EC2 Security Scanner Report

Region: {{ summary.region }} | Account: {{ summary.account_id }} | Scan Time: {{ summary.scan_time | format_datetime }} | Instances: {{ summary.total_instances }}
Total Instances
{{ summary.total_instances }}
Avg Instance Score
{{ "%.1f" | format(summary.average_security_score) }}
Environment Score
{{ summary.environment_security_score }}
Public Instances
{{ summary.public_instances }}
Critical Issues
{{ summary.critical_severity_instances }}
Secrets in UserData
{{ summary.instances_with_secrets }}
Unencrypted Volumes
{{ summary.unencrypted_volume_instances }}
Running
{{ summary.running_instances }}
Stopped
{{ summary.stopped_instances }}

Score Distribution

Compliance by Framework

Issue Severity Distribution

Compliance Summary

Scan level — account/region-wide controls (GuardDuty, CloudTrail, ...) are counted once, not per instance.

{% for fw, data in compliance_summary.items() %} {% endfor %}
FrameworkPassedRateStatus
{{ fw }} {{ data.passed_controls }}/{{ data.total_controls }} {{ data.compliance_percentage }}% {% if data.compliance_percentage >= 90 %} Excellent {% elif data.compliance_percentage >= 75 %} Good {% elif data.compliance_percentage >= 50 %} Needs Work {% else %} Poor {% endif %}

Instance Details

{% for r in results %} {% endfor %}
Instance Name Type State Score Issues IMDSv2 Encrypted Public IP
{{ r.instance_id }} {{ r.name or '-' }} {{ r.instance_type }} {{ r.state }} {% set score = r.security_score or 0 %} {{ score }}
{{ r.issue_count }} {% if r.imdsv2 and r.imdsv2.enforced %} Yes {% else %} No {% endif %} {% if r.ebs_encryption and r.ebs_encryption.all_encrypted %} Yes {% else %} No {% endif %} {% if r.public_ip and r.public_ip.has_public_ip %} {{ r.public_ip.public_ip_address }} {% else %} None {% endif %}
{% if summary.environment_findings %}

Environment Posture (Account + VPC)

These findings are global to the account/region (or shared by every instance in a VPC). They are scored once (Environment Score) instead of being deducted from every instance, so a single account-level gap does not dominate the per-instance average.

{% for f in summary.environment_findings %} {% endfor %}
SeverityFindingDescriptionRecommendation
{{ f.severity }} {{ f.issue_type }} {{ f.description }} {{ f.recommendation }}
{% endif %}

Critical & High Findings

{% for r in results %} {% for issue in r.issues %} {% if issue.severity in ['CRITICAL', 'HIGH'] %} {% endif %} {% endfor %} {% endfor %}
InstanceSeverityIssueRecommendation
{{ r.instance_id }} {{ issue.severity }} {{ issue.description }} {{ issue.recommendation }}
Generated by EC2 Security Scanner v1.0.0 | Toc Consulting | GitHub