Skip to main content
InfraAudit generates recommendations for cost savings, security hardening, and compliance fixes. When a Gemini API key is configured, it uses gemini-2.5-pro to produce context-specific recommendations for each finding. Without a key, a rule-based engine runs instead — no API dependency, no rate limits.

Gemini integration

When GEMINI_API_KEY is set in your environment, InfraAudit sends a structured prompt to Gemini for each new finding. The prompt includes:
  • The finding type (drift, vulnerability, cost anomaly, or compliance failure)
  • The severity and description of what was detected
  • The affected resource type and its key configuration attributes
  • The cloud provider and region
  • Relevant compliance framework context, if applicable
Gemini returns a structured recommendation that includes:
  • A plain-language explanation of why the finding matters
  • Step-by-step remediation instructions specific to the resource
  • Estimated monthly savings (for cost recommendations)
  • Estimated risk reduction score (for security recommendations)
The model runs with temperature=0 to produce deterministic, factual output.
Finding details — including resource configuration attributes, CVE IDs, and cost figures — are sent to the Gemini API. If your organization’s security policy prohibits sending infrastructure details to external APIs, use the rule-based fallback by not setting GEMINI_API_KEY.

Rule-based fallback

When GEMINI_API_KEY is not set, InfraAudit’s internal rule engine matches each finding against a library of pre-written recommendation templates. The rule engine covers:
  • Top 50 most common S3 misconfigurations
  • EC2 security group over-permission patterns
  • IAM key age and usage recommendations
  • RDS backup and encryption gaps
  • Cost optimization rules: right-sizing, idle resources, Reserved Instance recommendations
  • CIS Benchmark remediation steps
Rule-based recommendations are less context-specific than Gemini’s but remain actionable. This mode is well-suited for air-gapped or high-volume deployments.

Recommendation types

TypeSource dataOutput
CostBilling data, usage metricsSavings amount, resource to act on
SecurityDrift, vulnerability, compliance findingRisk description, step-by-step remediation
PerformanceResource utilization dataScaling or configuration adjustment

When recommendations are generated

Recommendations are generated automatically and on demand:
  • Automatically — after a drift scan, vulnerability scan, or compliance assessment, InfraAudit queues recommendation generation for any new findings above the severity threshold.
  • On demand — from the resource detail panel, or via the CLI:
# Generate a recommendation for a specific resource
infraudit recommendation generate --resource <resource-id>

# Generate recommendations for all findings in a compliance assessment
infraudit recommendation generate --assessment <assessment-id>

Recommendation lifecycle

Each recommendation moves through three states: 
pending → applied / dismissed
  • Pending — generated, not yet acted on
  • Applied — the recommended fix was applied, either manually or via automated remediation
  • Dismissed — the recommendation was intentionally skipped, with an optional reason recorded

Rate limiting and cost

Gemini API calls are rate-limited by Google. InfraAudit uses an internal queue and backs off exponentially on 429 Too Many Requests responses. For large assessments (100+ findings), allow a few minutes for all recommendations to generate. Each recommendation request uses approximately 1,000–3,000 tokens. At current Gemini pricing, this is roughly 0.0010.001–0.003 per recommendation. For typical usage of 50 new findings per day, monthly Gemini costs are under $5.