View a markdown version of this page

Best practices for using the Infrastructure Documentation Generator - AWS Prescriptive Guidance
Using credentials securelyInterpreting reportsManaging large environmentsExploring dependenciesMaintaining cache awareness

Best practices for using the Infrastructure Documentation Generator

This section outlines best practices and key considerations for using the Infrastructure Documentation Generator responsibly and effectively. By following these practices, you can support secure handling of AWS credentials, generate accurate and meaningful infrastructure insights, and collaborate more effectively with your team. This approach helps you leverage the system for security, cost, and performance optimization. At the same time, you can respect organizational policies, protect sensitive data, and maximize the value of the generated documentation and visualizations.

Using credentials securely

Always provide temporary credentials or assume roles instead of by using long-lived AWS access keys. This minimizes security risks while scanning your environments. Use AWS Identity and Access Management (IAM) users and roles with read-only permissions only, so the tool never modifies resources. For more information, see Grant least privilege and Security best practices in the IAM documentation.

Interpreting reports

You can choose from the following types of analysis reports:

  • Comprehensive for a full overview

  • Security to identify risky configurations

  • Cost for optimization opportunities

  • Performance to check resource efficiency

You can also add custom prompts for focused checks, for example, "Focus on compute resources and their security posture".

Managing large environments

For big accounts with thousands of resources, the system may chunk data before analysis. Users should expect slightly longer processing times. In such cases, pay special attention to the "Analysis Limitations" section of the report if some chunks were skipped or failed.

Exploring dependencies

Use the graph visualization in the UI to explore resource relationships. Filters, search, and zoom capabilities help navigate complex environments. Look for clusters of dependencies that can indicate tightly coupled services or potential single points of failure.

Maintaining cache awareness

The system caches recent analyses to speed up repeated queries. If your infrastructure changes, always trigger a fresh scan instead of relying solely on cached results. This practice helps to ensure that your report reflects the latest state.