Skip to main content
Recommendations are suggestions for improving your infrastructure — saving money, reducing security risk, or improving performance. InfraAudit generates them using Google Gemini AI when configured, or from a built-in rule engine otherwise. Both sources cover cost, security, and performance.

How recommendations are generated

When a Gemini API key is configured, InfraAudit sends each finding (drift, vulnerability, or cost anomaly) to the Gemini API along with context about the affected resource: its type, configuration, cloud provider, and severity. Gemini returns a structured recommendation with:
  • A plain-language explanation of the problem
  • Specific step-by-step remediation instructions
  • Estimated cost savings (for cost recommendations) or a risk reduction score (for security)
When a Gemini key is not configured — for example in offline self-hosted deployments — InfraAudit falls back to a rule-based engine that applies pre-written templates. The output is less context-specific but still actionable.

Recommendation types

TypeExamples
CostRight-size an overprovisioned EC2 instance, purchase Reserved Instances, remove idle resources
SecurityEnable S3 bucket encryption, restrict security group ingress, rotate access keys
PerformanceScale up an instance hitting CPU limits, migrate a high-I/O workload to provisioned IOPS

Recommendation list

In the sidebar, click Recommendations. The list shows:
ColumnDescription
TitleShort description of the recommendation
TypeCost, security, or performance
SeveritySeverity of the underlying finding
Estimated impactMonthly savings (cost) or risk score reduction (security)
ResourceThe affected resource
Statuspending, applied, or dismissed
Filter by type, status, or provider.

Recommendation detail

Click any recommendation to see:
  • The full explanation of the problem
  • Step-by-step remediation instructions
  • An Apply fix button (if automated remediation is available for this recommendation type)
  • A Dismiss button (to hide it from the active list while keeping it in the database)
  • A Copy button (to copy the steps to your clipboard)

Applying a recommendation

When an automated remediation action is available, an Apply fix button appears on the recommendation. Clicking it either:
  • Executes the fix immediately, if auto-execution is enabled in your remediation settings
  • Creates a pending remediation action in the approval queue, if approval is required
See Remediation for the full approval and execution workflow.

Generating recommendations on demand

You can request a recommendation for a specific resource at any time from the resource detail panel. Open the resource, go to the Recommendations tab, and click Generate recommendation. Via CLI: 
# Generate a recommendation for a specific resource
infraudit recommendation generate --resource <resource-id>

# List all pending recommendations
infraudit recommendation list

# Filter by type
infraudit recommendation list --type cost

# Apply a recommendation
infraudit recommendation apply <recommendation-id>

# Dismiss a recommendation
infraudit recommendation dismiss <recommendation-id>

Next steps