Remediation

Every finding in cloud-audit includes copy-paste remediation in three formats.

Per-Finding Remediation

bash cloud-audit scan -R

Each finding shows:

• CLI - AWS CLI command to fix the issue
• Terraform - HCL code to apply the fix via infrastructure-as-code
• Docs - Link to the relevant AWS documentation

Export All Fixes

bash cloud-audit scan --export-fixes fixes.sh

Generates a bash script with set -e. Every fix command is commented out by default. Review the script, uncomment what you want, and run.

Remediation Coverage

cloud-audit provides remediation for 100% of findings. This is a key differentiator:

Tool	Remediation Coverage
cloud-audit	100% (CLI + Terraform)
Prowler	CIS checks only (~5% of total)
Trivy	No remediation
Checkov	Links to docs only

Compliance Remediation

When using the compliance engine, remediation is grouped by compliance control:

``` CIS 6.3 - Least Privilege

[CRITICAL] aws-iam-005: Policy with Action: Resource: CLI: aws iam create-policy-version --policy-arn ... --set-as-default Terraform: resource "aws_iam_policy" "restricted" { ... }

[MEDIUM] aws-iam-003: Access key older than 90 days CLI: aws iam create-access-key --user-name deploy Terraform: resource "aws_iam_access_key" "deploy" { ... } ```

This is available in HTML and Markdown compliance reports.

Root Cause Grouping

When the same fix resolves multiple findings across multiple attack chains, cloud-audit groups them:

``` Root Cause: VPC flow logs disabled (aws-vpc-003) Breaks 4 chains: AC-13, AC-14, AC-27, AC-31 Affects 7 findings across 3 services

Fix: aws ec2 create-flow-logs --resource-type VPC --resource-ids vpc-abc123 ... ```

This tells you exactly what to fix first. Instead of scrolling through 20 findings, you see "fix 4 things, break 22 chains."

What-If Simulator

Preview the impact of a fix before applying it:

bash cloud-audit simulate --fix aws-vpc-002

The simulator recalculates the health score, attack chains, and risk exposure as if the finding were resolved. See Simulate for full documentation.