Security Provisioner Tool documentation

Welcome to the Security Provisioner Tool documentation. This tool provides config-driven IAM provisioning for AWS — managing groups, roles, and policies via CloudFormation with tier-specific templates (startup/medium/enterprise).

📚 Getting Started (Read First)

CLIENT_README

Quick start guide — Docker commands, volume mounts, directory setup, and common workflows.

USER_GUIDE

Complete command reference — All 12 actions with Docker commands, volume mounts, configuration, deployment workflows, and best practices.

TIER_COMPARISON

Tier comparison — Compare features across Startup-5, Medium-10, and Enterprise-12 tiers. Interactive tier filter.

POLICY_GUIDE

Complete policy reference — All IAM policy levels for ECR, SageMaker, S3, Lambda, Bedrock, Pipeline, KMS, and Trusted Advisor. Includes JSON samples, action tables, and per-level explanations.

ROLES_ARCHITECTURE

Roles and groups architecture — How groups, roles, and policies connect. Covers service roles, assumable roles, cross-account roles, and the assignment model.

📖 Core Documentation (Essential)

NAMING_CONVENTIONS

Resource naming patterns — Naming rules for groups, roles, policies, stacks, and test resources. Includes tenant ID structure and examples.

ASSUMABLE_ROLES_DESIGN

Assumable roles design — Design rationale for human-assumable roles with sts:AssumeRole and trust policies.

IAM_PERMISSIONS

IAM permissions reference — Required AWS permissions for operating the provisioner, scoped by action.

APPLICATION_ARCHITECTURE

System architecture — Design decisions, component structure, CloudFormation implementation, and deployment patterns.

🔧 Operations

UPDATE_PROCEDURES

Update and maintenance procedures — How to update Docker images, modify configurations, upgrade tiers, and maintain deployed infrastructure.

COST_OPTIMIZATION

Cost optimization — IAM is free, tier value comparison, time savings analysis, and cost considerations for related services.

PERFORMANCE_TUNING

Performance tuning — Deployment times by tier, IAM API rate limits, SSM parameter caching, and optimization strategies.

🔒 Security & Compliance

SECURITY

Security policy — Known vulnerabilities, container security features, compliance, and incident response.

🐛 Troubleshooting and Support

TROUBLESHOOTING

Troubleshooting guide — Common errors, IAM-specific issues, and advanced debugging.

SUPPORT

Support information — How to get help, support channels, and what to include in support requests.

FEEDBACK

Feedback and feature requests — Submit feature requests, vote on planned features, and provide documentation feedback.

📋 Reference

RELEASE_NOTES

Release notes — Version history, features, and known issues.

ROADMAP

Product roadmap — Planned features, enhancements, and items under consideration. Your feedback influences priorities.

SAMPLE_REPORTS

Sample HTML reports — Example template, policies, and deployment reports generated by the SEC Provisioner.

📊 Advanced Topics

APPLICATION_ARCHITECTURE

System architecture — Design decisions, component structure, CloudFormation implementation, and deployment patterns.

INTEGRATION_EXAMPLES

Integration examples — Adding users, assuming roles, SageMaker/Lambda/CI-CD integration patterns.

MIGRATION_GUIDE

Migration guide — Migrating from manual IAM setup, Terraform, or CDK to the SEC Provisioner. Includes tier upgrade paths.

🔌 API Reference

api_reference

Auto-generated API documentation from source code docstrings.

📚 Getting Started:

• README
  • Table of Contents
  • What It Does
  • Quick Start
    • 1. Set Up Directories
    • 2. Copy Documentation and Master Config
    • 3. Create Your Configuration
    • 4. Validate Configuration
    • 5. Generate and Review Resources
    • 6. Deploy
  • Common Commands
    • Local Actions (No Infrastructure Changes)
    • Read-Only Actions (AWS Access, No Changes)
    • Deployment Actions (Creates/Modifies AWS Resources)
    • Dry-Run Mode
  • AWS Credentials
  • What Gets Created
  • Directory Structure
  • Accessing Documentation
  • Quick Troubleshooting
  • License
• User Guide
  • Table of Contents
  • Quick Start
    • Pre-Deployment Checklist
    • 1. Create Directories and Copy Documentation
    • 2. Copy Master Config Template
    • 3. Validate Configuration
    • 4. Export and Review IAM Policy
    • 5. Review Groups, Roles, and Policies
    • 6. Generate and Validate Template
    • 7. Test Deploy (Optional but Recommended)
    • 8. Deploy to Production
    • 9. Verify Deployment
    • 10. Expected Output Files
  • Security Scanning
    • Optional: Scan Docker Image for Vulnerabilities
  • Configuration
    • Configuration File Structure
    • Medium Tier Example
    • Deployment Section
    • Other Tiers
  • Commands Reference
    • Validation Commands
      • validate-config
    • Export Commands
      • export-iam-policy
      • export-service-policies
      • export-groups
      • export-roles
    • CloudFormation Template Commands
      • create-prov-template
      • validate-prov-template
    • Change Preview and Drift Detection Commands
      • show-changes
      • check-drift
    • Deployment Commands
      • test-deploy
      • deploy
      • delete-stack
  • Command Summary
  • Common Workflows
    • Complete Deployment Workflow
    • Review and Audit Workflow
    • Day-2 Operations Workflow
    • Cleanup Workflow
  • Volume Mounts
  • AWS Credentials
    • Option 1: AWS Profile (Recommended)
    • Option 2: Environment Variables
    • Option 3: IAM Role (EC2/ECS)
  • Best Practices
    • 1. Always Validate First
    • 2. Export and Review Before Deploying
    • 3. Test Deploy Before Production
    • 4. Use show-changes Before Updating
    • 5. Run Drift Detection Regularly
    • 6. Follow Least Privilege
    • 7. Protect the Platform Administrators Group
    • 8. Use Assumable Roles for Cross-Function Access
    • 9. Version Control Configurations
    • 10. Separate Environments
    • 11. Monitor Logs
    • 12. Secure Cross-Account Roles
  • Frequently Asked Questions
• Tier Comparison
  • Table of Contents
  • Overview
  • IAM Groups
    • Startup Tier Groups (5)
    • Medium Tier Additional Groups (+5)
    • Enterprise Tier Additional Groups (+2)
  • Service Roles
    • Startup Tier Service Roles (4)
    • Medium Tier Additional Service Roles (+1)
    • Enterprise Tier Service Roles
  • Assumable Roles
    • Startup Tier Assumable Roles (1)
    • Medium Tier Additional Assumable Roles (+5)
    • Enterprise Tier Additional Assumable Roles (+1)
  • Cross-Account Roles
    • Startup Tier
    • Medium Tier Cross-Account Roles (1)
    • Enterprise Tier Additional Cross-Account Roles (+1)
  • Policy Template Services
  • Choosing Your Tier
• Policy Guide
  • Table of Contents
  • Overview
  • Quick Reference
  • S3 Policies
    • Level 1: read-only
    • Level 2: project-buckets-only
    • Level 3: project-buckets-full
    • Level 4: full
  • ECR Policies
    • Enterprise Compliance Model
    • Level 1: read-only
    • Level 2: dev-read-write
    • Level 3: ci-read-write
    • Level 4: full
  • Pipeline Policies
    • Enterprise Compliance Model
    • Level 1: read-only
    • Level 2: project-dev
    • Level 3: project-ci
    • Level 4: project-full
    • Level 5: platform-full
  • Inference Policies
    • SageMaker Inference
      • Level 1: read-only
      • Level 1-prod: read-only-invoke
      • Level 2: dev-invoke
      • Level 3: prod-invoke
      • Level 4: full
      • Level 4-ci: deploy-only
    • Lambda Inference
      • Level 1: invoke-only
      • Level 2: deploy-manage
      • Level 3: full
    • Bedrock Inference
      • Level 1: invoke-only
      • Level 2: model-manage
      • Level 3: full
  • KMS Policies
    • Level 1: read-only
  • Trusted Advisor Policies
    • Level 1: read-only
  • Combined Policies
    • Why Combined Policies Exist
    • Key Constraints
    • Design Rules
    • ops-services-read-only
    • mlops-services-a / b / c
  • Assignment Recommendations
    • Typical Team Structure
      • Storage & Pipeline
      • Inference
    • Assignment Best Practices
  • Troubleshooting
    • Common AccessDenied Scenarios
      • “Access Denied when uploading to S3”
      • “Access Denied when deleting S3 objects”
      • “Access Denied when pushing to ECR”
      • “Access Denied when invoking SageMaker endpoint”
      • “Cannot authenticate to ECR”
      • “Access Denied when starting or stopping a pipeline”
      • “Access Denied when invoking a Lambda function”
      • “Access Denied when deleting a Lambda function”
      • “Access Denied when invoking a Bedrock foundation model”
      • “Access Denied when creating or deleting a Bedrock guardrail”
      • “Access Denied when creating provisioned throughput in Bedrock”
      • “Access Denied when passing a role (PassRole)”
      • “Action explicitly denied despite having Allow permissions”
  • Security Best Practices
    • 1. Principle of Least Privilege
    • 2. Separation of Duties
    • 3. Audit and Monitoring
    • 4. Credential Management
    • 5. Environment Isolation
    • 6. Explicit Deny for Destructive Actions
    • 7. AI/ML Service Governance
  • Getting Help
    • Request Access Changes
    • Report Security Issues
  • Appendix: Policy Type Summary
    • S3 Policies
    • ECR Policies
    • Pipeline Policies
    • Inference Policies
      • SageMaker
      • Lambda
      • Bedrock
• Roles Architecture
  • Table of Contents
  • Overview
  • Architectural Decisions
    • Decision Summary
    • AD-1: Group-to-Role Mapping (N:M)
    • AD-2: Roles as Standalone Objects
    • AD-3: Trust Policy — Account Root Principal
    • AD-4: Two-Way Handshake for N:M Enforcement
    • AD-5: Managed Policy Composition
    • AD-6: Security Model Flag
  • Architecture Overview
    • Three-Layer Model
    • Resource Relationship Diagram
    • Real-World Example
  • Naming Conventions
    • Assumable Roles
    • Managed Policies
    • Test Resources
  • Config Schema Design
    • Roles Section
    • Assignments Section
    • Complete Config Example
  • CloudFormation Resource Generation
    • Role Resource
    • Group AssumeRole Policy
  • Service Roles and Policy Assignments
    • Why service_account Was Removed from iam_groups
    • Service Roles Use Policy Assignments
    • ci_cd_deployment_role Design
    • Trust Policy Patterns
  • Implementation Plan
    • Phase 1: Architecture and Config Design
    • Phase 2: Config and Validation
    • Phase 3: Template Generator
    • Phase 4: Deployment and Testing
    • Phase 5: Future Work
  • v2 Roadmap
    • AD-7: MFA and Session Duration Controls
    • AD-8: Permission Boundaries
  • Motivating Scenarios — Why Groups-Only Is Insufficient
    • Scenario 1: Temporary Cross-Team Access
    • Scenario 2: Environment-Specific Access Control
    • Scenario 3: Least-Privilege for Automation
    • Scenario 4: Compliance and Audit Requirements
    • Scenario 5: FinOps Cost Control
    • Scenario 6: Onboarding and Offboarding
  • Why 1:1 Mapping Was Rejected
  • References

📖 Core Documentation:

• Naming Conventions
  • Table of Contents
  • Overview
  • Configuration Variables
  • AWS Resources
    • CloudFormation Stack (Regional)
    • IAM Groups (Global)
    • IAM Service Roles (Global)
    • IAM Assumable Roles (Global)
    • IAM Cross-Account Roles (Global)
    • IAM Custom Policies (Inline)
    • Test Resources (Temporary)
  • Local Artifacts
    • Configuration Files
    • CloudFormation Templates
    • IAM Policy Files
    • Group Export Files
    • Role Export Files
    • Log Files
    • HTML Reports
    • Policy Templates
    • Validation Schemas
  • AWS Systems Manager Parameters
  • Policy ARN Construction
  • Naming Convention Comparison
• Assumable Roles Design
  • Table of Contents
  • Overview
  • Two Categories of Assumable Roles
  • Category 1: Cross-Function Roles
    • Design Decision: mirrors_group Pattern
    • Cross-Function Role Definitions
    • Cross-Function Group Assignments
    • Why These Pairings
    • Groups Excluded from Cross-Function Roles
  • Category 2: Elevation Roles
    • Design Decision: Best-Guess Defaults
    • Elevation Role Definitions
    • Elevation Group Assignments
  • Config Structure
    • Top-Level assumable_roles Section
    • Group-Level assumable_roles Arrays
    • Generator Behavior
  • Trust Policy Pattern
• IAM Permissions
  • Table of Contents
  • Overview
  • Quick Start - Generate IAM Policy
  • Minimum Required Permissions
    • 1. IAM Management
    • 2. CloudFormation Management
    • 3. S3 Template Access
    • 4. S3 Bucket List
    • 5. SSM Parameter Store
  • Permissions by Action
    • Local Actions (No Infrastructure Changes)
    • Read-Only Actions
    • Deployment Actions
  • Permission Scoping
    • IAM Resources
    • CloudFormation Stacks
    • SSM Parameters
    • S3 Templates
  • IAM Policy Examples
    • Read-Only Access (Validation and Monitoring)
    • Separate Roles by Environment
    • Production with MFA Requirement
  • Security Best Practices
  • Troubleshooting Permission Issues
    • Access Denied Errors
    • Common Issues
    • Policy Simulator
  • Permission Summary by Action

🔧 Operations:

• Update Procedures
  • Table of Contents
  • Version Strategy
    • Semantic Versioning
    • Image Tags
  • Pre-Update Checklist
  • Updating the Docker Image
    • Pull New Version
    • Verify New Version
    • Test Before Production
    • Compare Exports
  • Rollback Procedures
    • Quick Rollback
    • Keep Multiple Versions
  • Configuration Updates
    • Modifying Groups or Roles
    • Adding a New Group
    • Adding a New Assumable Role
  • Infrastructure Maintenance
    • Drift Detection
    • Replacing a Deployment
  • Tier Upgrades
  • Monitoring After Update
    • Verify Deployed Infrastructure
    • Review Logs
  • Update Schedule
    • Recommended Schedule
    • Maintenance Windows
• Cost Optimization
  • Table of Contents
  • Cost Overview
  • IAM Pricing
  • CloudFormation Costs
  • SSM Parameter Store Costs
    • Advanced Parameters
  • S3 Template Storage Costs
  • Tier Cost Comparison
    • Infrastructure Cost (Monthly)
    • Value Comparison
    • Time Savings
  • Cost Reduction Strategies
    • 1. Start with the Right Tier
    • 2. Use Separate Environments Wisely
    • 3. Clean Up Test Deployments
    • 4. Use Drift Detection Instead of Redeployment
    • 5. Consolidate Cross-Account Roles
    • 6. Monitor IAM Limits
  • Monitoring and Analysis
    • AWS Cost Explorer
    • IAM Credential Report
    • CloudTrail Analysis
• Performance Tuning Guide
  • Table of Contents
  • Deployment Performance
    • Typical Deployment Times by Tier
    • What Affects Deploy Time
  • IAM API Performance
    • API Rate Limits
    • Concurrent Deployments
  • CloudFormation Optimization
    • Template Size and Deployment Method
    • ChangeSet Performance
    • Drift Detection Performance
  • Template Size Optimization
    • What Drives Template Size
    • Reducing Template Size
  • SSM Parameter Store Performance
    • Write Performance
    • Read Performance
    • Caching Recommendations
  • Provisioner Performance
    • Operation Times
    • Local Actions Are Instant
    • Optimizing the Deployment Workflow
  • Monitoring Performance
    • CloudFormation Stack Events
    • CloudTrail API Monitoring
    • Execution Logs

🔒 Security & Compliance:

• Security
  • Table of Contents
  • Reporting Security Vulnerabilities
  • Known Vulnerabilities
    • Base Image Vulnerabilities
      • HIGH Severity
      • MEDIUM Severity
      • LOW Severity
    • Common Mitigations
  • Security Features
    • Container Security
    • Application Security
    • IAM Security
  • Security Best Practices
  • Security Scanning
    • Pre-deployment Scanning
    • Continuous Monitoring
  • Compliance
    • Standards
    • Certifications
  • Security Update Policy
    • Update Priority
    • Update Notification
  • Incident Response
    • Response Process
    • Contact Information
  • Additional Resources

🐛 Troubleshooting and Support:

• Troubleshooting
  • Table of Contents
  • Quick Diagnostics
  • Common Pitfalls
  • Common Errors
    • AWS Credentials
      • Error: Unable to locate credentials
      • Error: The security token included in the request is invalid
      • Error: Access Denied
    • Configuration Errors
      • Error: Configuration file not found
      • Error: Invalid YAML in config file
      • Error: Configuration validation failed
    • Tier and Profile Errors
      • Error: Tier mismatch
      • Error: Cannot auto-detect schema for tier
      • Error: Group not in security profile
    • Template Errors
      • Error: Template file not found
      • Error: Invalid !Ref target
    • CloudFormation Errors
      • Error: Stack already exists
      • Error: CloudFormation rollback
      • Error: IAM entity limit exceeded
    • S3 Template Upload Errors
      • Error: NoSuchBucket
      • Error: template_bucket not configured
    • Change Preview Errors
      • Error: Stack does not exist for show-changes
      • Error: No changes detected
    • Drift Detection Errors
      • Error: Stack does not exist for check-drift
      • Error: Drift detection timeout
    • Deletion Errors
      • Error: Stack deletion failed
      • Error: Role is in use
    • Docker Errors
      • Error: Cannot connect to Docker daemon
      • Error: Permission denied accessing volume
      • Error: Volume mount not found
    • License Validation Errors
      • Error: License validation failed
  • IAM-Specific Issues
    • Policy Size Limit
    • 10-Policy Limit Per Group
    • Assumable Role Trust Policy
    • Cross-Account Role Access Denied
  • Performance Issues
    • Slow Stack Creation
  • Advanced Troubleshooting
    • Enable Debug Logging
    • Inspect Container
    • Review Generated Files
    • Check AWS API Calls
  • Getting Help
    • Collect Diagnostic Information
    • Contact Support
• Support
  • Table of Contents
  • Quick Help
    • Documentation
    • Common Issues
  • Getting Support
    • AWS Marketplace Support
    • Product Support
  • Before Contacting Support
    • 1. Product Version and Tier
    • 2. Configuration File
    • 3. Error Message
    • 4. Command Used
    • 5. AWS Region
    • 6. Expected vs Actual Behavior
    • 7. CloudFormation Stack Events
  • Self-Service Resources
    • Validate Your Configuration
    • Check AWS Credentials
    • View Reports and Logs
    • Test Docker Setup
  • Reporting Bugs
  • Feature Requests
  • Service Level Agreement (SLA)
    • Response Times
    • Priority Definitions
  • License Validation Issues
    • 1. Verify Subscription
    • 2. Verify IAM Permissions
    • 3. Contact AWS Marketplace Support
  • Troubleshooting Resources
    • Documentation
    • AWS Resources
    • Community
  • Updates and Announcements
    • Release Notes
    • AWS Marketplace
  • Feedback
• Feedback
  • How to Submit
  • Feature Requests
    • Feature Voting
  • Documentation Feedback
    • What We’re Looking For
  • What Happens Next
  • Related Resources

📊 Advanced Topics:

• Application Architecture
  • Table of Contents
  • Introduction and Context
    • Purpose
    • Problem Statement
    • Solution
    • Scope
  • Architectural Representation
    • System Context
    • Processing Flow
  • Technical Strategy and Decisions
    • Single Stack Architecture
    • Config-Driven Design
    • Policy Template System
    • Tiered Access Control
    • Template Size Strategy
    • Cython Compilation
  • Component Architecture
    • Package Structure
    • Supporting Assets
    • Shared Common Module
    • SecManager Class
  • Data Architecture
    • Input Data
    • Output Data
    • Naming Conventions
  • Security Architecture
    • Container Security
    • IAM Security Model
    • Credential Handling
  • Deployment Architecture
    • Docker Image Structure
    • Build Pipeline
    • CloudFormation Deployment
  • Quality Attributes
    • Reliability
    • Maintainability
    • Testability
    • Security
    • Portability
  • Integration Architecture
    • Cross-Provisioner Integration
    • AWS Service Integration
  • Operational Architecture
    • Action Safety Levels
    • Logging
    • Error Handling
    • Monitoring
• Integration Examples
  • Table of Contents
  • Adding Users to Groups
    • AWS CLI
    • Boto3
  • Assuming Roles
    • Cross-Function Role Assumption
    • Elevation Role Assumption
    • Security Admin Elevation
  • SageMaker Integration
    • Using SEC Service Roles
    • Lambda with SEC Role
  • CI/CD Pipeline Integration
    • GitHub Actions with SEC Roles
    • CodeBuild with SEC Role
  • Cross-Account Access
    • Assuming Cross-Account Deployment Role
    • Cross-Account Monitoring
  • Cross-Provisioner Integration
    • Discover All Resources via SSM
    • Full Stack Example
  • SDK Examples
    • Boto3 — List Provisioned IAM Resources
    • AWS CLI — Verify Deployment
• Migration Guide
  • Table of Contents
  • Migrating from Manual IAM Setup
    • Step 1: Inventory Existing IAM Resources
    • Step 2: Map to SEC Configuration
    • Step 3: Choose Your Tier
    • Step 4: Document User-to-Group Mappings
    • Step 5: Validate Configuration
    • Step 6: Export and Review
    • Step 7: Test Deploy
    • Step 8: Deploy Production
    • Step 9: Re-Add Users to New Groups
    • Step 10: Decommission Old IAM Resources
  • Migrating from Terraform
    • Step 1: Export Terraform State
    • Step 2: Map to SEC Configuration
    • Step 3: Deploy and Migrate
    • Step 4: Remove from Terraform State
  • Migrating from AWS CDK
    • Step 1: Review Synthesized Template
    • Step 2: Map to SEC Configuration
    • Step 3: Deploy and Migrate
    • Step 4: Destroy CDK Stack
  • Tier Migration
    • Upgrading Tiers (e.g., Startup → Medium)
    • Downgrading Tiers
  • Rollback Procedures
    • CloudFormation Automatic Rollback
    • Manual Rollback
    • User Access Rollback

📋 Reference:

• Release Notes
  • Table of Contents
  • Version 1.0.0 (2026-04-01)
    • Initial Release
    • Core Features
      • IAM Group Management
      • Service Role Provisioning
      • Assumable Roles
      • Cross-Account Roles
      • Policy Templates
      • Tiered Access Control
      • Configuration Management
      • CloudFormation Deployment
      • Parameter Store Integration
      • Infrastructure Operations
      • Export and Review
      • Container Security
    • Known Issues
  • Roadmap
  • Support
  • License
• Roadmap
  • 🗳️ Feature Voting
  • v1.1 — Security Hardening
    • Pre-Deployment Cost Estimation
    • MFA and Session Duration Controls
    • External Contractor Boundary Controls
  • v1.2 — Policy Expansion
    • Replace AWSGlueConsoleFullAccess
    • Custom SageMaker Runtime Execution Policy
    • Additional AWS Service Policy Templates
    • Config-Driven Bedrock Model Scoping
    • KMS Level 2 — Decrypt Access
  • v1.3 — Operational Improvements
    • Inline-to-Managed Policy Conversion
    • Stack Update Support
    • HTML Report Enhancements
    • Dry-Run Export
  • v2.0 — Advanced Access Control
    • Permission Boundaries
    • Cross-Account Operations Role
    • Service Control Policies (SCP) Integration
    • Tag-Based Access Control (ABAC)
  • Under Consideration
  • Completed (v1.0)
• Sample Reports
  • Template Report
  • Policies Report
  • Deployment Report

🔌 API Reference:

• API Reference
  • Core Modules
    • Security Manager
      • SecManager
      • main()
  • Configuration
    • Configuration Loader
      • AppConfig
      • load_app_config()
  • Utilities
    • HTML Generator
      • generate_template_documentation()
      • generate_deployment_documentation()
      • generate_policy_documentation()
  • License
    • License Validator
      • LicenseValidator
  • CLI Interface
    • SecProvisionerCLI
      • SecProvisionerCLI.__init__()
      • SecProvisionerCLI.is_action_required()
      • SecProvisionerCLI.get_actions()
      • SecProvisionerCLI.get_actions_help()
      • SecProvisionerCLI.get_manager_class()
      • SecProvisionerCLI.get_example_usage()
      • SecProvisionerCLI.add_custom_arguments()
      • SecProvisionerCLI.create_manager_instance()
      • SecProvisionerCLI.requires_force()
    • main()

🎯 Quick Navigation by Task

I want to…

Get started quickly

→ README

See all commands and Docker examples

→ User Guide

Understand the system architecture

→ Application Architecture

Compare tiers and features

→ Tier Comparison

Understand the policy levels

→ Policy Guide

See how groups, roles, and policies connect

→ Roles Architecture

Check resource naming rules

→ Naming Conventions

Know what IAM permissions I need

→ IAM Permissions

Review security posture

→ Security

Understand the template generator

Browse the source code API

→ API Reference

Submit feedback or feature requests

→ Feedback

Optimize costs

→ Cost Optimization

Tune performance

→ Performance Tuning Guide

Integrate with other AWS services

→ Integration Examples

Migrate from another tool

→ Migration Guide

📖 Recommended Reading Order

For New Users

1. README - Quick start and Docker commands

2. Policy Guide - Policy levels and permissions

3. Roles Architecture - Architecture overview

4. Naming Conventions - Naming patterns

5. IAM Permissions - Required AWS permissions

For Developers

3. API Reference - Source code API

Indices and tables

• Index

• Module Index

• Search Page