Building Smarter, Faster, and Custom with Kiro: My First Month with the Next-Gen AI Pair Programmer
For the past few weeks, I’ve had the chance to explore Kiro, a next-generation GenAI pair programmer designed for engineers, builders, and security professionals. After using Amazon Q extensively since launch, I didn’t think things could move that much faster.
But they did. Kiro feels like the next level.
Whether I was building custom Red Team tooling or rapidly prototyping pen testing scripts, Kiro handled every task with exceptional speed, near-zero revisions, and a deep contextual memory that made building entire ecosystems feel natural. It didn’t just save time, it made the impossible, possible.
💡 From Idea to Working Code in a Day
What traditionally would’ve taken 5 weeks and cost over $30,000 to build, I finished in under 8 hours with Kiro.
That’s not an exaggeration. I had an idea, drafted a session prompt, and by the end of the day, I had working, threaded, multi-region Python code scanning my AWS environment using boto3.
Kiro didn’t just understand the assignment, it remembered how I structure my tools, reused patterns I liked, and adapted itself on the fly. That’s the power of persistent GenAI memory.
📌 Use Case Spotlight: Project – EC2 Exposure Scanner
To show what Kiro can do, I’ll walk you through a small but powerful script I created called the EC2 Exposure Scanner. It does the following:
- Enumerates all AWS regions
- Detects public subnets by analyzing route tables for
0.0.0.0/0 → IGW - Scans every EC2 instance (even stopped ones)
- Identifies any instance in a public subnet that has a Security Group allowing inbound access from
0.0.0.0/0on TCP 80 or 443, including port ranges or overly permissive rules - Outputs a JSON and Markdown report
- Generates remediation snippets in both CloudFormation and Terraform
This script took just a few iterations using Kiro and now I use it routinely during internal assessments.
🧠 What Is Vibe Coding?
One of my favorite styles with GenAI is what I call vibe coding, perfect for standalone scripts and one-off utilities.
Here’s how I use it:
- Start each Kiro session with a "session prompt", this tells the model how I want code structured, what standards to follow, and what threading or logging styles I prefer.
- Then I provide a descriptive, conversational prompt about the script I want.
- Kiro returns clean, threaded, region-aware AWS code with consistent outputs, summaries, and error handling.
Project: EC2 Exposure Scanner
Objective:
Create a CLI-based Python script that identifies all EC2 instances in public subnets (those with a route to 0.0.0.0/0 via an Internet Gateway) where any attached security group allows inbound access from 0.0.0.0/0 on TCP port 80 and/or 443 — either directly or via port ranges. The tool should output findings in both human-readable and JSON format, and provide a suggested remediation snippet in CloudFormation or Terraform.
Input:
- AWS credentials via default boto3 environment
- Target: Single AWS account
- Scan all available AWS regions
- Use threading (max 3 threads) for region concurrency
Implementation Steps:
1. Region Discovery:
- Use ec2.describe_regions() to list all enabled regions.
2. Public Subnet Detection:
- In each region, call:
- ec2.describe_route_tables() to find route tables with a route to 0.0.0.0/0 and a target of type igw-xxxx
- ec2.describe_subnets() to match those subnets
- Build a set of public subnet IDs
3. EC2 Instance Enumeration:
- Use ec2.describe_instances() (with pagination)
- For each instance in a public subnet, collect:
- Instance ID
- Subnet ID
- Attached security group IDs
4. Security Group Evaluation:
- For each SG attached to a public instance, call ec2.describe_security_groups()
- Check for inbound rules matching:
- Protocol: tcp or -1 (all protocols)
- Port: 80 or 443 (or port ranges that include them)
- CIDR: 0.0.0.0/0
- Match also if FromPort=0 and ToPort=65535 or FromPort=400 and ToPort=500
5. Finding Reporting:
- For each violating instance, record:
{
"region": "us-east-1",
"instance_id": "i-abc123",
"subnet_id": "subnet-xyz",
"security_group_id": "sg-123456",
"ports_exposed": [80, 443],
"matching_rule": {
"FromPort": 0,
"ToPort": 65535,
"CidrIp": "0.0.0.0/0"
}
}
6. Remediation Suggestion:
- Include a generated Terraform and CloudFormation snippet to restrict access (e.g., remove inbound 0.0.0.0/0 or limit to a CIDR block like 10.0.0.0/16)
7. Summary Output:
- Track and output the following:
- Total EC2 instances
- Instances in public subnets
- Instances with port 80 and/or 443 open to 0.0.0.0/0
- Provide this information per region and account-wide
- Example summary:
{
"account_summary": {
"total_instances": 12,
"instances_in_public_subnets": 6,
"instances_exposed_to_web": 4
},
"region_summaries": {
"us-east-1": {
"total_instances": 5,
"instances_in_public_subnets": 3,
"instances_exposed_to_web": 2
},
"us-west-2": {
"total_instances": 7,
"instances_in_public_subnets": 3,
"instances_exposed_to_web": 2
}
}
}
8. Output:
- Save results to:
- data/ec2_public_exposure/summary.json
- data/ec2_public_exposure/summary.md
- data/ec2_public_exposure/last_checked.txt
- Markdown should include:
- Account-wide totals
- Regional breakdowns
- Tabular list of exposed instances
9. Concurrency and Logging:
- Use concurrent.futures.ThreadPoolExecutor(max_workers=3)
- Log region-level errors to error.log
Deliverables:
- CLI script: scan_ec2_exposure.py
- Structured outputs: JSON summary, Markdown report
- Per-finding CloudFormation and Terraform remediation snippets
Notes:
- No port scanning or live network tests — AWS API only
- All EC2 instances should be evaluated, regardless of instance state
- Match all TCP-based exposure via 0.0.0.0/0 (direct or via range)
- Only use standard libraries: boto3, json, threading, logging
Vibe coding is fast, expressive, and best suited for Red Teamers and cloud security engineers who need tailored tooling without building from scratch every time.
🛠️ Spec-Based Coding: Scaling Beyond Single Scripts
While vibe coding is perfect for focused tasks, Kiro supports something even more powerful: spec-based coding.
In my workflow, spec-based coding starts with:
-
requirements.md— what the project is, why it exists -
design.md— the technical plan -
tasks.md— a breakdown of all steps, often 10+ subtasks for large-scale tools
This lets Kiro generate structured code in stages, perfect for dashboards, data pipelines, cloud-native automation, and larger security utilities. The result: clean, consistent code you can version, maintain, and extend.
🔥 "Tools Should Work Like Teammates, Not Just Autocomplete"
Kiro doesn’t just respond it co-develops. The way it remembers patterns, offers fixes, and even generates remediation code (CloudFormation and Terraform) makes it ideal for teams who want to move faster without cutting corners.
It’s especially useful in security, where:
- Speed means patching before compromise
- Consistency means audit readiness
- Customization means avoiding detection during Red Team work
🚀 Getting Started with Kiro
If you’re a cloud engineer, DevSecOps practitioner, or Red Team lead, you’re going to want this in your toolkit.
Start with something small, vibe coding a one-off scanner or enumeration tool. Then grow into spec-based development. You’ll be amazed at what you can build.
🔗 Try Kiro for yourself: Kiro.dev
🧭 Final Thoughts
Kiro redefined how I build.
It’s no longer about just coding faster, it’s about thinking differently. Automating tasks I used to skip. Building tools I never had time for. Finding exposures others missed.
This is what happens when GenAI becomes a true teammate, not a tool.
Top comments (0)