Skip to main content
← back to extensions

Aws Integration Coverage

@jentz/aws-integration-coveragev2026.06.13.0· 2d agoMODELSREPORTS
01README

Coalesces a CloudFormation StackSet lens (@jentz/aws-stackset-audit) and an IAM-role lens (@jentz/aws-iam-role-audit) into a per-account integration coverage matrix — is the integration role deployed and compliant, and by which mechanism (this stackset / another stackset / a standalone stack / manual)? Makes NO AWS API calls; it only consumes already-captured upstream audit data.

This is a single, self-contained package that ships BOTH a queryable model and a workflow-scope report from one shared, pure coalesce core (_lib/coverage.ts) so the two always derive identical verdicts:

  • Model @jentz/aws-integration-coverage exposes one coalesce method that reads the stored output of two upstream model instances via the data repository (latest active version per data name, tolerantly skipping undecodable or schema-mismatched artifacts) and writes one CEL-queryable coverage resource per account plus one summary rollup resource. Required global args stacksetModelId / iamModelId identify the upstream instances; stacksetModelType / iamModelType default to the published upstream types and are overridable.

  • Report @jentz/integration-coverage (workflow scope) collects the same upstream rows from the workflow's step executions, runs the identical coalesce core, and emits markdown + JSON — the coverage matrix, per-role rollups, account-by-mechanism distribution, and an explicit lens-disagreements section. Markdown + JSON only, no CSV. Never throws: an unexpected failure yields a degraded-but-valid report.

An account is covered-compliant only when every required role is present and compliant; mechanism aggregates to mixed when an account's present roles disagree. Lens disagreements (e.g. StackSet reports CURRENT but a required role is missing) are surfaced explicitly.

02Models1
@jentz/aws-integration-coveragev2026.06.13.0aws_integration_coverage.ts

Global Arguments

ArgumentTypeDescription
stacksetModelIdstringModel id of the @jentz/aws-stackset-audit instance whose data to read
iamModelIdstringModel id of the @jentz/aws-iam-role-audit instance whose data to read.
stacksetModelTypestringType of the stackset-audit model (override only if forked).
iamModelTypestringType of the iam-role-audit model (override only if forked).
fn coalesce()
Read the stackset-audit and iam-role-audit model data, coalesce into a

Resources

coverage(infinite)— One account's coalesced coverage: is the integration role present &
summary(infinite)— Coverage rollups: counts by coverage verdict and mechanism, plus the
03Reports1
@jentz/integration-coverageworkflow
integration_coverage_report.ts

Coalesces the StackSet lens (@jentz/aws-stackset-audit) and the IAM lens

awsiamcoverageauditcloudformation
04Stats
A
100 / 100
Downloads
0
Archive size
32.7 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/jentz/swamp-extensions
05Platforms
06Labels
#aws#coverage#cloudformation#iam#audit#report#cloud