S3 Provisioner Tool documentation

Welcome to the S3 Provisioner Tool documentation. This tool helps you provision and manage AWS S3 buckets with best practices built-in.

📚 Getting Started (Read First)

Start here if you’re new to the S3 Provisioner.

README

Quick start and overview - Your first stop. Covers what the tool does, why it exists, quick start commands, and common workflows. Read this first to understand the tool’s value proposition and get running in 15 minutes.

USER_GUIDE

Complete command reference - Comprehensive guide covering all 15 actions, deployment patterns (shared vs dedicated buckets), volume mounts, AWS credentials, and best practices. Essential reading for daily operations.

📖 Core Documentation (Essential)

Core references you’ll use frequently.

CONFIGURATION

Configuration parameters reference - Detailed explanation of every YAML parameter (client, environment, s3 sections), complete examples for different scenarios (production, compliance, development), lifecycle policy profiles, and validation rules.

S3_FOLDERS

Complete folder structure reference - Technical documentation of the 130+ folder hierarchy created by the tool, organized by ML pipeline phase (data, models, notebooks, artifacts, code, config). Use this to understand where to place your ML assets.

ML_LIFECYCLE_POLICIES

Lifecycle policy details - Deep dive into the 4 lifecycle profiles (ml-optimized, compliance, development, none), cost analysis, transition timelines, and custom policy implementation guidance. Essential for cost optimization.

🔧 Operations (Day-to-Day Use)

Operational guides for managing deployed infrastructure.

BACKUP_RECOVERY

Backup and recovery procedures - Disaster recovery strategies, backup procedures for configurations and data, recovery workflows, and RTO/RPO guidelines. Critical for production environments.

MONITORING_HEALTH_CHECKS

Monitoring and health checks - CloudWatch metrics, S3 event notifications, health check procedures, alerting strategies, and operational dashboards. Essential for production monitoring.

UPDATE_PROCEDURES

Update and maintenance procedures - How to update configurations, modify existing buckets, add new solutions, and perform maintenance tasks without downtime.

COST_OPTIMIZATION

Cost optimization strategies - Storage class comparisons, lifecycle policy cost analysis, Pattern A vs Pattern B cost breakdown, and recommendations for reducing S3 spend.

PERFORMANCE_TUNING

Performance tuning guide - S3 request rate optimization, multipart upload tuning, transfer acceleration, and performance considerations for ML workloads.

🔒 Security & Compliance

Security, permissions, and compliance documentation.

IAM_PERMISSIONS

Required AWS permissions - Complete IAM policy requirements for S3, CloudFormation, Lambda, and VPC operations. Includes least-privilege policies and role-based access examples.

SECURITY

Security overview - High-level security architecture, encryption at rest/in transit, access control patterns, and security best practices.

SECURITY_GUIDELINES

Detailed security guidelines - Comprehensive security implementation guide covering bucket policies, encryption, access logging, VPC endpoints, and compliance requirements.

GOVERNANCE_COMPLIANCE

Enterprise governance framework - Complete reference architecture for implementing governance, compliance, and audit capabilities. Includes ready-to-use JSON schemas for audit logs, data lineage, compliance metadata, RBAC examples, and multi-framework compliance support (GDPR, HIPAA, SOC 2, ISO 27001, CCPA).

🐛 Troubleshooting & Support

Problem resolution and getting help.

TROUBLESHOOTING

Common issues and solutions - Comprehensive troubleshooting guide covering AWS credentials, configuration errors, lifecycle policy issues, CloudFormation errors, Docker errors, deletion errors, and solution deployment errors. Includes quick diagnostics and advanced troubleshooting techniques.

SUPPORT

Support information - How to get help, support channels, escalation procedures, and what information to include in support requests.

📊 Advanced Topics (Optional)

Deep dives for advanced users and specific use cases.

APPLICATION_ARCHITECTURE

Complete architecture documentation - Enterprise-grade technical documentation covering system architecture, design decisions, CloudFormation implementation, Lambda functions, security architecture, and deployment patterns. For architects and advanced users.

INTEGRATION_EXAMPLES

Integration examples - How to integrate provisioned S3 buckets with SageMaker, Lambda, Glue, and CI/CD pipelines.

MIGRATION_GUIDE

Migration guide - Migrating from manual S3 setup, Terraform, or CDK to the S3 Provisioner. Includes data migration strategies by size.

📋 Reference (As Needed)

Version history, roadmap, feedback, and examples.

RELEASE_NOTES

Version history and changes - Release history, new features, bug fixes, breaking changes, and upgrade notes for each version.

ROADMAP

Future features and plans - Planned features, enhancement requests, and product roadmap. See what’s coming next.

FEEDBACK

Feedback and feature requests - Submit feature requests, vote on planned features, and provide documentation feedback.

📚 Getting Started:

• README
  • Table of Contents
  • Why This Tool Exists
  • Enterprise-Scale Versatility
  • What You Get
    • Battle-Tested ML Folder Structure
    • Bonus: Enterprise Governance Blueprint
    • ML-Optimized Folder Structure
    • Automated Lifecycle Policies
    • Infrastructure as Code
  • Quick Start
    • 1. Create Configuration
    • 2. Deploy Master Solution
    • 3. Deploy Additional Solutions
  • Common Workflows
    • Pattern A: Shared Bucket (Multiple Solutions)
    • Pattern B: Dedicated Buckets (One Solution Per Bucket)
  • Key Features
    • Configuration Validation
    • IAM Policy Generation
    • Template Validation
    • Change Preview
    • Drift Detection
    • Infrastructure Cleanup
    • Generate Usage Assumptions
    • Estimate Monthly Costs
    • Refresh Resource Pricing
  • AWS Credentials
  • Documentation
  • System Requirements
  • Support
  • License
• User Guide
  • Table of Contents
  • Prerequisites
    • Planning Your Deployment
    • Docker Installation
    • Python Installation (Optional - for AWS CLI)
    • AWS Credentials Configuration
    • System Requirements
    • IAM Permissions Check
    • AWS Account Limits
    • Docker Image Availability
    • Security Scanning (Optional)
  • Step 1: Understand Bucket Naming
  • Choose Deployment Strategy
    • Pattern A: Shared Bucket (Multiple Solutions)
    • Pattern B: Dedicated Buckets (One Solution Per Bucket)
    • Comparison Summary
  • Quick Start
    • Pre-Deployment Checklist
    • Setup
    • Setup (Required for Both Patterns)
    • Pattern A: Shared Bucket Workflow
    • Pattern B: Dedicated Bucket Workflow
    • Cleanup
  • Deployment Patterns
    • Pattern A: Shared Bucket (Multiple Solutions)
    • Pattern B: Dedicated Buckets (One Solution Per Bucket)
  • Configuration
    • Configuration File Structure
    • Tenant ID Format
    • Bucket Name Override
    • Artifact Naming Reference
  • Commands Reference
    • Validation Commands
      • validate-config
    • Policy Commands
      • create-policy
    • CloudFormation Template Commands
      • create-prov-template
      • validate-prov-template
    • Change Preview and Drift Detection Commands
      • show-changes
      • check-drift
      • test-deploy
    • Bucket Provisioning Commands
      • create-bucket
      • prep-master
      • delete-bucket
      • delete-cfn-stack
      • tear-down
    • Cost Estimation Commands
      • cost-traffic
      • cost-estimate
      • cost-refresh-prices
    • Solution Deployment Commands
      • deploy-solution
      • deploy-folders
      • upload-template
    • GitKeep Management Commands
      • gitkeep-full
      • gitkeep-none
      • gitkeep-partial
      • purge-bucket
  • Common Workflows
    • Pattern A: Shared Bucket Deployment
    • Pattern B: Dedicated Bucket Deployment
    • Quick Test Workflow
    • Cleanup Workflow
    • Cost Estimation Workflow
  • Volume Mounts
  • AWS Credentials
    • Option 1: AWS Profile (Recommended)
    • Option 2: Environment Variables
    • Option 3: IAM Role (EC2/ECS)
  • Best Practices
    • Always Validate First
    • Review Generated Templates
    • Use IAM Roles in Production
    • Enable Versioning in Production
    • Use Lifecycle Policies
    • Test in Dev First
    • Use CloudFormation for Infrastructure
    • Proper Cleanup
    • Monitor Logs
    • Version Control Configurations
  • Command Summary
  • Troubleshooting
  • What’s Next
  • Support
  • Configuration Reference
  • IAM Permissions
  • Frequently Asked Questions

📖 Core Documentation:

• Configuration Reference
  • Table of Contents
  • Quick Reference
  • Configuration File Structure
  • Section 1: Client Configuration
    • company_name ✅ Required
    • company_prefix ✅ Required
    • account_id ✅ Required
    • tenant_id ✅ Required
  • Section 2: Environment Configuration
    • env ✅ Required
    • region ✅ Required
  • Section 3: S3 Configuration
    • bucket_name_override ❌ Optional
    • versioning ✅ Required
    • lifecycle_policy ❌ Optional
      • Lifecycle Policy Profiles
      • Lifecycle Policy Details
    • vpc_id ❌ Optional
    • route_table_ids ❌ Optional
    • tags ❌ Optional
      • System Tags (Automatically Applied)
      • Custom Tags (Optional)
  • Usage Assumptions File
    • File Naming
    • File Structure
    • Parameters
    • Usage
  • Complete Configuration Examples
    • Example 1: Production ML Workload
    • Example 2: Compliance Environment (HIPAA)
    • Example 3: Development Environment
    • Example 4: Custom Bucket Name
    • Example 5: No Lifecycle Policy
  • Bucket Naming Convention
  • Folder Structure Created
  • Configuration Validation
    • Client Section Validation
    • Environment Section Validation
    • S3 Section Validation
  • Configuration Best Practices
    • 1. Production Environments
    • 2. Development Environments
    • 3. Compliance Workloads
    • 4. Cost Optimization
    • 5. S3 Gateway VPC Endpoint Configuration
  • Lifecycle Policy Cost Comparison
    • Scenario: 100 TB ML Pipeline (Annual)
  • YAML Syntax Tips
  • Troubleshooting Configuration Issues
    • Issue: Validation Fails
    • Issue: Bucket Name Conflict
    • Issue: Account ID Format
    • Issue: VPC Endpoint Configuration
  • Additional Resources
  • Configuration File Locations
• Naming Conventions
  • Table of Contents
  • Overview
  • Configuration Variables
  • AWS Resources
    • S3 Bucket (Global)
    • CloudFormation Stack (Regional)
    • IAM Policy (Global)
    • System Tags
  • Local Artifacts
    • Configuration Files
    • CloudFormation Templates
    • IAM Policy Files
    • Usage Assumptions Files
    • Log Files
    • HTML Reports
  • Naming Convention Summary
• S3 Folder Structure Reference
  • Table of Contents
  • Key Design Principles
  • Bucket Naming Convention
  • Folder Structure (solutions only)
  • Folder Structure (master-solution one level down)
  • Folder Structure (master-solution two levels down)
  • Compacted Folder Structure (master-solution all nodes, folders only)
  • Complete Folder Structure (folders and example files)
• ML Pipeline Lifecycle Policies
  • Table of Contents
  • Overview
    • Automated Lifecycle Profiles (v1.1.0+)
    • Manual Lifecycle Implementation
  • Customer Responsibility
  • Recommended Lifecycle Patterns
    • Pattern 1: Cost-Optimized ML Pipeline
    • Pattern 2: Compliance-Focused (HIPAA/PCI)
    • Pattern 3: Active Development
  • ML Data Type Recommendations
  • Storage Class Characteristics
  • Implementation Steps
    • 1. Generate CloudFormation Template
    • 2. Locate Generated Template
    • 3. Add LifecycleConfiguration
    • 4. Deploy Modified Template
  • Folder Structure Reference
  • Best Practices
    • 1. Align with ML Workflow
    • 2. Consider Retrieval Times
    • 3. Use Prefix Filters
    • 4. Enable Versioning
    • 5. Monitor Costs
    • 6. Test in Non-Production
    • 7. Document Retention Policies
  • Cost Optimization Examples
    • Example 1: 100 TB ML Pipeline (Annual)
    • Example 2: Compliance Workload (7-year retention)
  • Troubleshooting
    • Issue: Data Not Transitioning
    • Issue: Unexpected Deletions
    • Issue: High Retrieval Costs
  • Additional Resources

🔧 Operations:

• Backup and Recovery Procedures
  • Table of Contents
  • What to Backup
    • Critical Data
    • Priority Order
  • Backup Strategy
    • Manual Backup
    • Upload Backup to S3
    • Automated Daily Backup
  • Recovery Procedures
    • Restore Configuration Files
    • Regenerate Templates and Policies
  • S3 Infrastructure Recovery
    • Document Existing Infrastructure
    • Recreate S3 Infrastructure from Config
    • Verify Recovery
  • Testing Recovery
  • Retention Policy
• Monitoring and Health Checks
  • Table of Contents
  • Health Check Endpoints
    • Basic Health Check
    • Detailed Health Check
  • CloudWatch Metrics
    • Custom Metrics
    • Key Metrics to Monitor
    • CloudWatch Dashboard
  • Log Monitoring
    • Log Analysis
    • Real-time Log Monitoring
  • Alerting
    • CloudWatch Alarms
    • Email Alerts
  • Performance Monitoring
    • Execution Time Tracking
    • Resource Usage Monitoring
  • Availability Monitoring
    • Uptime Check
    • Service Status Page
  • Reporting
    • Daily Report
    • Weekly Report
  • Automation
    • Cron Schedule
  • Monitoring Checklist
• Update Procedures
  • Table of Contents
  • Version Strategy
    • Semantic Versioning
    • Image Tags
  • Pre-Update Checklist
  • Updating the Docker Image
    • Pull New Version
    • Verify New Version
    • Test Before Production
  • Rollback Procedures
    • Quick Rollback
    • Keep Multiple Versions
  • Configuration Updates
    • Modifying an Existing Configuration
    • Updating Tags
    • Changing Lifecycle Policy
  • Infrastructure Maintenance
    • Drift Detection
    • Uploading Updated Templates
    • Replacing a Deployment
  • Adding Solutions to Existing Buckets
    • Pattern A: Shared Bucket
    • Pattern B: Dedicated Bucket
  • Monitoring After Update
    • Verify Deployed Infrastructure
    • Review Logs
  • Update Schedule
    • Recommended Schedule
    • Maintenance Windows
• Cost Optimization
  • Table of Contents
  • Cost Overview
  • Built-in Cost Estimation
  • Lifecycle Policy Comparison
    • Profile Details
  • Storage Class Optimization
  • Cost Reduction Strategies
    • 1. Enable Lifecycle Policies (60-80% savings)
    • 2. Use Shared Buckets (Pattern A)
    • 3. Clean Up Experiment Data
    • 4. Enable Versioning Selectively
    • 5. Use Development Profile for Non-Production
    • 6. Monitor with S3 Analytics
    • 7. Use VPC Endpoints
  • Monitoring and Analysis
    • AWS Cost Explorer
    • S3 Storage Lens
    • CloudWatch Metrics
  • Cost Estimation by Deployment Pattern
    • Pattern A: Shared Bucket (1 bucket, 3 solutions)
    • Pattern B: Dedicated Buckets (3 buckets, 1 solution each)
• Performance Tuning Guide
  • Table of Contents
  • S3 Request Rate Optimization
    • Optimize Folder Structure
    • Date Partitioning for High-Volume Data
    • Hash Partitioning for Maximum Throughput
  • Transfer Performance
    • Multipart Upload (Files > 100 MB)
    • Transfer Acceleration
    • Parallel Downloads
    • AWS CLI Tuning
  • ML Workflow Optimization
    • SageMaker Data Channels
    • SageMaker Pipe Mode
    • Feature Store Integration
  • Provisioner Performance
    • Typical Operation Times
    • Optimizing Deployment Speed
  • Monitoring Performance
    • S3 Request Metrics
    • CloudWatch Metrics
    • S3 Access Logs

🔒 Security & Compliance:

• IAM Permissions
  • Table of Contents
  • Overview
  • Quick Start - Generate IAM Policy
  • Minimum Required Permissions
    • Complete IAM Policy
  • Permissions by Action
    • Actions Requiring No AWS Permissions
    • Actions Requiring AWS Permissions
      • create-bucket
      • prep-master, deploy-solution, deploy-folders
      • upload-template
      • gitkeep-full, gitkeep-none, gitkeep-partial, purge-bucket
      • delete-bucket
      • delete-cfn-stack, tear-down
  • Permission Scoping Best Practices
    • 1. Scope by Company Prefix
    • 2. Scope by AWS Account
    • 3. Scope by Region
    • 4. Scope by Environment
  • IAM Policy Examples
    • Read-Only Access (Validation Only)
    • Development Environment
    • Production Environment
  • IAM Role for EC2/ECS
    • Trust Policy
    • Permissions Policy
  • IAM User Setup
    • Create IAM User
    • Attach Policy
    • Create Access Keys
  • Additional Permissions for Optional Features
    • VPC Endpoint
    • Lifecycle Policies
  • Security Best Practices
    • 1. Principle of Least Privilege
    • 2. Use Resource Restrictions
    • 3. Use Condition Keys
    • 4. Separate Roles by Environment
    • 5. Enable MFA for Sensitive Operations
    • 6. Rotate Credentials Regularly
    • 7. Monitor IAM Activity
  • Troubleshooting Permission Issues
    • Access Denied Errors
    • Policy Simulator
    • CloudTrail Logs
  • Permission Summary by Action
  • Additional Resources
• Security
  • Table of Contents
  • Reporting Security Vulnerabilities
  • Known Vulnerabilities
    • Base Image Vulnerabilities
      • HIGH Severity
      • MEDIUM Severity
      • LOW Severity
    • Common Mitigations
  • Security Features
    • Container Security
    • Application Security
    • S3 Security
  • Security Best Practices
  • Security Scanning
    • Pre-deployment Scanning
    • Continuous Monitoring
  • Compliance
    • Standards
    • Certifications
  • Security Update Policy
    • Update Priority
    • Update Notification
  • Incident Response
    • Response Process
    • Contact Information
  • Version History
  • Additional Resources
• Security Guidelines
  • Table of Contents
  • Credential Management
    • AWS Credentials
    • Credential Rotation
  • Input Validation
    • Configuration Files
    • Bucket Names and CIDR Blocks
  • Network Security
    • S3 Bucket Design Principles
    • Bucket Policies
    • S3 Access Control Lists
    • S3 Access Logs
  • S3 Resource Security
    • S3 Public Access
    • S3 Gateway Endpoints
    • S3 VPC Endpoints
    • S3 Cross-Region Replication
  • CloudFormation Security
    • Stack Policies
    • Drift Detection
  • Docker Security
    • Image Security
    • Secrets Management
    • Container Scanning
  • Logging and Monitoring
    • CloudTrail
    • CloudWatch Alarms
    • Application Logs
  • Compliance
    • Data Residency
    • Tagging Strategy
  • Incident Response
    • Compromised Credentials
    • Unauthorized Network Access
    • S3 Resource Tampering
  • Security Checklist
  • Security Contacts
  • References
• Governance, Compliance, and Audit Capabilities
  • Table of Contents
  • Overview
  • What the s3-provisioner Tool Provides
  • What You Need to Implement
  • Data Governance
    • Metadata Management
    • Data Quality Standards
  • Compliance Framework
    • Regulatory Compliance
    • Compliance Artifacts
    • Data Classification Tags
  • Audit Capabilities
    • Comprehensive Audit Trail
    • Audit Log Locations
    • Audit Query Examples
  • Access Control
    • Role-Based Access Control (RBAC)
    • Least Privilege Principle
  • Data Lineage
    • Lineage Tracking
    • Lineage Visualization
  • Retention Policies
    • Data Lifecycle Management
    • Archive Strategy
  • Monitoring and Alerting
    • Compliance Monitoring
    • Compliance Dashboard Metrics
  • Implementation Checklist
    • S3 Bucket Setup (Handled by s3-provisioner)
    • AWS Service Configuration (You Must Configure)
    • Application Integration (You Must Implement)
  • Best Practices
  • Related Documentation

🐛 Troubleshooting and Support:

• Troubleshooting
  • Table of Contents
  • Quick Diagnostics
  • Common Pitfalls
  • Common Errors
    • AWS Credentials
      • Error: Unable to locate credentials
      • Error: The security token included in the request is invalid
      • Error: Access Denied
    • Configuration Errors
      • Error: Bucket name already exists
      • Error: Invalid bucket name
      • Error: Configuration validation failed
      • Error: Invalid lifecycle_policy value
      • Error: Account ID must be quoted
    • Lifecycle Policy Errors
      • Error: Lifecycle rules not applied
    • CloudFormation Errors
      • Error: Stack already exists
      • Error: CloudFormation rollback
    • Template Validation Errors
      • Error: Template file not found
      • Error: Invalid !Ref target
    • Change Preview Errors
      • Error: Stack does not exist for show-changes
      • Error: No changes detected
    • Drift Detection Errors
      • Error: Stack does not exist for check-drift
      • Error: Drift detection timeout
    • Docker Errors
      • Error: Cannot connect to Docker daemon
      • Error: Permission denied accessing volume
      • Error: Volume mount not found
    • Deletion Errors
      • Error: Bucket not empty
      • Error: Stack deletion failed
    • Solution Deployment Errors
      • Error: Solution not found
      • Error: Bucket does not exist
    • Cost Estimation Errors
      • Error: Template not found
      • Error: Usage file not found
      • Error: Failed to refresh pricing
    • License Validation Errors
      • Error: License validation failed
  • Performance Issues
    • Slow CloudFormation Stack Creation
    • Timeout Errors
  • VPC Endpoint Issues
    • Error: Invalid VPC ID
    • Error: Invalid route table IDs
  • Advanced Troubleshooting
    • Enable Debug Logging
    • Inspect Container
    • Check AWS API Calls
    • Network Connectivity
    • Review Generated Files
  • Getting Help
    • Collect Diagnostic Information
    • Contact Support
  • Additional Resources
• Support
  • Table of Contents
  • Quick Help
    • Documentation
    • Common Issues
  • Getting Support
    • AWS Marketplace Support
    • Product Support
  • Before Contacting Support
    • 1. Product Version
    • 2. Configuration File
    • 3. Error Message
    • 4. Command Used
    • 5. AWS Region
    • 6. Expected vs Actual Behavior
    • 7. CloudFormation Stack Events
  • Self-Service Resources
    • Validate Your Configuration
    • Check AWS Credentials
    • Verify IAM Permissions
    • View Container Logs
    • Test Docker Setup
  • Reporting Bugs
  • Feature Requests
  • Service Level Agreement (SLA)
    • Response Times
    • Priority Definitions
  • License Validation Issues
    • 1. Verify Subscription
    • 2. Verify IAM Permissions
    • 3. Contact AWS Marketplace Support
  • Troubleshooting Resources
    • Documentation
    • AWS Resources
    • Community
  • Updates and Announcements
    • Release Notes
    • Product Roadmap
    • AWS Marketplace
  • Feedback
  • Additional Resources
    • AWS Support
    • AWS Marketplace
    • Product Documentation
  • Legal
    • Terms of Service
    • Privacy Policy
    • License Agreement
• Feedback
  • How to Submit
  • Feature Requests
    • Feature Voting
  • Documentation Feedback
    • What We’re Looking For
  • What Happens Next
  • Related Resources

📊 Advanced Topics:

• Application Architecture
  • Table of Contents
  • Executive Summary
  • 1. Introduction & Context
    • 1.1 Purpose & Scope
    • 1.2 Business Goals
    • 1.3 Stakeholders
    • 1.4 Success Criteria
  • 2. Architectural Representation
    • 2.1 System Context Diagram
    • 2.2 Container View (Deployment Units)
    • 2.3 Component View (Internal Modules)
  • 3. Technical Strategy & Decisions
    • 3.1 Technology Stack
    • 3.2 Architecture Decision Records (ADRs)
      • ADR-001: CloudFormation vs. Direct Boto3 Resource Creation
      • ADR-002: Configuration-Driven Architecture
      • ADR-003: Three-Tier Subnet Architecture
      • ADR-004: Cython Compilation for Code Protection
      • ADR-005: Docker Containerization
      • ADR-006: High-Availability NAT Gateway (Optional)
      • ADR-007: Waiter Pattern for Async Operations
      • ADR-008: Naming Convention with Tenant ID
    • 3.3 Design Patterns
  • 4. Component Architecture
    • 4.1 CLI Interface (cli.py)
    • 4.2 Configuration Loader (config/loader.py)
    • 4.3 VPC Manager (core/vpc_manager.py)
    • 4.4 License Validator (license/validator.py)
    • 4.5 HTML Generator (utils/html_generator.py)
  • 5. Data Architecture
    • 5.1 Data Model
    • 5.2 Data Flow
    • 5.3 Artifact Management
  • 6. Security Architecture
    • 6.1 Security Principles
    • 6.2 Application Security
    • 6.3 Container Security
    • 6.4 Network Security
    • 6.5 IAM Security
    • 6.6 Compliance & Audit
    • 6.7 Known Vulnerabilities
  • 7. Deployment Architecture
    • 7.1 Deployment Models
    • 7.2 Docker Architecture
    • 7.3 Infrastructure Requirements
    • 7.4 Scalability
    • 7.5 High Availability
    • 7.6 Disaster Recovery
  • 8. Quality Attributes
    • 8.1 Performance
    • 8.2 Reliability
    • 8.3 Maintainability
    • 8.4 Usability
    • 8.5 Portability
    • 8.6 Extensibility
  • 9. Integration Architecture
    • 9.1 AWS Service Integration
    • 9.2 External Tool Integration
    • 9.3 API Integration Patterns
    • 9.4 Data Exchange Formats
  • 10. Operational Architecture
    • 10.1 Monitoring & Observability
    • 10.2 Alerting
    • 10.3 Backup & Recovery
    • 10.4 Maintenance
    • 10.5 Support & Troubleshooting
  • 11. Future Roadmap
    • 11.1 Planned Features
    • 11.2 Technical Debt
  • 12. Appendices
    • 12.1 Glossary
    • 12.2 References
    • 12.3 Version History
• Integration Examples
  • Table of Contents
  • SageMaker Integration
    • Training Job
    • Model Registry
    • Batch Transform
  • Lambda Integration
    • Inference Function
  • Glue ETL Integration
    • Data Processing Job
  • CI/CD Pipeline Integration
    • GitHub Actions
  • Cross-Provisioner Integration
    • Using S3 Bucket with SEC Provisioner
    • Using S3 Bucket with VPC Endpoint
  • SDK Examples
    • Boto3 — List Solutions
    • AWS CLI — Verify Deployment
• Migration Guide
  • Table of Contents
  • Migrating from Manual S3 Setup
    • Step 1: Inventory Existing Buckets
    • Step 2: Create Equivalent Configuration
    • Step 3: Decide on Migration Strategy
    • Step 4: Validate Configuration
    • Step 5: Deploy New Bucket
    • Step 6: Migrate Data
    • Step 7: Update Applications
    • Step 8: Decommission Old Bucket
  • Migrating from Terraform
    • Step 1: Export Terraform State
    • Step 2: Map to YAML Configuration
    • Step 3: Deploy and Migrate
    • Step 4: Remove from Terraform State
  • Migrating from AWS CDK
    • Step 1: Review Synthesized Template
    • Step 2: Map to YAML Configuration
    • Step 3: Deploy and Migrate
  • Migrating Existing Data
    • Small Datasets (< 100 GB)
    • Large Datasets (100 GB - 5 TB)
    • Very Large Datasets (> 5 TB)
    • Data Validation
  • Rollback Procedures
    • CloudFormation Automatic Rollback
    • Manual Rollback
    • Application Rollback

📋 Reference:

• Sample Reports
  • Template Report
  • Deployment Report
  • Cost Estimate Report
• Release Notes
  • Table of Contents
  • Version 1.1.0 (2026-Q2)
    • Cost Estimation
      • New Actions
      • Cost Estimation Features
      • Supported Actions (22 total)
  • Version 1.0.0 (2026-04-01)
    • Initial Release
    • Core Features
      • Bucket Provisioning
      • Automated Lifecycle Policy Profiles
      • Configuration Management
      • Solution Deployment
      • GitKeep Management
    • Supported Actions (19)
    • Security Features
    • Documentation
    • System Requirements
    • AWS Regions Supported
    • Folder Structure Created
    • Performance Metrics
  • Roadmap
  • Breaking Changes
    • Version 1.1.0
    • Version 1.0.0
  • Deprecation Notices
  • Contributors
  • Support
  • License
• Roadmap
  • Table of Contents
  • 🗳️ Feature Voting
  • 🎯 High Priority Features
    • HP-1: Show Lifecycle Policy Details
    • HP-2: Drift Detection & Auto-Remediation ⭐ Most Requested
    • HP-3: Cost Optimization & Analysis
    • HP-4: Terraform Export ⭐ Most Requested
    • HP-5: S3 Object Lock Support
    • HP-6: Multi-Region Deployment
    • HP-7: S3 Access Points
    • HP-8: S3 Inventory & Analytics
  • 📊 Medium Priority Features
    • MP-1: S3 Intelligent-Tiering Configuration
    • MP-2: S3 Transfer Acceleration
    • MP-3: Enhanced Monitoring & Alerts
    • MP-4: Batch Operations
    • MP-5: AWS Organizations Integration
    • MP-6: Compliance & Security Integrations
    • MP-7: REST API & SDKs
  • 🔮 Future Considerations
    • FC-1: CI/CD Integrations
    • FC-2: ARM64/Graviton Support
    • FC-3: Advanced Security Features
    • FC-4: Lifecycle Policy Template Library
    • FC-5: GUI Dashboard
  • 📅 Delivery Approach
  • ✅ Completed Features (v1.0.0 - 2026-04-01)
    • Core Infrastructure
    • S3 Configuration
    • ML Solution Support
    • Security & Operations
    • Cost Estimation (v1.1.0)
    • Documentation
  • 💬 Customer Advisory Board
  • 📢 Stay Updated
  • 💡 Feature Request Guidelines
  • 🔄 Roadmap Updates
  • 📋 Backward Compatibility
• API Reference
  • Core Modules
    • S3 Manager
      • S3Manager
  • Configuration
    • Configuration Loader
      • AppConfig
      • load_app_config()
  • Utilities
    • HTML Generator
      • generate_template_documentation()
      • generate_deployment_documentation()
      • generate_cost_report()
  • License
    • License Validator
      • LicenseValidator
  • CLI Interface
    • S3ProvisionerCLI
      • S3ProvisionerCLI.__init__()
      • S3ProvisionerCLI.is_action_required()
      • S3ProvisionerCLI.get_actions()
      • S3ProvisionerCLI.get_actions_help()
      • S3ProvisionerCLI.get_manager_class()
      • S3ProvisionerCLI.get_example_usage()
      • S3ProvisionerCLI.add_custom_arguments()
      • S3ProvisionerCLI.create_manager_instance()
      • S3ProvisionerCLI.requires_force()
    • main()

🎯 Quick Navigation by Task

Get started quickly

→ README → User Guide

Understand configuration options

→ Configuration Reference

Understand the folder structure

→ S3 Folder Structure Reference

Optimize costs with lifecycle policies

→ ML Pipeline Lifecycle Policies

Set up IAM permissions

→ IAM Permissions

Implement security best practices

→ Security Guidelines

Implement governance and compliance

→ Governance, Compliance, and Audit Capabilities

Set up monitoring

→ Monitoring and Health Checks

Troubleshoot an issue

→ Troubleshooting

Plan disaster recovery

→ Backup and Recovery Procedures

Update existing infrastructure

→ Update Procedures

Understand the architecture

→ Application Architecture

Get support

→ Support

Optimize costs

→ Cost Optimization

Tune performance

→ Performance Tuning Guide

Integrate with other AWS services

→ Integration Examples

Migrate from another tool

→ Migration Guide

Submit feedback or feature requests

→ Feedback

📖 Recommended Reading Order

For New Users

1. README - Overview and quick start

2. User Guide - Complete command reference

3. Configuration Reference - Configuration parameters

4. Troubleshooting - Common issues

For Production Deployment

1. Configuration Reference - Production configuration

2. IAM Permissions - Security setup

3. Security Guidelines - Security hardening

4. Monitoring and Health Checks - Monitoring setup

5. Backup and Recovery Procedures - Disaster recovery planning

For Compliance/Governance

1. Governance, Compliance, and Audit Capabilities - Governance framework

2. Security Guidelines - Security compliance

3. ML Pipeline Lifecycle Policies - Data retention policies

For Architects and Advanced Users

1. Application Architecture - Technical architecture

2. S3 Folder Structure Reference - Folder structure design

3. Governance, Compliance, and Audit Capabilities - Enterprise patterns

🏗️ S3 Architecture Patterns

The S3 Provisioner implements a comprehensive, standardized folder structure for ML workloads:

ML-Optimized Folder Hierarchy

A 130+ folder structure organized by ML pipeline phases (data, models, notebooks, artifacts, code, config). This standardized layout supports the complete ML lifecycle from data ingestion through model deployment. See S3 Folder Structure Reference for the complete hierarchy and Configuration Reference for deployment examples.

📝 Documentation Conventions

• UPPERCASE_WITH_UNDERSCORES.md - Main documentation files

• lowercase-with-hyphens.html - Example reports

• All paths are relative to the docs/ directory

• Code examples use bash syntax unless otherwise noted

• AWS resource names follow the pattern: {company_prefix}-{env}-{account_alias}-{region}

🔄 Documentation Updates

This documentation is version-controlled and updated with each release. See Release Notes for documentation changes in each version.

Last Updated: 2025-04-01

© 2026 Axon Tech Labs. All rights reserved.

Indices and tables

• Index

• Module Index

• Search Page