Skip to main content
The following examples show complete command sequences for common InfraAudit workflows. Each sequence builds on the previous step, so you can run them from top to bottom.
These examples assume you have already installed and authenticated the CLI. If not, start with Installation and Authentication.

Security audit

Connect a cloud provider, run scans, review critical findings, and apply a remediation: 
# Initial setup
infraudit config init
infraudit auth login

# Connect an AWS account and sync resources
infraudit provider connect aws
infraudit provider sync 1

# Run drift detection and vulnerability scan
infraudit drift detect
infraudit vulnerability scan

# Review critical findings
infraudit drift list --severity critical
infraudit vulnerability list --severity critical
infraudit alert list --severity high

# Generate and apply a remediation for a drift finding
infraudit remediation suggest-drift 1
infraudit remediation approve 1
infraudit remediation execute 1

# Verify resolution
infraudit drift list --status resolved
infraudit status

Cost optimization

Pull billing data, identify anomalies and savings opportunities, and apply a recommendation: 
# Sync billing data from cloud providers
infraudit cost sync

# Review costs
infraudit cost overview
infraudit cost trends --period 30d
infraudit cost anomalies
infraudit cost forecast --days 90

# Generate and review AI recommendations
infraudit recommendation generate
infraudit recommendation list --type cost
infraudit recommendation get 10

# Apply a cost-saving recommendation
infraudit recommendation apply 10

Compliance assessment

Enable a compliance framework, run an assessment, and export the report: 
# List available frameworks
infraudit compliance frameworks

# Enable and assess CIS for AWS
infraudit compliance enable cis-aws
infraudit compliance assess --framework cis-aws

# Review results
infraudit compliance overview
infraudit compliance failing-controls

# Export the assessment report as PDF
infraudit compliance export 1

Kubernetes scanning

Register a cluster, sync its resources, and inspect workloads: 
# Register a cluster using your local kubeconfig
infraudit kubernetes register --name production --kubeconfig ~/.kube/config

# Sync cluster resources
infraudit kubernetes sync 1

# Inspect workloads
infraudit kubernetes deployments 1
infraudit kubernetes pods 1
infraudit kubernetes services 1
infraudit kubernetes stats

IaC drift detection

Upload a Terraform file and compare it against live infrastructure: 
# Upload a Terraform definition
infraudit iac upload main.tf

# List uploaded definitions
infraudit iac list

# Detect drift between IaC and live resources
infraudit iac detect-drift

# Review IaC drift findings
infraudit iac drifts
infraudit iac drift-summary

JSON scripting with jq

Use -o json with jq to filter, transform, and count results in scripts: 
# All resource IDs
infraudit resource list -o json | jq '.[].id'

# Count resources by type
infraudit resource list -o json | jq 'group_by(.resource_type) | map({type: .[0].resource_type, count: length})'

# Total potential savings across all recommendations
infraudit recommendation list -o json | jq '[.[].estimated_savings] | add'

# Drift findings as CSV
infraudit drift list -o json | jq -r '.[] | [.id, .drift_type, .severity, .status] | @csv'

# Count open critical vulnerabilities
infraudit vulnerability list --severity critical --status open -o json | jq 'length'
Combine -o json, jq, and exit codes to build automated security gates. See CI/CD usage for complete pipeline examples.