The Aitool CDK Factory operates as a compiler that transforms high-level specifications into secure AWS infrastructure.
- Parsing: The system accepts inputs in various formats (Docker Compose, Custom Spec) and normalizes them into a strict Intermediate Representation (IR).
- Validation: The IR is subjected to a series of checks (Schema, Logic, Policy, Cost).
- Synthesis: Validated IR is fed into L3 CDK Generators to produce the final CloudAssembly.
- Verification: The output is scanned by CDK-Nag for security compliance.
Converts standard docker-compose.yml files into AWS ECS Fargate clusters.
- Services: Maps to
AWS::ECS::Service(Fargate). - Networking: Creates separate VPCs or uses existing ones.
- Discovery: Auto-configures CloudMap for service discovery.
- Load Balancing: Optional ALB integration.
Accepts a JSON/YAML full specification for granular control over resources.
Ensures that the infrastructure meets the requirements of the application code.
- Port Matching: Verifies container ports match application listeners.
- Env Vars: checks if required environment variables are defined.
- Secrets: Validates that secret references resolve to real parameter keys.
- Budgeting: Estimates monthly cost based on resource types and counts.
- Enforcement: Fails synthesis if the estimated cost exceeds
maxMonthlyBudget.
- NIST 800-53: Enforces encryption, logging, and access controls.
- IAM Policies: Scans generated roles for least-privilege using Access Analyzer.