Advanced Configuration Options
Complete guide to all available configuration options in CDK Insights. Customize analysis behavior, output format, performance, and filtering to match your specific needs.
Quick Reference
Core Analysis Settings
Control what gets analyzed and how
stackName
Default stack name to analyze
Example:
"stackName": "MyProductionStack"Use Case: Set default stack for repeated analysis
services
Limit analysis to specific AWS services
Example:
"services": ["S3", "IAM", "Lambda"]Use Case: Focus analysis on critical services only
ruleFilter
Filter findings by rule categories
Example:
"ruleFilter": ["Security", "Cost Optimization"]Use Case: Focus on specific compliance areas
synth
Run cdk synth before analysis
Example:
"synth": trueUse Case: Ensure templates are up-to-date
Output Control
Customize output format and content
output
Output format for results (table, json, markdown, summary, sarif, github-actions)
Example:
"output": "json"Use Case: Integration with other tools
summaryOnly
Only show summary in console
Example:
"summaryOnly": trueUse Case: Reduce output verbosity
redact
Redact sensitive resource names
Example:
"redact": trueUse Case: Protect sensitive information in logs
withIssue
Create GitHub issues for findings (CLI flag: --withIssue)
Example:
"withIssue": trueUse Case: Automate issue tracking
Cache Configuration
Optimize analysis performance with caching
noCache
Disable caching entirely
Example:
"noCache": trueUse Case: Force fresh analysis every time
cache.enabled
Enable analysis result caching
Example:
"cache.enabled": trueUse Case: Speed up repeated analysis
cache.ttl
Cache time-to-live in milliseconds. Default 6 hours. Cache lives in process memory and resets on each CLI run.
Example:
"cache.ttl": 7200000Use Case: Shorten for very active development; lengthen for stable codebases
cache.maxSize
Maximum number of cache entries
Example:
"cache.maxSize": 2000Use Case: Control memory usage
Behavior Control
Control analysis behavior and error handling
failOnCritical
Exit with error code if critical issues found (CLI flag: --fail-on-critical)
Example:
"failOnCritical": falseUse Case: Continue CI/CD pipeline despite critical issues
feedback
Enable/disable the interactive feedback prompt after analysis
Example:
"feedback": falseUse Case: Suppress feedback prompt in automated environments
allowOveruse
Allow AI analysis to exceed your plan's quota
Example:
"allowOveruse": trueUse Case: Continue AI analysis beyond plan limits when needed
local
Run static analysis only, skip AI recommendations
Example:
"local": trueUse Case: Offline analysis without requiring a license key
warnSensitive
Treat sensitive data findings as warnings instead of errors
Example:
"warnSensitive": trueUse Case: Prevent sensitive data findings from failing CI pipelines
sensitiveDataDetection
Configure sensitive data detection behavior with sub-options: enabled (boolean, default: true), warnOnly (boolean, default: false), strictMode (boolean, default: false), allowPatterns (string[], default: []), ignoreProperties (string[], default: [])
Example:
"sensitiveDataDetection": {"enabled": true, "warnOnly": true, "strictMode": false, "allowPatterns": ["^test-.*"], "ignoreProperties": ["metadata.tags"]}Use Case: Fine-tune sensitive data detection to reduce false positives
AI Recommendations
Configure model selection and batching for the AI tier
ai.model
Bedrock model used for AI recommendations. Accepts: nova-lite, mistral-14b, haiku-4-5, sonnet-4-6.
Example:
"ai.model": "sonnet-4-6"Use Case: Pick the cost/quality trade-off that suits your workflow. Free tier is always served Nova Lite regardless of selection.
ai.batchSize
Resources per AI request. Default 1 (off — each resource is its own request). Increase to batch multiple resources into a single call. Maximum: 10.
Example:
"ai.batchSize": 5Use Case: Reduce per-request overhead on large stacks at the cost of slightly larger individual prompts.
Scan History
Opt in to uploading each scan to your cdkinsights.dev dashboard
scanHistory.enabled
When true, the CLI uploads each analysis report at the end of the run. Reports are license-keyed, viewable at https://cdkinsights.dev/scans, and auto-expire after 30 days. The upload is best-effort and never blocks the run.
Example:
"scanHistory.enabled": trueUse Case: Track scan history across CI runs without managing artifacts manually.
Telemetry
Anonymous opt-in usage analytics — see the dedicated telemetry page for the full schema
telemetry.enabled
When true, the CLI emits anonymised events (cliVersion, tier, platform, command shape) to help us prioritise improvements. No source code, license keys, or stack contents are ever sent.
Example:
"telemetry.enabled": trueUse Case: Help shape the product roadmap by sharing what you actually use.
Complete Configuration Example
{
"// Basic Configuration": {
"stackName": "MyProductionStack",
"output": "table",
"services": [
"S3",
"IAM",
"Lambda",
"EC2"
],
"ruleFilter": [
"Security",
"Cost Optimization"
]
},
"// Cache Settings": {
"cache": {
"enabled": true,
"ttl": 7200000,
"maxSize": 200
},
"noCache": false
},
"// Analysis Control": {
"synth": true,
"summaryOnly": false,
"redact": false,
"withIssue": false,
"local": false
},
"// Behavior Control": {
"failOnCritical": true,
"feedback": true,
"allowOveruse": false,
"warnSensitive": false,
"sensitiveDataDetection": {
"enabled": true,
"warnOnly": false,
"strictMode": false,
"allowPatterns": [],
"ignoreProperties": []
}
},
"// GitHub Integration": {
"withIssue": true,
"redact": true
}
}This example shows a comprehensive configuration covering all major categories. Copy and customize for your specific needs.
Performance Optimization Tips
Use Service Filtering
High ImpactLimit analysis to only the services you care about
"services": ["S3", "IAM"]Enable Caching
High ImpactCache results to speed up repeated analysis
"cache": { "enabled": true, "ttl": 7200000 }Use Rule Filtering
Medium ImpactFocus on specific compliance areas
"ruleFilter": ["Security", "Cost Optimization"]Enable Synthesis
Medium ImpactEnsure templates are up-to-date before analysis
"synth": trueUse Summary Mode
Low ImpactReduce output verbosity for faster processing
"summaryOnly": trueCLI Flags vs Configuration Options
📄 Configuration File Options
These options can be saved in your .cdk-insights.json file for persistent settings.
cdk-insights config set output json
cdk-insights config set services "S3,IAM"🚀 CLI-Only Flags
These flags are only available at runtime and cannot be saved to configuration files.
cdk-insights scan --yes --ci
cdk-insights scan --all --no-cacheNote: The --yes and --ci flags are CLI-only options that cannot be saved to your configuration file. Use them directly in your commands or scripts.
Environment Variables
CDK_INSIGHTS_LICENSE_KEY
License key for AI-powered analysis features
export CDK_INSIGHTS_LICENSE_KEY="your-license-key"CI
Enable CI mode for automated environments (auto-detected for most CI platforms)
export CI=trueGITHUB_TOKEN
GitHub token for issue creation (preferred over gh CLI)
export GITHUB_TOKEN="ghp_your_token_here"AWS Credentials
AWS credentials for CDK operations (if not using AWS CLI)
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_DEFAULT_REGION="us-east-1"CDK_INSIGHTS_TEAM_ID
Team identifier for team-based subscriptions
export CDK_INSIGHTS_TEAM_ID="your-team-id"CDK_INSIGHTS_API_URL
Override the default API endpoint URL
export CDK_INSIGHTS_API_URL="https://custom-api.example.com"Ready to Customize Your Analysis?
Create a .cdk-insights.json file in your project root and start customizing CDK Insights for your specific needs.