AWS Dzera is an AI-powered AWS cost optimization platform built on AWS Nova. It scans your AWS infrastructure across all enabled regions, identifies cost-driving resources, and provides actionable recommendations through a conversational AI interface.

• AI-Powered Analysis — AWS Nova Pro analyzes scan results, explains findings in plain language, and answers follow-up questions through an integrated chat interface
• Multi-Region Scanning — Automatically discovers and scans all enabled AWS regions (opt-in and default)
• Comprehensive Coverage — EC2, RDS, S3, DynamoDB, CloudFront, NAT Gateways, Elastic IPs, EBS volumes, Lambda, and more
• Compute Intelligence — Detects underutilized EC2 instances (CPU < 5% avg over 7 days), stopped instances, and oversized configurations
• Cost Explorer Integration — Pulls last 30 days of spend, top services by cost, Savings Plans coverage, and Reserved Instance utilization
• Command Palette — Search and click any AWS service to open a dedicated Nova chat tab with service-specific analysis
• Guided Onboarding — Conversational credential setup powered by Nova Micro for instant responses
• Hybrid AI Model Routing — Nova Micro for onboarding speed, Nova Lite for general chat, Nova Pro for deep infrastructure analysis
• Read-Only & Secure — Uses only read-only AWS permissions. Credentials are encrypted with KMS in production and never stored.

• Node.js 18+
• AWS account with an IAM user that has ReadOnlyAccess
• AWS Nova API key (via Amazon Bedrock)

git clone https://github.com/stalkiq/dzera.git
cd dzera
npm install

Create a .env.local file in the project root:

NOVA_API_KEY=your_bedrock_api_key_here

npm run dev

Open http://localhost:3000.

1. Onboard — Dzera walks you through entering your AWS Access Key ID and Secret Access Key via a conversational interface
2. Scan — Analysis starts automatically after credential validation. Dzera scans EC2, S3, RDS, EBS, Elastic IPs, NAT Gateways, CloudFront, DynamoDB, and more across every enabled region
3. Review — Findings appear in a scan-results.json tab organized by service, severity, and estimated cost impact
4. Ask — Use the chat interface or command palette to ask Nova about any finding, service, or optimization strategy
5. Act — Follow actionable recommendations with direct links to the AWS Console

• Frontend: Next.js 16 with React 19, Tailwind CSS
• Backend: Next.js API routes proxying to AWS Bedrock (Nova)
• Scanning: Direct AWS SDK calls using user-provided credentials

• Frontend: S3 + CloudFront (static export)
• API: API Gateway REST API
• Compute: AWS Lambda (scan + chat functions)
• AI: Amazon Bedrock — Nova Micro, Nova Lite, Nova Pro
• Security: AWS KMS for credential encryption in transit

User Browser
    │
    ▼
CloudFront + S3  ──  Static Frontend
    │
    ▼
API Gateway  ──  REST API
    │
    ├──▶  Chat Lambda  ──▶  Amazon Bedrock (Nova)
    │
    └──▶  Scan Lambda  ──▶  EC2, RDS, S3, CloudWatch,
                             Cost Explorer, Organizations ...

aws-dzera/
├── src/
│   ├── app/
│   │   ├── api/chat/        # Nova chat API route
│   │   ├── api/scan/        # Scan API route
│   │   ├── why-dzera/       # About page
│   │   ├── page.tsx         # Main application (IDE-style UI)
│   │   └── layout.tsx       # Root layout and header
│   ├── components/
│   │   ├── ChatInterface.tsx  # Nova chat component
│   │   └── DLogo.tsx          # Dzera logo component
│   └── lib/
│       ├── costScanner.ts     # Multi-region scan engine
│       └── awsScan.ts         # AWS SDK scan utilities
├── aws-deployment/
│   ├── lib/                   # CDK stack definitions
│   ├── lambda/
│   │   ├── chat/              # Chat Lambda (Bedrock integration)
│   │   └── scan/              # Scan Lambda (parallel multi-region)
│   └── bin/                   # CDK app entry point
└── public/                    # Static assets

Dzera uses a hybrid model routing strategy across six touchpoints:

cd aws-deployment
npm install
npx cdk bootstrap   # First time only
npx cdk deploy --all

Then build and upload the frontend:

npm run build
aws s3 sync out/ s3://YOUR_BUCKET_NAME --delete
aws cloudfront create-invalidation --distribution-id YOUR_DIST_ID --paths "/*"

See aws-deployment/README.md for full deployment docs.

• Read-Only Access — Dzera only requires ReadOnlyAccess. It cannot modify, delete, or create any resources in your account.
• No Storage — Credentials are used for the duration of the scan and immediately discarded.
• KMS Encryption — In production, credentials are encrypted with AWS KMS before transmission to Lambda.
• Local Processing — In development mode, all scanning happens locally on your machine.

npm run dev       # Start dev server
npm run build     # Production build
npm run lint      # Run ESLint

1. Fork the repository
2. Create a feature branch (git checkout -b feature/your-feature)
3. Commit your changes (git commit -m 'Add your feature')
4. Push to the branch (git push origin feature/your-feature)
5. Open a Pull Request

MIT License — see LICENSE for details.

Built with Next.js, AWS SDK v3, and Amazon Nova.