{"id":234,"date":"2026-04-13T07:34:14","date_gmt":"2026-04-13T07:34:14","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/aws-amazon-codeguru-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai\/"},"modified":"2026-04-13T07:34:14","modified_gmt":"2026-04-13T07:34:14","slug":"aws-amazon-codeguru-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/aws-amazon-codeguru-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-machine-learning-ml-and-artificial-intelligence-ai\/","title":{"rendered":"AWS Amazon CodeGuru Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Machine Learning (ML) and Artificial Intelligence (AI)"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Machine Learning (ML) and Artificial Intelligence (AI)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Amazon CodeGuru is an AWS service that uses Machine Learning (ML) to help you improve code quality and application performance. It is best known for two capabilities: <strong>automated code reviews<\/strong> (to detect issues and recommend fixes) and <strong>application profiling<\/strong> (to find expensive code paths and optimize runtime cost).<\/p>\n\n\n\n<p>In simple terms: <strong>Amazon CodeGuru reviews your code changes and profiles your running applications so you can ship safer, faster, and more efficient software with less manual effort<\/strong>.<\/p>\n\n\n\n<p>Technically, Amazon CodeGuru combines ML-driven static analysis (for pull requests and repositories) with continuous profiling (via agents\/SDKs in your runtime). It integrates with common AWS developer workflows (for example, repositories, CI\/CD, IAM, and monitoring), and it is typically adopted by teams that want consistent engineering standards and performance improvements without building a custom analysis platform.<\/p>\n\n\n\n<p>The core problem Amazon CodeGuru solves is <strong>scale<\/strong>: as codebases and teams grow, it becomes hard to catch subtle defects, security issues, and performance bottlenecks through manual review and ad-hoc profiling. CodeGuru helps standardize detection and guidance, turning best practices into repeatable automation.<\/p>\n\n\n\n<blockquote>\n<p>Service naming note: As of recent AWS documentation, the primary Amazon CodeGuru capabilities are <strong>Amazon CodeGuru Reviewer<\/strong> and <strong>Amazon CodeGuru Profiler<\/strong>. AWS has also offered <strong>Amazon CodeGuru Security<\/strong> at times; verify the current availability and positioning in official AWS docs for your region and account.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Amazon CodeGuru?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>Amazon CodeGuru is an AWS service that applies ML to:\n&#8211; <strong>Review source code<\/strong> and provide recommendations (Amazon CodeGuru Reviewer)\n&#8211; <strong>Profile running applications<\/strong> to identify performance hotspots and reduce compute cost (Amazon CodeGuru Profiler)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automated code reviews for supported languages and repository providers<\/li>\n<li>Recommendations surfaced in pull requests and in the CodeGuru console<\/li>\n<li>Continuous profiling via an agent (JVM\/Python support is common; verify current runtime support)<\/li>\n<li>Visualization of hotspots (for example, CPU usage by method) and optimization guidance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Component<\/th>\n<th>What it does<\/th>\n<th>Typical users<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Amazon CodeGuru Reviewer<\/td>\n<td>ML-powered code reviews and recommendations<\/td>\n<td>Developers, tech leads, AppSec, reviewers<\/td>\n<\/tr>\n<tr>\n<td>Amazon CodeGuru Profiler<\/td>\n<td>Continuous profiling and hotspot detection for running apps<\/td>\n<td>SREs, performance engineers, platform teams<\/td>\n<\/tr>\n<tr>\n<td>(Optional\/Varies) Amazon CodeGuru Security<\/td>\n<td>Security scanning for code (availability and scope can vary)<\/td>\n<td>AppSec, developers (verify in docs)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Managed AWS service<\/strong><\/li>\n<li>Primarily <strong>control-plane configuration + managed analysis<\/strong> (Reviewer)<\/li>\n<li><strong>Agent-based telemetry ingestion + managed analysis<\/strong> (Profiler)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional\/global scope<\/h3>\n\n\n\n<p>Amazon CodeGuru is generally treated as a <strong>regional service<\/strong> in practice: you choose an AWS Region where you create associations\/profiling groups and where results are stored and viewed. Exact region availability can vary by feature. <strong>Verify supported Regions<\/strong> in official documentation for Reviewer\/Profiler before standardizing on it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the AWS ecosystem<\/h3>\n\n\n\n<p>Amazon CodeGuru typically sits alongside:\n&#8211; <strong>Source control<\/strong> (for example, AWS CodeCommit, GitHub via AWS connections; exact providers depend on current docs)\n&#8211; <strong>CI\/CD<\/strong> (AWS CodePipeline\/CodeBuild, GitHub Actions, etc.)\n&#8211; <strong>Identity and access<\/strong> (AWS IAM, service-linked roles)\n&#8211; <strong>Observability<\/strong> (Amazon CloudWatch for dashboards\/alerts, AWS CloudTrail for auditing)\n&#8211; <strong>Security tooling<\/strong> (AWS Security Hub \/ Amazon Inspector may be adjacent depending on your stack; integration should be verified)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Amazon CodeGuru?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduce defects earlier<\/strong>: catching issues in code review is cheaper than production incidents.<\/li>\n<li><strong>Lower operational cost<\/strong>: profiling recommendations can reduce compute usage and latency.<\/li>\n<li><strong>Faster onboarding<\/strong>: consistent automated recommendations help new engineers learn your standards.<\/li>\n<li><strong>Improve delivery speed<\/strong>: reviewers focus on design and correctness, while CodeGuru flags common patterns automatically.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ML-assisted code analysis can find patterns that are hard to enforce consistently with basic linters alone.<\/li>\n<li>Profiling provides concrete evidence of where time\/CPU is spent, which can outperform \u201cguess-and-check\u201d optimization.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standardizes code review quality signals across teams.<\/li>\n<li>Helps create a feedback loop: code quality recommendations in PRs + performance recommendations from production profiles.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automated checks in PRs support secure SDLC practices.<\/li>\n<li>When used with IAM least privilege and audit logging, it helps meet governance expectations (who reviewed, what changed, what tools ran).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Continuous profiling is designed for always-on environments where manual profiling is impractical.<\/li>\n<li>Recommendations can reduce tail latency and CPU burn in critical paths.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose Amazon CodeGuru when:\n&#8211; You use AWS and want <strong>managed<\/strong> code review\/profiling without running analysis servers.\n&#8211; You want <strong>PR-integrated feedback<\/strong> (Reviewer) and\/or <strong>continuous profiling<\/strong> (Profiler).\n&#8211; You have performance-sensitive workloads (APIs, batch jobs, streaming consumers) where compute cost matters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Consider alternatives when:\n&#8211; Your primary languages are not supported by CodeGuru Reviewer (language support can be narrower than generic linters\u2014verify current support).\n&#8211; You require fully offline\/on-prem analysis with no cloud service dependency.\n&#8211; You already have mature tooling (for example, SonarQube + custom rule sets + full-time performance engineering) and CodeGuru adds limited marginal value.\n&#8211; You need security features beyond CodeGuru\u2019s scope (for example, full dependency\/secret scanning, SAST\/DAST breadth)\u2014you may need dedicated security scanners.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Amazon CodeGuru used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SaaS and web platforms (performance + cost optimization)<\/li>\n<li>FinTech and payments (code quality + review consistency)<\/li>\n<li>E-commerce (latency improvements, peak traffic readiness)<\/li>\n<li>Media\/streaming (high throughput services and batch jobs)<\/li>\n<li>Enterprise IT modernization (standardizing SDLC across many teams)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Product engineering teams with PR-based workflows<\/li>\n<li>Platform engineering teams building paved roads and standard pipelines<\/li>\n<li>SRE\/operations teams focused on performance regressions and cost<\/li>\n<li>AppSec teams adding automated checks earlier in the SDLC<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microservices (Java\/Python are common targets)<\/li>\n<li>APIs (REST\/GraphQL) where p95\/p99 latency matters<\/li>\n<li>Asynchronous processing (queues, stream consumers)<\/li>\n<li>Batch processing and ETL jobs (cost hotspots)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Git-based development with pull requests<\/li>\n<li>CI\/CD pipelines (CodePipeline\/CodeBuild or external CI)<\/li>\n<li>Container platforms (ECS\/EKS) and compute (EC2)<\/li>\n<li>Serverless workloads (some profiling scenarios may apply; verify Profiler support per runtime)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test<\/strong>: Reviewer used on every PR; early adoption is low risk.<\/li>\n<li><strong>Production<\/strong>: Profiler used in always-on mode to detect hotspots and regressions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Amazon CodeGuru is commonly applied.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Automated PR review for Java services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Human reviewers miss resource leaks, inefficient patterns, or risky constructs.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Reviewer adds consistent automated checks and recommendations in PRs.<\/li>\n<li><strong>Scenario:<\/strong> A Java microservice team enables CodeGuru Reviewer on all PRs to catch concurrency and performance issues before merge.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) PR review for Python utilities and backend APIs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Python code changes introduce inefficient loops or error-handling issues.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Reviewer can provide automated feedback (scope depends on language support; verify).<\/li>\n<li><strong>Scenario:<\/strong> A backend team adds CodeGuru Reviewer to PRs for a Python API repository to reduce recurring defects.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Continuous profiling of a high-traffic API<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> p95 latency grows over time; the hotspot is unclear.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Profiler continuously identifies expensive methods and call paths.<\/li>\n<li><strong>Scenario:<\/strong> An ECS-hosted API runs Profiler to pinpoint a JSON serialization hotspot.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Cost optimization for batch processing jobs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Nightly batch jobs exceed their compute budget.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Profiler recommendations can reduce CPU time in loops, parsing, and IO patterns.<\/li>\n<li><strong>Scenario:<\/strong> A data platform team profiles a JVM batch job on EC2 to reduce runtime and instance size.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Performance regression detection after releases<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Performance degrades after a new feature, but logs\/metrics don\u2019t show why.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Profiling over time makes regressions visible in method-level hotspots.<\/li>\n<li><strong>Scenario:<\/strong> A team compares profiling snapshots before\/after release and finds a new expensive call path.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Enforcing engineering standards across multiple teams<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Code review quality varies across squads.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Central platform team enables Reviewer across key repos, creating a baseline.<\/li>\n<li><strong>Scenario:<\/strong> A large enterprise enables CodeGuru Reviewer for all tier-1 services and tracks recommendation trends.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Reducing mean time to detect (MTTD) for performance issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Engineers only profile when incidents happen.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Always-on profiling detects issues without waiting for a crisis.<\/li>\n<li><strong>Scenario:<\/strong> SRE uses Profiler findings to create proactive backlog items.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Supporting audit-ready SDLC workflows<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Compliance requires evidence of review and quality controls.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Reviewer provides machine-generated recommendations tied to PRs (and actions are auditable).<\/li>\n<li><strong>Scenario:<\/strong> A regulated team documents automated review checks as part of SDLC controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Improving code review focus (design vs. nitpicks)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Reviewers spend time on repetitive issues rather than architecture\/design.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Reviewer flags common patterns automatically.<\/li>\n<li><strong>Scenario:<\/strong> Team guidelines say: \u201cAddress CodeGuru recommendations first; human review focuses on behavior and design.\u201d<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Optimizing compute in multi-tenant services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small inefficiency multiplies across tenants and traffic.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Profiler helps find micro-optimizations with real cost impact.<\/li>\n<li><strong>Scenario:<\/strong> A multi-tenant billing service reduces CPU by optimizing one hot method, lowering fleet cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Pre-merge checks for critical repos<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Breaking changes slip into main branches.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> CodeGuru Reviewer can be part of PR checks and merge gates (implementation depends on your CI and repo provider).<\/li>\n<li><strong>Scenario:<\/strong> PR cannot be merged until critical recommendations are resolved or explicitly acknowledged.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Developer enablement for performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Engineers lack performance intuition in complex systems.<\/li>\n<li><strong>Why CodeGuru fits:<\/strong> Recommendations and hotspot views teach with real code examples.<\/li>\n<li><strong>Scenario:<\/strong> New hires use Profiler findings during on-call training to understand service performance.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Feature availability can vary by Region, repository provider, and language\/runtime. Always confirm in the official docs for your setup.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 1: Repository association (Reviewer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Connects CodeGuru Reviewer to a supported repository provider so it can analyze code.<\/li>\n<li><strong>Why it matters:<\/strong> Without association, CodeGuru can\u2019t access code changes and PR metadata.<\/li>\n<li><strong>Practical benefit:<\/strong> Central place to enable\/disable analysis per repository.<\/li>\n<li><strong>Caveats:<\/strong> Provider support and permission model differ (CodeCommit vs GitHub\/Bitbucket). Verify current supported providers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 2: Pull request analysis (Reviewer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Automatically analyzes PRs and produces recommendations tied to the diff and context.<\/li>\n<li><strong>Why it matters:<\/strong> Feedback arrives where developers work (PR workflow).<\/li>\n<li><strong>Practical benefit:<\/strong> Faster fixes; fewer issues merged into main.<\/li>\n<li><strong>Caveats:<\/strong> Large PRs can reduce signal quality; analysis time can vary.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 3: Code review recommendations (Reviewer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Produces findings such as potential defects, best-practice improvements, and performance-related suggestions.<\/li>\n<li><strong>Why it matters:<\/strong> Helps catch subtle issues early.<\/li>\n<li><strong>Practical benefit:<\/strong> Reduced production bugs and tech debt.<\/li>\n<li><strong>Caveats:<\/strong> Not a replacement for testing, threat modeling, or full SAST\/DAST.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 4: Recommendation details and remediation guidance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Explains why the issue matters and suggests changes.<\/li>\n<li><strong>Why it matters:<\/strong> Recommendations are actionable, not just \u201calerts.\u201d<\/li>\n<li><strong>Practical benefit:<\/strong> Improves developer experience and adoption.<\/li>\n<li><strong>Caveats:<\/strong> Guidance may be generic; validate changes with tests and code owners.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 5: Review history and tracking (Reviewer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets you see past reviews, statuses, and outcomes.<\/li>\n<li><strong>Why it matters:<\/strong> Helps audit and measure adoption.<\/li>\n<li><strong>Practical benefit:<\/strong> Teams can track recurring patterns and train developers.<\/li>\n<li><strong>Caveats:<\/strong> Retention and reporting scope should be confirmed in docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 6: Profiler profiling groups (Profiler)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Logical container for profiling data from one application\/service.<\/li>\n<li><strong>Why it matters:<\/strong> Separates services, environments (dev\/stage\/prod), or tenants.<\/li>\n<li><strong>Practical benefit:<\/strong> Easier analysis and access control by group.<\/li>\n<li><strong>Caveats:<\/strong> Naming and environment partitioning are your responsibility.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 7: Continuous profiling via agent (Profiler)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Collects runtime profiling samples and sends them to CodeGuru Profiler.<\/li>\n<li><strong>Why it matters:<\/strong> Enables always-on performance visibility.<\/li>\n<li><strong>Practical benefit:<\/strong> Finds hotspots without reproducing locally.<\/li>\n<li><strong>Caveats:<\/strong> Adds some overhead; sampling configuration matters; runtime support varies (verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 8: Hotspot visualization and flame graphs (Profiler)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Shows where CPU time is spent and which code paths are most expensive.<\/li>\n<li><strong>Why it matters:<\/strong> You can prioritize optimizations with real data.<\/li>\n<li><strong>Practical benefit:<\/strong> Reduced latency and compute cost.<\/li>\n<li><strong>Caveats:<\/strong> Interpretation requires performance engineering basics; results can be skewed by workload mix.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 9: Cost and performance recommendations (Profiler)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Highlights expensive methods and suggests optimization strategies.<\/li>\n<li><strong>Why it matters:<\/strong> Turns profiles into actionable engineering tasks.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster optimization cycles and measurable cost reduction.<\/li>\n<li><strong>Caveats:<\/strong> Always validate with benchmarks and production KPIs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 10: IAM-based access control and service-linked roles<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Uses AWS IAM to control who can create associations\/profiling groups and who can view findings.<\/li>\n<li><strong>Why it matters:<\/strong> Code and profiling data are sensitive.<\/li>\n<li><strong>Practical benefit:<\/strong> Least privilege and clear separation of duties.<\/li>\n<li><strong>Caveats:<\/strong> Misconfigured IAM is a common cause of onboarding failures.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>Amazon CodeGuru has two main flows:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Reviewer flow (code review)<\/strong>\n   &#8211; You associate a repository with CodeGuru Reviewer.\n   &#8211; When a PR is created\/updated, CodeGuru analyzes changes.\n   &#8211; Recommendations are published back to the PR and available in the CodeGuru console.<\/p>\n<\/li>\n<li>\n<p><strong>Profiler flow (runtime profiling)<\/strong>\n   &#8211; You create a profiling group.\n   &#8211; You install\/configure the CodeGuru Profiler agent in your application runtime.\n   &#8211; The agent collects samples and sends them to the service.\n   &#8211; The console shows hotspots and recommendations.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (Reviewer)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control plane: create repository association, configure events\/PR analysis.<\/li>\n<li>Data plane: CodeGuru reads repository code for the PR diff (and may use context beyond the diff depending on feature behavior).<\/li>\n<li>Output: recommendations attached to the code review and\/or PR UI.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (Profiler)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control plane: create profiling group and permissions.<\/li>\n<li>Data plane: agent sends profiling samples to CodeGuru endpoints.<\/li>\n<li>Output: aggregated profiles, hotspots, and recommendations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related AWS services<\/h3>\n\n\n\n<p>Common integrations include:\n&#8211; <strong>AWS IAM<\/strong>: permissions, service-linked roles\n&#8211; <strong>AWS CodeCommit \/ Git providers<\/strong>: source repositories and PR events\n&#8211; <strong>AWS CodeStar Connections<\/strong> (commonly used for connecting AWS services to external Git providers; verify current supported providers for CodeGuru)\n&#8211; <strong>Amazon EventBridge<\/strong>: operational events (for example, state changes) are often published by AWS services; confirm CodeGuru event types in docs\n&#8211; <strong>AWS CloudTrail<\/strong>: audit of API calls (create associations, etc.)\n&#8211; <strong>Amazon CloudWatch<\/strong>: metrics\/alarms often used around profiled services; profiling findings complement metrics<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewer depends on repository access (provider-specific).<\/li>\n<li>Profiler depends on application runtime instrumentation\/agent deployment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IAM identity-based policies for users\/roles calling CodeGuru APIs.<\/li>\n<li>Service-linked roles may be created for CodeGuru to access repository resources.<\/li>\n<li>For external Git providers, auth is typically handled via AWS connections and OAuth-style authorization (implementation varies; verify current docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewer: managed service calls AWS APIs and repository endpoints; you primarily manage permissions, not VPC routing.<\/li>\n<li>Profiler: agents run in your VPC\/compute environment and send data to AWS service endpoints.<\/li>\n<li>In private subnets, you may need <strong>NAT<\/strong> or appropriate <strong>VPC endpoints<\/strong> if supported (verify whether CodeGuru Profiler supports Interface VPC Endpoints in your region; if not, NAT is required).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>CloudTrail<\/strong> to audit who enabled CodeGuru and changed settings.<\/li>\n<li>Use repository policies and IAM boundaries to restrict which repos can be associated.<\/li>\n<li>Establish internal guidance for:<\/li>\n<li>Which recommendation severities block merges (if you implement gates)<\/li>\n<li>How to triage false positives<\/li>\n<li>How to store and share performance findings<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  Dev[Developer] --&gt;|Creates\/updates PR| Repo[Repo: CodeCommit\/Git Provider]\n  Repo --&gt;|PR event \/ diff| CGR[Amazon CodeGuru Reviewer]\n  CGR --&gt;|Recommendations| PR[Pull Request UI]\n  CGR --&gt;|Review details| Console[AWS Console \/ CodeGuru Reviewer]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph DevSecOps[DevSecOps Workflow]\n    Dev[Developers] --&gt; Repo[Git Repo Provider]\n    Repo --&gt; PR[Pull Requests]\n    PR --&gt; CI[CI Build\/Test]\n    CI --&gt;|Optional gate| Merge[Merge to Main]\n  end\n\n  subgraph CodeQuality[Code Quality - Amazon CodeGuru Reviewer]\n    Assoc[Repo Association] --&gt; Review[Automated Code Review]\n    Review --&gt; Reco[Recommendations]\n  end\n\n  subgraph RuntimePerf[Runtime Performance - Amazon CodeGuru Profiler]\n    App[Service on EC2\/ECS\/EKS] --&gt; Agent[Profiler Agent]\n    Agent --&gt; ProfSvc[Amazon CodeGuru Profiler]\n    ProfSvc --&gt; Hotspots[Hotspots &amp; Recommendations]\n  end\n\n  PR --&gt; Review\n  Reco --&gt; PR\n\n  Hotspots --&gt; Ops[SRE\/Performance Backlog]\n  Review --&gt; Audit[CloudTrail Audit Logs]\n  ProfSvc --&gt; Audit\n  Ops --&gt; CloudWatch[CloudWatch Metrics\/Alarms]\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>AWS account<\/strong> with billing enabled<\/li>\n<li>Ability to create IAM roles\/policies and (optionally) CodeCommit repositories<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You typically need:\n&#8211; Permissions to manage CodeGuru resources (Reviewer associations, code reviews; Profiler profiling groups)\n&#8211; Permissions for the repository provider (for example, CodeCommit admin for the lab)\n&#8211; Permission to allow creation of <strong>service-linked roles<\/strong> (common in AWS services)<\/p>\n\n\n\n<p>AWS-managed policies may exist for CodeGuru access. Prefer least privilege:\n&#8211; Start with AWS-managed policies for evaluation\n&#8211; Then refine to scoped permissions (specific repos\/profiling groups)<\/p>\n\n\n\n<blockquote>\n<p>Verify exact IAM actions in official docs:\n&#8211; Reviewer actions (for example, repository associations, code reviews)\n&#8211; Profiler actions (profiling groups, permissions)<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CodeGuru is a paid service (usage-based). You should set:<\/li>\n<li><strong>AWS Budgets<\/strong> alerts<\/li>\n<li>A dedicated cost allocation tag strategy (for example, <code>App<\/code>, <code>Env<\/code>, <code>Owner<\/code>)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed (for the lab)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS Console access<\/li>\n<li><strong>AWS CLI v2<\/strong> (optional if you use CloudShell)<\/li>\n<li>Git client (CloudShell includes git)<\/li>\n<li>Optional: an editor (CloudShell editor is sufficient)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Choose a Region where Amazon CodeGuru Reviewer is available.<\/li>\n<li>Ensure your repository provider and CodeGuru integration are supported in that Region.<\/li>\n<\/ul>\n\n\n\n<p>Official docs (start here):\n&#8211; Reviewer docs: https:\/\/docs.aws.amazon.com\/codeguru\/latest\/reviewer-ug\/what-is-codeguru-reviewer.html\n&#8211; Profiler docs: https:\/\/docs.aws.amazon.com\/codeguru\/latest\/profiler-ug\/what-is-codeguru-profiler.html<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CodeGuru has service quotas (for example, number of associations, review frequency, or payload sizes).<\/li>\n<li>Check <strong>Service Quotas<\/strong> in the AWS Console and CodeGuru docs for up-to-date limits.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>For the hands-on lab using CodeCommit:\n&#8211; AWS CodeCommit enabled in the same Region\n&#8211; IAM permissions to create and push to a CodeCommit repository<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Amazon CodeGuru pricing is <strong>usage-based<\/strong>, and pricing dimensions differ by component.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (high level)<\/h3>\n\n\n\n<p>You should confirm the exact units and rates on the official pricing page for your Region:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Amazon CodeGuru Reviewer<\/strong><\/li>\n<li>Common cost drivers include how much code is analyzed (for example, lines of code) and\/or how often reviews run (for example, per PR or per analysis unit).<\/li>\n<li>\n<p>Some integrations may affect how frequently reviews run.<\/p>\n<\/li>\n<li>\n<p><strong>Amazon CodeGuru Profiler<\/strong><\/p>\n<\/li>\n<li>Common cost drivers include the number of applications\/profiling groups and how long profiling runs (for example, hours), plus any data ingestion\/analysis dimensions depending on the service model.<\/li>\n<\/ul>\n\n\n\n<p>Official pricing:\n&#8211; https:\/\/aws.amazon.com\/codeguru\/pricing\/\n&#8211; AWS Pricing Calculator: https:\/\/calculator.aws\/<\/p>\n\n\n\n<blockquote>\n<p>Do not rely on blog posts for exact numbers\u2014CodeGuru pricing has changed historically. Always validate in the official pricing page and calculator.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<p>AWS sometimes offers limited-time trials or free usage tiers for specific services. <strong>Verify current free tier eligibility and duration<\/strong> on the pricing page for your account and Region.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Primary cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Number of repositories associated (Reviewer)<\/li>\n<li>PR frequency and PR size (Reviewer)<\/li>\n<li>Total amount of code analyzed (Reviewer)<\/li>\n<li>Number of services\/environments you profile (Profiler)<\/li>\n<li>Profiling hours (Profiler)<\/li>\n<li>Team behavior: frequent rebases\/force-pushes can trigger more analyses<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Repository hosting<\/strong> (if using CodeCommit) and storage<\/li>\n<li><strong>CI\/CD costs<\/strong> if you add additional build steps to enforce gating<\/li>\n<li><strong>Developer time<\/strong> triaging recommendations (a real cost; optimize signal-to-noise)<\/li>\n<li><strong>NAT Gateway costs<\/strong> if profiling agents need outbound internet access from private subnets (Profiler)<\/li>\n<li><strong>Logging costs<\/strong> if you export events and store them (CloudWatch Logs, S3)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewer: typically internal to AWS and repository provider access; minimal data transfer billing impact for most users, but you still pay for the underlying repo provider and any cross-region access patterns.<\/li>\n<li>Profiler: agent sends profiling data to AWS endpoints; outbound data from private subnets via NAT can add cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start with <strong>tier-1 repositories\/services<\/strong> first; expand based on ROI.<\/li>\n<li>Use smaller, focused PRs\u2014this improves review quality and may reduce analysis burden.<\/li>\n<li>Avoid analyzing generated code or vendored dependencies where possible (configuration-dependent; verify).<\/li>\n<li>For Profiler, profile <strong>production<\/strong> for real hotspots, but consider sampling\/coverage strategy to balance overhead and cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A realistic evaluation plan:\n&#8211; 1 repository associated\n&#8211; 5\u201320 PRs per week\n&#8211; PRs under a few hundred lines changed\n&#8211; 1 profiling group for a single service in a non-production environment for a few days<\/p>\n\n\n\n<p>Use the AWS Pricing Calculator:\n1. Open https:\/\/calculator.aws\/\n2. Search for \u201cAmazon CodeGuru\u201d\n3. Add <strong>Reviewer<\/strong> and\/or <strong>Profiler<\/strong>\n4. Input your expected PR volume, code size, and profiling hours based on the calculator\u2019s fields\n5. Add any NAT Gateway, CloudWatch, CodeBuild, or repository costs to get a complete estimate<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, costs scale with:\n&#8211; Dozens\/hundreds of repositories and frequent PR activity\n&#8211; Multiple profiling groups per environment (dev\/stage\/prod) across many services\n&#8211; Profiling always-on for critical services\n&#8211; Additional network costs (NAT) for private subnets\n&#8211; Increased governance: exporting findings\/events to SIEM or data lake<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab shows a practical, beginner-friendly workflow to run <strong>Amazon CodeGuru Reviewer<\/strong> on a <strong>CodeCommit pull request<\/strong>. It is designed to be safe and relatively low-cost, and it avoids local machine setup by using <strong>AWS CloudShell<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a CodeCommit repository with a small Python codebase<\/li>\n<li>Enable Amazon CodeGuru Reviewer for that repository<\/li>\n<li>Create a pull request that introduces an inefficient pattern<\/li>\n<li>View CodeGuru recommendations<\/li>\n<li>Clean up resources to avoid ongoing costs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Pick a Region and open AWS CloudShell\n2. Create a CodeCommit repo and push a small Python project\n3. Create a feature branch with a deliberate issue and open a pull request\n4. Associate the repo with Amazon CodeGuru Reviewer\n5. Confirm recommendations appear\n6. Delete resources<\/p>\n\n\n\n<blockquote>\n<p>Notes and honesty about outcomes:\n&#8211; CodeGuru Reviewer recommendation types and depth depend on supported languages and current model capabilities. You may see different recommendations than shown, or sometimes none for very small code changes.\n&#8211; If you do not receive recommendations, the Validation and Troubleshooting sections explain what to check.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Choose an AWS Region and open CloudShell<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the AWS Console, select a Region where <strong>Amazon CodeGuru Reviewer<\/strong> and <strong>AWS CodeCommit<\/strong> are available (for example, <code>us-east-1<\/code>).  <\/li>\n<li>Open <strong>AWS CloudShell<\/strong> (from the console top bar).<\/li>\n<\/ol>\n\n\n\n<p>In CloudShell, confirm identity:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws sts get-caller-identity\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You see your AWS Account ID and an ARN for your current identity.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a CodeCommit repository<\/h3>\n\n\n\n<p>Set variables:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export AWS_REGION=\"us-east-1\"\nexport REPO_NAME=\"codeguru-reviewer-lab\"\n<\/code><\/pre>\n\n\n\n<p>Create the repository:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws codecommit create-repository \\\n  --region \"$AWS_REGION\" \\\n  --repository-name \"$REPO_NAME\" \\\n  --repository-description \"Lab repo for Amazon CodeGuru Reviewer\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> Command returns repository metadata including <code>cloneUrlHttp<\/code> and <code>cloneUrlSsh<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Clone the repository from CloudShell<\/h3>\n\n\n\n<p>CloudShell commonly supports cloning CodeCommit repositories using the AWS CLI credential helper.<\/p>\n\n\n\n<p>Clone:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git clone \"codecommit::${AWS_REGION}:\/\/${REPO_NAME}\"\ncd \"$REPO_NAME\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have an empty git repository folder.<\/p>\n\n\n\n<p>If <code>git clone<\/code> fails, see Troubleshooting (common causes: missing CodeCommit permissions, wrong Region, or credential helper configuration).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Add a small Python project and push to main<\/h3>\n\n\n\n<p>Create a minimal project structure:<\/p>\n\n\n\n<pre><code class=\"language-bash\">mkdir -p app\ncat &gt; app\/main.py &lt;&lt;'EOF'\ndef build_report(items):\n    # Simple function: builds a report line by line\n    report = \"\"\n    for item in items:\n        report += f\"{item}\\n\"\n    return report\n\ndef handler():\n    items = [\"alpha\", \"beta\", \"gamma\"]\n    print(build_report(items))\n\nif __name__ == \"__main__\":\n    handler()\nEOF\n\ncat &gt; README.md &lt;&lt;'EOF'\n# CodeGuru Reviewer Lab\n\nThis is a tiny Python project used to test Amazon CodeGuru Reviewer pull request analysis.\nEOF\n<\/code><\/pre>\n\n\n\n<p>Commit and push:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git add .\ngit commit -m \"Initial commit: simple Python app\"\ngit push origin main\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> <code>main<\/code> branch has a Python file and README.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create a feature branch with a deliberately inefficient change<\/h3>\n\n\n\n<p>Create and switch to a feature branch:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git checkout -b feature\/inefficient-report\n<\/code><\/pre>\n\n\n\n<p>Modify the code to make the inefficiency more obvious (string concatenation in a loop can be inefficient in Python for large inputs; alternatives include <code>\"\\n\".join(...)<\/code>).<\/p>\n\n\n\n<p>Edit <code>app\/main.py<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-bash\">cat &gt; app\/main.py &lt;&lt;'EOF'\ndef build_report(items):\n    # Intentionally inefficient pattern for demonstration:\n    # concatenating strings repeatedly in a loop\n    report = \"\"\n    for item in items:\n        report = report + item + \"\\n\"\n    return report\n\ndef handler():\n    # Create a larger list to amplify the inefficiency\n    items = [f\"item-{i}\" for i in range(0, 5000)]\n    print(build_report(items)[:200])\n\nif __name__ == \"__main__\":\n    handler()\nEOF\n<\/code><\/pre>\n\n\n\n<p>Commit and push the feature branch:<\/p>\n\n\n\n<pre><code class=\"language-bash\">git add app\/main.py\ngit commit -m \"Change: inefficient string concatenation for report building\"\ngit push -u origin feature\/inefficient-report\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The feature branch exists in CodeCommit.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Create a pull request in CodeCommit<\/h3>\n\n\n\n<p>Create a PR using the AWS CLI:<\/p>\n\n\n\n<pre><code class=\"language-bash\">aws codecommit create-pull-request \\\n  --region \"$AWS_REGION\" \\\n  --title \"Test CodeGuru Reviewer: inefficient string building\" \\\n  --description \"Introduce a pattern that should trigger a performance\/style recommendation.\" \\\n  --targets repositoryName=\"$REPO_NAME\",sourceReference=\"feature\/inefficient-report\",destinationReference=\"main\"\n<\/code><\/pre>\n\n\n\n<p>Copy the <code>pullRequestId<\/code> from the output.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> A PR is created from <code>feature\/inefficient-report<\/code> to <code>main<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Associate the repository with Amazon CodeGuru Reviewer<\/h3>\n\n\n\n<p>Now enable CodeGuru Reviewer for this CodeCommit repository.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the AWS Console, go to <strong>Amazon CodeGuru<\/strong> \u2192 <strong>Reviewer<\/strong>.<\/li>\n<li>Find <strong>Repository associations<\/strong> (wording may vary slightly).<\/li>\n<li>Choose <strong>Associate repository<\/strong>.<\/li>\n<li>Select <strong>CodeCommit<\/strong>, then choose the repository: <code>codeguru-reviewer-lab<\/code>.<\/li>\n<li>Confirm and create the association.<\/li>\n<\/ol>\n\n\n\n<p>During this step, AWS may create a <strong>service-linked role<\/strong> for CodeGuru Reviewer if it doesn\u2019t exist.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> The repository association shows status like \u201cAssociated\u201d (or transitions from \u201cAssociating\u201d to \u201cAssociated\u201d).<\/p>\n\n\n\n<blockquote>\n<p>If you do not see the repository association options, verify you are in a supported Region and have permissions.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Run\/trigger a code review for the pull request<\/h3>\n\n\n\n<p>Depending on the current CodeGuru Reviewer behavior for CodeCommit:\n&#8211; It may automatically analyze PRs once the repository is associated, or\n&#8211; You may need to update the PR (push another commit) to trigger analysis.<\/p>\n\n\n\n<p>To force a new PR event, make a small update:<\/p>\n\n\n\n<pre><code class=\"language-bash\">echo \"\" &gt;&gt; README.md\ngit add README.md\ngit commit -m \"chore: trigger PR update\"\ngit push\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The PR is updated. CodeGuru Reviewer should start analysis shortly after.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9: View CodeGuru recommendations<\/h3>\n\n\n\n<p>Check findings in one (or both) locations:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>In the CodeCommit pull request UI<\/strong>\n   &#8211; Open the PR in CodeCommit.\n   &#8211; Look for CodeGuru Reviewer comments\/recommendations.<\/p>\n<\/li>\n<li>\n<p><strong>In the CodeGuru Reviewer console<\/strong>\n   &#8211; Go to <strong>Amazon CodeGuru<\/strong> \u2192 <strong>Reviewer<\/strong> \u2192 <strong>Code reviews<\/strong> (or similar section).\n   &#8211; Open the latest review tied to your PR.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You see one or more recommendations. For this example, a reasonable recommendation might mention string concatenation inefficiency and suggest using <code>join()<\/code>\u2014but exact output can vary. If you see none, follow Troubleshooting.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 10 (Optional): Fix the issue and observe recommendation resolution<\/h3>\n\n\n\n<p>Apply a more efficient implementation:<\/p>\n\n\n\n<pre><code class=\"language-bash\">cat &gt; app\/main.py &lt;&lt;'EOF'\ndef build_report(items):\n    # More efficient approach: join once\n    return \"\\n\".join(items) + \"\\n\"\n\ndef handler():\n    items = [f\"item-{i}\" for i in range(0, 5000)]\n    print(build_report(items)[:200])\n\nif __name__ == \"__main__\":\n    handler()\nEOF\n\ngit add app\/main.py\ngit commit -m \"Fix: use join for efficient string building\"\ngit push\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> CodeGuru Reviewer may re-run analysis for the updated PR and reduce or remove related recommendations.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Repository exists and has code<\/strong>\n   &#8211; CodeCommit console shows <code>codeguru-reviewer-lab<\/code> with commits on <code>main<\/code> and <code>feature\/inefficient-report<\/code>.<\/p>\n<\/li>\n<li>\n<p><strong>PR exists<\/strong>\n   &#8211; CodeCommit PR shows a diff between branches.<\/p>\n<\/li>\n<li>\n<p><strong>Repository association is \u201cAssociated\u201d<\/strong>\n   &#8211; CodeGuru Reviewer console shows the repository associated successfully.<\/p>\n<\/li>\n<li>\n<p><strong>A code review exists<\/strong>\n   &#8211; CodeGuru Reviewer console shows a code review created for the PR (or PR UI shows recommendations).<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: <code>git clone<\/code> fails in CloudShell<\/h4>\n\n\n\n<p>Common fixes:\n&#8211; Confirm Region matches the repository Region.\n&#8211; Ensure your identity has CodeCommit permissions:\n  &#8211; <code>codecommit:GitPull<\/code>, <code>codecommit:GitPush<\/code>\n  &#8211; <code>codecommit:CreateRepository<\/code>, <code>codecommit:CreatePullRequest<\/code> (for the lab)\n&#8211; Try listing repositories:\n  <code>bash\n  aws codecommit list-repositories --region \"$AWS_REGION\"<\/code><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Repository association fails or is stuck<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verify you have permission to create service-linked roles (common requirement):<\/li>\n<li><code>iam:CreateServiceLinkedRole<\/code><\/li>\n<li>Check CloudTrail for failure events related to CodeGuru\/CodeCommit.<\/li>\n<li>Verify the repository is in the same Region as the CodeGuru Reviewer association.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: No recommendations appear<\/h4>\n\n\n\n<p>This can happen for small changes or unsupported patterns.\n&#8211; Confirm the language\/file types are supported by CodeGuru Reviewer (verify in docs).\n&#8211; Ensure the PR includes code changes (not only README).\n&#8211; Try a larger diff or a known problematic pattern in a supported language (often Java has richer recommendation coverage).\n&#8211; Wait longer\u2014analysis can take time.\n&#8211; Check the CodeGuru Reviewer console for a code review status and any error messages.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Permissions error in console<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure your IAM principal has permission to:<\/li>\n<li>View CodeGuru Reviewer code reviews and recommendations<\/li>\n<li>View CodeCommit PRs and repository<\/li>\n<li>For organizations, check SCPs (Service Control Policies) that may block CodeGuru actions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges and reduce clutter:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Close or delete the pull request<\/strong>\n   &#8211; In CodeCommit, close the PR (or delete branches if desired).<\/p>\n<\/li>\n<li>\n<p><strong>Disassociate the repository in CodeGuru Reviewer<\/strong>\n   &#8211; Amazon CodeGuru \u2192 Reviewer \u2192 Repository associations\n   &#8211; Select the repo \u2192 Disassociate (wording may vary)<\/p>\n<\/li>\n<li>\n<p><strong>Delete the CodeCommit repository<\/strong>\n   &#8211; CodeCommit \u2192 Repositories \u2192 <code>codeguru-reviewer-lab<\/code> \u2192 Delete\n   &#8211; Or use CLI:\n     <code>bash\n     aws codecommit delete-repository \\\n       --region \"$AWS_REGION\" \\\n       --repository-name \"$REPO_NAME\"<\/code><\/p>\n<\/li>\n<li>\n<p>(Optional) <strong>Remove service-linked roles<\/strong>\n   &#8211; Only if your organization requires it and you understand the impact on other projects.\n   &#8211; Many AWS services reuse service-linked roles; removing them may break other setups.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Adopt incrementally:<\/strong> Start with a few high-impact repositories\/services (tier-1).<\/li>\n<li><strong>Separate environments:<\/strong> Use separate profiling groups per environment (<code>prod<\/code>, <code>staging<\/code>) to avoid mixing signals.<\/li>\n<li><strong>Standardize PR size:<\/strong> Small PRs improve automated review quality and human review effectiveness.<\/li>\n<li><strong>Shift-left:<\/strong> Run Reviewer on PRs; use Profiler for production feedback loops.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>least privilege<\/strong>:<\/li>\n<li>Limit who can associate repositories or create profiling groups.<\/li>\n<li>Restrict viewing of recommendations to those who need it (code can be sensitive).<\/li>\n<li>Prefer <strong>role-based access<\/strong> for CI and automation.<\/li>\n<li>Use <strong>AWS Organizations SCPs<\/strong> carefully\u2014don\u2019t accidentally block required service-linked role creation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Scope Reviewer to critical repositories first.<\/li>\n<li>Avoid analyzing generated code and large vendored directories if configuration supports it.<\/li>\n<li>For Profiler, focus on:<\/li>\n<li>Services with high CPU cost<\/li>\n<li>Services with latency SLOs<\/li>\n<li>Watch for <strong>NAT Gateway costs<\/strong> when agents run in private subnets.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use profiling to guide optimization; do not micro-optimize without evidence.<\/li>\n<li>Confirm recommendations with:<\/li>\n<li>Load tests<\/li>\n<li>p95\/p99 latency metrics<\/li>\n<li>Cost changes in AWS Cost Explorer<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat recommendations as inputs, not truth:<\/li>\n<li>Validate changes with unit\/integration tests<\/li>\n<li>Use canary deployments and rollback strategies<\/li>\n<li>For Profiler, ensure the agent deployment is consistent across replicas for representative sampling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Establish a triage process:<\/li>\n<li>Define severity levels and response expectations<\/li>\n<li>Track recurring recommendation patterns<\/li>\n<li>Use tags on related AWS resources (repositories, profiling groups where tagging exists) for ownership and chargeback.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use consistent naming:<\/li>\n<li><code>appname-env<\/code> for profiling groups<\/li>\n<li>repo association tracking spreadsheets\/dashboards for large orgs<\/li>\n<li>Tag by <code>CostCenter<\/code>, <code>Team<\/code>, <code>Environment<\/code>, <code>DataClassification<\/code>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Amazon CodeGuru uses <strong>AWS IAM<\/strong> for authentication and authorization.<\/li>\n<li>Use IAM policies to control:<\/li>\n<li>Who can configure repository associations\/profiling groups<\/li>\n<li>Who can view findings and recommendations<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expect encryption at rest for AWS-managed services, but <strong>verify<\/strong>:<\/li>\n<li>How CodeGuru stores analysis results<\/li>\n<li>Whether customer-managed KMS keys are supported for specific artifacts<\/li>\n<li>For repositories, CodeCommit supports encryption at rest (KMS). Your repository encryption choices affect overall risk posture.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewer is managed and does not require inbound network access to your VPC.<\/li>\n<li>Profiler agents require outbound connectivity to AWS endpoints:<\/li>\n<li>In private subnets, use NAT or supported VPC endpoints (verify endpoint support).<\/li>\n<li>Control egress with security groups and network ACLs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not hardcode secrets in repos.<\/li>\n<li>Use AWS Secrets Manager or SSM Parameter Store.<\/li>\n<li>Remember: code review tools may process code text; keep secrets out of source control entirely.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>AWS CloudTrail<\/strong> in all accounts\/regions used.<\/li>\n<li>Monitor CodeGuru-related API calls:<\/li>\n<li>Repository associations created\/removed<\/li>\n<li>Profiling groups created\/permissions changed<\/li>\n<li>Consider centralized logging and alerting for configuration changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Classify source code and profiling data as sensitive.<\/li>\n<li>Validate whether CodeGuru meets your compliance requirements (SOC, ISO, etc.) by consulting AWS Artifact and your compliance team.<\/li>\n<li>For regulated industries, document:<\/li>\n<li>Data flow (what code is analyzed, where it\u2019s stored)<\/li>\n<li>Access controls (who can view recommendations)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Granting broad <code>*<\/code> permissions to developers for convenience<\/li>\n<li>Allowing production profiling group access to all users<\/li>\n<li>Using a single profiling group for multiple environments\/tenants (data leakage risk)<\/li>\n<li>Neglecting CloudTrail and change monitoring for DevTools<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use separate AWS accounts for prod vs dev when possible.<\/li>\n<li>Limit CodeGuru configuration privileges to platform\/DevSecOps roles.<\/li>\n<li>Enforce MFA and SSO (IAM Identity Center) for console access.<\/li>\n<li>Combine CodeGuru with:<\/li>\n<li>dependency scanning (for example, dedicated SCA tools)<\/li>\n<li>secret scanning<\/li>\n<li>runtime security controls<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<blockquote>\n<p>Confirm current limits and supported features in official documentation, because CodeGuru capabilities evolve.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations (common categories)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Language support limitations (Reviewer):<\/strong> Not all languages and frameworks are supported.<\/li>\n<li><strong>Repository provider limitations:<\/strong> Integrations differ by provider; some features may be CodeCommit-only or require specific connection setup.<\/li>\n<li><strong>Signal-to-noise:<\/strong> Automated recommendations can produce false positives or low-priority suggestions.<\/li>\n<li><strong>Large PRs:<\/strong> Very large diffs can reduce relevance and increase analysis time.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Repository association limits per account\/region (check Service Quotas)<\/li>\n<li>API rate limits (check docs)<\/li>\n<li>Profiling group limits and ingestion limits (Profiler; verify)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some Regions may not support CodeGuru Reviewer\/Profiler or specific integrations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>High PR volume and large diffs can increase Reviewer costs.<\/li>\n<li>Always-on profiling across many services can scale cost.<\/li>\n<li>NAT Gateway costs for outbound profiling traffic from private subnets can be significant.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Profiler requires runtime\/agent compatibility; verify exact versions (JDK distribution, Python version, container base images).<\/li>\n<li>Build pipelines that rewrite PRs repeatedly can trigger extra analysis.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Developers may ignore recommendations unless you:<\/li>\n<li>define expectations<\/li>\n<li>create dashboards<\/li>\n<li>integrate into engineering rituals<\/li>\n<li>Over-enforcing merge gates can slow delivery if recommendations aren\u2019t triaged efficiently.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Moving from self-hosted analysis tools requires process change:<\/li>\n<li>mapping severities<\/li>\n<li>training teams<\/li>\n<li>deciding which findings block merges<\/li>\n<li>For Git provider changes (GitHub \u2192 CodeCommit or vice versa), you may need to re-create associations and update IAM\/connection models.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CodeGuru is an AWS service and works best when your repos\/compute are in AWS-native workflows. Hybrid setups can work but may require extra authentication, network, and operational planning.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Amazon CodeGuru overlaps with code review automation, static analysis, and profiling tools, but it is not identical to all-in-one DevSecOps platforms.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Amazon CodeGuru (Reviewer + Profiler)<\/strong><\/td>\n<td>AWS-centric teams wanting managed code review + continuous profiling<\/td>\n<td>AWS-native IAM, managed service, PR recommendations, profiling hotspots<\/td>\n<td>Language\/provider limitations; pricing scales with usage; not a full security suite<\/td>\n<td>You want AWS-managed analysis integrated into AWS repos\/compute<\/td>\n<\/tr>\n<tr>\n<td><strong>Amazon Q Developer (formerly CodeWhisperer for many use cases)<\/strong><\/td>\n<td>Developers wanting AI coding assistance in IDE<\/td>\n<td>Fast suggestions in IDE, productivity for coding tasks<\/td>\n<td>Not the same as static analysis\/profiling; not a substitute for review<\/td>\n<td>You want AI pair-programming; use alongside CodeGuru rather than instead<\/td>\n<\/tr>\n<tr>\n<td><strong>SonarQube \/ SonarCloud<\/strong><\/td>\n<td>Broad language static analysis with customizable rules<\/td>\n<td>Wide language support, strong rule management, quality gates<\/td>\n<td>Self-managed (SonarQube) overhead or SaaS cost; tuning required<\/td>\n<td>You need broad SAST-like code quality rules across many languages<\/td>\n<\/tr>\n<tr>\n<td><strong>GitHub Advanced Security<\/strong><\/td>\n<td>GitHub-first security scanning (CodeQL, secret scanning, dependency alerts)<\/td>\n<td>Strong security focus, integrated into GitHub<\/td>\n<td>Primarily GitHub; may not include profiling<\/td>\n<td>You want security scanning tightly integrated into GitHub<\/td>\n<\/tr>\n<tr>\n<td><strong>Snyk<\/strong><\/td>\n<td>Developer-focused security for dependencies and code<\/td>\n<td>Strong SCA, container scanning, IDE integration<\/td>\n<td>Cost; not primarily profiling<\/td>\n<td>You want dependency\/container security and developer workflow integration<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Cloud Profiler<\/strong><\/td>\n<td>Profiling for apps on GCP<\/td>\n<td>Managed profiling with GCP integration<\/td>\n<td>Best in GCP ecosystem<\/td>\n<td>Your workloads are primarily on GCP<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Application Insights Profiler \/ .NET profilers<\/strong><\/td>\n<td>Profiling in Azure, especially .NET workloads<\/td>\n<td>Tight Azure integration<\/td>\n<td>Best for Azure\/.NET<\/td>\n<td>Your workloads are primarily on Azure<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: regulated financial services platform<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\n&#8211; Hundreds of microservices with uneven code review quality\n&#8211; Rising compute costs in JVM services\n&#8211; Compliance requires stronger SDLC controls and audit trails<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Use <strong>Amazon CodeGuru Reviewer<\/strong> on tier-1 repositories:\n  &#8211; Associate CodeCommit repositories (and supported external repos as needed)\n  &#8211; Require PR templates and encourage small PRs\n  &#8211; Track recommendation trends and ownership\n&#8211; Use <strong>Amazon CodeGuru Profiler<\/strong> on the top 20 most expensive services:\n  &#8211; Create profiling groups per service per environment\n  &#8211; Deploy the profiler agent via standard platform base images\n  &#8211; Feed performance insights into a performance backlog\n&#8211; Governance:\n  &#8211; IAM roles: platform team controls associations\/profiling groups\n  &#8211; CloudTrail logging to a centralized security account\n  &#8211; Budgets and cost allocation tags<\/p>\n\n\n\n<p><strong>Why Amazon CodeGuru was chosen<\/strong>\n&#8211; Managed service reduces tool-hosting overhead\n&#8211; AWS-native IAM and audit logging\n&#8211; Combination of code review automation + runtime profiling<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Reduced recurring code issues and faster PR cycles\n&#8211; Measurable reduction in CPU hotspots for prioritized services\n&#8211; Improved SDLC evidence for compliance audits<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: SaaS API with cost sensitivity<\/h3>\n\n\n\n<p><strong>Problem<\/strong>\n&#8211; Small team, fast releases, limited time for deep review\n&#8211; Production latency spikes after new features\n&#8211; AWS bill growing due to over-provisioning<\/p>\n\n\n\n<p><strong>Proposed architecture<\/strong>\n&#8211; Enable <strong>CodeGuru Reviewer<\/strong> for the main backend repo:\n  &#8211; Use it as an extra reviewer that catches common patterns\n&#8211; Enable <strong>CodeGuru Profiler<\/strong> only for production in one service initially:\n  &#8211; Identify hotspots and optimize the worst offenders\n&#8211; Add lightweight process:\n  &#8211; Fix the top 1\u20132 recommendations per sprint\n  &#8211; Track before\/after in CloudWatch latency metrics and Cost Explorer<\/p>\n\n\n\n<p><strong>Why Amazon CodeGuru was chosen<\/strong>\n&#8211; No servers to run, minimal setup compared to self-managed tools\n&#8211; Profiling provides direct cost\/latency improvement guidance<\/p>\n\n\n\n<p><strong>Expected outcomes<\/strong>\n&#8211; Lower p95 latency and fewer performance regressions\n&#8211; Reduced compute spend after targeted optimizations\n&#8211; Better code consistency without hiring additional reviewers<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) Is Amazon CodeGuru a code generator like an AI coding assistant?<\/h3>\n\n\n\n<p>No. Amazon CodeGuru primarily provides <strong>code review recommendations<\/strong> and <strong>runtime profiling insights<\/strong>. AI coding assistants (like Amazon Q Developer) focus on generating code and suggestions in the IDE.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) What are the main parts of Amazon CodeGuru?<\/h3>\n\n\n\n<p>Most commonly: <strong>Amazon CodeGuru Reviewer<\/strong> and <strong>Amazon CodeGuru Profiler<\/strong>. If you see references to other components (for example, CodeGuru Security), verify their current status in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Does CodeGuru Reviewer replace human code review?<\/h3>\n\n\n\n<p>No. It complements human review by catching patterns automatically; humans still review behavior, design, correctness, and context.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Which languages does CodeGuru Reviewer support?<\/h3>\n\n\n\n<p>Support varies over time. Historically, Java has strong coverage and Python is also commonly referenced. <strong>Verify current supported languages<\/strong> in AWS docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Can CodeGuru Reviewer analyze monorepos?<\/h3>\n\n\n\n<p>It can associate with repositories, but effectiveness depends on size, PR structure, and supported languages. Large monorepos may require additional process discipline.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) How are recommendations delivered?<\/h3>\n\n\n\n<p>Typically in the CodeGuru console and\/or directly on pull requests (depending on repository provider integration).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) How long does a review take?<\/h3>\n\n\n\n<p>It depends on repo size, PR size, and service load. Expect minutes, but verify typical times for your environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) Can I block merges based on CodeGuru recommendations?<\/h3>\n\n\n\n<p>CodeGuru itself provides recommendations; merge gating depends on your CI\/CD and repo provider capabilities. Many teams implement policy in CI using APIs\/events (verify supported automation hooks).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) Does CodeGuru Profiler work for containers?<\/h3>\n\n\n\n<p>It can, provided the runtime\/agent supports your environment. Verify runtime and deployment instructions in the Profiler documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) Is profiling safe for production?<\/h3>\n\n\n\n<p>Continuous profiling is designed for production use, but it adds overhead. Start with one service, validate overhead and benefit, then expand.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Do I need a VPC endpoint for the Profiler agent?<\/h3>\n\n\n\n<p>Not always. In private subnets, you may need NAT if no VPC endpoint is supported. <strong>Verify VPC endpoint support<\/strong> for CodeGuru Profiler in your region.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) Is CodeGuru suitable for security compliance requirements?<\/h3>\n\n\n\n<p>It can help, but it is not a complete compliance solution. Pair it with broader security controls: code scanning, dependency scanning, secrets management, and audit logging.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) Can I use CodeGuru with GitHub?<\/h3>\n\n\n\n<p>Often yes via AWS connection mechanisms, but supported providers and setup steps change. Verify current integration steps in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) How do I estimate cost without surprises?<\/h3>\n\n\n\n<p>Use the AWS Pricing Calculator, start small, and measure PR volume and profiling hours. Watch NAT and CI costs as indirect drivers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) What\u2019s the simplest way to start?<\/h3>\n\n\n\n<p>Enable <strong>CodeGuru Reviewer<\/strong> on one repository and observe recommendation quality for a few weeks. Then expand or add Profiler for performance-critical services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">16) What if CodeGuru recommendations conflict with our coding standards?<\/h3>\n\n\n\n<p>Treat CodeGuru as guidance. If your standards differ, document when to ignore recommendations and ensure engineers understand why.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">17) Does CodeGuru store my source code?<\/h3>\n\n\n\n<p>CodeGuru analyzes code for recommendations. For exact data handling and retention, consult AWS documentation and your compliance team.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Amazon CodeGuru<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Amazon CodeGuru Reviewer User Guide: https:\/\/docs.aws.amazon.com\/codeguru\/latest\/reviewer-ug\/what-is-codeguru-reviewer.html<\/td>\n<td>Authoritative feature, setup, and integration details<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Amazon CodeGuru Profiler User Guide: https:\/\/docs.aws.amazon.com\/codeguru\/latest\/profiler-ug\/what-is-codeguru-profiler.html<\/td>\n<td>Agent setup, profiling groups, and interpretation guidance<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Amazon CodeGuru Pricing: https:\/\/aws.amazon.com\/codeguru\/pricing\/<\/td>\n<td>Current pricing model and dimensions<\/td>\n<\/tr>\n<tr>\n<td>Cost estimation<\/td>\n<td>AWS Pricing Calculator: https:\/\/calculator.aws\/<\/td>\n<td>Build realistic estimates including indirect costs<\/td>\n<\/tr>\n<tr>\n<td>Security\/audit<\/td>\n<td>AWS CloudTrail docs: https:\/\/docs.aws.amazon.com\/awscloudtrail\/latest\/userguide\/cloudtrail-user-guide.html<\/td>\n<td>Auditing configuration changes for governance<\/td>\n<\/tr>\n<tr>\n<td>Repository service<\/td>\n<td>AWS CodeCommit docs: https:\/\/docs.aws.amazon.com\/codecommit\/latest\/userguide\/welcome.html<\/td>\n<td>PR workflow and repository operations used with Reviewer<\/td>\n<\/tr>\n<tr>\n<td>IAM guidance<\/td>\n<td>IAM User Guide: https:\/\/docs.aws.amazon.com\/IAM\/latest\/UserGuide\/introduction.html<\/td>\n<td>Least privilege patterns and role design<\/td>\n<\/tr>\n<tr>\n<td>Service quotas<\/td>\n<td>Service Quotas docs: https:\/\/docs.aws.amazon.com\/servicequotas\/latest\/userguide\/intro.html<\/td>\n<td>Find and manage CodeGuru-related quotas<\/td>\n<\/tr>\n<tr>\n<td>Architecture guidance<\/td>\n<td>AWS Architecture Center: https:\/\/aws.amazon.com\/architecture\/<\/td>\n<td>Patterns for DevSecOps, CI\/CD, and governance (search for CodeGuru-related references)<\/td>\n<\/tr>\n<tr>\n<td>Videos (official)<\/td>\n<td>AWS YouTube Channel: https:\/\/www.youtube.com\/@amazonwebservices<\/td>\n<td>Look for CodeGuru\/Profiler\/Reviewer deep dives and re:Invent sessions<\/td>\n<\/tr>\n<tr>\n<td>Samples (verify official)<\/td>\n<td>AWS Samples on GitHub: https:\/\/github.com\/aws-samples<\/td>\n<td>Search for \u201cCodeGuru Reviewer\u201d or \u201cCodeGuru Profiler\u201d examples (verify repo authenticity and maintenance)<\/td>\n<\/tr>\n<tr>\n<td>Community learning<\/td>\n<td>AWS re:Post: https:\/\/repost.aws\/<\/td>\n<td>Practical troubleshooting and real-world Q&amp;A<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, platform teams, developers<\/td>\n<td>DevOps practices, AWS tooling, CI\/CD, code quality workflows<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>Source control, CI\/CD foundations, DevOps lifecycle<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud operations and SRE-leaning roles<\/td>\n<td>Cloud operations, monitoring, automation, reliability<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, operations teams, architects<\/td>\n<td>SRE principles, observability, incident reduction, performance<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams adopting ML\/AI tooling<\/td>\n<td>AIOps concepts, automation, applying ML to operations<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/Cloud training and guidance (verify current offerings)<\/td>\n<td>Beginners to professionals seeking practical mentoring<\/td>\n<td>https:\/\/www.rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training content and services (verify syllabus)<\/td>\n<td>DevOps engineers, CI\/CD practitioners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps support\/training platform (verify current services)<\/td>\n<td>Teams needing short-term DevOps help or coaching<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources (verify scope)<\/td>\n<td>Operations\/DevOps teams needing implementation support<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify service catalog)<\/td>\n<td>CI\/CD modernization, governance, cloud operations<\/td>\n<td>\u201cEnable CodeGuru Reviewer in PR workflows\u201d, \u201cProfiler rollout for top services\u201d, \u201cCost optimization program\u201d<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and enablement<\/td>\n<td>DevSecOps adoption, pipeline standardization, training + implementation<\/td>\n<td>\u201cBaseline code quality program with CodeGuru\u201d, \u201cIAM governance for DevTools\u201d, \u201cDeveloper enablement workshops\u201d<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify current offerings)<\/td>\n<td>Toolchain integration, automation, reliability improvements<\/td>\n<td>\u201cIntegrate CodeGuru into CI\/CD\u201d, \u201cSet up profiling and performance backlog\u201d, \u201cOperational dashboards and audits\u201d<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Amazon CodeGuru<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Git fundamentals: branches, PRs, code review etiquette<\/li>\n<li>Basic AWS IAM: users\/roles\/policies, least privilege<\/li>\n<li>CI\/CD basics: build, test, merge gates<\/li>\n<li>Observability basics: metrics vs logs vs traces<\/li>\n<li>Performance fundamentals: profiling concepts, hotspots, benchmarking<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Amazon CodeGuru<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advanced DevSecOps:<\/li>\n<li>SAST\/SCA\/secret scanning<\/li>\n<li>threat modeling and secure coding standards<\/li>\n<li>Performance engineering:<\/li>\n<li>load testing<\/li>\n<li>caching strategies<\/li>\n<li>JVM\/Python optimization (depending on your stack)<\/li>\n<li>Platform engineering:<\/li>\n<li>standardized pipelines<\/li>\n<li>golden paths and developer portals<\/li>\n<li>FinOps:<\/li>\n<li>cost allocation, budgets, unit economics<\/li>\n<li>savings plans\/reservations strategy informed by profiling results<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Software Engineer (especially backend)<\/li>\n<li>DevOps Engineer \/ CI\/CD Engineer<\/li>\n<li>SRE \/ Production Engineer<\/li>\n<li>Platform Engineer<\/li>\n<li>Application Security Engineer (as part of a broader toolchain)<\/li>\n<li>Cloud Solutions Architect<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (AWS)<\/h3>\n\n\n\n<p>There is no widely recognized standalone \u201cAmazon CodeGuru certification.\u201d Instead, CodeGuru knowledge supports:\n&#8211; AWS Developer-oriented certifications\n&#8211; AWS DevOps and architecture certifications<\/p>\n\n\n\n<p>Choose certifications based on your role (developer, DevOps, or architect), and treat CodeGuru as a practical skill within SDLC and operations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Enable CodeGuru Reviewer on a sample Java repo and build a \u201cquality gate\u201d policy.<\/li>\n<li>Deploy a small JVM service on ECS and enable CodeGuru Profiler; optimize the top hotspot.<\/li>\n<li>Create an internal \u201crecommendation triage\u201d dashboard (manual or automated) and track trendlines.<\/li>\n<li>Compare profiler findings with CloudWatch metrics and validate performance improvements.<\/li>\n<li>Build a pipeline that posts CodeGuru review summaries to a team channel (verify EventBridge\/SNS integration paths first).<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Code review (PR review):<\/strong> The process of reviewing code changes before merging to a main branch.<\/li>\n<li><strong>Pull request (PR):<\/strong> A request to merge changes from one branch into another with review steps.<\/li>\n<li><strong>Repository association:<\/strong> Configuration that connects CodeGuru Reviewer to a repository so it can analyze code.<\/li>\n<li><strong>Recommendation:<\/strong> A finding produced by CodeGuru (for example, performance, correctness, best practice).<\/li>\n<li><strong>Profiler agent:<\/strong> A runtime component that collects profiling samples and sends them to CodeGuru Profiler.<\/li>\n<li><strong>Profiling group:<\/strong> A logical container in CodeGuru Profiler that organizes profiling data for an application\/service.<\/li>\n<li><strong>Hotspot:<\/strong> A method\/function\/code path consuming significant CPU time or resources.<\/li>\n<li><strong>Flame graph:<\/strong> A visualization of call stacks and time spent, used to find hotspots.<\/li>\n<li><strong>Least privilege:<\/strong> IAM practice of granting only the permissions required to perform a task.<\/li>\n<li><strong>Service-linked role:<\/strong> An IAM role created for an AWS service to perform actions on your behalf.<\/li>\n<li><strong>CloudTrail:<\/strong> AWS service that logs API calls for auditing and governance.<\/li>\n<li><strong>NAT Gateway:<\/strong> Enables outbound internet access from private subnets; can be a cost driver for agents.<\/li>\n<li><strong>Shift-left:<\/strong> Moving quality\/security checks earlier in the development lifecycle.<\/li>\n<li><strong>DevSecOps:<\/strong> Integrating security controls into DevOps practices and pipelines.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Amazon CodeGuru is an AWS Machine Learning (ML) and Artificial Intelligence (AI) service focused on <strong>automated code reviews (Amazon CodeGuru Reviewer)<\/strong> and <strong>continuous application profiling (Amazon CodeGuru Profiler)<\/strong>. It fits best in AWS-centric development environments where teams want managed, PR-integrated recommendations and runtime performance insights without running their own analysis infrastructure.<\/p>\n\n\n\n<p>Key takeaways:\n&#8211; Use <strong>Reviewer<\/strong> to catch issues early in pull requests and standardize code review signals.\n&#8211; Use <strong>Profiler<\/strong> to find real production hotspots and reduce latency and compute cost.\n&#8211; Manage cost by scoping to high-impact repos\/services first, controlling PR size, and watching indirect costs like NAT and CI.\n&#8211; Secure deployments with least-privilege IAM, CloudTrail auditing, careful access to code and profiling data, and environment separation.<\/p>\n\n\n\n<p>Next step: enable Amazon CodeGuru Reviewer on one repository, run it for a few weeks, measure recommendation quality and developer adoption, then expand\u2014or add CodeGuru Profiler for your most expensive or latency-sensitive service.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Machine Learning (ML) and Artificial Intelligence (AI)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,32],"tags":[],"class_list":["post-234","post","type-post","status-publish","format-standard","hentry","category-aws","category-machine-learning-ml-and-artificial-intelligence-ai"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=234"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/234\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}