Skip to main content
← back to extensions

Aws Stackset Audit

@jentz/aws-stackset-auditv2026.06.13.0· 2d agoMODELS
01README

Read-only operational audit of a CloudFormation StackSet and all of its stack instances across accounts and regions. A single audit method fans out in one locked execution — DescribeStackSet, paginated ListStackInstances, recent ListStackSetOperations — and writes one summary resource plus one instance resource per stack instance.

The summary carries the stackset config, a drift-detection rollup, per-dimension counts (detailed/overall status, region, drift status, failure category), recent operations, a ranked rootCauses grouping, detected cross-instance anti-patterns, and a derived safeToReapply verdict. Each instance carries account, region, detailed and overall status, status reason, drift status, stack id, OU id, and a normalized failureCategory.

Read-only: only Describe* / List* are ever called, so the audit runs under a *-readonly profile. It reports each instance's existing drift status as the StackSet API returns it; triggering fresh drift detection is a separate, mutating sibling extension. Compose them in a swamp workflow (drift-detect step first, then this audit step with dependsOn: succeeded).

02Models1
@jentz/aws-stackset-auditv2026.06.13.0aws_stackset_audit.ts

Global Arguments

ArgumentTypeDescription
stackSetNamestringThe name of the CloudFormation StackSet to audit (e.g. 'ExampleOrgBaseline').
callAsenumWho you are calling as. SELF when signed in to the org management
regionstringRegion of the CloudFormation endpoint to talk to. StackSet metadata is
profilestringNamed AWS profile to use (resolved via fromIni). Empty (default) uses
fn audit(recentOperations: number)
Read-only fan-out sweep: DescribeStackSet + paginated
ArgumentTypeDescription
recentOperationsnumberHow many recent stackset operations to capture.

Resources

summary(infinite)— StackSet-level audit: config, drift rollup, per-dimension counts,
instance(infinite)— One stack instance (account, region) with its deployment status,
03Stats
A
100 / 100
Downloads
0
Archive size
282.0 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/jentz/swamp-extensions
04Platforms
05Labels
#aws#cloudformation#stackset#audit#cloud