Building an Automated AWS Security Advisor: RAG with AWS Bedrock and OpenSearch Serverless

The Problem: Security Posture Debt at Scale In large AWS environments spanning multiple accounts, developers and engineers create cloud resources every day - EC2 instances, S3 buckets, ECS clusters, EKS clusters, RDS databases, Lambda functions, VPCs and so many other resources. But it also means security best practices often get deprioritized in the heat of delivery. The result? AWS Security Hub flags dozens of findings every week.