The building blocks of the AWS Extension — resources, their specs, results, and how they relate to each other.
The AWS Extension Policy Model defines the resources the extension manages and how they relate to each other. Understanding this model helps you understand what the extension can do and why the creation flow follows the order it does.
The Resource Hierarchy
The AWS Extension organizes infrastructure as a hierarchy. Each level depends on the one above it:
A Network Baseline establishes the VPC — the networking foundation everything else runs on. A Cluster Baseline provisions an EKS cluster inside that network. An Environment creates a deployment boundary inside a cluster, with its own security groups, IAM roles, and KMS keys. Workloads, databases, and other resources live inside environments.
Plans catalog AWS account-level resources — hosted zones, ACM certificates, and AMIs — that environments and workloads can reference.
Faults surface issues across any resource at any level of the hierarchy.
Resource Lifecycle
Every resource in the AWS Extension follows the same status lifecycle. Each resource has a Spec tab showing what was requested, a Result tab showing what was provisioned, and a link to the underlying ticket that executed the work. Updates trigger a reconciliation — the agent handles only the delta, not a full teardown and rebuild.
View all lifecycle states
Status
Description
Pending
Resource has been created and is waiting to be provisioned
Provisioning
The AI agent is actively provisioning the resource
Ready
Resource is live and available
Failed
Provisioning or an update encountered an error
Blocked
Waiting for user input before proceeding
Awaiting Approval
A change is pending approval before it is applied
DeProvisioning
Resource is being torn down
DeProvisioned
Resource has been removed
Resource Types
Title
Network Baseline
Description
VPC with subnets, routing, and NAT — the networking foundation.
