Aws Default Sg Audit Report
Workflow-scope report that renders an operator worklist for AWS Security Hub
control EC2.2 from the finding and scan_error rows produced earlier in the
workflow by @jentz/aws-default-sg-audit. Pure data shaping — no AWS API
access.
Emits a markdown body (summary with accounts / default-SG / compliant /
non-compliant counts, a "safe to remediate now" table of zero-ENI
non-compliant default SGs, an "in use — migrate first" table of
ENI-referenced non-compliant default SGs, and coverage-gap sections grouping
failures into needs-aws-sso-login / blocked-by-SCP-IAM) and a JSON payload
carrying findingCount, per-verdict and per-error-kind counts, the
skipped-artifact count, and a degraded flag — matching the markdown + JSON
pattern of @jentz/aws-s3-bucket-audit.
The report never throws: unparseable or schema-mismatched artifacts are
counted and skipped, and an unexpected failure degrades to a still-valid
report with the degraded flag set.
Operator worklist for AWS Security Hub control EC2.2, built from the
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types (deprecated)1/1earned
- Dependencies pass trust audit2/2earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned