AWSGlossary

Amazon CodeGuru: What It Is and When to Use It

Definition

Amazon CodeGuru is a developer tool powered by machine learning (ML) that provides intelligent recommendations to improve code quality and application performance. It consists of two main services: Amazon CodeGuru Reviewer, which automates code reviews to find bugs and security vulnerabilities, and Amazon CodeGuru Profiler, which analyzes application runtime performance to identify the most resource-intensive lines of code.

How It Works

Amazon CodeGuru integrates into the software development lifecycle to provide continuous feedback.

  • Amazon CodeGuru Reviewer uses machine learning models trained on millions of code reviews from Amazon's own codebase and popular open-source projects. When a developer creates a pull request in a supported repository (like AWS CodeCommit, GitHub, or Bitbucket), CodeGuru Reviewer automatically analyzes the changed code. It then adds comments directly to the pull request with actionable recommendations for fixing issues related to code quality, security vulnerabilities, resource leaks, and adherence to AWS best practices. It can also perform a full repository scan to establish a baseline.

  • Amazon CodeGuru Profiler works on live applications running in production or development environments. A small, low-overhead agent is added to the application, which continuously collects runtime data like CPU utilization and latency. This data is sent to the CodeGuru Profiler service for analysis. The service then generates interactive flame graphs and provides ML-powered recommendations that pinpoint the most "expensive" lines of code, helping developers optimize performance and reduce infrastructure costs.

Important Note: As of November 7, 2025, you will not be able to create new repository associations in Amazon CodeGuru Reviewer. Users are advised to explore alternative services for new projects.

Key Features and Limits

CodeGuru Reviewer

  • Automated Code Reviews: Scans pull requests for critical defects, security vulnerabilities, and deviations from best practices.
  • Security Detection: Identifies security issues like hardcoded secrets, resource leaks, and common vulnerabilities by analyzing data flow.
  • Supported Languages: Java and Python.
  • Supported Repositories: AWS CodeCommit, GitHub, GitHub Enterprise, and Bitbucket.
  • Integration: Integrates with CI/CD pipelines via tools like GitHub Actions.
  • Quotas: API actions have default quotas, such as AssociateRepository being limited to 1 request every 2 seconds per account. The maximum number of tags per resource is 50.

CodeGuru Profiler

  • Always-On Profiling: Continuously analyzes application performance in production with minimal overhead.
  • Performance Recommendations: Identifies an application's most expensive lines of code and suggests specific optimizations.
  • Visualizations: Provides interactive flame graphs to visualize application runtime behavior and CPU utilization.
  • Anomaly Detection: Uses machine learning to detect anomalies in application performance and highlights the problematic lines of code.
  • Heap Summary: Helps identify memory usage by objects to optimize heap consumption.
  • Supported Languages: Java, Python, and other JVM languages (e.g., Scala, Kotlin).

Common Use Cases

  • Automating Code Quality and Security Checks: Integrating CodeGuru Reviewer into a CI/CD pipeline to automatically scan every code change for potential bugs and security flaws before they reach production.
  • Optimizing Production Application Performance: Using CodeGuru Profiler on a live, high-traffic application to identify and eliminate performance bottlenecks, thereby reducing latency and improving user experience.
  • Reducing Infrastructure Costs: Running CodeGuru Profiler to find inefficient code that consumes excessive CPU and memory, then optimizing it to lower EC2, Lambda, or Fargate costs.
  • Modernizing Legacy Codebases: Performing full repository scans with CodeGuru Reviewer on an older application to identify technical debt and security vulnerabilities that need to be addressed during a modernization effort.
  • Enforcing Coding Best Practices: Using CodeGuru Reviewer's recommendations as a training tool to help junior developers learn and adhere to team-wide coding standards and AWS best practices.

Pricing Model

Amazon CodeGuru has separate pricing for its Reviewer and Profiler components.

  • CodeGuru Reviewer: Pricing is based on the number of lines of code analyzed per repository per month. It includes a free tier for a certain number of code reviews.
  • CodeGuru Profiler: Pricing is based on sampling hours for each profiling group. A profiling group typically corresponds to a single application. There is a free tier for a set number of sampling hours per month.

For detailed and current pricing information, and to estimate costs for your specific usage, always consult the official AWS Pricing page for Amazon CodeGuru and the AWS Pricing Calculator.

Pros and Cons

Pros

  • ML-Powered Insights: Goes beyond traditional static analysis by using machine learning to detect complex issues and provide more relevant recommendations.
  • Cost Optimization Focus: CodeGuru Profiler directly links code performance to operational costs, providing estimated dollar savings for optimizations.
  • Seamless Integration: Integrates directly into existing developer workflows, such as pull requests in GitHub, Bitbucket, and CodeCommit.
  • Low-Overhead Profiling: The Profiler agent is designed to run continuously in production environments with minimal performance impact.

Cons

  • Limited Language Support: CodeGuru Reviewer primarily supports Java and Python, which may be a limitation for teams using other languages.
  • Potential for False Positives: As with any automated analysis tool, there can be a learning curve in interpreting recommendations and managing occasional false positives.
  • Reviewer Deprecation: The inability to create new repository associations for CodeGuru Reviewer after November 2025 limits its future applicability for new projects.
  • Cost: For large teams with extensive codebases, the cost of analysis can become a significant factor to consider.

Comparison with Alternatives

  • Amazon CodeGuru vs. SonarQube: SonarQube is a comprehensive static analysis platform that supports a wider range of languages and offers more extensive rule customization. CodeGuru Reviewer is more focused on ML-driven recommendations, especially for AWS-specific best practices, but is less broad in its language support. Many teams use both in tandem for comprehensive code quality coverage.

  • Amazon CodeGuru vs. AI Coding Assistants (GitHub Copilot, Amazon Q Developer): AI assistants like Copilot and Amazon Q Developer focus on real-time code generation and completion directly within the IDE. CodeGuru, in contrast, is a code analysis and profiling tool that operates on committed code (Reviewer) or running applications (Profiler). While Amazon Q Developer has some security scanning capabilities, its primary function is generative, whereas CodeGuru's is analytical and diagnostic.

Exam Relevance

Amazon CodeGuru is a relevant topic for several AWS certification exams, particularly those focused on development and DevOps.

  • AWS Certified DevOps Engineer - Professional (DOP-C02): Candidates should understand how to integrate CodeGuru into a CI/CD pipeline to automate code quality checks and how to use CodeGuru Profiler to monitor and optimize application performance in production.
  • AWS Certified Developer - Associate (DVA-C02): Examinees should be familiar with the purpose and benefits of CodeGuru Reviewer for improving code quality and security, and the role of CodeGuru Profiler in identifying performance bottlenecks.

For these exams, it's important to know the distinction between CodeGuru Reviewer (static code analysis) and CodeGuru Profiler (runtime performance analysis) and their primary use cases.

Frequently Asked Questions

Q: What is the difference between Amazon CodeGuru Reviewer and Amazon CodeGuru Profiler?

A: They are two distinct services within the Amazon CodeGuru family. CodeGuru Reviewer is a static analysis tool that automatically inspects your source code for bugs and security issues during the development process, typically within a pull request. CodeGuru Profiler is a dynamic analysis tool that runs on your live application to monitor its performance, identify inefficiencies, and find the most expensive lines of code in terms of CPU and memory usage.

Q: Can Amazon CodeGuru find security vulnerabilities in my code?

A: Yes, Amazon CodeGuru Reviewer includes a security detector that uses automated reasoning to analyze data flows and identify a range of security vulnerabilities, such as hardcoded secrets, SQL injection, and resource leaks. It provides recommendations to help you remediate these findings before deployment.

Q: How does CodeGuru Profiler impact the performance of my production application?

A: Amazon CodeGuru Profiler is designed to have a minimal impact on your application's performance. It runs as a low-overhead agent in a separate thread within your application's process, collecting small samples of data. This allows it to run continuously in production environments without significantly affecting application latency or throughput.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS documentation before making production decisions.

Published: 6/16/2026 / Updated: 6/16/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in DevOps

Amazon Chime SDK: Add Real-Time Communication to Apps

Amazon Chime SDK provides real-time audio, video, and messaging for web/mobile apps. Build custom communication experiences. Learn when to use it.

AWS Proton: How It Works & When to Use It

AWS Proton was a managed application delivery service. Learn about its features, deprecation, and when it was used for DevOps.

AWS Copilot CLI: What It Is & When to Use It

AWS Copilot CLI was a command-line tool for building and managing containerized applications on AWS. Learn about its end-of-support and migration options.

AWS CodeArtifact: Secure Artifact Repository Service

AWS CodeArtifact is a fully managed artifact repository service for storing, publishing, and sharing software packages. Learn how it simplifies DevOps workflows.

SAM CLI: Build, Test, Deploy Serverless Apps

SAM CLI is an open-source tool for building, testing, and deploying serverless apps on AWS. Learn its definition, how it works, and when to use it.

View all DevOps terms →