Skip to main content
Remediation lets InfraAudit apply fixes to your cloud infrastructure on your behalf. Every remediation action goes through a defined lifecycle — suggested, reviewed, approved, executed — with a rollback path if something goes wrong after execution.

How the remediation workflow works

1

Suggestion

A remediation action is created from a drift finding, vulnerability, or recommendation. The action describes exactly what change will be made — for example, “enable S3 bucket server-side encryption on my-bucket”.
2

Review

The action appears in the Remediation queue. You can see the full details: what will change, which resource is affected, and the severity of the underlying finding.
3

Approval

If approval is required (the default for actions affecting resources), an admin approves the action. You can leave a comment for audit trail purposes.
4

Execution

InfraAudit calls the cloud provider API to apply the fix. The status changes to executing while the call is in progress, then to completed on success.
5

Rollback window

After execution, a 30-minute rollback window opens. If the fix causes a regression, you can roll back within that window using the pre-execution configuration snapshot.

Remediation queue

In the sidebar, click Remediation. The queue shows:
ColumnDescription
ActionWhat the remediation will do
ResourceThe affected resource
SourceThe drift, vulnerability, or recommendation that created it
SeveritySeverity of the underlying finding
StatusCurrent status in the lifecycle
CreatedTimestamp
Status values: suggested, pending_approval, approved, executing, completed, failed, rolled_back.

Approving an action

Click the remediation action to review the full details, then click Approve. 
infraudit remediation approve <action-id>

Executing a remediation

After approval, click Execute in the UI. If Auto-execute after approval is enabled in your settings, this step is skipped and execution begins automatically. 
infraudit remediation execute <action-id>

Rolling back

Within the rollback window (30 minutes by default), click Rollback on a completed action. InfraAudit reverses the change using the configuration snapshot captured before execution. 
infraudit remediation rollback <action-id>
After the rollback window expires, the action is locked and cannot be rolled back through InfraAudit. You’ll need to reverse the change manually in the cloud console.

Approval settings

Configure remediation behavior under Settings → Remediation:
SettingDescription
Require approvalEnable or disable approval gates. Enabled by default.
Auto-execute after approvalSkip the manual execute step. The fix runs immediately after approval.
Rollback windowDuration of the rollback window: 5 to 120 minutes. Default is 30 minutes.

Supported remediation types

ResourceActions
S3Enable server-side encryption, block public access, enable versioning
EC2Remove overly permissive security group rules, enable termination protection
IAMRotate access keys, remove unused access keys
RDSEnable Multi-AZ, enable automated backups, enable encryption
KubernetesSet resource limits and requests, enable pod security policies

CLI reference

# List pending remediations
infraudit remediation list

# Filter by status
infraudit remediation list --status pending_approval

# Approve
infraudit remediation approve <id>

# Execute
infraudit remediation execute <id>

# Rollback
infraudit remediation rollback <id>

Next steps

  • Recommendations — the suggestions that generate remediation actions
  • Drift detection — drift findings that can trigger remediations
  • Alerts — configure notifications when remediations succeed or fail