Advanced Configuration Options
Complete guide to all available configuration options in CDK Insights. Customize analysis behavior, output format, performance, and filtering to match your specific needs.
Quick Reference
Core Analysis Settings
Control what gets analyzed and how
stackName
Default stack name to analyze
Example:
"stackName": "MyProductionStack"Use Case: Set default stack for repeated analysis
services
Limit analysis to specific AWS services
Example:
"services": ["S3", "IAM", "Lambda"]Use Case: Focus analysis on critical services only
ruleFilter
Filter findings by rule categories
Example:
"ruleFilter": ["Security", "Cost Optimization"]Use Case: Focus on specific compliance areas
synth
Run cdk synth before analysis
Example:
"synth": trueUse Case: Ensure templates are up-to-date
Output Control
Customize output format and content
output
Output format for results (table, json, markdown, summary, sarif, github-actions)
Example:
"output": "json"Use Case: Integration with other tools
summaryOnly
Only show summary in console
Example:
"summaryOnly": trueUse Case: Reduce output verbosity
redact
Redact sensitive resource names
Example:
"redact": trueUse Case: Protect sensitive information in logs
withIssue
Create GitHub issues for findings (CLI flag: --with-issue)
Example:
"withIssue": trueUse Case: Automate issue tracking
Cache Configuration
Optimize analysis performance with caching
noCache
Disable caching entirely
Example:
"noCache": trueUse Case: Force fresh analysis every time
cache.enabled
Enable analysis result caching
Example:
"cache.enabled": trueUse Case: Speed up repeated analysis
cache.ttl
Cache time-to-live in milliseconds
Example:
"cache.ttl": 7200000Use Case: Balance freshness vs performance
cache.maxSize
Maximum number of cache entries
Example:
"cache.maxSize": 2000Use Case: Control memory usage
Behavior Control
Control analysis behavior and error handling
failOnCritical
Exit with error code if critical issues found (CLI flag: --fail-on-critical)
Example:
"failOnCritical": falseUse Case: Continue CI/CD pipeline despite critical issues
feedback
Enable/disable the interactive feedback prompt after analysis
Example:
"feedback": falseUse Case: Suppress feedback prompt in automated environments
allowOveruse
Allow AI analysis to exceed your plan's quota
Example:
"allowOveruse": trueUse Case: Continue AI analysis beyond plan limits when needed
local
Run static analysis only, skip AI recommendations
Example:
"local": trueUse Case: Offline analysis without requiring a license key
warnSensitive
Treat sensitive data findings as warnings instead of errors
Example:
"warnSensitive": trueUse Case: Prevent sensitive data findings from failing CI pipelines
sensitiveDataDetection
Configure sensitive data detection behavior with sub-options: enabled (boolean, default: true), warnOnly (boolean, default: false), strictMode (boolean, default: false), allowPatterns (string[], default: []), ignoreProperties (string[], default: [])
Example:
"sensitiveDataDetection": {"enabled": true, "warnOnly": true, "strictMode": false, "allowPatterns": ["^test-.*"], "ignoreProperties": ["metadata.tags"]}Use Case: Fine-tune sensitive data detection to reduce false positives
Complete Configuration Example
{
"// Basic Configuration": {
"stackName": "MyProductionStack",
"output": "table",
"services": [
"S3",
"IAM",
"Lambda",
"EC2"
],
"ruleFilter": [
"Security",
"Cost Optimization"
]
},
"// Cache Settings": {
"cache": {
"enabled": true,
"ttl": 7200000,
"maxSize": 200
},
"noCache": false
},
"// Analysis Control": {
"synth": true,
"summaryOnly": false,
"redact": false,
"withIssue": false,
"local": false
},
"// Behavior Control": {
"failOnCritical": true,
"feedback": true,
"allowOveruse": false,
"warnSensitive": false,
"sensitiveDataDetection": {
"enabled": true,
"warnOnly": false,
"strictMode": false,
"allowPatterns": [],
"ignoreProperties": []
}
},
"// GitHub Integration": {
"withIssue": true,
"redact": true
}
}This example shows a comprehensive configuration covering all major categories. Copy and customize for your specific needs.
Performance Optimization Tips
Use Service Filtering
High ImpactLimit analysis to only the services you care about
"services": ["S3", "IAM"]Enable Caching
High ImpactCache results to speed up repeated analysis
"cache": { "enabled": true, "ttl": 7200000 }Use Rule Filtering
Medium ImpactFocus on specific compliance areas
"ruleFilter": ["Security", "Cost Optimization"]Enable Synthesis
Medium ImpactEnsure templates are up-to-date before analysis
"synth": trueUse Summary Mode
Low ImpactReduce output verbosity for faster processing
"summaryOnly": trueCLI Flags vs Configuration Options
๐ Configuration File Options
These options can be saved in your .cdk-insights.json file for persistent settings.
cdk-insights config set output json
cdk-insights config set services "S3,IAM"๐ CLI-Only Flags
These flags are only available at runtime and cannot be saved to configuration files.
cdk-insights scan --yes --ci
cdk-insights scan --all --no-cacheNote: The --yes and --ci flags are CLI-only options that cannot be saved to your configuration file. Use them directly in your commands or scripts.
Environment Variables
CDK_INSIGHTS_LICENSE_KEY
License key for AI-powered analysis features
export CDK_INSIGHTS_LICENSE_KEY="your-license-key"CI
Enable CI mode for automated environments (auto-detected for most CI platforms)
export CI=trueGITHUB_TOKEN
GitHub token for issue creation (preferred over gh CLI)
export GITHUB_TOKEN="ghp_your_token_here"AWS Credentials
AWS credentials for CDK operations (if not using AWS CLI)
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_DEFAULT_REGION="us-east-1"CDK_INSIGHTS_TEAM_ID
Team identifier for team-based subscriptions
export CDK_INSIGHTS_TEAM_ID="your-team-id"CDK_INSIGHTS_API_URL
Override the default API endpoint URL
export CDK_INSIGHTS_API_URL="https://custom-api.example.com"Ready to Customize Your Analysis?
Create a .cdk-insights.json file in your project root and start customizing CDK Insights for your specific needs.