AI-Powered Analysis

Name: CDK Insights
Author: CDK Insights

Static analysis catches known patterns. AI catches everything else — context-aware security risks, cost optimisation opportunities, and architecture improvements that rules alone can't find.

What is AI-Powered Analysis?

CDK Insights AI goes beyond traditional static analysis by using machine learning to understand your infrastructure context and provide intelligent recommendations. Unlike rule-based analysis, AI considers:

Resource Relationships - How components interact with each other
Usage Patterns - How your infrastructure is actually used
Industry Best Practices - Proven patterns from thousands of deployments
Contextual Risk - Real-world impact assessment
CDK Mixin Provenance - When mixins are applied to a resource, the AI is told which ones — so its fixes recommend updating the mixin (or its Mixins.of(scope) selector) rather than only mutating resource props that a mixin would re-apply at synth

This results in more accurate, relevant, and actionable recommendations that help you build better infrastructure.

AI Analysis Capabilities

Security Analysis

AI-powered security vulnerability detection and remediation

Key Features

Context-aware security recommendations
CloudFormation configuration analysis
Compliance framework alignment
Risk assessment and prioritization

Example Recommendations

→Suggests least-privilege IAM policies based on configuration
→Identifies potential data exposure risks in S3 configurations
→Recommends encryption strategies for sensitive workloads

Cost Optimization

Intelligent cost reduction suggestions based on resource configuration

Key Features

Resource configuration analysis
Right-sizing recommendations
Storage optimization suggestions
Cost reduction opportunities

Example Recommendations

→Recommends Lambda memory optimization based on configuration
→Suggests RDS instance right-sizing and storage optimizations
→Identifies potentially over-provisioned resources

Performance Enhancement

AI-driven performance optimization recommendations

Key Features

Performance bottleneck identification
Architecture pattern suggestions
Scaling strategy recommendations
Latency optimization tips

Example Recommendations

→Suggests caching strategies for frequently accessed data
→Recommends database connection pooling optimizations
→Identifies API Gateway throttling opportunities

AI vs Static Analysis

Aspect	Static Analysis	AI Analysis
Issue Detection	104 rules, pattern matching	Context-aware intelligent analysis
Recommendations	Best practice guidance with fixes	Personalised, architecture-aware recommendations
Categorisation	Severity-based (Critical/High/Medium/Low)	Severity + Well-Architected Framework pillar mapping
Fix Guidance	Best practice guidance	Context-aware remediation with code examples
Complexity	Individual resource analysis	Multi-resource relationship analysis

Advanced AI Features

Contextual Analysis

AI understands the relationships between resources and their intended use

Benefit:

More accurate and relevant recommendations

Example: Recognizes that a Lambda function with high memory is intentionally configured for data processing workloads

Pattern Recognition

Identifies common anti-patterns and suggests proven alternatives

Benefit:

Prevents common mistakes before they become problems

Example: Detects tight coupling between services and suggests event-driven architecture patterns

Risk Assessment

Evaluates the actual risk level of security and configuration issues

Benefit:

Prioritizes issues based on real-world impact

Example: Identifies that a public S3 bucket containing only static assets has lower risk than one with sensitive data

Expert Analysis

AI categorises findings by AWS Well-Architected Framework pillars

Benefit:

Industry-standard best practices in every recommendation

Example: Maps findings to Security, Cost Optimisation, Reliability, Performance, and Operational Excellence pillars

Mixin-Aware Remediation

Reads the aws:cdk:analytics:mixin manifest stream so the AI knows which CDK Mixins are applied to each resource

Benefit:

Suggested fixes update the mixin (or its scope selector) instead of being silently undone by it at synth

Example: A bucket with `BucketVersioning` mixin applied gets a recommendation that uses `requireAll()` enforcement, not a one-off `versioned: true` prop

AI Features by Tier

Free

Free forever

Static scans + light AI

Limitations:

104 rules across 35 AWS services
Unlimited static scans (CLI works without an account)
500 AI credits / month with a free account
Default model: Amazon Nova Lite (0.5 credits / resource)

Pro

From £9.99/mo

Full AI-powered analysis

AI Benefits:

5,000 AI credits / month
All 5 Bedrock models (Nova Lite to Sonnet 4.6)
Default: Mistral 14B (1 credit / resource)
Dashboard, PDF reports & GitHub Action

Team

From £12.99/seat/mo · min 2 seats

Pro + collaboration

AI Benefits:

10,000 AI credits / seat / month
All 5 Bedrock models
Team management, 5 built-in roles, audit trails
Shared configurations

Choose your AI model

CDK Insights routes AI analysis through AWS Bedrock and lets you pick the model that fits each scan. More capable models cost more credits per resource. The default works well for most stacks — switch up only when you want deeper reasoning.

Model	Alias	Credits / resource	Best for
Amazon Nova Lite Amazon · Free tier default	`nova-lite`	0.5	Quick scans, cost-conscious workflows
Mistral 14B Mistral AI · Pro / Team default	`mistral-14b`	1	Balanced reasoning for everyday infrastructure
Claude Haiku 4.5 Anthropic · Pro / Team only	`haiku-4-5`	4	High-quality findings for security-critical infra
Claude Sonnet 4.6 Anthropic · Pro / Team only	`sonnet-4-6`	16	Maximum-depth reasoning for architecturally complex stacks

For per-model strengths, switching mechanisms (CLI flag / cdk.json context / user config) in precedence order, tier gating, and credit math worked examples, see AI Models.

Batch analysis (cost optimisation)

By default CDK Insights makes one Bedrock call per resource. The ai.batchSize option groups resources into a single batched call to the backend's /v1/analyze/batch endpoint — amortising the system prompt across multiple resources and dramatically reducing per-resource credit cost.

{
  "ai": {
    "model": "mistral-14b",
    "batchSize": 5
  }
}

Default: 1 (per-resource path, no batching)
Recommended range: 2–10
Backend cap: 10 (the CLI clamps to this)
Fallback: if a batch call fails, the CLI automatically falls back to the per-resource path for that batch

Getting Started with AI Analysis

Upgrade to Pro

AI analysis is available in the Pro tier. Upgrade your license to access intelligent recommendations.

Set Your License Key

Configure your Pro license key to enable AI features:

export CDK_INSIGHTS_LICENSE_KEY=your_pro_license_key

Run Analysis

AI analysis runs automatically when you scan your CDK application:

npx cdk-insights scan

See What Static Analysis Misses

Pro adds AI-powered deep analysis, Well-Architected pillar mapping, and context-aware fix recommendations — from £9.99/mo. Or start with a free account: 500 AI credits/month, no card required.

View Pricing Installation Guide Quick Start

Documentation

AI Recommendations

Docs Home