AWS Startup Advisor
AWS Startup Advisor is a VS Code, Kiro, and Cursor extension that delivers personalized architecture, cost, and security guidance for startups building on AWS. Built on expertise from AWS Startup Solutions Architects and patterns from 350,000+ startups building on AWS.
Overview
AWS Startup Advisor reads your AWS account and surfaces the things a fast-moving startup actually needs to fix:
- Personalized alerts for security risks, cost waste, scalability gaps, and missing permissions — generated locally from read-only AWS API calls against your account.
- Vetted AI prompts curated by AWS Startup Solutions Architects to help you scaffold architecture, harden security, optimize spend, and plan migrations — copy a prompt with one click and paste it into Amazon Q, Kiro Chat, Cursor Chat, GitHub Copilot, or Claude Code.
The extension runs entirely on your machine. There is no Startup Advisor backend — every alert is computed locally from the credentials you sign in with. A read-only AWS profile is sufficient.
Who is this for?
- Early-stage founders scaffolding their first AWS environment and looking for opinionated, startup-tested defaults.
- Startups ready to move to AWS from local development, GCP, or another cloud, who want a guided migration path.
- Scaling startups who need to harden security, plan for resilience, and tune for growth without hiring a dedicated platform team.
- Cost-conscious builders trying to stretch credits and avoid the usual cloud-spend potholes.
Features
Start building
Vetted prompts to bootstrap a startup-ready AWS environment from day one.
- Day-one account setup, security baseline, least-privilege roles
- Scaffold a production architecture for your stack
- Set up GuardDuty, Security Hub, and a vulnerability scanner
Example prompt: "Generate a least-privilege IAM role for my Lambda-based API and a Terraform snippet that creates it."
Migrate
Move your workload to AWS without guessing at the right service mapping.
- Local code to cloud
- Migrate from GCP to AWS
- Migrate AI workloads to AWS
Example prompt: "Translate this docker-compose stack into an ECS Fargate deployment with an ALB and an RDS Postgres instance."
Security and scalability
Continuous, region-aware alerts for the issues that bite startups in production.
- Security: root access keys, missing MFA, unused credentials, open security groups, default VPCs, unencrypted RDS/EBS/ElastiCache, CloudTrail gaps, Cognito MFA, hard-coded Lambda secrets, Bedrock guardrails, API Gateway throttling.
- Scalability: missing CloudWatch alarms, throttled Lambdas, Bedrock readiness.
Example alert: "Your root account has active access keys. Rotate them and switch to IAM Identity Center for daily use."
Cost management
Find the spend leaks before they show up on the invoice.
- Stopped EC2 instances, orphaned EBS volumes, unattached EIPs, orphaned RDS snapshots
- Expiring reserved instances, CloudWatch log retention, idle SageMaker notebooks, missing gateway endpoints
- Compute Optimizer recommendations, AWS credits and balances
Example alert: "You have 12 EBS volumes detached for more than 30 days, costing roughly $48/month. Snapshot and delete?"
Multi-account, multi-region
Switch between AWS profiles from the avatar menu. Pick a region per account; the extension remembers your last selection. Alerts are scoped per-region so switching contexts surfaces the right issues for the account you're working in.
Getting Started
Requirements
- VS Code 1.85+, Kiro, or Cursor
- An AWS account
- One of:
- AWS CLI profile (
~/.aws/credentials or ~/.aws/config), or
- IAM Identity Center (SSO) start URL
A read-only profile is sufficient — the extension never writes to your account.
Install
Search for "AWS Startup Advisor" in your IDE's Extensions view and click Install.
Sign in
- Click the AWS Startup Advisor icon in the activity bar.
- Choose Sign in with SSO (recommended) or Sign in with AWS profile.
- For SSO, paste your start URL and follow the browser flow. For profile auth, pick one from the list.
The sidebar will populate with alerts as soon as evaluators finish their first pass (typically a few seconds).
Switch accounts or sign out
Click the avatar in the header to switch profiles, change region, or sign out.
Commands
| Command |
Description |
AWS Startup Advisor: Sign In |
Focus the sidebar to start the sign-in flow |
AWS Startup Advisor: Sign Out |
Disconnect the active session |
AWS Startup Advisor: Refresh Alerts |
Force re-evaluation of all alerts |
Privacy & data collection
- No backend. All alerts are computed on your machine from read-only AWS SDK calls. Nothing about your AWS account is sent to AWS Startup Advisor servers.
- AWS API calls are made directly to AWS service endpoints using your credentials. Standard AWS service-side logging (e.g. CloudTrail) applies.
- Credentials are read via the standard AWS SDK provider chain. SSO tokens are cached in the standard
~/.aws/sso/cache/ location, shared with the AWS CLI.
License
See LICENSE.