Need a highly specific vulnerability report

Hi all. We have a 3rd party that manages patch management in the cloud. They only patch OS for Windows and Linux flavors via systems manager in AWS. They want to see a report in csv format with the following headers:

aws tag name, ip, instance id, missing patch

We are focusing only on critical and high vulnerabilities for now. Anyone know where to begin with this??