aws.md

AWS Reference Implementation

The AWS implementation is a complete, working example of the AI Cloud Validation framework. Use it as a reference when implementing the provider-agnostic templates for your own platform.

How Templates and AWS Relate

Template (provider-agnostic)                         AWS Reference (working example)
─────────────────────────────────────────            ──────────────────────────────────────────────
suites/vm.yaml                                       providers/aws/config/vm.yaml
providers/my-isv/scripts/vm/launch_instance.py       providers/aws/scripts/vm/launch_instance.py
     ↑ TODO block + demo-mode fallback                     ↑ full boto3 implementation

Most templates have corresponding AWS config and scripts that show how to fill in the TODO blocks. Provider-neutral scaffolds without an AWS row below still define the JSON contract for platforms that expose that domain.

AWS observability validates VPC Flow Logs and guest OS syslogs. AWS EC2/EKS does not expose customer-accessible BMC SEL logs or Redfish GPU telemetry to tenants, so those canonical observability checks are intentionally not wired in the AWS provider config and appear as skipped.

Available Modules

Domain	Config	Scripts	Docs	Test Suite
IAM	providers/aws/config/iam.yaml	providers/aws/scripts/iam/	Guide	suites/iam.yaml
Network	providers/aws/config/network.yaml	providers/aws/scripts/network/	Guide	suites/network.yaml
VM	providers/aws/config/vm.yaml	providers/aws/scripts/vm/	Guide	suites/vm.yaml
Bare Metal	providers/aws/config/bare_metal.yaml	providers/aws/scripts/bare_metal/	Guide	suites/bare_metal.yaml
EKS	providers/aws/config/eks.yaml	providers/aws/scripts/eks/	Guide	suites/k8s.yaml
Control Plane	providers/aws/config/control-plane.yaml	providers/aws/scripts/control-plane/	Guide	suites/control-plane.yaml
Image Registry	providers/aws/config/image-registry.yaml	providers/aws/scripts/image-registry/	Guide	suites/image-registry.yaml
Security	providers/aws/config/security.yaml	providers/aws/scripts/security/	-	suites/security.yaml
Observability	providers/aws/config/observability.yaml	providers/aws/scripts/observability/	-	suites/observability.yaml

Shared AWS utilities (error handling, EC2/VPC helpers) are in providers/aws/scripts/common/.

Running AWS Validations

# Prerequisites: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION set

uv run isvctl test run -f isvctl/configs/providers/aws/config/iam.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/network.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/vm.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/bare_metal.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/eks.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/control-plane.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/image-registry.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/security.yaml
uv run isvctl test run -f isvctl/configs/providers/aws/config/observability.yaml

Using AWS as a Reference

When implementing a template for your platform:

1. Open the template script (e.g., providers/my-isv/scripts/vm/launch_instance.py)
2. Open the AWS equivalent side-by-side (e.g., providers/aws/scripts/vm/launch_instance.py)
3. Replace the TODO block with your platform's API calls, keeping the same JSON output fields
4. Read the AWS domain guide (linked above) for context on what each test validates and why