Remediation
Every finding in cloud-audit includes copy-paste remediation in three formats.
Per-Finding Remediation
Each finding shows:
- CLI - AWS CLI command to fix the issue
- Terraform - HCL code to apply the fix via infrastructure-as-code
- Docs - Link to the relevant AWS documentation
Export All Fixes
Generates a bash script with set -e. Every fix command is commented out by default. Review the script, uncomment what you want, and run.
Remediation Coverage
cloud-audit provides remediation for 100% of findings. This is a key differentiator:
| Tool | Remediation Coverage |
|---|---|
| cloud-audit | 100% (CLI + Terraform) |
| Prowler | CIS checks only (~5% of total) |
| Trivy | No remediation |
| Checkov | Links to docs only |
Compliance Remediation
When using the compliance engine, remediation is grouped by compliance control:
CIS 6.3 - Least Privilege
[CRITICAL] aws-iam-005: Policy with Action:* Resource:*
CLI: aws iam create-policy-version --policy-arn ... --set-as-default
Terraform: resource "aws_iam_policy" "restricted" { ... }
[MEDIUM] aws-iam-003: Access key older than 90 days
CLI: aws iam create-access-key --user-name deploy
Terraform: resource "aws_iam_access_key" "deploy" { ... }
This is available in HTML and Markdown compliance reports.