SG Provisioner Tool DocumentationΒΆ
Welcome to the SG Provisioner Tool documentation. This tool helps you provision and manage AWS Security Groups using scenario-based CloudFormation templates.
π Getting Started (Read First)ΒΆ
Start here if youβre new to the SG Provisioner.
- INDEX
Complete documentation index - Navigation guide for all SG Provisioner documentation with recommended reading order and quick navigation by task.
- README
Quick start and overview - Your first stop. Covers what the tool does, common commands, scenario-based architecture, and AWS credentials setup. Read this first to understand the tool and get running in 15 minutes.
- USER_GUIDE
Complete command reference - Comprehensive guide covering all 12 actions (validate-config, create-prov-template, create-security-groups, delete-security-groups, list-scenarios, show-scenario, etc.), deployment workflows, volume mounts, AWS credentials, and best practices. Essential reading for daily operations.
π Core Documentation (Essential)ΒΆ
Core references youβll use frequently.
- CONFIGURATION
Configuration parameters reference - Detailed explanation of YAML parameters, VPC source options (parameter-store vs direct), overrides (port_overrides, additional_ingress, additional_egress), and validation rules.
- SCENARIOS
Scenario reference - Pre-built security group architectures (3-tier-web, 2-tier-web), custom scenario creation, tier definitions, rule structure, and the override system.
π SecurityΒΆ
Security documentation and best practices.
- IAM_PERMISSIONS
Required AWS permissions - IAM policy for EC2, CloudFormation, and SSM operations.
- SECURITY
Security overview - High-level security architecture and security group design principles.
- SECURITY_GUIDELINES
Detailed security guidelines - Least-privilege rules, CIDR restrictions, avoiding open-to-world access, and security group design patterns.
π§ Operations (Day-to-Day Use)ΒΆ
Operational guides for managing deployed infrastructure.
- UPDATE_PROCEDURES
Update and maintenance procedures - How to update the Docker image, modify existing security group configurations, add new rules, and perform maintenance tasks.
π TroubleshootingΒΆ
Problem resolution.
- TROUBLESHOOTING
Common issues and solutions - AWS credentials, configuration errors, CloudFormation errors, scenario validation failures, Docker errors, and deletion errors.
π Advanced Topics (Optional)ΒΆ
Deep dives for advanced users and specific use cases.
- APPLICATION_ARCHITECTURE
Complete architecture documentation - Enterprise-grade technical documentation covering system architecture, design decisions, component architecture, security architecture, and deployment patterns. For architects and advanced users.
- INTEGRATION_EXAMPLES
Integration examples - How to discover SG IDs from Parameter Store and use provisioned security groups with EC2, RDS, ECS/Fargate, Lambda, SageMaker, and CI/CD pipelines.
- MIGRATION_GUIDE
Migration guide - Migrating from manually created security groups, Terraform, CDK, or manual CloudFormation templates to the SG Provisioner.
π ReferenceΒΆ
Version history and roadmap.
- SAMPLE_REPORTS
Sample HTML reports - Example pre-deployment review report and deployment report generated by the SG Provisioner.
- RELEASE_NOTES
Version history and changes - Release history, new features, bug fixes, and upgrade notes for each version.
- ROADMAP
Future features and plans - Planned features, enhancement requests, and product roadmap.
π Getting Started:
- Documentation Index
- Table of Contents
- π Getting Started (Read First)
- π Core Documentation (Essential)
- π§ Operations (Day-to-Day Use)
- π Security & Compliance
- π Troubleshooting & Support
- π Advanced Topics (Optional)
- π Reference (As Needed)
- π― Quick Navigation by Task
- π Recommended Reading Order
- π Documentation Conventions
- π Documentation Updates
- README
- Table of Contents
- What It Does
- Quick Start
- Common Commands
- Validate Configuration
- List Available Scenarios
- Show Scenario Details
- Generate IAM Policy
- Generate CloudFormation Template
- Validate Generated Template
- Generate Pre-Deployment Review Report
- Create Security Groups
- Preview Changes
- Check Infrastructure Drift
- Test Deploy (Safe Testing)
- Delete Security Groups
- AWS Credentials
- What Gets Created
- Available Scenarios
- Directory Structure
- Accessing Documentation
- Next Steps
- Quick Troubleshooting
- License
- User Guide
- Table of Contents
- Quick Start
- Pre-Deployment Checklist
- 1. Create Directories and Copy Documentation
- 2. Copy Schemas and Scenarios
- 3A. Prepare Configuration File
- 3B. Verify Structure of Configuration File
- 4A. Validate Configuration Template
- 4B. List Scenarios
- 4C. Show Scenario
- 4D. Create Policy JSON File
- 4E. Create Provisioning Template
- 4F. Validate Provisioning Template
- 4G. Create Pre-deployment Reports
- 4H. Test Deploy
- 4I. Create Security Groups (Deployment)
- 4J. Show Changes
- 4K. Check Drift
- 4L. Delete Security Groups
- 5. Expected Output Files
- Security Scanning
- Commands Reference
- Common Workflows
- Volume Mounts
- AWS Credentials
- Best Practices
- FAQ
- Additional Resources
π Core Documentation:
- Configuration Reference
- Table of Contents
- Configuration File Structure
- Section 1: Client Configuration
- Section 2: Environment Configuration
- Section 3: Security Groups Configuration
- Section 4: Tags Configuration
- Complete Configuration Examples
- SG Naming Convention
- Override System
- Configuration Validation Rules
- Configuration Best Practices
- Troubleshooting Configuration Issues
- Additional Resources
- Scenarios Reference
π Security:
- IAM Permissions
- Security
- Security Guidelines
π§ Operations:
π Troubleshooting:
- Troubleshooting
- Support
- Feedback
π Advanced Topics:
- Application Architecture
- Integration Examples
- Migration Guide
π Reference:
- Sample Reports
- Release Notes
- Roadmap
- API Reference
- Core Modules
- Configuration
- Utilities
- License
- CLI Interface
SgProvisionerCLISgProvisionerCLI.__init__()SgProvisionerCLI.is_action_required()SgProvisionerCLI.get_actions()SgProvisionerCLI.get_actions_help()SgProvisionerCLI.get_manager_class()SgProvisionerCLI.get_example_usage()SgProvisionerCLI.add_custom_arguments()SgProvisionerCLI.create_manager_instance()SgProvisionerCLI.requires_force()
main()
π Recommended Reading OrderΒΆ
For New UsersΒΆ
README - Overview and quick start
User Guide - Complete command reference
Scenarios Reference - Understand scenario-based provisioning
Configuration Reference - Configuration parameters and overrides
Troubleshooting - Common issues
For Production DeploymentΒΆ
Configuration Reference - Production configuration
Scenarios Reference - Choose appropriate scenario
Security Guidelines - Security hardening
ποΈ Security Group Architecture PatternsΒΆ
The SG Provisioner supports scenario-based architecture patterns:
- Pattern 1: 3-Tier Web
Public, application, and database tiers with inter-tier references. See Scenarios Reference.
- Pattern 2: 2-Tier Web
Public and database tiers for simpler architectures. See Scenarios Reference.
π Documentation ConventionsΒΆ
UPPERCASE_WITH_UNDERSCORES.md - Main documentation files
All paths are relative to the docs/ directory
Code examples use bash syntax unless otherwise noted
AWS resource names follow the pattern: {client}-{env}-{tenant_id}-{region}-sg
π Documentation UpdatesΒΆ
This documentation is version-controlled and updated with each release. See Release Notes for documentation changes in each version.
Β© 2026 Axon Tech Labs. All rights reserved.