Review Your Template

After the Infrastructure Wizard generates your template -- whether from a conversation or a repository scan -- you are taken to the review screen. This is where you inspect every resource, understand the architecture decisions, and make any adjustments before deploying.

Taking a few minutes to review your template ensures the generated infrastructure matches your expectations and avoids surprises during deployment.

Template Overview

The review screen presents your generated infrastructure in several views:

Architecture Summary

At the top of the review page, you see a high-level summary of the architecture:

Total resources -- The number of AWS resources that will be created.
Services used -- A list of AWS services included in the template.
Environment tier -- Whether the template is configured for development, staging, or production.
Estimated monthly cost -- A rough cost estimate based on the selected resource sizes and configurations.

Resource List

Below the summary, every resource in the template is listed with:

Field	Description
Resource name	The logical name assigned to the resource
Service	The AWS service (e.g., VPC, RDS, S3)
Type	The specific resource type being created
Configuration	Key configuration details (instance size, storage, encryption settings)
Purpose	Why this resource was included and what role it plays in your architecture

You can expand any resource to see its full configuration, including all properties and their values.

Architecture Rationale

For each service in the template, the Wizard provides a brief explanation of why it was chosen and how it fits into the overall architecture. This helps you understand the design decisions, especially if you described your requirements at a high level.

tip

If the Wizard chose a service you did not expect, check the architecture rationale. It often explains the reasoning, such as selecting a container service because your application includes a Dockerfile, or adding a cache layer because your database is expected to handle high read volumes.

Understanding the Template Structure

The generated template organises resources into logical groups:

Networking Layer

VPC with CIDR block configuration
Subnets across multiple Availability Zones (public and private)
NAT Gateways for outbound internet access from private subnets
Internet Gateway for public subnet access
Route Tables with appropriate routing rules
Security Groups with least-privilege ingress and egress rules
VPC Endpoints for accessing AWS services without traversing the public internet

Compute Layer

Depending on your workload type:

Container services with task definitions, service configurations, and auto-scaling policies
Serverless functions with appropriate memory, timeout, and concurrency settings
EC2 instances with launch templates, auto-scaling groups, and instance profiles
Load balancers with target groups, health checks, and listener rules

Data Layer

Databases with encryption, backup policies, and appropriate instance sizing
Caches with cluster mode, replication, and eviction policies
Storage buckets with versioning, encryption, and lifecycle rules
File systems with mount targets and access points

Security Layer

Encryption keys for data-at-rest encryption across all storage and database services
Secrets management for database credentials and API keys
IAM roles and policies with least-privilege permissions for each service
Web application firewalls for internet-facing applications
SSL/TLS certificates for encrypted communications

Monitoring Layer

Log groups for centralized logging from all services
Metrics and alarms for key operational thresholds
Distributed tracing for request flow visibility
Audit trails for security and compliance event recording

Validating the Design

Before proceeding to deployment, consider these validation checks:

Security Review

IAM roles follow least-privilege -- each service only has the permissions it needs
All databases and storage have encryption enabled
Security groups restrict access to only the necessary ports and sources
Secrets are stored in a secrets manager, not hardcoded

Availability Review

Critical resources span multiple Availability Zones
Databases have appropriate backup and recovery settings
Auto-scaling is configured for compute resources that may experience variable load
Health checks are properly configured for load-balanced services

Cost Review

Instance sizes are appropriate for your expected workload (not over-provisioned)
Development environments use cost-optimised configurations
NAT Gateways are included only where needed (they incur hourly charges)
Storage lifecycle policies prevent unbounded growth

caution

For production workloads, pay special attention to database configurations. Verify that multi-AZ deployment, automated backups, and appropriate storage sizes are configured to match your data requirements. Under-provisioning database storage or IOPS can lead to performance issues that are difficult to resolve without downtime.

Template Download

If you prefer to deploy outside of Guardian Pro, or want to version-control the template in your own repository, you can download it:

Click Download Template on the review screen.
The template file is downloaded to your local machine.
You can then deploy it using the AWS Console, AWS CLI, or your own CI/CD pipeline.

info

Downloaded templates are standalone and self-contained. They do not require Guardian Pro to deploy or manage. However, deploying through Guardian Pro provides the additional benefits of preflight validation and automatic monitoring integration.

CI/CD Configuration

If your application includes a CI/CD pipeline requirement, the Wizard can generate a pipeline configuration alongside your infrastructure template. The CI/CD configuration includes:

Source stage -- Connected to your Git repository
Build stage -- Appropriate build commands for your detected language and framework
Deploy stage -- Automated deployment to your infrastructure

You can review and customise the pipeline configuration on the review screen before proceeding.

Moving to Deployment

Once you are satisfied with the template:

Click Continue to Deploy to proceed to the deployment stage.
Guardian Pro runs preflight checks to validate the template before any resources are created.
You confirm the deployment and Guardian Pro creates all resources in your AWS account.

See Deploy for the full deployment process, including preflight checks and monitoring.

Next Steps

Deploy -- Validate and deploy your reviewed template to AWS.
Describe Your Requirements -- Want to try a different approach? Start a new conversation.
Scan a Repository -- Generate from an existing codebase instead.
Architecture Advisor -- After deployment, use the Architecture Advisor to monitor your new infrastructure.

Template Overview
Understanding the Template Structure
Validating the Design
Template Download
CI/CD Configuration
Moving to Deployment
Next Steps

Template Overview​

Architecture Summary​

Resource List​

Architecture Rationale​

Understanding the Template Structure​

Networking Layer​

Compute Layer​

Data Layer​

Security Layer​

Monitoring Layer​

Validating the Design​

Security Review​

Availability Review​

Cost Review​

Template Download​

CI/CD Configuration​

Moving to Deployment​

Next Steps​