Release v1.5.0: Configuration system with profiles and exclusions

Version 1.5.0 - YAML Configuration System with Profiles (2025-12-17)

🔧 Major Feature: Configuration System

• YAML Configuration Files: Persistent settings with auto-discovery
  • File priority: --config-file > ./kosty.yaml > ~/.kosty/config.yaml
  • No config file required - uses hardcoded defaults
  • Full backward compatibility with existing workflows

👤 Profile System

• Multiple Profiles: Switch between environments with --profile flag
  • Default profile for standard usage
  • Custom profiles for different customers/environments
  • Profile inheritance and override logic
  • Example: kosty audit --profile customer01

🚫 Exclusion System

• Granular Exclusions: Skip specific resources during scans
  • Accounts: Exclude AWS accounts from organization scans
  • Regions: Skip specific AWS regions
  • Services: Disable entire service checks (e.g., route53, apigateway)
  • ARNs: Exclude individual resources with wildcard support
  • Merge behavior: Profile exclusions add to global exclusions

🎯 Threshold Customization

• Per-Profile Thresholds: Customize detection thresholds
  • ec2_cpu: EC2 oversized threshold (default: 20%)
  • rds_cpu: RDS oversized threshold (default: 20%)
  • lambda_memory: Lambda over-provisioned threshold (default: 512MB)
  • stopped_days: EC2 stopped instance age (default: 7 days)
  • idle_days: EC2 idle instance age (default: 7 days)
  • old_snapshot_days: Snapshot age threshold (default: 30 days)
  • Override behavior: Profile thresholds replace global values

🔐 Enhanced AWS Authentication

• AssumeRole Support: Integrated role assumption in config
  • role_arn: Specify IAM role to assume
  • mfa_serial: MFA device ARN for secure authentication
  • duration_seconds: Session duration (default: 3600s)
  • Interactive MFA token prompt when configured
  • Automatic fallback to default credentials on failure

🆕 New CLI Options

• --config-file: Specify custom configuration file path
• --profile: Select configuration profile (default: "default")
• Both options work with all 147 commands

📊 Priority System

Configuration values resolved in order:

1. CLI arguments (highest priority)
2. Profile configuration
3. Default profile configuration
4. Hardcoded defaults (lowest priority)

📁 New Files

• kosty/core/config.py: ConfigManager with YAML parsing and validation
• kosty/core/exceptions.py: Configuration-specific exceptions
• kosty.yaml.example: Complete configuration template with examples
• docs/CONFIGURATION.md: Comprehensive configuration guide (500+ lines)

🔧 Technical Implementation

• PyYAML Integration: Safe YAML parsing with validation
• Strict Validation: Upfront config validation with clear error messages
• Wildcard Support: fnmatch-based ARN pattern matching
• Merge Logic: Smart merging of global, profile, and CLI settings
• Session Management: Boto3 session creation with AssumeRole/MFA

📝 Configuration Example

default:
  organization: true
  regions: [us-east-1, eu-west-1]
  max_workers: 20

thresholds:
  ec2_cpu: 20
  rds_cpu: 20

exclude:
  accounts: ["123456789012"]
  services: ["route53"]
  arns: ["arn:aws:ec2:*:*:instance/i-protected*"]

profiles:
  customer01:
    regions: [us-east-1]
    role_arn: "arn:aws:iam::123456789012:role/MyRole"
    mfa_serial: "arn:aws:iam::123456789012:mfa/device"

💼 Use Cases

Multi-Customer Consulting : Separate profiles per customer with AssumeRole

Environment Separation : Different thresholds for dev/staging/prod

Protected Resources : Exclude production databases and critical instances

Compliance : Skip specific accounts or regions for regulatory reasons

Team Workflows : Shared config files in repositories

🐛 Bug Fixes

None - new feature release

⚠️ Breaking Changes

None - fully backward compatible

📚 Documentation

Configuration Guide

Example Config File

Updated README.md with configuration section

💰 Kosty v1.4.0 - Cost Quantification Engine: From AWS Linter to FinOps ROI Tool

🚀 Major Release: Transform Your AWS Cost Optimization with Real Dollar Savings

Kosty v1.4.0 introduces the Cost Quantification Engine - transforming Kosty from a simple AWS audit tool into a comprehensive FinOps ROI platform that calculates real monthly and annual savings across 11 AWS services.

💰 What's New: Cost Quantification Engine

🎯 Real Dollar Savings Calculations

• 11 AWS Services now provide quantified monthly/annual savings
• AWS Pricing API Integration with intelligent fallbacks
• Dashboard Cost Display with prominent total savings card
• ROI Prioritization - issues ranked by financial impact

📊 Services with Cost Calculations

Phase 1 Foundation (8 Services):

• EBS: Orphaned volumes → $10/month per 100GB
• EC2: Stopped instances → $280/month per m5.2xlarge
• EIP: Unattached IPs → $3.60/month each
• NAT Gateway: Unused gateways → $32.85/month each
• Load Balancer: No targets → $16.43/month each
• S3: Lifecycle optimization → $2.30/month per 100GB
• Snapshots: Old snapshots → $5.00/month per 100GB
• Backup: Empty vaults → $0/month (no storage)
• RDS: Oversized instances → Up to $700/month per db.r5.4xlarge
• Lambda: Over-provisioned memory → Optimization savings
• DynamoDB: Idle tables → 80% savings with on-demand

🎨 Enhanced Dashboard Experience

• 💰 Total Estimated Savings Card: Prominent green card showing monthly/annual potential
• Individual Cost Display: Each issue shows "$X.XX/month" in green
• Service Cost Aggregation: Total savings by AWS service
• ROI Calculator: Visual impact representation

📈 Business Impact Examples

# Real examples from cost calculations:
RDS db.r5.4xlarge (5% CPU): $700.80/month savings
EC2 m5.2xlarge stopped: $280.32/month savings  
Lambda 3008MB→1024MB: $0.68/month savings
EBS 100GB orphaned: $10.00/month savings
EIP unattached: $3.60/month savings

Total potential: $1,000+ monthly savings typical

📊 Enhanced Reporting

• Console Reports: Cost savings summary with top issues by financial impact
• JSON Reports: monthly_cost and cost_currency fields added
• CSV Reports: "Monthly Cost (USD)" and "Annual Cost (USD)" columns
• Universal Compatibility: All formats remain backward compatible

🔧 Technical Features

• PricingService: AWS Pricing API wrapper with intelligent caching
• CostCalculator: Service-specific calculation logic for 11 services
• Fallback Pricing: Fixed official prices for unreliable APIs (EIP, S3, Snapshots)
• Free Tier Support: Accurate Lambda/DynamoDB free tier calculations
• Regional Pricing: Support for 16+ AWS regions with location mapping

⚠️ Important: Cost Accuracy Disclaimer

Cost estimates are based on AWS Pricing API and standard on-demand rates. Actual costs may vary due to:

• Reserved Instance discounts (up to 75% off)
• Savings Plans (up to 72% off)
• Volume discounts and enterprise agreements
• Regional pricing variations

Use estimates for relative comparison and optimization prioritization.

🚀 Quick Start with Cost Quantification

# Install/upgrade Kosty
pip install --upgrade kosty

# Run comprehensive audit with cost calculations
kosty audit --output all

# View results in dashboard with cost totals
kosty audit --output json
open dashboard/index.html  # Upload JSON to see savings

# Organization-wide cost analysis
kosty audit --organization --max-workers 20 --output all

📋 What's Changed

• **11 services now calculate real monthly/annual savings
• Dashboard displays total estimated savings prominently
• All report formats include cost information
• ROI prioritization replaces simple issue counting**

🎯 Migration Notes

• Fully backward compatible - existing workflows unchanged
• New cost fields added to JSON/CSV outputs
• Dashboard automatically displays costs when available
• No breaking changes to CLI commands or parameters

💰 Transform your AWS cost optimization from "fix these issues" to "save $X,XXX per month" with Kosty v1.4.0!

Download now: pip install --upgrade kosty

Full changelog: Release Notes

🌐 v1.3.8 - Enterprise Storage Support with Network Share Compatibility

🚀 What's New in v1.3.8

🌐 Universal Storage Support

Kosty now supports saving reports to any storage location with the new --save-to parameter:

• ☁️ S3 Buckets: kosty audit --save-to s3://my-bucket/reports/
• 💻 Local Paths: kosty audit --save-to /home/user/reports/
• 🌐 Network Shares: kosty audit --save-to \\server\share\reports\
• 📁 Network Mounts: kosty audit --save-to /mnt/nas/reports/

🔒 Enterprise-Grade Features

S3 Integration:

• ✅ Automatic AES256 server-side encryption
• ✅ Upfront bucket access validation
• ✅ Support for custom S3 paths and prefixes
• ✅ Clear error messages for permission issues

Network Share Support:

• ✅ Windows UNC paths (\\server\share and //server/share)
• ✅ Linux/macOS mounts (/mnt/, /media/, /Volumes/)
• ✅ Network connectivity validation with smart timeouts
• ✅ Automatic directory creation for network paths

⚡ Performance & Reliability

• Upfront Validation: Storage access tested before starting scans
• Smart Timeouts: 10s validation, 30s write operations
• Error Prevention: Clear messages prevent wasted scan time
• Universal Support: All 147 commands support --save-to

💼 Enterprise Workflows

# Organization scan to S3
kosty audit --organization --save-to s3://company-audits/monthly/

# Team sharing via network
kosty ec2 audit --save-to \\fileserver\aws-reports\ec2\

# Multi-region to NAS
kosty audit --regions us-east-1,eu-west-1 --save-to /mnt/reports/

🛠️ Technical Improvements

New StorageManager class for centralized storage operations

Async file operations for better performance

Enhanced error handling with actionable suggestions

Cross-platform compatibility (Windows, Linux, macOS)

📦 Installation

# Install/upgrade via pip
pip install --upgrade kosty

# Verify version
kosty version

🌐 v1.3.7 - Enterprise Storage Support with Network Share Compatibility

🚀 What's New in v1.3.7

🌐 Universal Storage Support

Kosty now supports saving reports to any storage location with the new --save-to parameter:

• ☁️ S3 Buckets: kosty audit --save-to s3://my-bucket/reports/
• 💻 Local Paths: kosty audit --save-to /home/user/reports/
• 🌐 Network Shares: kosty audit --save-to \\server\share\reports\
• 📁 Network Mounts: kosty audit --save-to /mnt/nas/reports/

🔒 Enterprise-Grade Features

S3 Integration:

• ✅ Automatic AES256 server-side encryption
• ✅ Upfront bucket access validation
• ✅ Support for custom S3 paths and prefixes
• ✅ Clear error messages for permission issues

Network Share Support:

• ✅ Windows UNC paths (\\server\share and //server/share)
• ✅ Linux/macOS mounts (/mnt/, /media/, /Volumes/)
• ✅ Network connectivity validation with smart timeouts
• ✅ Automatic directory creation for network paths

⚡ Performance & Reliability

• Upfront Validation: Storage access tested before starting scans
• Smart Timeouts: 10s validation, 30s write operations
• Error Prevention: Clear messages prevent wasted scan time
• Universal Support: All 147 commands support --save-to

💼 Enterprise Workflows

# Organization scan to S3
kosty audit --organization --save-to s3://company-audits/monthly/

# Team sharing via network
kosty ec2 audit --save-to \\fileserver\aws-reports\ec2\

# Multi-region to NAS
kosty audit --regions us-east-1,eu-west-1 --save-to /mnt/reports/

🛠️ Technical Improvements

New StorageManager class for centralized storage operations

Async file operations for better performance

Enhanced error handling with actionable suggestions

Cross-platform compatibility (Windows, Linux, macOS)

📦 Installation

# Install/upgrade via pip
pip install --upgrade kosty

# Verify version
kosty version

🚀 Release v1.3.6: Enhanced Report Naming & Universal Dashboard Compatibility

✨ Enhanced Report Naming (Feature)

Descriptive filenames: kosty_[service][scope][timestamp].[format]

Examples:

kosty_s3_209479307498_20241031_161327.json (individual service)

kosty_full_209479307498_20241031_161327.json (full audit)

kosty_full_org_123456789012_20241031_161327.json (organization)

Benefits: Easy file identification, better organization, searchable naming

🔧 Universal Dashboard Compatibility (Critical Fix)

Format detection: Automatically handles both flat and nested JSON formats

Backward compatibility: All existing JSON files continue to work

Complete compatibility: Both individual services and full audits work perfectly

Hotfix v1.3.5: Fix TypeError and improve organization validation

🐛 Bug Fixes

v1.3.4 - TypeError Fix

• Fixed duplicate parameters in individual service commands with cross-account parameters
• Updated function signatures across all 16 service command files
• Enables kosty ec2 audit --organization to work correctly

v1.3.5 - Organization Validation

• Added proper error handling for AWSOrganizationsNotInUseException
• Clear user-friendly messages instead of cryptic boto3 errors
• Helpful guidance for standalone AWS accounts

🧪 What's Fixed

• ✅ Individual service commands with --organization flag
• ✅ Clear error messages for non-organization accounts
• ✅ Cross-account parameters work correctly

📦 Installation

pip install kosty==1.3.5

Kosty v1.3.3 - PyPI Distribution

🎉 Major Milestone: Official PyPI Distribution

Kosty is now available on PyPI! Install with a single command:

pip install kosty


## ✨ What's New
📦 PyPI Package Distribution
Easy Installation: pip install kosty - no more cloning repositories

Automatic Dependencies: boto3 and click installed automatically

Professional Distribution: Complete package metadata and licensing

## 📚 Enhanced Documentation
Balanced Focus: Updated all documentation to properly reflect both cost optimization AND security audit capabilities

Comprehensive Examples: Added security audit examples alongside cost optimization

Improved Onboarding: Streamlined installation and getting started guides


## 📊 What Kosty Audits
💰 Cost Optimization: Unused resources, oversized instances, idle services

🔐 Security Vulnerabilities: Public access, unencrypted storage, open ports

🛡️ Compliance Issues: Old access keys, weak configurations, policy violations

16 AWS Services | 147 Commands | Cost + Security in One Tool

Full Changelog: [https://github.com/kosty-cloud/kosty/blob/main/docs/RELEASE_NOTES.md](https://github.com/kosty-cloud/kosty/blob/main/docs/RELEASE_NOTES.md)