Skip to content

Commit 439bd8b

Browse files
xxyjoelclaude
xxyjoel
and
claude
committed
Remove status field - all recommendations are considered complete
- Remove status field from all 313 recommendations across 41 service files - Update schema to remove status property - Update db-init.py and db-query.py to remove status columns/views - Update generate.py to remove status from SUMMARY.md - Add remove-status.py utility script - Update README to reflect simplified data model All recommendations in the database are considered production-ready. No more open/ice/pending/done tracking needed. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 7a8e409 commit 439bd8b

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+96
-398
lines changed

README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ The database is designed with a standardized JSON format, making it ideal for:
6060

6161
- **Total Recommendations**: 313
6262
- **AWS Services Covered**: 41
63-
- **Risk Categories**: Security, Cost, Performance, Operations, Reliability
63+
- **Risk Types**: Operations (189), Cost (80), Performance (21), Security (19), Reliability (4)
6464
- **Architectural Patterns**: Circuit Breaker, Retry with Exponential Backoff, Cache-Aside, Bulkhead, Queue-Based Load Leveling
6565

6666
See [docs/SUMMARY.md](docs/SUMMARY.md) for detailed statistics.
@@ -179,7 +179,6 @@ Each misconfiguration entry follows this structure:
179179
```json
180180
{
181181
"id": "a1b2c3d4-e5f6-4789-a012-3456789abcde",
182-
"status": "done|ice|open|pending",
183182
"service_name": "lambda",
184183
"scenario": "Lambda functions making synchronous calls without circuit breaker implementation",
185184
"alert_criteria": "Lambda error rate >5% or downstream service timeouts >1000ms",

data/by-service/acm.json

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "9be76839-271a-4733-b947-c4c3705da1f5",
7-
"status": "open",
87
"service_name": "acm",
98
"scenario": "user wants SSL/TLS certificate expiration alert 1 month in advance",
109
"alert_criteria": "",
@@ -32,7 +31,6 @@
3231
},
3332
{
3433
"id": "d8163f98-8bb2-4159-bde7-e7668e8ee21d",
35-
"status": "open",
3634
"service_name": "acm",
3735
"scenario": "user wants SSL/TLS certificate expiration alert 1 week in advance",
3836
"alert_criteria": "",

data/by-service/alb-elb.json

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "475b24d9-4b5b-4ce4-8161-af25f89bee49",
7-
"status": "done",
87
"service_name": "alb/elb",
98
"scenario": "Idle Load Balancers",
109
"alert_criteria": "A load balancer has had less than 100 requests per day for the last 7 days.",
@@ -33,7 +32,6 @@
3332
},
3433
{
3534
"id": "75ba739e-a10d-4233-9d93-233587bf1de5",
36-
"status": "open",
3735
"service_name": "alb/elb",
3836
"scenario": "Idle Load Balancers",
3937
"alert_criteria": "A load balancer has no healthy back-end instances.",
@@ -62,7 +60,6 @@
6260
},
6361
{
6462
"id": "f8873ffb-d1ce-44d2-adf9-50148350fc92",
65-
"status": "done",
6663
"service_name": "alb/elb",
6764
"scenario": "Idle Load Balancers",
6865
"alert_criteria": "A load balancer has no active back-end instances.",
@@ -92,7 +89,6 @@
9289
},
9390
{
9491
"id": "eba421cf-bea5-4fa2-982a-c992016bd34f",
95-
"status": "pending",
9692
"service_name": "alb/elb",
9793
"scenario": "user wants to ensure the availability / performance of their auto scaling group(s)",
9894
"alert_criteria": "instance that is attached to the autoscaling group has been stopped or hibernated",
@@ -119,7 +115,6 @@
119115
},
120116
{
121117
"id": "b0ee1465-5cd5-4b8e-9ceb-c22ffcbdba88",
122-
"status": "open",
123118
"service_name": "alb/elb",
124119
"scenario": "application / load balancers are not detecting failed connections fast enough",
125120
"alert_criteria": "",
@@ -147,7 +142,6 @@
147142
},
148143
{
149144
"id": "297a0e89-3930-4c98-aaae-108dd7dc6c90",
150-
"status": "open",
151145
"service_name": "alb/elb",
152146
"scenario": "Your application load balancer is hosting X target groups with various hostnames; you would like to expose https traffic for each of these host names.",
153147
"alert_criteria": "",
@@ -175,7 +169,6 @@
175169
},
176170
{
177171
"id": "01e58c92-8f90-4ef0-a438-e35bf01ecfd8",
178-
"status": "open",
179172
"service_name": "alb/elb",
180173
"scenario": "users are being routed to instances that are not running (or have performance issues)",
181174
"alert_criteria": "",
@@ -203,7 +196,6 @@
203196
},
204197
{
205198
"id": "be4fc192-947d-4012-aeb5-54bec0d07873",
206-
"status": "open",
207199
"service_name": "alb/elb",
208200
"scenario": "You are creating an application that is going to expose an HTTP REST API. There is a need to provide request routing rules at the HTTP level. Due to security requirements, your application can only be exposed through the use of two static IPs.",
209201
"alert_criteria": "",
@@ -231,7 +223,6 @@
231223
},
232224
{
233225
"id": "71534f32-7b63-4d9b-8c41-9328ea305e23",
234-
"status": "open",
235226
"service_name": "alb/elb",
236227
"scenario": "user wants to remove weak ciphers for ELB",
237228
"alert_criteria": "",
@@ -259,7 +250,6 @@
259250
},
260251
{
261252
"id": "00b372b2-8825-4bdf-834f-b10742dc715b",
262-
"status": "open",
263253
"service_name": "alb/elb",
264254
"scenario": "user wants to ensure that elb has a recommended ssl/tls protocol version",
265255
"alert_criteria": "",
@@ -287,7 +277,6 @@
287277
},
288278
{
289279
"id": "8ac617e8-5a7a-4da8-8084-7ef5e5cbc74c",
290-
"status": "open",
291280
"service_name": "alb/elb",
292281
"scenario": "user wants to ensure ELB are created with access logs enabled",
293282
"alert_criteria": "",
@@ -315,7 +304,6 @@
315304
},
316305
{
317306
"id": "b5337466-a827-460e-873e-613c28a101e4",
318-
"status": "open",
319307
"service_name": "alb/elb",
320308
"scenario": "user wants to ensure ELB is setup with SSL for secure communication",
321309
"alert_criteria": "",
@@ -343,7 +331,6 @@
343331
},
344332
{
345333
"id": "a3e36ea7-b611-4706-bc1f-40f09a17dc70",
346-
"status": "open",
347334
"service_name": "alb/elb",
348335
"scenario": "user wants to be notified when ELB securied listener certificate expires in 1 month",
349336
"alert_criteria": "",
@@ -371,7 +358,6 @@
371358
},
372359
{
373360
"id": "b70a15dd-4b86-4345-ab46-a3e02c6abfea",
374-
"status": "open",
375361
"service_name": "alb/elb",
376362
"scenario": "user wants to be notified when ELB securied listener certificate expires in 1 week",
377363
"alert_criteria": "",
@@ -399,7 +385,6 @@
399385
},
400386
{
401387
"id": "38ef673f-016f-4b10-ba8c-e0ab9d15494a",
402-
"status": "open",
403388
"service_name": "alb/elb",
404389
"scenario": "user wants to be notified when ALB securied listener certificate expires in 1 month",
405390
"alert_criteria": "",
@@ -427,7 +412,6 @@
427412
},
428413
{
429414
"id": "255365fe-3007-414f-85b6-713846173847",
430-
"status": "open",
431415
"service_name": "alb/elb",
432416
"scenario": "user wants to be notified when ALB securied listener certificate expires in 1 week",
433417
"alert_criteria": "",

data/by-service/all.json

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "6ba41fc1-7084-4ae2-a0ee-aa50d85f1cea",
7-
"status": "ice",
87
"service_name": "ALL",
98
"scenario": "user wants to associate user groups & roles to projects, teams, and other business units",
109
"alert_criteria": "check if resoruce has ANY tags, if no tags send recommendation",
@@ -31,7 +30,6 @@
3130
},
3231
{
3332
"id": "6abe56fe-881d-404c-81e3-a87ed491685b",
34-
"status": "ice",
3533
"service_name": "ALL",
3634
"scenario": "user wants to associate costs to cost centers, projects, teams, and other business units",
3735
"alert_criteria": "check if resoruce has ANY tags, if no tags send recommendation",
@@ -58,7 +56,6 @@
5856
},
5957
{
6058
"id": "277608d6-b89d-459a-ab2d-e2c05ac47af3",
61-
"status": "open",
6259
"service_name": "ALL",
6360
"scenario": "user needs to have an index of resources across regions they can search for",
6461
"alert_criteria": "resource explorer is not enabled",
@@ -85,7 +82,6 @@
8582
},
8683
{
8784
"id": "3360f1f0-c035-4fc1-93d0-1b6afe58d609",
88-
"status": "open",
8985
"service_name": "ALL",
9086
"scenario": "user requires immutable resource tags",
9187
"alert_criteria": "immutable aws tags have not been enabled",

data/by-service/api-gateway.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "c54ea650-2481-4d0d-a61c-9f08443c7cd1",
7-
"status": "open",
87
"service_name": "api-gateway",
98
"scenario": "user wants to use api gateway with edge locations AND cares about performance",
109
"alert_criteria": "",

data/by-service/aws-config.json

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "e6001001-cf01-4001-a001-001000000001",
7-
"status": "done",
87
"service_name": "aws-config",
98
"scenario": "Continuous AWS Config Recording in Non-Production Environments",
109
"alert_criteria": "AWS Config continuously recording all resource types in development, test, or staging environments",
@@ -39,7 +38,6 @@
3938
},
4039
{
4140
"id": "e6001002-cf02-4002-a002-002000000002",
42-
"status": "done",
4341
"service_name": "aws-config",
4442
"scenario": "Excessive AWS Config Costs from Spot Instances",
4543
"alert_criteria": "AWS Config recording configuration changes for frequently provisioned/terminated Spot instances or Auto Scaling groups with high churn",
@@ -75,7 +73,6 @@
7573
},
7674
{
7775
"id": "e6001003-cf03-4003-a003-003000000003",
78-
"status": "done",
7976
"service_name": "aws-config",
8077
"scenario": "Unfiltered Recording of High-Churn Resource Types in AWS Config",
8178
"alert_criteria": "AWS Config recording all resource types including those with frequent state changes (CloudWatch alarms, Lambda invocations, ECS tasks)",
@@ -111,7 +108,6 @@
111108
},
112109
{
113110
"id": "e6001004-cf04-4004-a004-004000000004",
114-
"status": "done",
115111
"service_name": "aws-config",
116112
"scenario": "Unnecessarily High Recording Granularity in AWS Config",
117113
"alert_criteria": "AWS Config using continuous recording when periodic recording would suffice for compliance requirements",
@@ -147,7 +143,6 @@
147143
},
148144
{
149145
"id": "6e839f06-4474-45c8-82a9-84003aade522",
150-
"status": "open",
151146
"service_name": "aws-config",
152147
"scenario": "user wants to ensure AWS config is enabled in all regions",
153148
"alert_criteria": "",

data/by-service/bedrock.json

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "a1382001-fbbe-4001-b001-001000000001",
7-
"status": "done",
87
"service_name": "bedrock",
98
"scenario": "Suboptimal Bedrock Custom Model Configuration",
109
"alert_criteria": "Custom models using older architectures, oversized GPU/accelerators, full-precision weights, or unoptimized model artifacts",
@@ -46,7 +45,6 @@
4645
},
4746
{
4847
"id": "a1382002-08c0-4002-b002-002000000002",
49-
"status": "done",
5048
"service_name": "bedrock",
5149
"scenario": "Suboptimal Bedrock Inference Profile Model Selection",
5250
"alert_criteria": "Inference profiles using models with higher compute requirements than necessary for the use case, or using on-demand when provisioned throughput would be more cost-effective",
@@ -82,7 +80,6 @@
8280
},
8381
{
8482
"id": "a1382003-6144-4003-b003-003000000003",
85-
"status": "done",
8683
"service_name": "bedrock",
8784
"scenario": "Suboptimal Bedrock Model Type for Use Case",
8885
"alert_criteria": "Using large foundation models for tasks that smaller, specialized models could handle, or using general-purpose models when fine-tuned models would be more efficient",
@@ -118,7 +115,6 @@
118115
},
119116
{
120117
"id": "a1382004-5e31-4004-b004-004000000004",
121-
"status": "done",
122118
"service_name": "bedrock",
123119
"scenario": "Missing Caching Layer for Repetitive Bedrock Inference Workloads",
124120
"alert_criteria": "High volume of identical or similar inference requests, applications repeatedly invoking models with deterministic prompts, or no semantic caching layer implemented",
@@ -162,7 +158,6 @@
162158
},
163159
{
164160
"id": "a1382005-734c-4005-b005-005000000005",
165-
"status": "done",
166161
"service_name": "bedrock",
167162
"scenario": "Using High-Cost Bedrock Models for Low-Complexity Tasks",
168163
"alert_criteria": "Using Claude 3 Opus/Sonnet or similar high-tier models for simple classification, extraction, or templated generation tasks that could use Haiku or smaller models",
@@ -197,4 +192,4 @@
197192
]
198193
}
199194
]
200-
}
195+
}

data/by-service/cloudfront.json

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
"misconfigurations": [
55
{
66
"id": "937fff55-6361-4546-a3be-9b4769c904e4",
7-
"status": "open",
87
"service_name": "cloudfront",
98
"scenario": "CloudFront Header Forwarding and Cache Hit Ratio",
109
"alert_criteria": "One or more request headers that CloudFront forwards to your origin might significantly reduce your cache hit ratio.",
@@ -33,7 +32,6 @@
3332
},
3433
{
3534
"id": "915cc2d1-9ea7-4fab-83ad-92b623cb163b",
36-
"status": "open",
3735
"service_name": "cloudfront",
3836
"scenario": "CloudFront Alternate Domain Names",
3937
"alert_criteria": "Yellow: A CloudFront distribution includes alternate domain names, but the DNS configuration is not correctly set up with a CNAME record or an Amazon Route 53 alias resource record.",
@@ -63,7 +61,6 @@
6361
},
6462
{
6563
"id": "4769bb75-f7b8-4604-8ad1-2fbdabd7420d",
66-
"status": "open",
6764
"service_name": "cloudfront",
6865
"scenario": "CloudFront Content Delivery Optimization",
6966
"alert_criteria": "The amount of data transferred out of the bucket to your users by GET requests in the 30 days preceding the check is at least 25 times greater than the average amount of data stored in the bucket.",
@@ -93,7 +90,6 @@
9390
},
9491
{
9592
"id": "cc4250bc-4065-4a12-8fa8-74f386b45702",
96-
"status": "open",
9793
"service_name": "cloudfront",
9894
"scenario": "CloudFront Content Delivery Optimization",
9995
"alert_criteria": "The amount of data transferred out of the bucket to your users by GET requests in the 30 days preceding the check is at least 10 TB and at least 25 times greater than the average amount of data stored in the bucket.",
@@ -123,7 +119,6 @@
123119
},
124120
{
125121
"id": "327f7304-6e47-4eff-93b2-e070afcfc180",
126-
"status": "open",
127122
"service_name": "cloudfront",
128123
"scenario": "streaming service needs to reduce latency for its users",
129124
"alert_criteria": "",
@@ -150,7 +145,6 @@
150145
},
151146
{
152147
"id": "ef6b202e-cb88-4f1b-aadb-a2f17804a8e5",
153-
"status": "open",
154148
"service_name": "cloudfront",
155149
"scenario": "CloudFront Alternate Domain Names",
156150
"alert_criteria": "Yellow: A CloudFront distribution includes alternate domain names, but Trusted Advisor could not evaluate the DNS configuration because there were too many redirects.",
@@ -180,7 +174,6 @@
180174
},
181175
{
182176
"id": "0d84ee37-e841-4b16-ae87-5b0ec720c927",
183-
"status": "open",
184177
"service_name": "cloudfront",
185178
"scenario": "CloudFront Alternate Domain Names",
186179
"alert_criteria": "Yellow: A CloudFront distribution includes alternate domain names, but Trusted Advisor could not evaluate the DNS configuration for some other reason, most likely because of a timeout.",
@@ -210,7 +203,6 @@
210203
},
211204
{
212205
"id": "15ac6ce0-cfab-4e25-87dd-ff769faec385",
213-
"status": "open",
214206
"service_name": "cloudfront",
215207
"scenario": "user wants their application optimized based on the command types (e,g, GET vs POST)",
216208
"alert_criteria": "",
@@ -237,7 +229,6 @@
237229
},
238230
{
239231
"id": "a9f10db4-5c47-4865-8b9f-648f09a81605",
240-
"status": "open",
241232
"service_name": "cloudfront",
242233
"scenario": "cloudfront distributions are too expensive",
243234
"alert_criteria": "",
@@ -265,7 +256,6 @@
265256
},
266257
{
267258
"id": "f9b6e58a-21cb-47b1-92af-1841391713ff",
268-
"status": "open",
269259
"service_name": "cloudfront",
270260
"scenario": "user wants to restrict users from accessing their content from a particular country",
271261
"alert_criteria": "",
@@ -293,7 +283,6 @@
293283
},
294284
{
295285
"id": "19e6e1a5-3569-460a-8be6-582246d05090",
296-
"status": "open",
297286
"service_name": "cloudfront",
298287
"scenario": "You would like to provide your users access to hundreds of private files in your CloudFront distribution, which is fronting an HTTP web server behind an application load balancer",
299288
"alert_criteria": "",
@@ -321,7 +310,6 @@
321310
},
322311
{
323312
"id": "12f2d76b-5c61-403a-bcbe-71c1a4d3ec61",
324-
"status": "open",
325313
"service_name": "cloudfront",
326314
"scenario": "user wants to ensure his CDN is secure",
327315
"alert_criteria": "When TLS is <= x",
@@ -351,7 +339,6 @@
351339
},
352340
{
353341
"id": "fa2ba14d-f984-4efb-a5ae-6a7da7f4257a",
354-
"status": "open",
355342
"service_name": "cloudfront",
356343
"scenario": "user wants an encrypted connection between cloudfront and origin server",
357344
"alert_criteria": "",

0 commit comments

Comments
 (0)