Developing an ontology-mediated semantic control method for improving the reliability of LLM-generated Infrastructure-as-Code

Authors

DOI:

https://doi.org/10.15587/2706-5448.2026.365453

Keywords:

Semantic Infrastructure-as-Code, infrastructure graph, semantic control, SHACL/SPARQL validation, dependency completeness

Abstract

The object of research is an LLM-assisted process of Infrastructure-as-Code (IaC) generation for cloud deployment. The problem is that large language models can convert user requests into syntactically valid IaC, but such generated IaC fails deployment. This occurs because such artefacts often omit required cloud relations or violate policy constraints, inaccurately interpret user intent, or lack rollback logic. As a result, the research proposes a Semantic Infrastructure-as-Code (SIaC) pipeline, where instead of a final IaC, the LLM first generates a candidate infrastructure graph. Further, this graph is completed and validated using ontology reasoning, SHACL/SPARQL validation, and other formal procedures before the generation of the final backend artifact. According to the 60 AWS ECS/Fargate-oriented scenarios that were tested in a LocalStack-based AWS emulation environment, Full SIaC achieved 74.4% sandbox deployment success, compared with 43.6% for direct LLM-to-IaC and 59.0% for LLM+RAG-to-IaC. Compared with the baselines, SIaC improved semantic intent coverage, dependency completeness, and policy compliance. It also reduced invalid dependencies and the need for manual corrections. This improvement is achieved because reliability is checked through an inspectable knowledge graph, not only through prompts and generated text. This graph supports the detection and correction of dependencies, placements, policies, and safety issues before deployment. In addition to higher deployment success, SIaC also provides a more controllable and manageable transformation path from natural-language intent to executable infrastructure.

This method is suitable if the user's requirements can be mapped to the maintained provider ontologies and if the additional time spent on analysis is considered a acceptable trade-off for improved reliability, auditability, and reduced maintenance.

Author Biographies

Ihor Bibichkov, Kharkiv National University of Radio Electronics

Senior Lecturer

Department of Artificial Intelligence

Olena Shevchenko, Kharkiv National University of Radio Electronics

Candidate of Technical Sciences, Associate Professor

Department of Software Engineering

Oleksandr Shevchenko, Kharkiv National University of Radio Electronics

Candidate of Technical Sciences, Professor

Department of Artificial Intelligence

Oleksandr Stopin, Kharkiv National University of Radio Electronics

Senior Lecturer

Department of Artificial Intelligence

References

  1. Terraform language documentation. HashiCorp Developer. Available at: https://developer.hashicorp.com/terraform/language
  2. Getting started. OpenTofu. Available at: https://opentofu.org/docs/intro/
  3. Zhang, T., Pan, S., Zhang, Z., Xing, Z., Sun, X. (2025). Deployability-Centric Infrastructure-as-Code Generation: Fail, Learn, Refine, and Succeed through LLM-Empowered DevOps Simulation. arXiv:2506.05623. https://doi.org/10.48550/arXiv.2506.05623
  4. Davidson, S., Sun, L., Bhasker, B., Callot, L., Deoras, A. (2025). Multi-IaC-Eval: Benchmarking Cloud Infrastructure as Code Across Multiple Formats. arXiv:2509.05303. https://doi.org/10.48550/arXiv.2509.05303
  5. Dependency graph. Terraform Internals. HashiCorp Developer. Available at: https://developer.hashicorp.com/terraform/internals/graph
  6. Shevchenko, A. Yu., Shevchenko, E. L. (2012). How to bring artificial intelligence into the clouds. Eastern-European Journal of Enterprise Technologies, 3 (12 (51)), 66–70. Available at: https://journals.uran.ua/eejet/article/view/2472
  7. Topology and Orchestration Specification for Cloud Applications (TOSCA) Version 2.0. (2025). OASIS Standard. Available at: https://docs.oasis-open.org/tosca/TOSCA/v2.0/TOSCA-v2.0.html
  8. Vasileiou, Z., Kumara, I., Meditskos, G., Tokmakov, K., Radolović, D., Cruz, J. G. et al. (2025). A knowledge-based approach for guided development of Infrastructure as Code. Software and Systems Modeling, 25 (2), 515–548. https://doi.org/10.1007/s10270-025-01294-1
  9. Bibichkov, I., Sokol, V., Shevchenko, O. (2017). Ontological knowledge bases productivity optimization through the use of reasoner combination. Eastern-European Journal of Enterprise Technologies, 5 (2 (89)), 49–54. https://doi.org/10.15587/1729-4061.2017.112347
  10. Kon, P., Liu, J., Qiu, Y., Fan, W., He, T., Lin, L. et al. (2024). IaC-Eval: A Code Generation Benchmark for Cloud Infrastructure-as-Code Programs. Advances in Neural Information Processing Systems 37, 134488–134506. https://doi.org/10.52202/079017-4273
  11. Khan, R. N. H., Wasif, D., Cho, J.-H., Butt, A. (2025). Multi-agent code-orchestrated generation for reliable Infrastructure-as-Code. arXiv:2510.03902v1. https://doi.org/10.48550/arXiv.2510.03902
  12. Qiu, Y., Kon, P. T. J., Beckett, R., Chen, A. (2024). Unearthing Semantic Checks for Cloud Infrastructure-as-Code Programs. Proceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles, 574–589. https://doi.org/10.1145/3694715.3695974
  13. Open Policy Agent documentation. Open Policy Agent. Available at: https://www.openpolicyagent.org/docs
  14. What is AWS CloudFormation Guard? Amazon Web Services. Available at: https://docs.aws.amazon.com/cfn-guard/latest/ug/what-is-guard.html
  15. Shevchenko, O. L. (2013). Semantic annotations similarity measure to compare processes profiles. Eastern-European Journal of Enterprise Technologies, 3 (2 (63)), 48–52. https://doi.org/10.15587/1729-4061.2013.14445
  16. SIaC Supplementary Artifacts. GitHub. Available at: https://github.com/shevchenko-oleksandr/SIaC
  17. Nekrasov, R., Fossati, S., Kumara, I., Tamburri, D. A., van den Heuvel, W.-J. (2026). IaC Generation with LLMs: An Error Taxonomy and A Study on Configuration Knowledge Injection. ACM Transactions on Software Engineering and Methodology. https://doi.org/10.1145/3817608
  18. Fliahin, V., Turuta, O., Turuta, O. (2025). Approaching LLM alignment using agents with RAG. Proceedings of the 5th International Workshop of IT-professionals on Artificial Intelligence (ProfIT AI 2025). CEUR Workshop Proceedings, 4164, 207–215. Available at: https://ceur-ws.org/Vol-4164/short6.pdf
  19. COST (European Cooperation in Science and Technology). Available at: https://www.cost.eu
Developing an ontology-mediated semantic control method for improving the reliability of LLM-generated Infrastructure-as-Code

Downloads

Published

2026-06-25

How to Cite

Bibichkov, I., Shevchenko, O., Shevchenko, O., & Stopin, O. (2026). Developing an ontology-mediated semantic control method for improving the reliability of LLM-generated Infrastructure-as-Code. Technology Audit and Production Reserves, 3(2(89), 121–133. https://doi.org/10.15587/2706-5448.2026.365453

Issue

Vol. 3 No. 2(89) (2026): Information and control systems

Section

Systems and Control Processes

License

Copyright (c) 2026 Ihor Bibichkov, Olena Shevchenko, Oleksandr Shevchenko, Oleksandr Stopin

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.