Well-Architected Infrastructure as Code (IaC) Analyzer is a project that demonstrates how generative AI can be used to evaluate infrastructure code for alignment with best practices.
It features a web application built with Streamlit.io, allowing users to upload IaC documents (e.g. AWS CloudFormation or Terraform templates) for assessment. The application leverages a large language model running on Amazon Bedrock to analyze the code against AWS Well-Architected best practices. These best practices are sourced from AWS Well-Architected whitepapers and synchronized with the Amazon Bedrock knowledge base.
This tool provides users with insights into how well their infrastructure code aligns with or deviates from established AWS best practices, offering suggestions for improving cloud architecture designs.
The project deploys resources running on the following AWS services:
- Amazon Virtual Private Cloud (VPC)
- Application Load Balancer
- Amazon Elastic Container Service (ECS)
- AWS Fargate
- Amazon S3
- AWS Lambda
Below pre-requesites are to be deployed in your local machine.
- Install AWS CDK CLI.
- Prepare CDK for python here.
- Install and run Docker.
- Enable access to Titan Text Embeddings V2 and Claude 3.5 Sonnet models in your AWS region for your stack here.
If you want to use a different model than "Claude 3.5 Sonnet", update the config.ini with the correct model ID.
[settings]
model_id = anthropic.claude-3-5-sonnet-20240620-v1:0
By default, this project will deploy the Load Balancer scheme as internal (Private load balancer). To access the application, you will need to be in the private network connected to the deployed VPC, either via VPC peering, VPN, or any other means. If you need to change the load balancer scheme to internet-facing, you can modify the
public_load_balancerparameter setting toTruein the config.ini file, as below example.[settings] public_load_balancer = TrueHowever, please be aware that this project is prepared as a demo with no authentication mechanism. Therefore, should you choose to change the parameter to
Trueor modify the load balancer to be internet-facing, you are accepting the risk of any implications that this application, along with its functionalities, will be accessible directly through the internet without any form of authentication.
1. Clone this repository
git clone https://github.com/aws-samples/well-architected-iac-analyzer
cd well-architected-iac-analyzer
2. Create and activate a Python virtual environment
python -m venv .venv
source .venv/bin/activate
3. Install requirements
pip install -r requirements.txt
4. Set the AWS region were the CDK stack will be deployed
export CDK_DEPLOY_REGION=us-west-2
5. Bootstrap CDK
cdk bootstrap
6. Deploy the solution
cdk synth
cdk deploy
After the deployment is complete, you will see the private ALB DNS name in the output of the cdk deploy command. You can also find this information in the outputs section of the CloudFormation stack named WA-IaC-Analyzer-{region}-GenAIStack in the AWS Console.
Option 1 - Run the following command to remove the CDK stack and all the associated resources created in your AWS account:
cdk destroy
Option 2 - You can also open the CloudFormation console and directly delete the stack named WA-IaC-Analyzer-{region}-GenAIStack.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.