VPC Provisioner Tool documentation

Welcome to the VPC Provisioner Tool documentation. This tool helps you provision and manage AWS VPCs with best practices built-in.

📚 Getting Started (Read First)

Start here if you’re new to the VPC Provisioner.

README

Quick start and overview - Your first stop. Covers what the tool does, common commands, VPC architecture patterns, and AWS credentials setup. Read this first to understand the tool and get running in 15 minutes.

USER_GUIDE

Complete command reference - Comprehensive guide covering all actions (validate, create-policy, create-prov-template, create-vpc, delete-vpc), deployment workflows, volume mounts, AWS credentials, and best practices. Essential reading for daily operations.

📖 Core Documentation (Essential)

Core references you’ll use frequently.

CONFIGURATION

Configuration parameters reference - Detailed explanation of every YAML parameter (client, environment, vpc sections), complete examples for different architectures (simple public, public-private, 3-tier), CIDR planning guide, subnet configuration, and validation rules.

🔧 Operations (Day-to-Day Use)

Operational guides for managing deployed infrastructure.

BACKUP_RECOVERY Backup and recovery procedures - Disaster recovery strategies, backup procedures for configurations and VPC metadata, recovery workflows, and RTO/RPO guidelines. Critical for production environments.

MONITORING_HEALTH_CHECKS

Monitoring and health checks - CloudWatch metrics, VPC Flow Logs, health check procedures, alerting strategies, and operational dashboards. Essential for production monitoring.

UPDATE_PROCEDURES

Update and maintenance procedures - How to update configurations, modify existing VPCs, add new subnets, and perform maintenance tasks. Note: VPCs are immutable for some properties (CIDR blocks).

COST_OPTIMIZATION

Cost optimization strategies - NAT Gateway costs, data transfer pricing, VPC endpoint savings, and recommendations for reducing VPC-related spend.

PERFORMANCE_TUNING

Performance tuning guide - Network performance optimization, NAT Gateway throughput, placement groups, and performance considerations for ML workloads.

🔒 Security & Compliance

Security, permissions, and compliance documentation.

IAM_PERMISSIONS

Required AWS permissions - Complete IAM policy requirements for EC2 VPC operations, CloudFormation, and S3 template storage. Includes least-privilege policies and role-based access examples.

SECURITY

Security overview - High-level security architecture, network isolation, security groups, NACLs, VPC Flow Logs, and security best practices.

SECURITY_GUIDELINES

Detailed security guidelines - Comprehensive security implementation guide covering VPC security hardening, subnet isolation, security group rules, NACL configuration, VPC Flow Logs setup, and compliance requirements.

🐛 Troubleshooting & Support

Problem resolution and getting help.

TROUBLESHOOTING

Common issues and solutions - Comprehensive troubleshooting guide covering AWS credentials, configuration errors (invalid CIDR blocks, overlapping subnets), CloudFormation errors, NAT Gateway issues, Docker errors, and deletion errors. Includes quick diagnostics and advanced troubleshooting techniques.

SUPPORT

Support information - How to get help, support channels, escalation procedures, and what information to include in support requests.

📊 Advanced Topics (Optional)

Deep dives for advanced users and specific use cases.

APPLICATION_ARCHITECTURE

Complete architecture documentation - Enterprise-grade technical documentation covering system architecture, design decisions, CloudFormation implementation, VPC networking patterns, security architecture, and deployment patterns. For architects and advanced users.

INTEGRATION_EXAMPLES

Integration examples - How to integrate provisioned VPCs with EC2, SageMaker VPC mode, RDS, ECS/EKS, and Terraform.

MIGRATION_GUIDE

Migration guide - Migrating from manual VPC setup, Terraform, or CDK to the VPC Provisioner.

📋 Reference (As Needed)

Version history, roadmap, feedback, and examples.

RELEASE_NOTES

Version history and changes - Release history, new features, bug fixes, breaking changes, and upgrade notes for each version.

ROADMAP

Future features and plans - Planned features, enhancement requests, and product roadmap. See what’s coming next.

FEEDBACK

Feedback and feature requests - Submit feature requests, vote on planned features, and provide documentation feedback.

SAMPLE_REPORTS

Sample HTML reports - Example template and deployment reports generated by the VPC Provisioner.

📚 Getting Started:

• README
  • Table of Contents
  • What It Does
  • Quick Start
    • 1. Pull the Image
    • 2. Set Up Directories
    • 3. Add Your Configuration
    • 4. Run Your First Command
  • Common Commands
    • Validate Configuration
    • Generate IAM Policy
    • Generate CloudFormation Template
    • Create VPC
    • Validate Generated Template
    • Preview Changes
    • Check Infrastructure Drift
    • Test Deploy (Safe Testing)
    • Delete VPC
    • Generate Traffic Assumptions
    • Estimate Monthly Costs
    • Refresh Resource Pricing
  • AWS Credentials
  • Required IAM Permissions
  • What Gets Created
  • VPC Architecture Patterns
    • Simple Public VPC
    • Public-Private VPC
    • 3-Tier Architecture (Recommended)
  • Directory Structure
  • Accessing Documentation
  • Next Steps
  • Quick Troubleshooting
  • License
• User Guide
  • Table of Contents
  • Quick Start
    • Pre-Deployment Checklist
    • 1. Create Directories and Copy Documentation
    • 2. Prepare Configuration File
    • 3. Validate Configuration YAML Template
    • 4. Create Policy JSON File
    • 5. Generate CloudFormation Template
    • 6. Create VPC
    • 7. Delete VPC
    • 8. Expected Output Files
  • Security Scanning
    • Optional: Scan Docker Image for Vulnerabilities
  • Configuration
    • Configuration File Structure
  • Commands Reference
    • Validation Commands
      • validate-config
    • Policy Commands
      • create-policy
    • CloudFormation Template Commands
      • create-prov-template
      • validate-prov-template
    • VPC Provisioning Commands
      • test-deploy
      • create-vpc
    • Change Preview and Drift Detection Commands
      • show-changes
      • check-drift
      • delete-vpc
    • Cost Estimation Commands
      • cost-traffic
      • cost-estimate
      • cost-refresh-prices
  • Common Workflows
    • Complete Deployment Workflow
    • Quick Test Workflow
    • Cleanup Workflow
    • Cost Estimation Workflow
    • Multi-Environment Workflow
  • Volume Mounts
  • AWS Credentials
    • Option 1: AWS Profile (Recommended)
    • Option 2: Environment Variables
    • Option 3: IAM Role (EC2/ECS)
  • Best Practices
    • 1. Always Validate First
    • 2. Review Generated Templates
    • 3. Plan CIDR Blocks Carefully
    • 4. Use High Availability
    • 5. Use IAM Roles in Production
    • 6. Test in Dev First
    • 7. Use CloudFormation for Infrastructure
    • 8. Proper Cleanup
    • 9. Tag Resources
    • 10. Version Control Configurations
  • VPC Architecture Patterns
    • Pattern 1: Simple Public VPC
    • Pattern 2: Public-Private VPC
    • Pattern 3: 3-Tier Architecture (Recommended)
  • Command Summary
  • Troubleshooting
    • Quick Fixes
  • Support
  • Configuration Reference
  • IAM Permissions
  • Frequently Asked Questions

📖 Core Documentation:

• Configuration Reference
  • Configuration File Structure
  • Table of Contents
  • Section 1: Client Configuration
    • company_name
    • company_prefix
    • account_id
    • tenant_id
  • Section 2: Environment Configuration
    • env
    • region
  • Section 3: VPC Configuration
    • vpc_name_override
    • cidr_block
    • availability_zones
    • subnets
      • Subnet Parameters
    • internet_gateway
    • nat_gateway
  • Section 4: Tags Configuration
    • tags
      • System Tags (Automatically Applied)
      • Custom Tags (Optional)
  • Traffic Assumptions File
    • File Naming
    • File Structure
    • Parameters
    • Usage
  • Complete Configuration Examples
    • Example 1: Simple Public VPC
    • Example 2: Public-Private VPC
    • Example 3: 3-Tier Architecture (Recommended)
    • Example 4: Multi-AZ High Availability
  • VPC Naming Convention
  • CIDR Planning Guide
    • VPC CIDR Blocks
    • Subnet CIDR Blocks
    • CIDR Planning Example
  • Configuration Validation Rules
    • VPC CIDR
    • Subnet CIDR
    • Availability Zones
    • NAT Gateway
  • Configuration Best Practices
    • 1. Plan CIDR Blocks Carefully
    • 2. Use Multiple Availability Zones
    • 3. Separate Subnet Tiers
    • 4. Enable High Availability NAT
    • 5. Tag All Resources
    • 6. Use Descriptive Names
    • 7. Version Control Configurations
    • 8. Test in Dev First
    • 9. Review Generated Templates
    • 10. Document Architecture
  • Troubleshooting Configuration Issues
    • Issue: Invalid CIDR block
    • Issue: Subnet CIDR not within VPC CIDR
    • Issue: Overlapping subnet CIDRs
    • Issue: Invalid availability zone
    • Issue: Account ID not quoted
  • Additional Resources
• Naming Conventions
  • Table of Contents
  • Overview
  • Configuration Variables
  • AWS Resources
    • VPC (Regional)
    • CloudFormation Stack (Regional)
    • IAM Policy (Global)
    • Subnets (Regional)
    • Network Resources (Regional)
    • System Tags
  • Local Artifacts
    • Configuration Files
    • CloudFormation Templates
    • IAM Policy Files
    • Traffic Assumptions Files
    • Log Files
    • HTML Reports
  • Naming Convention Summary

🔧 Operations:

• Backup and Recovery Procedures
  • Table of Contents
  • What to Backup
    • Critical Data
    • Priority Order
  • Backup Strategy
    • Manual Backup
    • Upload Backup to S3
    • Automated Daily Backup
  • Recovery Procedures
    • Restore Configuration Files
    • Regenerate Templates and Policies
  • VPC Infrastructure Recovery
    • Document Existing Infrastructure
    • Recreate VPC Infrastructure from Config
    • Verify Recovery
  • Testing Recovery
  • Retention Policy
• Monitoring and Health Checks
  • Table of Contents
  • Health Check Endpoints
    • Basic Health Check
    • Detailed Health Check
  • CloudWatch Metrics
    • Custom Metrics
    • Key Metrics to Monitor
    • CloudWatch Dashboard
  • Log Monitoring
    • Log Analysis
    • Real-time Log Monitoring
  • Alerting
    • CloudWatch Alarms
    • Email Alerts
  • Performance Monitoring
    • Execution Time Tracking
    • Resource Usage Monitoring
  • Availability Monitoring
    • Uptime Check
    • Service Status Page
  • Reporting
    • Daily Report
    • Weekly Report
  • Automation
    • Cron Schedule
  • Monitoring Checklist
• Update Procedures
  • Table of Contents
  • Version Strategy
    • Semantic Versioning
    • Image Tags
  • Pre-Update Checklist
  • Updating the Docker Image
    • Pull New Version
    • Verify New Version
    • Test Before Production
  • Rollback Procedures
    • Quick Rollback
    • Keep Multiple Versions
  • Configuration Updates
    • Modifying an Existing Configuration
    • Updating Tags
    • Adding Subnets
  • Infrastructure Maintenance
    • Drift Detection
    • Replacing a Deployment
  • Monitoring After Update
    • Verify Deployed Infrastructure
    • Review Logs
  • Update Schedule
    • Recommended Schedule
    • Maintenance Windows
• Cost Optimization
  • Table of Contents
  • Cost Overview
  • Built-in Cost Estimation
  • NAT Gateway Costs
    • NAT Gateway Data Processing
  • Data Transfer Costs
  • VPC Endpoint Savings
  • Cost Reduction Strategies
    • 1. Disable NAT Gateway in Dev/Test (100% NAT savings)
    • 2. Use Single NAT Gateway for Staging (50% NAT savings)
    • 3. Use VPC Endpoints for AWS Services
    • 4. Minimize Cross-AZ Traffic
    • 5. Right-Size Your Architecture
    • 6. Release Unused Elastic IPs
    • 7. Consolidate VPCs
  • Cost by Architecture Pattern
    • Pattern 1: Simple Public VPC (Dev/Test)
    • Pattern 2: Public-Private (Staging)
    • Pattern 3: 3-Tier HA (Production)
  • Monitoring and Analysis
    • AWS Cost Explorer
    • VPC Flow Logs
    • NAT Gateway CloudWatch Metrics
• Performance Tuning Guide
  • Table of Contents
  • Network Performance
    • Bandwidth Limits
    • Latency Optimization
  • NAT Gateway Performance
    • Throughput
    • High Availability Configuration
    • When to Avoid NAT Gateway
  • Subnet and AZ Optimization
    • Co-Location Strategy
    • Subnet Sizing
    • Multiple Private Subnets
  • VPC Endpoint Performance
    • Gateway Endpoints (S3, DynamoDB)
    • Interface Endpoints (SageMaker, ECR, CloudWatch)
  • ML Workload Optimization
    • SageMaker Training in VPC
    • SageMaker Distributed Training
    • Lambda in VPC
  • Provisioner Performance
    • Typical Operation Times
    • Why NAT Gateway Is Slow
  • Monitoring Performance
    • VPC Flow Logs
    • NAT Gateway Metrics
    • Network Performance Testing

🔒 Security & Compliance:

• IAM Permissions
  • Overview
  • Table of Contents
  • Quick Start - Generate IAM Policy
  • Minimum Required Permissions
    • Complete IAM Policy
  • Permissions by Action
    • Actions Requiring No AWS Permissions
    • Actions Requiring AWS Permissions
      • create-vpc
      • delete-vpc
  • Permission Scoping Best Practices
    • 1. Scope by Company Prefix
    • 2. Scope by AWS Account
    • 3. Scope by Region
    • 4. Scope by Environment
  • IAM Policy Examples
    • Read-Only Access (Validation Only)
    • Development Environment
    • Production Environment
  • IAM Role for EC2/ECS
    • Trust Policy
    • Permissions Policy
  • IAM User Setup
    • Create IAM User
    • Attach Policy
    • Create Access Keys
  • Additional Permissions for Optional Features
    • NAT Gateway
    • VPC Peering (Future Feature)
  • Security Best Practices
    • 1. Principle of Least Privilege
    • 2. Use Resource Restrictions
    • 3. Use Condition Keys
    • 4. Separate Roles by Environment
    • 5. Enable MFA for Sensitive Operations
    • 6. Rotate Credentials Regularly
    • 7. Monitor IAM Activity
  • Troubleshooting Permission Issues
    • Access Denied Errors
    • Policy Simulator
    • CloudTrail Logs
  • Permission Summary by Action
  • EC2 Permissions Breakdown
    • VPC Operations
    • Subnet Operations
    • Route Table Operations
    • Internet Gateway Operations
    • NAT Gateway Operations
    • Tagging Operations
  • CloudFormation Permissions Breakdown
  • S3 Permissions Breakdown
  • Cost Considerations
    • NAT Gateway Permissions
  • Additional Resources
• Security
  • Table of Contents
  • Reporting Security Vulnerabilities
  • Known Vulnerabilities
    • Base Image Vulnerabilities
      • HIGH Severity
      • MEDIUM Severity
      • LOW Severity
    • Common Mitigations
  • Security Features
    • Container Security
    • Application Security
    • Network Security
  • Security Best Practices
  • Security Scanning
    • Pre-deployment Scanning
    • Continuous Monitoring
  • Compliance
    • Standards
    • Certifications
  • Security Update Policy
    • Update Priority
    • Update Notification
  • Incident Response
    • Response Process
    • Contact Information
  • Version History
  • Additional Resources
• Security Guidelines
  • Table of Contents
  • Credential Management
    • AWS Credentials
    • Credential Rotation
  • Input Validation
    • Configuration Files
    • VPC Names and CIDR Blocks
  • Network Security
    • VPC Design Principles
    • Security Groups
    • Network ACLs
    • VPC Flow Logs
  • VPC Resource Security
    • Internet Gateway
    • NAT Gateway
    • VPC Endpoints
    • VPC Peering
  • CloudFormation Security
    • Stack Policies
    • Drift Detection
  • Docker Security
    • Image Security
    • Secrets Management
    • Container Scanning
  • Logging and Monitoring
    • CloudTrail
    • CloudWatch Alarms
    • Application Logs
  • Compliance
    • Data Residency
    • Tagging Strategy
  • Incident Response
    • Compromised Credentials
    • Unauthorized Network Access
    • VPC Resource Tampering
  • Security Checklist
  • Security Contacts
  • References

🐛 Troubleshooting and Support:

• Troubleshooting
  • Quick Diagnostics
  • Table of Contents
  • Common Pitfalls
  • Common Errors
    • AWS Credentials
      • Error: Unable to locate credentials
      • Error: The security token included in the request is invalid
      • Error: Access Denied
    • Configuration Errors
      • Error: Invalid CIDR block
      • Error: Subnet CIDR not within VPC CIDR
      • Error: Overlapping subnet CIDRs
      • Error: Configuration validation failed
      • Error: Invalid availability zone
      • Error: Account ID not quoted
    • CloudFormation Errors
      • Error: Stack already exists
      • Error: CloudFormation rollback
      • Error: VPC limit exceeded
    • Template Validation Errors
      • Error: Template file not found
      • Error: Invalid !Ref target
    • Change Preview Errors
      • Error: Stack does not exist for show-changes
      • Error: No changes detected
    • Drift Detection Errors
      • Error: Stack does not exist for check-drift
      • Error: Drift detection timeout
    • NAT Gateway Errors
      • Error: NAT Gateway requires Internet Gateway
      • Error: NAT Gateway requires public subnet
      • Error: Elastic IP limit exceeded
    • Docker Errors
      • Error: Cannot connect to Docker daemon
      • Error: Permission denied accessing volume
      • Error: Volume mount not found
    • Deletion Errors
      • Error: VPC has dependencies
      • Error: Stack deletion failed
      • Error: NAT Gateway still deleting
    • Cost Estimation Errors
      • Error: Template not found
      • Error: Traffic file not found
      • Error: Failed to refresh pricing
    • License Validation Errors
      • Error: License validation failed
  • Performance Issues
    • Slow CloudFormation Stack Creation
    • Timeout Errors
  • Advanced Troubleshooting
    • Enable Debug Logging
    • Inspect Container
    • Check AWS API Calls
    • Network Connectivity
    • Review Generated Files
  • Getting Help
    • Collect Diagnostic Information
    • Contact Support
  • Additional Resources
• Support
  • Table of Contents
  • Quick Help
    • Documentation
    • Common Issues
  • Getting Support
    • AWS Marketplace Support
    • Product Support
  • Before Contacting Support
    • 1. Product Version
    • 2. Configuration File
    • 3. Error Message
    • 4. Command Used
    • 5. AWS Region
    • 6. Expected vs Actual Behavior
    • 7. CloudFormation Stack Events
  • Self-Service Resources
    • Validate Your Configuration
    • Check AWS Credentials
    • Verify IAM Permissions
    • View Container Logs
    • Test Docker Setup
  • Reporting Bugs
  • Feature Requests
  • Service Level Agreement (SLA)
    • Response Times
    • Priority Definitions
  • License Validation Issues
    • 1. Verify Subscription
    • 2. Verify IAM Permissions
    • 3. Contact AWS Marketplace Support
  • Troubleshooting Resources
    • Documentation
    • AWS Resources
    • Community
  • Updates and Announcements
    • Release Notes
    • Product Roadmap
    • AWS Marketplace
  • Feedback
  • Additional Resources
    • AWS Support
    • AWS Marketplace
    • Product Documentation
  • Legal
    • Terms of Service
    • Privacy Policy
    • License Agreement
• Feedback
  • How to Submit
  • Feature Requests
    • Feature Voting
  • Documentation Feedback
    • What We’re Looking For
  • What Happens Next
  • Related Resources

📊 Advanced Topics:

• Application Architecture
  • Executive Summary
  • Table of Contents
  • 1. Introduction & Context
    • 1.1 Purpose & Scope
    • 1.2 Business Goals
    • 1.3 Stakeholders
    • 1.4 Success Criteria
  • 2. Architectural Representation
    • 2.1 System Context Diagram
    • 2.2 Container View (Deployment Units)
    • 2.3 Component View (Internal Modules)
  • 3. Technical Strategy & Decisions
    • 3.1 Technology Stack
    • 3.2 Architecture Decision Records (ADRs)
      • ADR-001: CloudFormation vs. Direct Boto3 Resource Creation
      • ADR-002: Configuration-Driven Architecture
      • ADR-003: Three-Tier Subnet Architecture
      • ADR-004: Cython Compilation for Code Protection
      • ADR-005: Docker Containerization
      • ADR-006: High-Availability NAT Gateway (Optional)
      • ADR-007: Waiter Pattern for Async Operations
      • ADR-008: Naming Convention with Tenant ID
    • 3.3 Design Patterns
  • 4. Component Architecture
    • 4.1 CLI Interface (cli.py)
    • 4.2 Configuration Loader (config/loader.py)
    • 4.3 VPC Manager (core/vpc_manager.py)
    • 4.4 License Validator (license/validator.py)
    • 4.5 HTML Generator (utils/html_generator.py)
  • 5. Data Architecture
    • 5.1 Data Model
    • 5.2 Data Flow
    • 5.3 Artifact Management
  • 6. Security Architecture
    • 6.1 Security Principles
    • 6.2 Application Security
    • 6.3 Container Security
    • 6.4 Network Security
    • 6.5 IAM Security
    • 6.6 Compliance & Audit
    • 6.7 Known Vulnerabilities
  • 7. Deployment Architecture
    • 7.1 Deployment Models
    • 7.2 Docker Architecture
    • 7.3 Infrastructure Requirements
    • 7.4 Scalability
    • 7.5 High Availability
    • 7.6 Disaster Recovery
  • 8. Quality Attributes
    • 8.1 Performance
    • 8.2 Reliability
    • 8.3 Maintainability
    • 8.4 Usability
    • 8.5 Portability
    • 8.6 Extensibility
  • 9. Integration Architecture
    • 9.1 AWS Service Integration
    • 9.2 External Tool Integration
    • 9.3 API Integration Patterns
    • 9.4 Data Exchange Formats
  • 10. Operational Architecture
    • 10.1 Monitoring & Observability
    • 10.2 Alerting
    • 10.3 Backup & Recovery
    • 10.4 Maintenance
    • 10.5 Support & Troubleshooting
  • 11. Future Roadmap
    • 11.1 Planned Features
    • 11.2 Technical Debt
  • 12. Appendices
    • 12.1 Glossary
    • 12.2 References
    • 12.3 Version History
• Integration Examples
  • Table of Contents
  • EC2 Integration
    • Launch Instance in Private Subnet
    • Security Group for ML Workloads
  • SageMaker Integration
    • SageMaker in VPC Mode
    • SageMaker Notebook in VPC
  • RDS Integration
    • Database in Database Subnet
  • ECS/EKS Integration
    • ECS Service in Private Subnet
    • EKS Cluster in VPC
  • CI/CD Pipeline Integration
    • GitHub Actions
  • Terraform Integration
    • Reference Provisioned VPC
  • Cross-Provisioner Integration
    • S3 VPC Endpoint
    • SEC Provisioner Roles in VPC
    • Discover Resources via SSM
  • SDK Examples
    • Boto3 — Discover VPC Resources
    • AWS CLI — Verify Deployment
• Migration Guide
  • Table of Contents
  • Migrating from Manual VPC Setup
    • Step 1: Inventory Existing Infrastructure
    • Step 2: Create Equivalent Configuration
    • Step 3: Validate Configuration
    • Step 4: Deploy New VPC in Parallel
    • Step 5: Test New VPC
    • Step 6: Migrate Workloads
    • Step 7: Decommission Old VPC
  • Migrating from Terraform
    • Step 1: Export Terraform State
    • Step 2: Map to YAML Configuration
    • Step 3: Deploy and Migrate
    • Step 4: Remove from Terraform State
  • Migrating from AWS CDK
    • Step 1: Review Synthesized Template
    • Step 2: Map to YAML Configuration
    • Step 3: Deploy and Migrate
    • Step 4: Destroy CDK Stack
  • Parallel Deployment Strategy
  • Rollback Procedures
    • CloudFormation Automatic Rollback
    • Manual Rollback
    • Workload Rollback

📋 Reference:

• Release Notes
  • Table of Contents
  • Version 1.1.0 (2026-Q2)
    • Cost Estimation
      • New Actions
      • Cost Estimation Features
      • Supported Actions (12 total)
  • Version 1.0.0 (2026-Q1)
    • Initial Release
    • Core Features
      • VPC Provisioning
      • Subnet Management
      • Network Gateways
      • Route Tables
      • Configuration Management
    • Supported Actions (9)
    • Security Features
    • Documentation
    • System Requirements
    • AWS Regions Supported
    • Known Limitations
    • VPC Architecture Created
  • Roadmap
    • Planned for 1.1.0 (Q2 2026)
    • Planned for 1.2.0 (Q3 2026)
    • Planned for 2.0.0 (Q4 2026)
    • Under Consideration
  • Breaking Changes
    • Version 1.1.0
    • Version 1.0.0
  • Migration Guide
    • From 1.0.0 to 1.1.0
    • From Pre-Release to 1.0.0
    • Future Upgrades
  • Performance Improvements
    • Version 1.1.0
    • Version 1.0.0 (Baseline)
  • Bug Fixes
    • Version 1.1.0
    • Version 1.0.0
  • Security Updates
    • Version 1.0.0
  • Deprecation Notices
  • Contributors
  • Support
  • License
• Roadmap
  • Current Version: 1.1.0
  • Table of Contents
    • ✅ Available Now
  • Version 1.1.0 - Q2 2026
    • ✅ Delivered
    • Planned Features
  • Version 1.2.0 - Q3 2026
    • Planned Features
  • Version 1.3.0 - Q4 2026
    • Planned Features
  • Version 2.0.0 - Q1 2027
    • Major Features
  • Under Consideration
  • Feature Requests
    • 🗳️ Feature Voting
    • How to Request a Feature
    • Most Requested Features
  • Roadmap Notes
  • Version History
  • Stay Updated
  • Feedback
• Sample Reports
  • Template Report
  • Deployment Report
  • Cost Estimate Report
• API Reference
  • Core Modules
    • VPC Manager
      • VpcManager
  • Configuration
    • Configuration Loader
      • AppConfig
      • load_app_config()
  • Utilities
    • HTML Generator
      • generate_template_documentation()
      • generate_deployment_documentation()
      • generate_cost_report()
  • License
    • License Validator
      • LicenseValidator
  • CLI Interface
    • VpcProvisionerCLI
      • VpcProvisionerCLI.__init__()
      • VpcProvisionerCLI.is_action_required()
      • VpcProvisionerCLI.get_actions()
      • VpcProvisionerCLI.get_actions_help()
      • VpcProvisionerCLI.get_manager_class()
      • VpcProvisionerCLI.get_example_usage()
      • VpcProvisionerCLI.add_custom_arguments()
      • VpcProvisionerCLI.create_manager_instance()
      • VpcProvisionerCLI.requires_force()
    • main()

🎯 Quick Navigation by Task

I want to…

Get started quickly

→ README → User Guide

Understand configuration options

→ Configuration Reference

Plan CIDR blocks and subnets

→ Configuration Reference (CIDR Planning Guide section)

Set up IAM permissions

→ IAM Permissions

Implement security best practices

→ Security Guidelines

Set up monitoring and VPC Flow Logs

→ Monitoring and Health Checks

Troubleshoot an issue

→ Troubleshooting

Plan disaster recovery

→ Backup and Recovery Procedures

Update existing VPC

→ Update Procedures

Understand the architecture

→ Application Architecture

Get support

→ Support

Optimize costs

→ Cost Optimization

Tune network performance

→ Performance Tuning Guide

Integrate with other AWS services

→ Integration Examples

Migrate from another tool

→ Migration Guide

Submit feedback or feature requests

→ Feedback

📖 Recommended Reading Order

For New Users

1. README - Overview and quick start

2. User Guide - Complete command reference

3. Configuration Reference - Configuration parameters and CIDR planning

4. Troubleshooting - Common issues

For Production Deployment

1. Configuration Reference - Production configuration (3-tier architecture)

2. IAM Permissions - Security setup

3. Security Guidelines - Security hardening (VPC Flow Logs, NACLs)

4. Monitoring and Health Checks - Monitoring setup

5. Backup and Recovery Procedures - Disaster recovery planning

For Network Architects

1. Configuration Reference - CIDR planning and subnet design

2. Application Architecture - Technical architecture

3. Security Guidelines - Network security patterns

For Security Teams

1. Security Guidelines - Security implementation

2. IAM Permissions - Least-privilege access

3. Monitoring and Health Checks - Security monitoring

🏗️ VPC Architecture Patterns

The VPC Provisioner supports three main architecture patterns:

Pattern 1: Simple Public VPC

Single public subnet for simple applications. See Configuration Reference Example 1.

Pattern 2: Public-Private VPC

Public subnet for web tier, private subnet for app tier. See Configuration Reference Example 2.

Pattern 3: 3-Tier Architecture (Recommended)

Public, private, and database tiers with high availability across multiple AZs. See Configuration Reference Example 3.

📝 Documentation Conventions

• UPPERCASE_WITH_UNDERSCORES.md - Main documentation files

• lowercase-with-hyphens.html - Example reports

• All paths are relative to the docs/ directory

• Code examples use bash syntax unless otherwise noted

• AWS resource names follow the pattern: {company_prefix}-{env}-{tenant_id}-{region}

• VPC CIDR blocks use RFC 1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)

🔄 Documentation Updates

This documentation is version-controlled and updated with each release. See Release Notes for documentation changes in each version.

Last Updated: 2025-04-01

© 2026 Axon Tech Labs. All rights reserved.

Indices and tables

• Index

• Module Index

• Search Page