This project provides a generative AI tool for evaluating Infrastructure as Code (IaC) and architecture diagrams against AWS Well-Architected best practices. It's designed for cloud engineers, architects, and developers seeking to improve the security, reliability, performance, and cost-efficiency of their AWS infrastructure. The tool offers detailed analysis, personalized recommendations, and an interactive chatbot for guidance.

How It Works

The analyzer leverages Amazon Bedrock to process user-provided IaC templates (CloudFormation, Terraform, CDK), architecture diagrams (PNG, JPEG), or complete IaC projects. It compares these inputs against AWS Well-Architected best practices, which are synchronized with a Bedrock knowledge base. Users can also upload supporting documents for richer context. The system generates actionable insights and can even create IaC from diagrams. An integrated chatbot provides interactive clarification and guidance.

Quick Start & Requirements

• Deployment: Recommended via CloudFormation stack (iac-analyzer-deployment-stack.yaml). Alternatively, use a deployment script (deploy-wa-analyzer.sh) or manual deployment.
• Prerequisites: AWS Bedrock model access to Titan Text Embeddings V2 and Claude 3.5 Sonnet v2 (or Claude 3.7 Sonnet). For script/manual deployment: Node.js (v18+), Python (v3.11+), AWS CDK CLI, Docker or Finch, and AWS CLI.
• Setup Time: CloudFormation deployment takes 15-20 minutes.
• Documentation: AWS Well-Architected IaC Analyzer

Highlighted Details

• Supports multiple IaC formats (CloudFormation, Terraform, CDK) and architecture diagrams.
• Offers analysis against specialized Well-Architected lenses (Serverless, IoT, SaaS, ML, etc.).
• Features an interactive "Analyzer Assistant" chatbot for Q&A and guidance.
• Can generate IaC templates from architecture diagrams.

Maintenance & Community

This is an aws-samples repository, indicating official AWS examples. Community contributions are welcome via standard GitHub pull requests.

Licensing & Compatibility

Licensed under the MIT-0 License. This permissive license allows for commercial use and integration into closed-source projects.

Limitations & Caveats

The default deployment uses an internet-facing Application Load Balancer without authentication, requiring explicit configuration for security. Model compatibility is primarily tested with Claude 3.5/3.7 Sonnet; other models may yield unexpected results.