AWS Startup Advisor
Personalized AWS notifications and curated AI prompts for startup builders — security, cost, scalability, and architecture guidance, in your IDE.
Overview
AWS Startup Advisor reads your AWS account and surfaces the things a fast-moving startup actually needs to act on:
- Personalized alerts for security risks, cost waste, scalability gaps, and missing permissions — generated locally from read-only AWS API calls against your account.
- Curated AI prompts that help you scaffold architecture, harden security, optimize spend, and plan migrations — copy a prompt with one click and paste it into Amazon Q, Kiro Chat, Cursor Chat, GitHub Copilot, or Claude Code.
The extension runs entirely on your machine. There is no Startup Advisor backend — every alert is computed locally from the credentials you sign in with. A read-only AWS profile is sufficient.
Features
Personalized AWS alerts
Continuously evaluates your account against a catalog of startup-relevant checks across:
- Security — root access keys, missing MFA, unused credentials, open security groups, default VPCs, unencrypted RDS/EBS/ElastiCache, CloudTrail gaps, Cognito MFA, hard-coded Lambda secrets, Bedrock guardrails, API Gateway throttling.
- Cost — stopped EC2 instances, orphaned EBS volumes, unattached EIPs, orphaned RDS snapshots, expiring reserved instances, CloudWatch log retention, idle SageMaker notebooks, missing gateway endpoints.
- Scalability — missing CloudWatch alarms, throttled Lambdas, Bedrock readiness.
- Permissions — first-run guidance to set up the role the extension needs.
Alerts are dismissible per region and re-appear if the underlying issue returns.
Curated AI prompts
A growing library of expert prompts covering the work startups do most often:
- Day-one account setup, security baseline, least-privilege roles
- Cost and credits, Compute Optimizer, GPU/Bedrock quota
- Local-code-to-cloud, GCP-to-AWS, LLM agents on AWS
- Architecture review, resilience baseline, vulnerability scanning
Click any prompt to view the full text in a side panel, then Copy prompt to paste into your AI assistant of choice.
Multi-account, multi-region
Switch between AWS profiles from the avatar menu. Pick a region per account; the extension remembers your last selection.
Getting Started
Requirements
- VS Code 1.85+, Kiro, or Cursor
- An AWS account
- One of:
- AWS CLI profile (
~/.aws/credentials or ~/.aws/config), or
- IAM Identity Center (SSO) start URL
A read-only profile is sufficient — the extension never writes to your account.
Install
Search for "AWS Startup Advisor" in your IDE's Extensions view and click Install.
Sign in
- Click the AWS Startup Advisor icon in the activity bar.
- Choose Sign in with SSO (recommended) or Sign in with AWS profile.
- For SSO, paste your start URL and follow the browser flow. For profile auth, pick one from the list.
The sidebar will populate with alerts as soon as evaluators finish their first pass (typically a few seconds).
Switch accounts or sign out
Click the avatar in the header to switch profiles, change region, or sign out.
Commands
| Command |
Description |
AWS Startup Advisor: Sign In |
Focus the sidebar to start the sign-in flow |
AWS Startup Advisor: Sign Out |
Disconnect the active session |
AWS Startup Advisor: Refresh Alerts |
Force re-evaluation of all alerts |
Privacy & data collection
- No backend. All alerts are computed on your machine from read-only AWS SDK calls. Nothing about your AWS account is sent to AWS Startup Advisor servers.
- AWS API calls are made directly to AWS service endpoints using your credentials. Standard AWS service-side logging (e.g. CloudTrail) applies.
- Credentials are read via the standard AWS SDK provider chain. SSO tokens are cached in the standard
~/.aws/sso/cache/ location, shared with the AWS CLI.
License
See LICENSE.
| |
