Launched this week

CDK Insights

Launched this week

Catch security issues in your AWS CDK before deployment

61 followers

Catch security issues in your AWS CDK before deployment

61 followers

Visit website

Testing and QA software

•

Security software

CDK Insights scans your AWS CDK stacks for security misconfigurations, cost waste, and best practice violations 🔒 Local-first: your code never leaves your machine ⚡ Zero friction: no signup, no API keys, just npx cdk-insights scan 🆓 Free forever: 100+ rules, 35+ AWS services, JSON/Table/Markdown output 🤖 AI explains why issues matter, not just what's wrong 🔗 CI/CD ready: GitHub Action with PR comments Ship fast without shipping insecure.

Free Options

Launch tags:SaaS•Software Engineering•Developer Tools

Launch Team

ElevenAgents by ElevenLabs — Scale conversations without scaling your team

Scale conversations without scaling your team

Promoted

CDK Insights

Maker

📌

Hey Product Hunt! 👋 I'm Lee, the maker of CDK Insights. I'm an AWS Community Builder, and I've been building with CDK for years. The problem I kept seeing: infrastructure would be deployed, then days later, it was found that the S3 bucket was public or an IAM role was over-permissive. Existing tools scan CloudFormation but don't really understand CDK. So I built something CDK-native. The static analysis is completely free — no trial, no limits. There's a paid AI tier for deeper analysis, but the free version is a real, complete product. Try it: npx cdk-insights scan I'd love your feedback on what rules you'd want to see!

Report

6d ago

@theleepriest For the free tier, any plans to add checks for unencrypted EBS volumes or Lambda env vars with secrets?

Report

3d ago

CDK Insights

Maker

@dayal_punjabi Hello! 👋🏻

Both of those are already included in the free tier! CDK Insights checks for unencrypted EBS volumes and flags Lambda environment variables with sensitive key names (secrets, passwords, API keys, tokens, credentials, etc.) — recommending Secrets Manager or SSM Parameter Store instead

Report

3d ago

@theleepriest Thank you for the response. And kudos to this launch.

Report

2d ago

Catching this at deploy time rather than after the fact is huge. IaC misconfigurations are one of those things that sit quietly until they don't. Does it handle cross-stack references? Some of the worst S3 exposure issues I've seen come from permissions that look fine in isolation but open up when stacks interact.

Report

3d ago

CDK Insights

Maker

@razazu Great question! - cross-stack issues are genuinely one of the hardest things to catch, and you're right that they're often where the real exposure lives.

Right now, CDK Insights reasons about relationships within a single stack (dependencies, event source mappings, trust relationships between constructs), and the AI analysis specifically looks at how resources interact - e.g., flagging an SQS queue with no DLQ when it's feeding a Lambda, or an IAM role whose trust policy becomes too broad in combination with its attached policies.

Cross-stack analysis via imports/exports is on the roadmap, but not there yet - it's a harder problem because you need to resolve the full topology across multiple synth outputs and reason about transitive permissions. Would genuinely value your input on what the worst patterns you've seen look like - those concrete examples help me build the right detections rather than guess at them! 😅

Report

2d ago

@razazu Great question! - cross-stack issues are genuinely one of the hardest things to catch, and you're right that they're often where the real exposure lives.