terminal ● cdk-insights analyze

✓ 52 issues found

💡 134 Insights

Scroll down to learn more

Write code.
Get insights.
Repeat.

Name: CDK Insights
Author: CDK Insights

CDK Insights is built to use AI and static analysis to audit your AWS CDK stacks, surface hidden issues, and suggest best practices — before they become problems

Free forever static analysis

20+ AWS services supported

No registration required

terminal ● cdk-insights analyze

✓ 52 issues found

💡 134 Insights

Effortless, Powerful Features

CDK Insights is packed with features that actually matter for CDK developers. No fluff, just powerful tools to make your infrastructure better.

Free Forever

Free Forever Static Analysis

Security & compliance checks with CDK Nag
Linting and best practices
Fast feedback in terminal or CI
No credit card required

See Quickstart

🚧Coming Soon

Pro & AI

AI-Powered Deep Analysis

Evaluates against AWS Well-Architected Framework
STRIDE threat modeling
Actionable, context-aware recommendations
JSON, Markdown, Table, or Summary output

Why Choose CDK Insights?

How It Works

CDK Insights is simple to use. Just run a command, and it will analyze your CDK stacks to find potential issues and suggest improvements.

Install & Run

Get started instantly with our CLI tool. No registration required, no complex setup—just immediate analysis of your CDK stacks.

Terminal

$ npm install -g cdk-insights

$ cdk-insights analyze

🔍 Analyzing your infrastructure...

🚧Coming Soon

AI Analysis

Advanced AI scans your infrastructure across 20+ AWS services

20+

AWS Services

Security

Identify vulnerabilities and compliance issues

CRITICAL

S3 Public Access

MEDIUM

IAM Permissions

LOW

Encryption

Issues Found

💰

Cost Savings

Optimize resources and reduce AWS spend

↓

-35%

Average Savings

Lambda-$156/mo

RDS-$89/mo

📊

Export

Share findings with your team

📊

JSON Data

📝

Markdown Reports

📋

Table Output

🧠AI-Powered Analysis🚧Coming Soon

Beyond Static Analysis

I've integrated advanced AI using AWS Bedrock to deliver context-aware recommendations, intelligent code suggestions, and architectural insights that understand your specific infrastructure. Access your analysis history and manage licenses through my web dashboard.

📊

Static Analysis

Fast & Free Forever

Rule-based Security Checks

20+ AWS services covered

Cost Optimization

Find obvious savings opportunities

Instant Results

Analysis in seconds

🚧Coming Soon

🧠

AI Analysis

Context-Aware Recommendations

Understands your specific infrastructure

Custom Code Suggestions

Tailored fixes with code examples

Architectural Pattern Recognition

Spots complex multi-resource issues

Natural Language Explanations

Clear explanations of issues and solutions

Web Dashboard Access

View analysis history and manage licenses

See AI Analysis in Action

Here's how AI goes beyond static analysis to provide intelligent, context-aware recommendations

⚠️

Static Analysis

Rule-based detection

⚠️ MEDIUM: Lambda function has high memory allocation

Memory usage may be excessive for this function

💡 Recommendation: Consider reducing memory allocation

🚧Coming Soon

🧠

AI Analysis

Context-aware insights

⚠️ MEDIUM: Lambda function has high memory allocation

Memory usage may be excessive for this function

🧠 AI Insight: Based on your function's 30s timeout and SQS message processing, 3008MB is likely over-provisioned. Most SQS processing functions work efficiently with 512-1024MB.

💡 Smart Suggestion: Reduce to 1024MB and monitor

memorySize: 1024

Powered by Advanced AI Models

CDK Insights leverages cutting-edge AI models via AWS Bedrock for intelligent infrastructure analysis

🦙

Llama 3.1 70B

Primary Analysis Engine

Meta's advanced large language model provides comprehensive infrastructure analysis with deep understanding of AWS services, security patterns, and optimization opportunities.

🎯

Claude 3 Sonnet

Complex Pattern Recognition

Anthropic's Claude excels at analyzing complex architectural patterns, providing nuanced recommendations for sophisticated infrastructure designs and multi-service integrations.

🔒

Privacy-First AI Analysis

Your code never leaves your environment

Redacted CloudFormation Only

Only anonymized infrastructure templates are analyzed

Source Code Stays Local

Your CDK source code never leaves your machine

Automatic Redaction

Sensitive data automatically removed before analysis

AWS Bedrock Security

Enterprise-grade security from AWS

Why CDK Insights?

CDK Insights was built to solve the problem of discovering infrastructure issues after deployment. Now you can catch problems before they reach production.

CDK Insights

Purpose-built for CDK

CDK-Specific Analysis

Understands CDK constructs, patterns, and best practices — not just CloudFormation

Free Forever Static Analysis

No trials, no limits on basic analysis — comprehensive static checking always free

No Registration Required

Start analyzing immediately — no accounts, no signups, no barriers

Privacy-First Design

Free tier: 100% local analysis. AI tier: sends only redacted CloudFormation templates, never source code

Optional AI Enhancement

Upgrade to AI-powered analysis for deeper insights and contextual recommendations

Traditional Tools

Generic CloudFormation analysis

Generic CloudFormation Analysis

Treats your CDK code like raw CloudFormation — misses CDK-specific patterns

Pay-Walled or Trial Limited

Basic analysis often requires payment or limited trial periods

Account Registration Required

Data Upload Required

Upload your infrastructure code to external services for analysis

Limited AI Integration

Basic rule-based analysis without intelligent context-aware recommendations

The CDK Insights Difference

Purpose-built for CDK developers who want deep, actionable insights without compromising privacy

Instant Setup

One command gets you started:
npx cdk-insights analyze

CDK-Native

Understands your CDK constructs, L2/L3 patterns, and TypeScript code structure

Smart Analysis

Context-aware AI that understands your specific infrastructure patterns and requirements

Experience the difference. Try CDK Insights today and see why CDK developers choose us.

Local-First.
Privacy-Guaranteed.

My free tier runs 100% on your machine. No data leaves your environment. AI tier sends only redacted CloudFormation templates for advanced analysis.

Your Machine

CDK Insights runs directly on your local machine. Your code never leaves your environment.

Local Analysis

Powerful static analysis engine processes your CDK code locally using CDK-Nag and custom rules.

No Network

Works completely offline. No internet connection required.

No Uploads

Your code stays on your machine. Nothing gets uploaded anywhere.

No Tracking

We don't track usage, collect analytics, or monitor your activity.

No Accounts

No registration, no sign-ups, no personal information required.

How Local Analysis Works

Behind the scenes, CDK Insights leverages proven open-source tools to deliver comprehensive analysis

CDK-Nag Integration

Built on AWS's own CDK-Nag for security and compliance checking

Static Code Analysis

Comprehensive TypeScript AST parsing and pattern matching

CloudFormation Synthesis

Analyzes synthesized CloudFormation templates for infrastructure insights

Best Practice Rules

Curated rules for AWS Well-Architected Framework compliance

Multiple Export Formats

JSON, Markdown, Table, and Summary export options for integration

Fast Analysis

Optimized for speed — most projects analyzed in under 10 seconds

Ready for Privacy-First Analysis?

Experience the security of local analysis. No servers, no uploads, no compromises.

Privacy-First.
Security-Built.

Your code should stay yours. That's why CDK Insights is designed to run locally first, with AI features that only process what you choose to share.

Local Analysis

Free tier runs 100% locally on your machine. No code leaves your environment. Static analysis with CDK-Nag happens entirely offline.

AI tier sends only redacted CloudFormation templates to our backend for AI analysis - never your source code.

Zero data transmission

Smart Redaction

AI analysis automatically redacts sensitive data like account IDs, secrets, and personal information from CloudFormation templates before sending to our backend. Your source code never leaves your machine.

Automatic privacy protection

No Storage

CloudFormation templates are processed transiently and never stored on our servers. AI analysis happens in-memory and results are returned immediately. Data is automatically deleted after processing.

Immediate deletion

Additional Security Measures

End-to-End Encryption

All data in transit protected with TLS 1.3 encryption

Minimal Data Collection

We only collect the minimum data necessary for analysis and recommendations

Secure Payment Processing

Payments handled by Stripe — we never store card details

Security Monitoring

Built-in monitoring and security best practices

Privacy Standards

Designed with privacy-first principles and minimal data collection

Open Source Components

Transparent, auditable security practices you can verify

Ready to analyze your CDK stacks with complete privacy? Start with our free tier — no registration required.

Built for Trust.
Designed for Reliability.

Your trust is everything. CDK Insights is built with security and reliability at its core, ensuring your infrastructure analysis is both safe and accurate.

Security First

Privacy by design

Zero Trust Architecture

We cannot access your data even if we wanted to

End-to-End Encryption

All communications protected with TLS 1.3

Security Best Practices

Built with industry-standard security practices and principles

Open Source Components

Built on open source technologies you can trust and verify

Reliability

Built to last

High Availability

Built on AWS's reliable cloud infrastructure

Cloud Infrastructure

Leverages AWS's global infrastructure for reliability

Data Protection

Encrypted data processing with minimal data retention

System Monitoring

Built-in monitoring and error tracking

Transparency

Open and honest

Open Source Components

Built on open-source foundations you can inspect and trust

Privacy Policy

Clear documentation of our data handling practices

Open Documentation

Comprehensive guides and documentation freely available

Public Changelog

Detailed release notes and feature updates

Security & Privacy Principles

Built on industry best practices for security, privacy, and reliability

Security-First Design

Built with security as a core design principle

GDPR Compliant

Privacy-first design with minimal data collection

Industry Standards

Follows established security best practices

AWS Security

Built on AWS's secure cloud infrastructure

Trust Built on Action, Not Words

Every design decision prioritizes your security and privacy. Experience the difference of infrastructure analysis built for the modern enterprise.

Outputs That Fit Your Workflow

CDK Insights is designed to fit into your existing workflow. Whether you prefer markdown reports, GitHub issues, or direct integration, you'll get insights in the format that works best for you.

cdk-insights analyze

markdown output

↕ scroll

Executive Summary:

We discovered **366 total issues** across **71 resources** (97.2% with issues).

Top Priorities:

🔴 14 Critical severity issues

🟠 52 High severity issues

Metric	Count
Resources scanned	71
Resources with issues	69
Total issues found	366
% of resources with issues	97.2%

### WAF Pillar Impact

• **Operational Excellence**: 136

• **Security**: 140

• **Cost Optimization**: 66

• **Reliability**: 18

• **Performance Efficiency**: 6

• **Sustainability**: 0

### Next Steps

1. Triage 🔴 critical issues first

2. Fix 🟠 high‐impact items next

3. Schedule 🟡 medium‐priority tasks

4. Plan 🟢 low‐priority enhancements

Resource: InsecureIamRole41A4AD76

🔴🔴🔴 CRITICAL Severity Issue 🔴🔴🔴

• Issue: IAM policy allows full access to all resources.
• Recommendation: Restrict IAM policies to least privilege access.
• 📍 Source Location: cdk/stacks/TestCdkInsightsStack.ts:26:5
• Source Path: TestCdkInsightsStack/InsecureIamRole41A4AD76
• WAF Pillar: Security

🔴🔴🔴 CRITICAL Severity Issue 🔴🔴🔴

• Issue: The role has been granted the AWS managed policy AdministratorAccess, which provides full access to AWS services and resources.
• Recommendation: Review the permissions granted to the role and replace the AdministratorAccess policy with the minimum necessary permissions.
• 📍 Source Location: cdk/stacks/TestCdkInsightsStack.ts:26:5
• Source Path: TestCdkInsightsStack/InsecureIamRole41A4AD76
• WAF Pillar: Security

Relevant Code:

// Example of a more restrictive policy
const restrictedPolicy = new iam.Policy(this, 'RestrictedPolicy', {
  statements: [
    new iam.PolicyStatement({
      actions: ['s3:GetObject', 's3:PutObject'],
      effect: iam.Effect.ALLOW,
      resources: ['arn:aws:s3:::example-bucket/*']
    }),
  ],
});
// Assign the policy to the role
role.addManagedPolicy(restrictedPolicy);

JSON Export

Machine-readable structured data perfect for automation and CI/CD pipelines.

--output json

Markdown Reports

Human-readable documentation perfect for GitHub issues and team sharing.

--output markdown

Table View

Clean tabular output with colored severity levels - the default format.

--output table

Summary View

Concise overview showing just the essential metrics and highest priority issues.

--output summary

GitHub Integration

Automatically create GitHub issues from findings

# Create GitHub issues from findings
cdk-insights analyze --with-issue

# Perfect for CI/CD workflows
cdk-insights analyze --output json --with-issue

Requires GitHub CLI (gh) to be installed and authenticated

Smart Configuration

Save your preferences and customize analysis

# Set your preferred output format
cdk-insights config set output markdown

# Focus on specific services
cdk-insights config set services IAM,S3,Lambda

# View current settings
cdk-insights config list

Configuration persists across all analyses

Write code. Get insights. Repeat.

Effortless, Powerful Features

Free Forever Static Analysis

AI-Powered Deep Analysis

How It Works

Install & Run

AI Analysis

Security

Cost Savings

Export

Beyond Static Analysis

Static Analysis

AI Analysis

See AI Analysis in Action

Static Analysis

AI Analysis

Powered by Advanced AI Models

Llama 3.1 70B

Claude 3 Sonnet

Privacy-First AI Analysis

Why CDK Insights?

CDK Insights

CDK-Specific Analysis

Free Forever Static Analysis

No Registration Required

Privacy-First Design

Optional AI Enhancement

Traditional Tools

Generic CloudFormation Analysis

Pay-Walled or Trial Limited

Account Registration Required

Data Upload Required

Limited AI Integration

The CDK Insights Difference

Instant Setup

CDK-Native

Smart Analysis

Local-First.Privacy-Guaranteed.

Your Machine

Local Analysis

No Network

No Uploads

No Tracking

No Accounts

How Local Analysis Works

CDK-Nag Integration

Static Code Analysis

CloudFormation Synthesis

Best Practice Rules

Multiple Export Formats

Fast Analysis

Ready for Privacy-First Analysis?

Privacy-First.Security-Built.

Local Analysis

Smart Redaction

No Storage

Additional Security Measures

End-to-End Encryption

Minimal Data Collection

Secure Payment Processing

Security Monitoring

Privacy Standards

Open Source Components

Built for Trust.Designed for Reliability.

Security First

Zero Trust Architecture

End-to-End Encryption

Security Best Practices

Open Source Components

Reliability

High Availability

Cloud Infrastructure

Data Protection

System Monitoring

Transparency

Open Source Components

Privacy Policy

Open Documentation

Public Changelog

Security & Privacy Principles

Write code.
Get insights.
Repeat.

Local-First.
Privacy-Guaranteed.

Privacy-First.
Security-Built.

Built for Trust.
Designed for Reliability.

Executive Summary:

Top Priorities: