Release Notes

v1.0.1 (2026-05-09)

Bug Fixes

• License validation fix — corrected ProductSKU in AWS Marketplace License Manager integration to use Product ID (prod-kytp6kp7i5cnw) instead of product code

---

v1.0.0 (2026-05-05)

Initial release of the SG Provisioner Tool.

Features

• Scenario-based provisioning — 9 pre-built scenarios for common architectures

  • 3-tier-web (PostgreSQL), 3-tier-rds-postgresql, 3-tier-rds-mysql

  • 3-tier-redshift, 3-tier-oracle, 3-tier-sqlserver, 3-tier-documentdb

  • 2-tier-web, 2-tier-rds-postgresql

• Override system — port overrides, additional ingress/egress rules per tier

• Workload discriminator — deploy multiple SG sets in the same environment

• CloudFormation generation — cross-tier references via standalone ingress/egress resources

• VPC integration — resolve VPC ID from Parameter Store or direct

• Parameter Store storage — SG IDs stored at /sg/{name}/{tier}/SecurityGroupId

• 12 CLI actions:

  • validate-config, list-scenarios, show-scenario

  • create-policy, create-prov-template, validate-prov-template

  • create-review-report

  • test-deploy, create-security-groups, delete-security-groups

  • show-changes, check-drift

• Pre-deployment review report — HTML with override highlighting (amber/green badges)

• Post-deployment report — CONFIDENTIAL HTML with real SG IDs

• IAM policy generation — least-privilege with split SSM permissions

• Dry-run mode — preview operations without making changes

• AWS Marketplace license validation

Architecture

• Scenario loader with YAML-based definitions

• Scenario validator (security checks: open DB ports, SSH/RDP from public)

• CfnGenerator with circular dependency resolution

• Docker container with Cython-compiled modules for IP protection

• Common package integration (BaseCLI, logger, utilities)

Known Limitations

• Single SG set per workload (use workload field for multiple sets)

• IPv6 CIDR rules supported in schema but not yet in scenarios

• No cost estimation (planned for v1.1.0)