
+
|
|
97
|
+
class VPCRemediationPlanner:
|
|
98
|
+
"""
|
|
99
|
+
Enterprise VPC remediation planning engine with comprehensive proposal generation
|
|
100
|
+
Implements three-bucket methodology with four-phase implementation approach
|
|
101
|
+
"""
|
|
102
|
+
|
|
103
|
+
def __init__(self, test_data_path: str = None):
|
|
104
|
+
"""Initialize remediation planner with production test data"""
|
|
105
|
+
self.console = Console()
|
|
106
|
+
self.test_data_path = test_data_path or ".claude/config/environment-data/vpc-test-data-production.yaml"
|
|
107
|
+
self.vpc_data = self._load_production_data()
|
|
108
|
+
|
|
109
|
+
# Safety thresholds
|
|
110
|
+
self.eni_safety_threshold = 10
|
|
111
|
+
self.cloudtrail_activity_threshold = 30 # days
|
|
112
|
+
self.cost_significance_threshold = Decimal("1000") # annual
|
|
113
|
+
|
|
114
|
+
def _load_production_data(self) -> Dict:
|
|
115
|
+
"""Load and validate production VPC test data"""
|
|
116
|
+
try:
|
|
117
|
+
with open(self.test_data_path, "r") as f:
|
|
118
|
+
data = yaml.safe_load(f)
|
|
119
|
+
|
|
120
|
+
console.print(f"✅ Loaded production data: {data['business_metrics']['total_vpcs']} VPCs")
|
|
121
|
+
return data
|
|
122
|
+
except Exception as e:
|
|
123
|
+
console.print(f"❌ Error loading test data: {e}")
|
|
124
|
+
return self._generate_fallback_data()
|
|
125
|
+
|
|
126
|
+
def _generate_fallback_data(self) -> Dict:
|
|
127
|
+
"""Generate minimal fallback data if production data unavailable"""
|
|
128
|
+
return {"vpc_test_data": {"active_vpcs": []}, "business_metrics": {"total_vpcs": 0, "annual_savings": 0}}
|
|
129
|
+
|
|
130
|
+
def analyze_vpc_for_remediation(self, vpc_data: Dict) -> VPCRemediationProposal:
|
|
131
|
+
"""
|
|
132
|
+
Comprehensive VPC analysis for remediation planning
|
|
133
|
+
Implements enterprise safety assessment with dependency validation
|
|
134
|
+
"""
|
|
135
|
+
|
|
136
|
+
# Parse VPC data
|
|
137
|
+
vpc_id = vpc_data.get("vpc_id", "unknown")
|
|
138
|
+
name = vpc_data.get("name", "unnamed")
|
|
139
|
+
region = vpc_data.get("region", "unknown")
|
|
140
|
+
account = vpc_data.get("account", "unknown")
|
|
141
|
+
enis = vpc_data.get("enis", 0)
|
|
142
|
+
monthly_cost = Decimal(str(vpc_data.get("cost_monthly", 0)))
|
|
143
|
+
annual_cost = monthly_cost * 12
|
|
144
|
+
|
|
145
|
+
# Activity analysis
|
|
146
|
+
last_activity_str = vpc_data.get("last_activity", "2024-01-01")
|
|
147
|
+
last_activity = datetime.strptime(last_activity_str, "%Y-%m-%d")
|
|
148
|
+
days_since_activity = (datetime.now() - last_activity).days
|
|
149
|
+
cloudtrail_events = vpc_data.get("cloudtrail_events", 0)
|
|
150
|
+
|
|
151
|
+
# Decision logic based on comprehensive analysis
|
|
152
|
+
decision, risk_level = self._determine_remediation_decision(
|
|
153
|
+
enis, days_since_activity, cloudtrail_events, annual_cost, name
|
|
154
|
+
)
|
|
155
|
+
|
|
156
|
+
# Calculate projected savings
|
|
157
|
+
projected_savings = self._calculate_projected_savings(decision, annual_cost)
|
|
158
|
+
roi_percentage = float(projected_savings / annual_cost * 100) if annual_cost > 0 else 0
|
|
159
|
+
|
|
160
|
+
# Dependency analysis
|
|
161
|
+
blocking_factors = self._analyze_blocking_factors(enis, cloudtrail_events, name)
|
|
162
|
+
|
|
163
|
+
# Implementation planning
|
|
164
|
+
phase, duration, rollback_complexity = self._plan_implementation(decision, risk_level, enis)
|
|
165
|
+
|
|
166
|
+
# Stakeholder analysis
|
|
167
|
+
approvals = self._determine_required_approvals(risk_level, annual_cost)
|
|
168
|
+
|
|
169
|
+
# Safety validations
|
|
170
|
+
eni_gate_valid = enis <= self.eni_safety_threshold
|
|
171
|
+
dependency_complete = len(blocking_factors) == 0 or decision == DecisionType.KEEP
|
|
172
|
+
|
|
173
|
+
# Compliance assessment
|
|
174
|
+
compliance_impact = self._assess_compliance_impact(name, decision)
|
|
175
|
+
business_risk = self._assess_business_continuity_risk(enis, cloudtrail_events)
|
|
176
|
+
|
|
177
|
+
return VPCRemediationProposal(
|
|
178
|
+
vpc_id=vpc_id,
|
|
179
|
+
name=name,
|
|
180
|
+
region=region,
|
|
181
|
+
account=account,
|
|
182
|
+
decision=decision,
|
|
183
|
+
risk_level=risk_level,
|
|
184
|
+
current_annual_cost=annual_cost,
|
|
185
|
+
projected_savings=projected_savings,
|
|
186
|
+
roi_percentage=roi_percentage,
|
|
187
|
+
enis_count=enis,
|
|
188
|
+
cloudtrail_events=cloudtrail_events,
|
|
189
|
+
last_activity=last_activity,
|
|
190
|
+
dependency_blocking_factors=blocking_factors,
|
|
191
|
+
implementation_phase=phase,
|
|
192
|
+
estimated_duration=duration,
|
|
193
|
+
rollback_complexity=rollback_complexity,
|
|
194
|
+
stakeholder_approvals=approvals,
|
|
195
|
+
eni_gate_validation=eni_gate_valid,
|
|
196
|
+
dependency_analysis_complete=dependency_complete,
|
|
197
|
+
compliance_impact=compliance_impact,
|
|
198
|
+
business_continuity_risk=business_risk,
|
|
199
|
+
)
|
|
200
|
+
|
|
201
|
+
def _determine_remediation_decision(
|
|
202
|
+
self, enis: int, days_inactive: int, cloudtrail_events: int, annual_cost: Decimal, name: str
|
|
203
|
+
) -> Tuple[DecisionType, RiskLevel]:
|
|
204
|
+
"""
|
|
205
|
+
Comprehensive decision logic for VPC remediation
|
|
206
|
+
Implements enterprise safety decision matrix
|
|
207
|
+
"""
|
|
208
|
+
|
|
209
|
+
# Default VPC CIS compliance check
|
|
210
|
+
if "default" in name.lower():
|
|
211
|
+
if enis == 0:
|
|
212
|
+
return DecisionType.DELETE, RiskLevel.CRITICAL
|
|
213
|
+
else:
|
|
214
|
+
return DecisionType.REPLACE, RiskLevel.CRITICAL
|
|
215
|
+
|
|
216
|
+
# Zero ENI immediate cleanup candidates
|
|
217
|
+
if enis == 0:
|
|
218
|
+
if days_inactive > 60:
|
|
219
|
+
return DecisionType.DELETE, RiskLevel.LOW
|
|
220
|
+
else:
|
|
221
|
+
return DecisionType.ANALYZE, RiskLevel.MEDIUM
|
|
222
|
+
|
|
223
|
+
# High ENI count requires careful analysis
|
|
224
|
+
if enis > 15:
|
|
225
|
+
return DecisionType.OPTIMIZE, RiskLevel.HIGH
|
|
226
|
+
|
|
227
|
+
# Activity-based decisions
|
|
228
|
+
if days_inactive > 90 and cloudtrail_events < 100:
|
|
229
|
+
if enis <= 3:
|
|
230
|
+
return DecisionType.DELETE, RiskLevel.MEDIUM
|
|
231
|
+
else:
|
|
232
|
+
return DecisionType.OPTIMIZE, RiskLevel.MEDIUM_HIGH
|
|
233
|
+
|
|
234
|
+
# Cost-based decisions
|
|
235
|
+
if annual_cost > Decimal("2000"):
|
|
236
|
+
if enis <= 5:
|
|
237
|
+
return DecisionType.OPTIMIZE, RiskLevel.MEDIUM
|
|
238
|
+
else:
|
|
239
|
+
return DecisionType.KEEP, RiskLevel.LOW
|
|
240
|
+
|
|
241
|
+
# Default to analysis for uncertain cases
|
|
242
|
+
return DecisionType.ANALYZE, RiskLevel.MEDIUM
|
|
243
|
+
|
|
244
|
+
def _calculate_projected_savings(self, decision: DecisionType, annual_cost: Decimal) -> Decimal:
|
|
245
|
+
"""Calculate projected annual savings based on remediation decision"""
|
|
246
|
+
|
|
247
|
+
savings_multipliers = {
|
|
248
|
+
DecisionType.DELETE: Decimal("1.0"), # 100% savings
|
|
249
|
+
DecisionType.REPLACE: Decimal("0.8"), # 80% savings (new VPC costs)
|
|
250
|
+
DecisionType.OPTIMIZE: Decimal("0.4"), # 40% savings (optimization)
|
|
251
|
+
DecisionType.ANALYZE: Decimal("0.2"), # 20% potential savings
|
|
252
|
+
DecisionType.KEEP: Decimal("0.0"), # No savings
|
|
253
|
+
}
|
|
254
|
+
|
|
255
|
+
return annual_cost * savings_multipliers.get(decision, Decimal("0.0"))
|
|
256
|
+
|
|
257
|
+
def _analyze_blocking_factors(self, enis: int, cloudtrail_events: int, name: str) -> List[str]:
|
|
258
|
+
"""Identify potential blocking factors for remediation"""
|
|
259
|
+
|
|
260
|
+
blocking_factors = []
|
|
261
|
+
|
|
262
|
+
if enis > 10:
|
|
263
|
+
blocking_factors.append(f"High ENI count ({enis}) requires detailed dependency analysis")
|
|
264
|
+
|
|
265
|
+
if cloudtrail_events > 1000:
|
|
266
|
+
blocking_factors.append(f"High activity ({cloudtrail_events} events) indicates active usage")
|
|
267
|
+
|
|
268
|
+
if any(keyword in name.lower() for keyword in ["prod", "production", "critical"]):
|
|
269
|
+
blocking_factors.append("Production environment requires careful impact assessment")
|
|
270
|
+
|
|
271
|
+
if any(keyword in name.lower() for keyword in ["shared", "common", "hub"]):
|
|
272
|
+
blocking_factors.append("Shared infrastructure requires cross-team coordination")
|
|
273
|
+
|
|
274
|
+
return blocking_factors
|
|
275
|
+
|
|
276
|
+
def _plan_implementation(self, decision: DecisionType, risk_level: RiskLevel, enis: int) -> Tuple[int, str, str]:
|
|
277
|
+
"""Plan implementation phase, duration, and rollback complexity"""
|
|
278
|
+
|
|
279
|
+
# Phase assignment based on risk and complexity
|
|
280
|
+
if risk_level == RiskLevel.LOW and enis == 0:
|
|
281
|
+
phase = 1
|
|
282
|
+
duration = "1-2 days"
|
|
283
|
+
rollback = "Simple"
|
|
284
|
+
elif risk_level in [RiskLevel.MEDIUM, RiskLevel.MEDIUM_HIGH]:
|
|
285
|
+
phase = 2 if enis <= 5 else 3
|
|
286
|
+
duration = "1-2 weeks" if enis <= 5 else "2-4 weeks"
|
|
287
|
+
rollback = "Moderate" if enis <= 5 else "Complex"
|
|
288
|
+
elif risk_level in [RiskLevel.HIGH, RiskLevel.CRITICAL]:
|
|
289
|
+
phase = 4
|
|
290
|
+
duration = "4-8 weeks"
|
|
291
|
+
rollback = "Complex"
|
|
292
|
+
else:
|
|
293
|
+
phase = 2
|
|
294
|
+
duration = "1-2 weeks"
|
|
295
|
+
rollback = "Moderate"
|
|
296
|
+
|
|
297
|
+
return phase, duration, rollback
|
|
298
|
+
|
|
299
|
+
def _determine_required_approvals(self, risk_level: RiskLevel, annual_cost: Decimal) -> List[str]:
|
|
300
|
+
"""Determine required stakeholder approvals based on risk and cost"""
|
|
301
|
+
|
|
302
|
+
approvals = ["CloudOps Team"]
|
|
303
|
+
|
|
304
|
+
if risk_level in [RiskLevel.HIGH, RiskLevel.CRITICAL]:
|
|
305
|
+
approvals.extend(["Infrastructure Manager", "Security Team"])
|
|
306
|
+
|
|
307
|
+
if annual_cost > Decimal("2000"):
|
|
308
|
+
approvals.append("FinOps Manager")
|
|
309
|
+
|
|
310
|
+
if risk_level == RiskLevel.CRITICAL:
|
|
311
|
+
approvals.extend(["CISO", "VP Engineering"])
|
|
312
|
+
|
|
313
|
+
return approvals
|
|
314
|
+
|
|
315
|
+
def _assess_compliance_impact(self, name: str, decision: DecisionType) -> str:
|
|
316
|
+
"""Assess compliance framework impact"""
|
|
317
|
+
|
|
318
|
+
if "default" in name.lower():
|
|
319
|
+
return "CIS 2.1 compliance improvement (removes violation)"
|
|
320
|
+
elif decision == DecisionType.DELETE:
|
|
321
|
+
return "Reduces attack surface, improves security posture"
|
|
322
|
+
elif decision == DecisionType.OPTIMIZE:
|
|
323
|
+
return "Maintains compliance, improves cost efficiency"
|
|
324
|
+
else:
|
|
325
|
+
return "No compliance impact"
|
|
326
|
+
|
|
327
|
+
def _assess_business_continuity_risk(self, enis: int, cloudtrail_events: int) -> str:
|
|
328
|
+
"""Assess business continuity risk level"""
|
|
329
|
+
|
|
330
|
+
if enis == 0 and cloudtrail_events < 50:
|
|
331
|
+
return "Minimal - no active workloads detected"
|
|
332
|
+
elif enis <= 5 and cloudtrail_events < 500:
|
|
333
|
+
return "Low - limited workload impact"
|
|
334
|
+
elif enis <= 15 and cloudtrail_events < 1500:
|
|
335
|
+
return "Medium - moderate workload coordination required"
|
|
336
|
+
else:
|
|
337
|
+
return "High - extensive workload analysis and coordination required"
|
|
338
|
+
|
|
339
|
+
def generate_comprehensive_roadmap(self) -> RemediationRoadmap:
|
|
340
|
+
"""
|
|
341
|
+
Generate comprehensive four-phase implementation roadmap
|
|
342
|
+
Based on 27-VPC production dataset with enterprise safety controls
|
|
343
|
+
"""
|
|
344
|
+
|
|
345
|
+
console.print("[bold blue]🚀 Generating Comprehensive Remediation Roadmap...[/bold blue]")
|
|
346
|
+
|
|
347
|
+
with Progress(
|
|
348
|
+
SpinnerColumn(), TextColumn("[progress.description]{task.description}"), console=console
|
|
349
|
+
) as progress:
|
|
350
|
+
task = progress.add_task("Analyzing VPC remediation opportunities...", total=None)
|
|
351
|
+
|
|
352
|
+
# Analyze all active VPCs
|
|
353
|
+
proposals = []
|
|
354
|
+
for vpc_data in self.vpc_data.get("vpc_test_data", {}).get("active_vpcs", []):
|
|
355
|
+
proposal = self.analyze_vpc_for_remediation(vpc_data)
|
|
356
|
+
proposals.append(proposal)
|
|
357
|
+
|
|
358
|
+
progress.update(task, description="Organizing implementation phases...")
|
|
359
|
+
|
|
360
|
+
# Organize by implementation phases
|
|
361
|
+
phase_1 = [p for p in proposals if p.implementation_phase == 1]
|
|
362
|
+
phase_2 = [p for p in proposals if p.implementation_phase == 2]
|
|
363
|
+
phase_3 = [p for p in proposals if p.implementation_phase == 3]
|
|
364
|
+
phase_4 = [p for p in proposals if p.implementation_phase == 4]
|
|
365
|
+
|
|
366
|
+
# Calculate totals
|
|
367
|
+
total_savings = sum(p.projected_savings for p in proposals)
|
|
368
|
+
total_vpcs = len(proposals)
|
|
369
|
+
|
|
370
|
+
progress.update(task, description="Generating safety assessment...")
|
|
371
|
+
|
|
372
|
+
# Safety assessment
|
|
373
|
+
safety_assessment = self._generate_safety_assessment(proposals)
|
|
374
|
+
|
|
375
|
+
# Compliance validation
|
|
376
|
+
compliance_validation = self._generate_compliance_validation(proposals)
|
|
377
|
+
|
|
378
|
+
# RACI matrix
|
|
379
|
+
raci_matrix = self._generate_raci_matrix()
|
|
380
|
+
|
|
381
|
+
progress.update(task, description="Finalizing roadmap...")
|
|
382
|
+
|
|
383
|
+
console.print("✅ Roadmap generation complete")
|
|
384
|
+
|
|
385
|
+
return RemediationRoadmap(
|
|
386
|
+
total_vpcs=total_vpcs,
|
|
387
|
+
total_savings=total_savings,
|
|
388
|
+
total_duration="3-6 months",
|
|
389
|
+
phase_1_immediate=phase_1,
|
|
390
|
+
phase_2_infrastructure=phase_2,
|
|
391
|
+
phase_3_advanced=phase_3,
|
|
392
|
+
phase_4_control_plane=phase_4,
|
|
393
|
+
safety_assessment=safety_assessment,
|
|
394
|
+
compliance_validation=compliance_validation,
|
|
395
|
+
raci_matrix=raci_matrix,
|
|
396
|
+
)
|
|
397
|
+
|
|
398
|
+
def _generate_safety_assessment(self, proposals: List[VPCRemediationProposal]) -> Dict[str, any]:
|
|
399
|
+
"""Generate comprehensive safety assessment"""
|
|
400
|
+
|
|
401
|
+
total_enis = sum(p.enis_count for p in proposals)
|
|
402
|
+
high_risk_count = len([p for p in proposals if p.risk_level in [RiskLevel.HIGH, RiskLevel.CRITICAL]])
|
|
403
|
+
delete_candidates = len([p for p in proposals if p.decision == DecisionType.DELETE])
|
|
404
|
+
|
|
405
|
+
return {
|
|
406
|
+
"total_enis_affected": total_enis,
|
|
407
|
+
"high_risk_vpcs": high_risk_count,
|
|
408
|
+
"immediate_delete_candidates": delete_candidates,
|
|
409
|
+
"eni_gate_pass_rate": len([p for p in proposals if p.eni_gate_validation]) / len(proposals) * 100,
|
|
410
|
+
"dependency_analysis_coverage": len([p for p in proposals if p.dependency_analysis_complete])
|
|
411
|
+
/ len(proposals)
|
|
412
|
+
* 100,
|
|
413
|
+
"overall_risk_assessment": "CONTROLLED" if high_risk_count <= 3 else "ELEVATED",
|
|
414
|
+
"recommended_pilot_vpcs": min(3, delete_candidates),
|
|
415
|
+
"coordination_complexity": "MEDIUM" if total_enis < 100 else "HIGH",
|
|
416
|
+
}
|
|
417
|
+
|
|
418
|
+
def _generate_compliance_validation(self, proposals: List[VPCRemediationProposal]) -> Dict[str, str]:
|
|
419
|
+
"""Generate compliance framework validation"""
|
|
420
|
+
|
|
421
|
+
cis_violations = len([p for p in proposals if "default" in p.name.lower()])
|
|
422
|
+
security_improvements = len([p for p in proposals if p.decision in [DecisionType.DELETE, DecisionType.REPLACE]])
|
|
423
|
+
|
|
424
|
+
return {
|
|
425
|
+
"cis_2_1_compliance": f"Resolves {cis_violations} default VPC violations",
|
|
426
|
+
"aws_well_architected": "Improves cost optimization and security pillars",
|
|
427
|
+
"enterprise_security": f"Reduces attack surface by {security_improvements} VPCs",
|
|
428
|
+
"sox_compliance": "Improves financial controls through cost optimization",
|
|
429
|
+
"gdpr_impact": "Minimal - no data processing impact identified",
|
|
430
|
+
"overall_compliance_impact": "POSITIVE",
|
|
431
|
+
}
|
|
432
|
+
|
|
433
|
+
def _generate_raci_matrix(self) -> Dict[str, List[str]]:
|
|
434
|
+
"""Generate RACI matrix for stakeholder coordination"""
|
|
435
|
+
|
|
436
|
+
return {
|
|
437
|
+
"Responsible": ["CloudOps Team", "Network Engineering"],
|
|
438
|
+
"Accountable": ["Infrastructure Manager", "VP Engineering"],
|
|
439
|
+
"Consulted": ["Security Team", "Application Teams", "FinOps Team"],
|
|
440
|
+
"Informed": ["Executive Leadership", "Compliance Team", "Audit Team"],
|
|
441
|
+
}
|
|
442
|
+
|
|
443
|
+
def export_proposals_to_json(self, roadmap: RemediationRoadmap, output_path: str):
|
|
444
|
+
"""Export comprehensive remediation proposals to JSON for integration"""
|
|
445
|
+
|
|
446
|
+
def decimal_serializer(obj):
|
|
447
|
+
if isinstance(obj, Decimal):
|
|
448
|
+
return float(obj)
|
|
449
|
+
elif isinstance(obj, datetime):
|
|
450
|
+
return obj.isoformat()
|
|
451
|
+
elif isinstance(obj, (DecisionType, RiskLevel)):
|
|
452
|
+
return obj.value
|
|
453
|
+
raise TypeError(f"Object of type {type(obj)} is not JSON serializable")
|
|
454
|
+
|
|
455
|
+
roadmap_dict = asdict(roadmap)
|
|
456
|
+
|
|
457
|
+
with open(output_path, "w") as f:
|
|
458
|
+
json.dump(roadmap_dict, f, indent=2, default=decimal_serializer)
|
|
459
|
+
|
|
460
|
+
console.print(f"✅ Remediation roadmap exported to {output_path}")
|
|
461
|
+
|
|
462
|
+
def generate_executive_summary(self, roadmap: RemediationRoadmap) -> str:
|
|
463
|
+
"""Generate executive summary for stakeholder communication"""
|
|
464
|
+
|
|
465
|
+
summary = f"""
|
|
466
|
+
# VPC Infrastructure Cleanup - Executive Summary
|
|
467
|
+
|
|
468
|
+
## Business Impact
|
|
469
|
+
- **Total VPCs Analyzed**: {roadmap.total_vpcs}
|
|
470
|
+
- **Projected Annual Savings**: ${roadmap.total_savings:,.2f}
|
|
471
|
+
- **Implementation Timeline**: {roadmap.total_duration}
|
|
472
|
+
- **ROI**: {(roadmap.total_savings / 10000) * 100:.1f}% (estimated)
|
|
473
|
+
|
|
474
|
+
## Risk Assessment
|
|
475
|
+
- **Overall Risk Level**: {roadmap.safety_assessment["overall_risk_assessment"]}
|
|
476
|
+
- **High-Risk VPCs**: {roadmap.safety_assessment["high_risk_vpcs"]}
|
|
477
|
+
- **Safety Gate Pass Rate**: {roadmap.safety_assessment["eni_gate_pass_rate"]:.1f}%
|
|
478
|
+
|
|
479
|
+
## Implementation Phases
|
|
480
|
+
- **Phase 1 - Immediate Wins**: {len(roadmap.phase_1_immediate)} VPCs (LOW risk)
|
|
481
|
+
- **Phase 2 - Infrastructure**: {len(roadmap.phase_2_infrastructure)} VPCs (MEDIUM risk)
|
|
482
|
+
- **Phase 3 - Advanced**: {len(roadmap.phase_3_advanced)} VPCs (MEDIUM-HIGH risk)
|
|
483
|
+
- **Phase 4 - Control Plane**: {len(roadmap.phase_4_control_plane)} VPCs (HIGH risk)
|
|
484
|
+
|
|
485
|
+
## Compliance Benefits
|
|
486
|
+
{roadmap.compliance_validation["cis_2_1_compliance"]}
|
|
487
|
+
{roadmap.compliance_validation["enterprise_security"]}
|
|
488
|
+
|
|
489
|
+
## Recommendation
|
|
490
|
+
Proceed with phased implementation starting with Phase 1 immediate wins.
|
|
491
|
+
Management approval required for Phase 4 high-risk operations.
|
|
492
|
+
"""
|
|
493
|
+
|
|
494
|
+
return summary.strip()
|
|
495
|
+
|
|
496
|
+
|
|
497
|
+
def main():
|
|
498
|
+
"""Main execution for VPC remediation planning"""
|
|
499
|
+
|
|
500
|
+
console.print(
|
|
501
|
+
Panel.fit(
|
|
502
|
+
"[bold blue]🚀 VPC Remediation Planning Engine[/bold blue]\n"
|
|
503
|
+
"[cyan]Phase 3: Comprehensive Deployment Recommendations[/cyan]",
|
|
504
|
+
title="CloudOps-Runbooks AWS-25",
|
|
505
|
+
)
|
|
506
|
+
)
|
|
507
|
+
|
|
508
|
+
# Initialize planner
|
|
509
|
+
planner = VPCRemediationPlanner()
|
|
510
|
+
|
|
511
|
+
# Generate comprehensive roadmap
|
|
512
|
+
roadmap = planner.generate_comprehensive_roadmap()
|
|
513
|
+
|
|
514
|
+
# Display executive summary
|
|
515
|
+
summary = planner.generate_executive_summary(roadmap)
|
|
516
|
+
console.print(Panel(summary, title="Executive Summary", border_style="green"))
|
|
517
|
+
|
|
518
|
+
# Export for integration
|
|
519
|
+
output_path = "artifacts/vpc/remediation-roadmap.json"
|
|
520
|
+
planner.export_proposals_to_json(roadmap, output_path)
|
|
521
|
+
|
|
522
|
+
console.print(f"\n✅ [bold green]Phase 3 Remediation Planning Complete[/bold green]")
|
|
523
|
+
console.print(f"📊 Roadmap exported to {output_path}")
|
|
524
|
+
console.print(f"📋 Ready for executive review and Phase 4 implementation planning")
|
|
525
|
+
|
|
526
|
+
|
|
527
|
+
if __name__ == "__main__":
|
|
528
|
+
main()
|