Parsivex can generate remediation scripts — ready-to-run AWS CLI commands and Terraform snippets that address specific waste findings from your scan. These scripts are powerful: they contain real resource IDs and may include destructive operations. This article explains what they are, how they differ from the plain-English steps on each finding, and where you can (and cannot) see them.
Recommendation steps vs fix scripts
Every finding includes plain-English remediation steps — guidance that explains what to do and why. These appear when you expand Show remediation steps on a finding card. They are not executable commands.
Fix scripts (the Fix it → panel) are different:
| Remediation steps | Fix scripts | |
|---|---|---|
| Format | Prose paragraphs and bullet lists | Exact AWS CLI commands or Terraform HCL |
| Purpose | Help you understand the issue | Give you a command to run after you review it |
| Consistency | Wording may vary between scans | Same finding type always produces the same command structure |
| Safety | Informational only | Executable — can modify or delete AWS resources |
Fix scripts are built from tested templates filled with your scan data — not generated on the fly by AI. That keeps commands predictable and reviewable. Remediation steps explain the problem; fix scripts provide the exact command when you are ready to act.
Where scripts appear
Authenticated report — "Fix it →" panel
On your signed-in report, each finding with a supported remediation type shows a Fix it → panel. Expand it to see:
- Script kind badge (AWS CLI or Terraform)
- Safety warnings (always above the code block)
- The script with a Copy button
- A dry-run variant when AWS supports one (for example,
describe-instancesbeforestop-instances)
This is the primary place to copy and run fix scripts.
PDF and HTML reports (paid plans)
On Monthly Monitoring and Team plans, remediation scripts are included in:
- The signed-in web report
- PDF exports downloaded from the report header
Free plans see an upgrade prompt instead of script content. Scripts are generated during every scan — upgrading unlocks scripts from past scans too.
Public share links — never
Remediation scripts embed live AWS resource IDs (instance IDs, volume IDs, bucket names, allocation IDs) and destructive CLI commands. Parsivex always strips remediation scripts from public links — regardless of your plan. This is a security measure, not a plan restriction.
Anyone with a public share link sees findings, severity, and savings estimates — but never fix scripts. If you need scripts, open the signed-in report.
See Reports and sharing for the full comparison between authenticated and public views.
Plan access
Remediation scripts are included on paid plans:
| Plan | Remediation scripts |
|---|---|
| Free | No — upgrade prompt on the Fix it panel |
| Monthly Monitoring | Yes |
| Team | Yes |
Free-plan users still see remediation steps on every finding. Only the executable fix scripts require a paid plan.
What finding types have scripts?
Not every finding type has a remediation script yet. When a script is available for a finding type, Parsivex attaches it during each scan. If script generation fails for a single finding, the scan still completes — that finding simply has no Fix it panel.
Common script types include:
- Stop or terminate idle EC2 instances
- Delete orphaned EBS volumes and snapshots
- Release unused Elastic IPs
- Add S3 lifecycle rules (with replacement warnings — see Running scripts safely)
- Resize or modify instance types
Related articles
- Running scripts safely — Warnings, dry-run, backups, and S3 lifecycle pre-checks
- AWS CLI vs Terraform — Which script kind to use and when
- Reports and sharing — Public vs authenticated report content
- Plan comparison — Feature and limit breakdown by plan