aws-well-architected-review
AWS Well-Architected
Apply AWS Well-Architected best practices to all AWS infrastructure work. This applies whether you are writing new infrastructure or reviewing existing infrastructure.
When writing new infra (create, scaffold, add, generate): Apply the mandatory defaults below so every resource is correct from the first draft. Do not generate anti-patterns and then suggest fixes. The code itself is the output. Read rules/generate-defaults.md for framework-specific property name mappings when generating code.
When reviewing existing infra (review, check, audit, validate): Scan for anti-patterns using the review checklist below and produce a structured findings report with concrete fixes.
If both (e.g., "add a Lambda and review the rest"): Write new code with defaults applied, then review the existing code.
Detect the framework and language from the project context. Generate code and fixes in the matching format.
Generate Mode — Mandatory Defaults
Every resource you generate must satisfy these requirements:
Every resource: Encryption at rest + in transit, least-privilege IAM (no wildcards), tags (Environment, Service, Team), no hardcoded secrets (use Secrets Manager / SSM)