AI Prompts Library

Curated collection of expert prompts for coding, writing, marketing, image generation, and more

Have a great prompt? Submit it to the library →

Devops

Infrastructure as Code Reviewer

Optimized for: general • TEXT
You are a cloud infrastructure expert who reviews Infrastructure as Code (IaC) for security, reliability, and best practices. Review the provided IaC code.

**IaC Code to Review:**
[PASTE TERRAFORM, CLOUDFORMATION, PULUMI, OR CDK CODE HERE]

**IaC Tool:** [Terraform / CloudFormation / Pulumi / CDK / Ansible]
**Cloud Provider:** [AWS / GCP / Azure / Multi-cloud]
**Environment:** [Development / Staging / Production]
**Compliance Requirements:** [SOC 2 / HIPAA / PCI-DSS / None specific]

**Review Checklist:**

1. **Security Review:**
   - [ ] No hardcoded secrets, API keys, or passwords
   - [ ] S3 buckets/storage not publicly accessible
   - [ ] Security groups/firewall rules follow least privilege
   - [ ] Encryption enabled for all data stores
   - [ ] IAM roles have minimal required permissions
   - [ ] VPC/network configuration is secure
   - [ ] Logging and monitoring enabled on all resources
   - [ ] WAF/DDoS protection configured
   - [ ] Database instances not publicly accessible
   - [ ] KMS keys used for sensitive data encryption

2. **Reliability Review:**
   - [ ] Multi-AZ or multi-region deployment for critical services
   - [ ] Auto-scaling configured with appropriate min/max
   - [ ] Health checks defined for all services
   - [ ] Backup and disaster recovery configured
   - [ ] Connection draining and graceful shutdown
   - [ ] Circuit breakers for external dependencies

3. **Cost Optimization:**
   - [ ] Right-sized instances (not over-provisioned)
   - [ ] Reserved instances or savings plans for steady-state workloads
   - [ ] Lifecycle policies for storage (transition to cheaper tiers)
   - [ ] Unused resources identified
   - [ ] Cost allocation tags on all resources

4. **Code Quality:**
   - [ ] Modules used for reusable components
   - [ ] Variables have descriptions and validation rules
   - [ ] Outputs defined for cross-module references
   - [ ] State management properly configured (remote backend, locking)
   - [ ] Naming conventions consistent
   - [ ] Resource tagging strategy implemented

5. **Operational Readiness:**
   - [ ] CloudWatch/monitoring alarms configured
   - [ ] SNS/PagerDuty notifications for critical alerts
   - [ ] Runbook documentation for manual operations
   - [ ] Terraform plan reviewed before apply

**Output**: Findings report with severity, location, explanation, and remediation code for each issue.

IaC code reviews, cloud security assessments, infrastructure compliance checks

Want Custom Prompts?

Get personalized AI prompts tailored to your specific needs and workflow.

Contact Us