Security-First AWS CDK Infrastructure Factory for AI Agents
aitool-cdk-factory is a type-safe, deterministic factory that generates production-grade AWS Infrastructure as Code (IaC). It is designed specifically for AI Coding Agents and Senior Engineers who need to convert abstract requirements (Docker Compose, JSON Specs) into secure, policy-compliant AWS CDK stacks.
Unlike raw CDK code which can be prone to "drift" and security anti-patterns, this factory enforces NIST 800-53 compliance checks before synthesis, ensuring that no insecure infrastructure is ever generated.
- Docker-to-CDK: Turn
docker-compose.ymlinto ECS Fargate clusters in seconds. - Policy Engine: Block public S3 buckets, unencrypted databases, and open security groups.
- Intermediate Representation (IR): A strict, Zod-validated schema for infrastructure definition.
- Monorepo: Managed with
pnpmworkspaces for modularity.
The system follows a standard compiler pipeline:
graph LR
A[Input Sources] -->|Parse| B(Intermediate Representation)
B -->|Validate| C{Policy Engine}
C -->|Pass| D[Factory Synthesis]
C -->|Fail| E[Error Report]
D -->|Gen| F[AWS CDK Stacks]
- Parsers:
src/generators(Docker, Spec) - Schema:
src/schemas(Zod IR) - Validators:
src/validators(Security, Cost) - Templates:
src/templates(L3 Constructs)
- Runtime: Node.js v20+
- Language: TypeScript 5.x (Strict Mode)
- Package Manager: pnpm
- IaC Framework: AWS CDK v2
- Testing: Vitest
- Validation: Zod
- CLI: Commander
- Node.js v20+
- pnpm
- AWS Credentials configured
git clone https://github.com/ryanrentfro/aitool-cdk-factory.git
cd aitool-cdk-factory
pnpm install
pnpm build- Getting Started
- Core
- Reference
- Meta
MIT License. See LICENSE file.