feat(readiness): Add shared AWS program library + Kevin's updated program catalog#68
Open
aritnag123 wants to merge 5 commits into
Open
feat(readiness): Add shared AWS program library + Kevin's updated program catalog#68aritnag123 wants to merge 5 commits into
aritnag123 wants to merge 5 commits into
Conversation
Introduce a shared AWS Program & GTM Library as a reference file and wire it into the two portfolio readiness Task Definitions so the analysis agent can recommend relevant AWS programs in the "Next Steps" section of reports. - Add readiness-analysis/references/program-library.md: 88 programs (35 Tier 1 detailed incl. 3 ARA agentic anchors, 53 Tier 2 compact) with signal patterns, qualification criteria, prioritization, grouping, and status filtering. Aligns trigger vocabulary to actual ARA/MOD findings. - Wire portfolio ARA Step 7 and portfolio MOD Step 9 to load the library; replace inline program catalogs with library references. - Move AI DLC, AXE, and Innovation EBA out of the portfolio ARA TD into the library as ARA anchor programs. - Group recommendations Funded -> Engagement -> GTM, cap at 3-5, and never expose the internal MOD 1-4 score. - Update both portfolio HTML visual contracts to render the full grouped library set with a Group column. - Add per-repo ARA/MOD pointer notes clarifying program recommendations are portfolio-level only; remove hardcoded program names from the per-repo ARA HTML contract. - Fix stale portfolio TD filenames in the README directory tree and table.
Integrate Kevin Shin's updated program catalog (Jun 15, 2026) into the shared AWS Program & GTM Library while maintaining compatibility with the portfolio ARA and MOD Task Definition interfaces. Changes from Kevin's update: - Add new programs: MMA Workshop, AWS Modernization Assurance (AMA), AWS-Funded ISV Tooling, Activate4GF, IW Programs, RDS Cost Assessment, DBC, DBOLA, AgentStorming Workshop, AWS AI League - Add self-service resources: Connected Community, Skill Builder, Workshop Catalog with finding-based mapping table - Update AI DLC with expanded signal patterns and Kiro reference - Add assessment overlap rule and EBA vs AML rule - Add self-service alternative rule for SMB/startup customers Adaptations for PR aws-samples#54 interface compatibility: - Restructure from 4 groups to 3 (Funded Programs / Engagement Models / GTM Motions) matching JSON schema and HTML visual contracts - Add back AXE and Innovation EBA as ARA anchor programs - Maintain 'Agentic Enablement Programs (ARA Anchors)' section - Add [ARA]/[MOD]/[ARA+MOD]/[ARA-anchor] tags to all programs - Fix 'Significant Remediation Required' -> 'Remediation Required' - Fix ARA dimension vocabulary (no Blocked/Needs Work in ARA signals) - Maintain 'Mapping findings to triggers' vocabulary alignment section - Add program status markers (Active/Retiring/Launching/Pilot) - Expand Agent Reasoning Checklist to 14 items Total programs indexed: 42 (Tier 1: 34, Tier 2: 8) Tested (structural validation): - [PASS] ARA TD section references resolve (ARA Anchors, Mapping, Agent Rules) - [PASS] JSON group schema matches (3 groups only, no 4th group) - [PASS] ARA vocabulary correct (profiles, dimensions, no Blocked/Needs Work) - [PASS] MOD vocabulary correct (7 pathways, score_rating, no internal scores) - [PASS] All programs referenced in both portfolio TDs exist in library - [PASS] Selection rules aligned (cap 3-5, sequencing, Retiring exclusion) - [PASS] File integrity (no merge conflicts, 494 lines, clean diff) Tested (live execution — portfolio MOD, us-east-1): - Input: 3 per-repo MOD reports (Netflix/eureka, ToolJet, conductor-oss) - [PASS] 5 programs recommended from updated library: Funded: AppMod PoC Funding, Well-Architected Review Engagement: EBA, Immersion Days GTM: AWS Skill Builder - [PASS] Grouped correctly (Funded Programs -> Engagement Models -> GTM Motions) - [PASS] recommended_actions[] entries all have 'group' field - [PASS] Capped within 3-5 range (exactly 5) - [PASS] No internal MOD 1-4 scores exposed in programs section - [PASS] New library programs surfaced (Immersion Days, Skill Builder, AppMod PoC) - [PASS] HTML artifact generated (19KB) with grouped program rendering Tested (live execution — portfolio ARA, us-east-1): - Input: 3 per-repo ARA reports (Netflix/eureka, ToolJet, FlowiseAI/Flowise) - [PASS] 4 programs recommended from updated library: Funded: AI Assessment Program Engagement: AI DLC, SHIP GTM: AWS Transform Custom - [PASS] Grouped correctly (Funded Programs -> Engagement Models -> GTM Motions) - [PASS] recommended_actions[] entries all have 'group' field - [PASS] Capped within 3-5 range (exactly 4) - [PASS] No internal scores exposed in programs section - [PASS] ARA anchor program (AI DLC) triggered correctly - [PASS] SHIP triggered from Auth dimension findings (correct vocabulary) - [PASS] HTML artifact generated (15KB) with grouped program rendering
5d46594 to
b6e5a47
Compare
Remove the 'GTM Motions' group from the program recommendation schema.
GTM motions are internal sales plays and should not appear in
customer-facing reports.
Changes:
- Reduce from 3 groups to 2: Funded Programs → Engagement Models
- Move self-service tools (AWS Transform Custom, Transform for Windows,
Transform for SQL Server, RDS Cost Assessment) under 'Funded Programs'
as they are customer-accessible entry points
- Remove GTM Motions HTML table templates from both portfolio TDs
- Update JSON schema: group ∈ {Funded Programs, Engagement Models}
- Update all rendering instructions and examples
The library now only surfaces programs customers can directly
engage with or request — no internal jargon.
SHIP (Security Health Improvement Program) is about AWS infrastructure security posture (CloudTrail, encryption, GuardDuty, IAM policies), not application-level authentication/authorization patterns. ARA's 'Authentication & Authorization' dimension evaluates app-level concerns (API keys, OAuth, RBAC, agent identity controls) which are not what SHIP addresses. Changes: - Retag SHIP from [ARA] to [MOD] — it's infrastructure security - Update signal pattern to trigger from MOD security findings (missing CloudTrail, no encryption at rest, no GuardDuty, etc.) - Add explicit exclusion: 'application-level auth/authz only' - Remove SHIP from ARA TD example programs list
17ff554 to
41a26f7
Compare
…er distinction SHIP (Security Health Improvement Program) addresses infrastructure-layer security (AWS service enablement) not application-layer agent readiness. Key changes: - Retag from [MOD] to [ARA+MOD] — SHIP CAN trigger from ARA findings, but only infrastructure ones (hardcoded creds, missing CloudTrail, no encryption, unmonitored network exposure) - Add explicit exclusion: app-layer agent auth findings (machine identity, scoped permissions, identity suspension, on-behalf-of flows) should NOT trigger SHIP — those need code changes, not AWS service enablement - Add 'Important distinction' note explaining the two layers - Add 'Directly resolves' mapping (which findings → which SHIP use cases) - Add 'Does NOT resolve' list with alternative recommendations - Add 'Inline remediation note': for isolated findings like 'missing encryption', recommend the direct fix (enable KMS) in the remediation section first. Only recommend SHIP when multiple infrastructure security gaps suggest a systemic posture problem. - Expand program details (9 use cases, time to value, no prerequisites)
Contributor
|
this LGTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR builds on PR #54 by @lusoal — it includes the original shared program library wiring into portfolio TDs AND integrates Kevin Shin's updated program catalog (Jun 15, 2026).
Supersedes #54 with additional program updates included.
What's included (from PR #54)
references/program-library.md) wired into portfolio ARA Step 7 and portfolio MOD Step 9What's new (Kevin's Jun 15 update)
Test Results
Structural validation (7/7 pass):
Live execution (portfolio-mod-programs-test TD, us-east-1):
recommended_actions[]entries havegroupfield ✅By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.