Release Notes

Table of Contents

Version 1.2.1 (2026-06)

Improvements

  • Added Prerequisites and Installation section to README

  • Added edge and techcorp example configs to Docker image at /app/examples/configs/

  • Documentation updates across RELEASE_NOTES, ROADMAP, IAM_PERMISSIONS, SECURITY, TROUBLESHOOTING, APPLICATION_ARCHITECTURE

Breaking Changes

None. Fully backward compatible with all 1.2.0 configurations and commands.


Version 1.2.0 (2026-06)

SSM Parameters Managed by CloudFormation

SSM parameters are now created as AWS::SSM::Parameter CloudFormation resources instead of being written programmatically. This means all SSM parameters are tracked within the stack and automatically deleted when the stack is torn down — no orphaned parameters.

Parameters published under /vpc/{vpc_name}/:

  • VPCId — ID of the provisioned VPC

  • VPCCidr — CIDR block of the VPC

  • {SubnetName}Id — One parameter per subnet

  • PrivateSubnetIds — Comma-separated list of all private subnet IDs (StringList, for ML Provisioner integration)

Security Fixes

  • urllib3 pinned to >=2.7.0 across all provisioner images to address CVE findings

  • perl-base upgraded in the Docker base image (python:3.13-slim) to latest available Debian patch

Local Template Validator Fix

Added AWS::SSM::Parameter to the validate-prov-template local validator’s allowed resource type list. Previously, validate-prov-template incorrectly reported SSM parameter resources as unknown types even though they are valid CloudFormation resources.

Example Config Baked into Image

A sample configuration file is now shipped inside the Docker image at /app/examples/configs/ and can be extracted to the local working directory with a single command:

docker run --rm \
  -v $(pwd)/vpc/configs:/app/configs \
  --entrypoint cp \
  vpc-provisioner:latest \
  -r /app/examples/configs/. /app/configs/

Bug Fix — YAML Aliases in CloudFormation Templates

Fixed a bug introduced in 1.1.x where shared tag dictionaries across multiple SSM parameter CFN resources caused yaml.dump to emit YAML aliases (*id001). CloudFormation rejects templates containing YAML aliases, causing create-vpc and test-deploy actions to fail with a ValidationError. Resolved by ensuring each resource receives its own independent tag dictionary.

Breaking Changes

None. All 1.1.x configurations and commands remain fully compatible.

Migration Note

If upgrading from 1.1.x with an existing deployed VPC stack, the SSM parameters were previously written programmatically and are not tracked by the old stack. They will not conflict with a new deployment as long as the old stack was torn down using delete-vpc. If stale SSM params exist, delete them manually — see Troubleshooting for the procedure.


Version 1.1.0 (2026-Q2)

Cost Estimation

New built-in cost estimation feature for VPC infrastructure. Calculate monthly and annual costs before deployment with region-specific pricing from the AWS Pricing API.

New Actions

  1. cost-traffic — Generate an editable traffic assumptions file with default monthly usage values for resources that incur per-GB charges (NAT Gateways, VPC Endpoints)

  2. cost-estimate — Calculate a detailed cost breakdown with fixed costs (hourly resources), variable costs (traffic-based), and monthly/annual totals. Generates a professional HTML report

  3. cost-refresh-prices — Refresh the built-in pricing data from the AWS Pricing API across all standard AWS regions

Cost Estimation Features

  • Region-specific on-demand pricing for NAT Gateways, Elastic IPs, and VPC Endpoints

  • Pre-loaded pricing data ships with the Docker image (works offline)

  • Editable traffic assumptions for scenario modeling

  • Professional HTML cost reports with fixed and usage-based cost tables

  • Fallback to hardcoded rates if pricing data is unavailable

Supported Actions (12 total)

  1. validate-config - Check YAML configuration for schema compliance and syntax errors

  2. create-policy - Generate and export the least-privilege IAM policy tailored to your resources

  3. create-prov-template - Generate a CloudFormation template based on your configuration

  4. validate-prov-template - Verify provisioning template syntax and resource property names before deployment

  5. show-changes - Preview projected infrastructure changes before deploying

  6. check-drift - Detect differences between your live environment and defined configuration

  7. test-deploy - Run a dry-run deployment to verify permissions and resource limits

  8. create-vpc - Provision a complete VPC including subnets, gateways, and routing

  9. delete-vpc - Remove the VPC and all associated resources permanently

  10. cost-traffic - Generate traffic assumptions file for cost estimation

  11. cost-estimate - Calculate estimated monthly costs with HTML report

  12. cost-refresh-prices - Refresh resource pricing from AWS Pricing API


Version 1.0.0 (2026-Q1)

Initial Release

First production release of VPC Provisioner.

Core Features

VPC Provisioning

  • Create VPCs via CloudFormation

  • Configure CIDR blocks (/16 to /28)

  • Enable DNS support and DNS hostnames

  • Automated VPC naming or custom override

  • Tags (system + custom)

Subnet Management

  • Three-tier subnet architecture (public, private, database)

  • Multi-AZ subnet deployment

  • Automatic subnet CIDR validation

  • Public IP auto-assignment configuration

Network Gateways

  • Internet Gateway creation and attachment

  • NAT Gateway deployment

  • High availability NAT Gateway option (one per AZ)

  • Elastic IP allocation for NAT Gateways

Route Tables

  • Automatic route table creation

  • Public subnet routes to Internet Gateway

  • Private subnet routes to NAT Gateway

  • Route table associations

Configuration Management

  • YAML-based configuration (client, environment, vpc sections)

  • Schema validation

  • IAM policy generation

  • CloudFormation template generation

Supported Actions (9)

  1. validate-config - Check YAML configuration for schema compliance and syntax errors

  2. create-policy - Generate and export the least-privilege IAM policy tailored to your resources

  3. create-prov-template - Generate a CloudFormation template based on your configuration

  4. validate-prov-template - Verify provisioning template syntax and resource property names before deployment

  5. show-changes - Preview projected infrastructure changes before deploying

  6. check-drift - Detect differences between your live environment and defined configuration

  7. test-deploy - Run a dry-run deployment to verify permissions and resource limits

  8. create-vpc - Provision a complete VPC including subnets, gateways, and routing

  9. delete-vpc - Remove the VPC and all associated resources permanently

Security Features

  • Non-root container execution (vpcuser)

  • AWS Marketplace license validation

  • Secure credential handling (AWS profiles, environment variables, IAM roles)

  • Comprehensive audit logging

Documentation

  • README.md - Quick start guide

  • USER_GUIDE.md - Complete command reference

  • CONFIGURATION.md - Configuration file reference

  • IAM_PERMISSIONS.md - Required AWS permissions

  • TROUBLESHOOTING.md - Common issues and solutions

  • SUPPORT.md - Support information

  • ROADMAP.md - Product roadmap

System Requirements

  • Docker 20.10 or later

  • AWS account with VPC and CloudFormation permissions

  • 512 MB RAM minimum

  • 1 GB disk space

AWS Regions Supported

All AWS commercial regions:

  • US East (N. Virginia, Ohio)

  • US West (N. California, Oregon)

  • Europe (Ireland, Frankfurt, London, Paris, Stockholm, Milan)

  • Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo, Hong Kong, Osaka)

  • Canada (Central)

  • South America (São Paulo)

  • Middle East (Bahrain)

  • Africa (Cape Town)

Known Limitations

  • No VPC peering configuration

  • No VPN Gateway configuration

  • No Transit Gateway configuration

  • No VPC Flow Logs configuration

  • No Network ACLs configuration

  • No Security Groups configuration (planned for v1.1.0)

  • Maximum 5 VPCs per region (AWS default limit)

VPC Architecture Created

VPC (10.0.0.0/16)
├── Public Subnets
│   ├── public-subnet-1 (10.0.1.0/24) - AZ 1a
│   └── public-subnet-2 (10.0.2.0/24) - AZ 1b
├── Private Subnets
│   ├── private-app-subnet-1 (10.0.11.0/24) - AZ 1a
│   └── private-app-subnet-2 (10.0.12.0/24) - AZ 1b
├── Database Subnets
│   ├── database-subnet-1 (10.0.21.0/26) - AZ 1a
│   └── database-subnet-2 (10.0.22.0/26) - AZ 1b
├── Internet Gateway
├── NAT Gateways (1 or 2, based on HA setting)
└── Route Tables
    ├── Public Route Table → Internet Gateway
    └── Private Route Tables → NAT Gateway

Roadmap

Planned for 1.1.0 (Q2 2026)

  • ~~Cost estimation~~ ✅ Delivered in v1.1.0

  • Security Groups configuration

  • Network ACLs configuration

  • VPC Flow Logs

  • Enhanced drift detection

  • Multi-region deployment automation

  • Terraform export

Planned for 1.2.0 (Q3 2026)

  • VPC Peering configuration

  • VPN Gateway support

  • Transit Gateway support

  • VPC Endpoints (S3, DynamoDB)

  • ~~Cost optimization recommendations~~ ✅ Delivered in v1.1.0 as cost estimation

Planned for 2.0.0 (Q4 2026)

  • AWS PrivateLink configuration

  • Direct Connect integration

  • AWS Network Firewall

  • Route 53 Resolver integration

  • Enhanced monitoring and alerting

  • GUI dashboard

Under Consideration

  • AWS Organizations integration

  • Service Control Policies (SCP) validation

  • AWS Config Rules integration

  • AWS Security Hub integration

  • Custom compliance frameworks


Breaking Changes

Version 1.2.0

  • No breaking changes. All v1.1.x configurations and commands remain compatible.

Version 1.1.0

Version 1.0.0

  • Initial release (no breaking changes)


Migration Guide

From 1.0.0 to 1.1.0

No migration required. Pull the latest image and use the new cost estimation actions:

# Pull latest image
docker pull <your-ecr-url>/vpc-provisioner:1.1.0

# Use new cost estimation
--action cost-traffic
--action cost-estimate
--action cost-refresh-prices

Existing configuration files, templates, and policies are fully compatible.

From Pre-Release to 1.0.0

Not applicable - first production release.

Future Upgrades

# Pull latest image
docker pull vpc-provisioner:latest

# Verify version
docker inspect vpc-provisioner:latest | grep Created

# Test with validation
docker run --rm \
  -v $(pwd)/vpc/configs:/app/configs:ro \
  -v $(pwd)/vpc/reports:/app/reports \
  vpc-provisioner:latest \
  --config test-config.yaml \
  --action validate-config

Performance Improvements

Version 1.1.0

  • Cost estimation: <1 second (reads local pricing YAML)

  • Pricing refresh: 2-3 seconds (AWS Pricing API, all regions)

  • HTML report generation: <1 second

Version 1.0.0 (Baseline)

  • VPC creation: 5-15 seconds (without NAT Gateway)

  • VPC creation: 5-10 minutes (with NAT Gateway)

  • Configuration validation: <1 second

  • Template generation: 1-2 seconds

Note: NAT Gateway creation is the primary time factor (5-10 minutes per NAT Gateway).


Bug Fixes

Version 1.2.0

  • No bug fixes (feature and fix release — see release notes)

Version 1.1.0

Version 1.0.0

  • Initial release (no bug fixes)


Security Updates

Version 1.2.0

  • urllib3 upgraded to >=2.7.0 (CVE fix)

  • perl-base upgraded in Docker base image

Version 1.0.0


Deprecation Notices

None for version 1.0.0.


Contributors

VPC Provisioner development team.


Support

For support, see Support.

For bug reports: Contact AWS Marketplace support or your account representative

For feature requests: Contact AWS Marketplace support or your account representative


License

Commercial license via AWS Marketplace subscription.


Last Updated: 2026-06-13