AuditManager

Table of Contents

Client

class AuditManager.Client

A low-level client representing AWS Audit Manager

Welcome to the AWS Audit Manager API reference. This guide is for developers who need detailed information about the AWS Audit Manager API operations, data types, and errors.

AWS Audit Manager is a service that provides automated evidence collection so that you can continuously audit your AWS usage, and assess the effectiveness of your controls to better manage risk and simplify compliance.

AWS Audit Manager provides pre-built frameworks that structure and automate assessments for a given compliance standard. Frameworks include a pre-built collection of controls with descriptions and testing procedures, which are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with unique requirements.

Use the following links to get started with the AWS Audit Manager API:

  • Actions : An alphabetical list of all AWS Audit Manager API operations.
  • Data types : An alphabetical list of all AWS Audit Manager data types.
  • Common parameters : Parameters that all Query operations can use.
  • Common errors : Client and server errors that all operations can return.

If you're new to AWS Audit Manager, we recommend that you review the AWS Audit Manager User Guide .

import boto3

client = boto3.client('auditmanager')

These are the available methods:

associate_assessment_report_evidence_folder(**kwargs)

Associates an evidence folder to the specified assessment report in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.associate_assessment_report_evidence_folder(
    assessmentId='string',
    evidenceFolderId='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which evidence is stored.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
batch_associate_assessment_report_evidence(**kwargs)

Associates a list of evidence to an assessment report in an AWS Audit Manager assessment.

See also: AWS API Documentation

Request Syntax

response = client.batch_associate_assessment_report_evidence(
    assessmentId='string',
    evidenceFolderId='string',
    evidenceIds=[
        'string',
    ]
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The unique identifier for the specified assessment.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which the evidence is stored.

  • evidenceIds (list) --

    [REQUIRED]

    The list of evidence identifiers.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'evidenceIds': [
        'string',
    ],
    'errors': [
        {
            'evidenceId': 'string',
            'errorCode': 'string',
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • evidenceIds (list) --

      The identifier for the evidence.

      • (string) --
    • errors (list) --

      A list of errors returned by the BatchAssociateAssessmentReportEvidence API.

      • (dict) --

        An error entity for the AssessmentReportEvidence API. This is used to provide more meaningful errors than a simple string message.

        • evidenceId (string) --

          The identifier for the evidence.

        • errorCode (string) --

          The error code returned by the AssessmentReportEvidence API.

        • errorMessage (string) --

          The error message returned by the AssessmentReportEvidence API.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
batch_create_delegation_by_assessment(**kwargs)

Create a batch of delegations for a specified assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.batch_create_delegation_by_assessment(
    createDelegationRequests=[
        {
            'comment': 'string',
            'controlSetId': 'string',
            'roleArn': 'string',
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER'
        },
    ],
    assessmentId='string'
)
Parameters
  • createDelegationRequests (list) --

    [REQUIRED]

    The API request to batch create delegations in AWS Audit Manager.

    • (dict) --

      A collection of attributes used to create a delegation for an assessment in AWS Audit Manager.

      • comment (string) --

        A comment related to the delegation request.

      • controlSetId (string) --

        The unique identifier for the control set.

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

Return type

dict

Returns

Response Syntax

{
    'delegations': [
        {
            'id': 'string',
            'assessmentName': 'string',
            'assessmentId': 'string',
            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
            'roleArn': 'string',
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1),
            'controlSetId': 'string',
            'comment': 'string',
            'createdBy': 'string'
        },
    ],
    'errors': [
        {
            'createDelegationRequest': {
                'comment': 'string',
                'controlSetId': 'string',
                'roleArn': 'string',
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER'
            },
            'errorCode': 'string',
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • delegations (list) --

      The delegations associated with the assessment.

      • (dict) --

        The assignment of a control set to a delegate for review.

        • id (string) --

          The unique identifier for the delegation.

        • assessmentName (string) --

          The name of the associated assessment.

        • assessmentId (string) --

          The identifier for the associated assessment.

        • status (string) --

          The status of the delegation.

        • roleArn (string) --

          The Amazon Resource Name (ARN) of the IAM role.

        • roleType (string) --

          The type of customer persona.

          Note

          In CreateAssessment , roleType can only be PROCESS_OWNER .

          In UpdateSettings , roleType can only be PROCESS_OWNER .

          In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

        • creationTime (datetime) --

          Specifies when the delegation was created.

        • lastUpdated (datetime) --

          Specifies when the delegation was last updated.

        • controlSetId (string) --

          The identifier for the associated control set.

        • comment (string) --

          The comment related to the delegation.

        • createdBy (string) --

          The IAM user or role that created the delegation.

    • errors (list) --

      A list of errors returned by the BatchCreateDelegationByAssessment API.

      • (dict) --

        An error entity for the BatchCreateDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.

        • createDelegationRequest (dict) --

          The API request to batch create delegations in AWS Audit Manager.

          • comment (string) --

            A comment related to the delegation request.

          • controlSetId (string) --

            The unique identifier for the control set.

          • roleArn (string) --

            The Amazon Resource Name (ARN) of the IAM role.

          • roleType (string) --

            The type of customer persona.

            Note

            In CreateAssessment , roleType can only be PROCESS_OWNER .

            In UpdateSettings , roleType can only be PROCESS_OWNER .

            In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

        • errorCode (string) --

          The error code returned by the BatchCreateDelegationByAssessment API.

        • errorMessage (string) --

          The error message returned by the BatchCreateDelegationByAssessment API.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
batch_delete_delegation_by_assessment(**kwargs)

Deletes the delegations in the specified AWS Audit Manager assessment.

See also: AWS API Documentation

Request Syntax

response = client.batch_delete_delegation_by_assessment(
    delegationIds=[
        'string',
    ],
    assessmentId='string'
)
Parameters
  • delegationIds (list) --

    [REQUIRED]

    The identifiers for the specified delegations.

    • (string) --
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

Return type

dict

Returns

Response Syntax

{
    'errors': [
        {
            'delegationId': 'string',
            'errorCode': 'string',
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • errors (list) --

      A list of errors returned by the BatchDeleteDelegationByAssessment API.

      • (dict) --

        An error entity for the BatchDeleteDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.

        • delegationId (string) --

          The identifier for the specified delegation.

        • errorCode (string) --

          The error code returned by the BatchDeleteDelegationByAssessment API.

        • errorMessage (string) --

          The error message returned by the BatchDeleteDelegationByAssessment API.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
batch_disassociate_assessment_report_evidence(**kwargs)

Disassociates a list of evidence from the specified assessment report in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.batch_disassociate_assessment_report_evidence(
    assessmentId='string',
    evidenceFolderId='string',
    evidenceIds=[
        'string',
    ]
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which evidence is stored.

  • evidenceIds (list) --

    [REQUIRED]

    The list of evidence identifiers.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'evidenceIds': [
        'string',
    ],
    'errors': [
        {
            'evidenceId': 'string',
            'errorCode': 'string',
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • evidenceIds (list) --

      The identifier for the evidence.

      • (string) --
    • errors (list) --

      A list of errors returned by the BatchDisassociateAssessmentReportEvidence API.

      • (dict) --

        An error entity for the AssessmentReportEvidence API. This is used to provide more meaningful errors than a simple string message.

        • evidenceId (string) --

          The identifier for the evidence.

        • errorCode (string) --

          The error code returned by the AssessmentReportEvidence API.

        • errorMessage (string) --

          The error message returned by the AssessmentReportEvidence API.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
batch_import_evidence_to_assessment_control(**kwargs)

Uploads one or more pieces of evidence to the specified control in the assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.batch_import_evidence_to_assessment_control(
    assessmentId='string',
    controlSetId='string',
    controlId='string',
    manualEvidence=[
        {
            's3ResourcePath': 'string'
        },
    ]
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • controlId (string) --

    [REQUIRED]

    The identifier for the specified control.

  • manualEvidence (list) --

    [REQUIRED]

    The list of manual evidence objects.

    • (dict) --

      Evidence that is uploaded to AWS Audit Manager manually.

      • s3ResourcePath (string) --

        The Amazon S3 URL that points to a manual evidence object.

Return type

dict

Returns

Response Syntax

{
    'errors': [
        {
            'manualEvidence': {
                's3ResourcePath': 'string'
            },
            'errorCode': 'string',
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • errors (list) --

      A list of errors returned by the BatchImportEvidenceToAssessmentControl API.

      • (dict) --

        An error entity for the BatchImportEvidenceToAssessmentControl API. This is used to provide more meaningful errors than a simple string message.

        • manualEvidence (dict) --

          Manual evidence that cannot be collected automatically by AWS Audit Manager.

          • s3ResourcePath (string) --

            The Amazon S3 URL that points to a manual evidence object.

        • errorCode (string) --

          The error code returned by the BatchImportEvidenceToAssessmentControl API.

        • errorMessage (string) --

          The error message returned by the BatchImportEvidenceToAssessmentControl API.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
create_assessment(**kwargs)

Creates an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.create_assessment(
    name='string',
    description='string',
    assessmentReportsDestination={
        'destinationType': 'S3',
        'destination': 'string'
    },
    scope={
        'awsAccounts': [
            {
                'id': 'string',
                'emailAddress': 'string',
                'name': 'string'
            },
        ],
        'awsServices': [
            {
                'serviceName': 'string'
            },
        ]
    },
    roles=[
        {
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
            'roleArn': 'string'
        },
    ],
    frameworkId='string',
    tags={
        'string': 'string'
    }
)
Parameters
  • name (string) --

    [REQUIRED]

    The name of the assessment to be created.

  • description (string) -- The optional description of the assessment to be created.
  • assessmentReportsDestination (dict) --

    [REQUIRED]

    The assessment report storage destination for the specified assessment that is being created.

    • destinationType (string) --

      The destination type, such as Amazon S3.

    • destination (string) --

      The destination of the assessment report.

  • scope (dict) --

    [REQUIRED]

    The wrapper that contains the AWS accounts and AWS services in scope for the assessment.

    • awsAccounts (list) --

      The AWS accounts included in the scope of the assessment.

      • (dict) --

        The wrapper of AWS account details, such as account ID, email address, and so on.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

    • awsServices (list) --

      The AWS services included in the scope of the assessment.

      • (dict) --

        An AWS service such as Amazon S3, AWS CloudTrail, and so on.

        • serviceName (string) --

          The name of the AWS service.

  • roles (list) --

    [REQUIRED]

    The list of roles for the specified assessment.

    • (dict) --

      The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.

  • frameworkId (string) --

    [REQUIRED]

    The identifier for the specified framework.

  • tags (dict) --

    The tags associated with the assessment.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • assessment (dict) --

      An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

      • arn (string) --

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) --

        The AWS account associated with the assessment.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

      • metadata (dict) --

        The metadata for the specified assessment.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • description (string) --

          The description of the assessment.

        • complianceType (string) --

          The name of a compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The overall status of the assessment.

        • assessmentReportsDestination (dict) --

          The destination in which evidence reports are stored for the specified assessment.

          • destinationType (string) --

            The destination type, such as Amazon S3.

          • destination (string) --

            The destination of the assessment report.

        • scope (dict) --

          The wrapper of AWS accounts and services in scope for the assessment.

          • awsAccounts (list) --

            The AWS accounts included in the scope of the assessment.

            • (dict) --

              The wrapper of AWS account details, such as account ID, email address, and so on.

              • id (string) --

                The identifier for the specified AWS account.

              • emailAddress (string) --

                The email address associated with the specified AWS account.

              • name (string) --

                The name of the specified AWS account.

          • awsServices (list) --

            The AWS services included in the scope of the assessment.

            • (dict) --

              An AWS service such as Amazon S3, AWS CloudTrail, and so on.

              • serviceName (string) --

                The name of the AWS service.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

      • framework (dict) --

        The framework from which the assessment was created.

        • id (string) --

          The unique identifier for the framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified framework.

        • metadata (dict) --

          The metadata of a framework, such as the name, ID, description, and so on.

          • name (string) --

            The name of the framework.

          • description (string) --

            The description of the framework.

          • logo (string) --

            The logo associated with the framework.

          • complianceType (string) --

            The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

        • controlSets (list) --

          The control sets associated with the framework.

          • (dict) --

            Represents a set of controls in an AWS Audit Manager assessment.

            • id (string) --

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) --

              The description for the control set.

            • status (string) --

              Specifies the current status of the control set.

            • roles (list) --

              The roles associated with the control set.

              • (dict) --

                The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) --

              The list of controls contained with the control set.

              • (dict) --

                The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

                • id (string) --

                  The identifier for the specified control.

                • name (string) --

                  The name of the specified control.

                • description (string) --

                  The description of the specified control.

                • status (string) --

                  The status of the specified control.

                • response (string) --

                  The response of the specified control.

                • comments (list) --

                  The list of comments attached to the specified control.

                  • (dict) --

                    A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

                    • authorName (string) --

                      The name of the user who authored the comment.

                    • commentBody (string) --

                      The body text of a control comment.

                    • postedDate (datetime) --

                      The time when the comment was posted.

                • evidenceSources (list) --

                  The list of data sources for the specified evidence.

                  • (string) --
                • evidenceCount (integer) --

                  The amount of evidence generated for the control.

                • assessmentReportEvidenceCount (integer) --

                  The amount of evidence in the assessment report.

            • delegations (list) --

              The delegations associated with the control set.

              • (dict) --

                The assignment of a control set to a delegate for review.

                • id (string) --

                  The unique identifier for the delegation.

                • assessmentName (string) --

                  The name of the associated assessment.

                • assessmentId (string) --

                  The identifier for the associated assessment.

                • status (string) --

                  The status of the delegation.

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • creationTime (datetime) --

                  Specifies when the delegation was created.

                • lastUpdated (datetime) --

                  Specifies when the delegation was last updated.

                • controlSetId (string) --

                  The identifier for the associated control set.

                • comment (string) --

                  The comment related to the delegation.

                • createdBy (string) --

                  The IAM user or role that created the delegation.

            • systemEvidenceCount (integer) --

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount (integer) --

              The total number of evidence objects uploaded manually to the control set.

      • tags (dict) --

        The tags associated with the assessment.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
create_assessment_framework(**kwargs)

Creates a custom framework in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.create_assessment_framework(
    name='string',
    description='string',
    complianceType='string',
    controlSets=[
        {
            'name': 'string',
            'controls': [
                {
                    'id': 'string'
                },
            ]
        },
    ],
    tags={
        'string': 'string'
    }
)
Parameters
  • name (string) --

    [REQUIRED]

    The name of the new custom framework.

  • description (string) -- An optional description for the new custom framework.
  • complianceType (string) -- The compliance type that the new custom framework supports, such as CIS or HIPAA.
  • controlSets (list) --

    [REQUIRED]

    The control sets to be associated with the framework.

    • (dict) --

      A controlSet entity that represents a collection of controls in AWS Audit Manager. This does not contain the control set ID.

      • name (string) -- [REQUIRED]

        The name of the specified control set.

      • controls (list) --

        The list of controls within the control set. This does not contain the control set ID.

        • (dict) --

          Control entity attributes that uniquely identify an existing control to be added to a framework in AWS Audit Manager.

          • id (string) --

            The unique identifier of the control.

  • tags (dict) --

    The tags associated with the framework.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'framework': {
        'arn': 'string',
        'id': 'string',
        'name': 'string',
        'type': 'Standard'|'Custom',
        'complianceType': 'string',
        'description': 'string',
        'logo': 'string',
        'controlSources': 'string',
        'controlSets': [
            {
                'id': 'string',
                'name': 'string',
                'controls': [
                    {
                        'arn': 'string',
                        'id': 'string',
                        'type': 'Standard'|'Custom',
                        'name': 'string',
                        'description': 'string',
                        'testingInformation': 'string',
                        'actionPlanTitle': 'string',
                        'actionPlanInstructions': 'string',
                        'controlSources': 'string',
                        'controlMappingSources': [
                            {
                                'sourceId': 'string',
                                'sourceName': 'string',
                                'sourceDescription': 'string',
                                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                                'sourceKeyword': {
                                    'keywordInputType': 'SELECT_FROM_LIST',
                                    'keywordValue': 'string'
                                },
                                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                                'troubleshootingText': 'string'
                            },
                        ],
                        'createdAt': datetime(2015, 1, 1),
                        'lastUpdatedAt': datetime(2015, 1, 1),
                        'createdBy': 'string',
                        'lastUpdatedBy': 'string',
                        'tags': {
                            'string': 'string'
                        }
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • framework (dict) --

      The name of the new framework returned by the CreateAssessmentFramework API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified framework.

      • id (string) --

        The unique identifier for the specified framework.

      • name (string) --

        The name of the specified framework.

      • type (string) --

        The framework type, such as custom or standard.

      • complianceType (string) --

        The compliance type that the new custom framework supports, such as CIS or HIPAA.

      • description (string) --

        The description of the specified framework.

      • logo (string) --

        The logo associated with the framework.

      • controlSources (string) --

        The sources from which AWS Audit Manager collects evidence for the control.

      • controlSets (list) --

        The control sets associated with the framework.

        • (dict) --

          A set of controls in AWS Audit Manager.

          • id (string) --

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name (string) --

            The name of the control set.

          • controls (list) --

            The list of controls within the control set.

            • (dict) --

              A control in AWS Audit Manager.

              • arn (string) --

                The Amazon Resource Name (ARN) of the specified control.

              • id (string) --

                The unique identifier for the control.

              • type (string) --

                The type of control, such as custom or standard.

              • name (string) --

                The name of the specified control.

              • description (string) --

                The description of the specified control.

              • testingInformation (string) --

                The steps to follow to determine if the control has been satisfied.

              • actionPlanTitle (string) --

                The title of the action plan for remediating the control.

              • actionPlanInstructions (string) --

                The recommended actions to carry out if the control is not fulfilled.

              • controlSources (string) --

                The data source that determines from where AWS Audit Manager collects evidence for the control.

              • controlMappingSources (list) --

                The data mapping sources for the specified control.

                • (dict) --

                  The data source that determines from where AWS Audit Manager collects evidence for the control.

                  • sourceId (string) --

                    The unique identifier for the specified source.

                  • sourceName (string) --

                    The name of the specified source.

                  • sourceDescription (string) --

                    The description of the specified source.

                  • sourceSetUpOption (string) --

                    The setup option for the data source, which reflects if the evidence collection is automated or manual.

                  • sourceType (string) --

                    Specifies one of the five types of data sources for evidence collection.

                  • sourceKeyword (dict) --

                    The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

                    • keywordInputType (string) --

                      The method of input for the specified keyword.

                    • keywordValue (string) --

                      The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

                  • sourceFrequency (string) --

                    The frequency of evidence collection for the specified control mapping source.

                  • troubleshootingText (string) --

                    The instructions for troubleshooting the specified control.

              • createdAt (datetime) --

                Specifies when the control was created.

              • lastUpdatedAt (datetime) --

                Specifies when the control was most recently updated.

              • createdBy (string) --

                The IAM user or role that created the control.

              • lastUpdatedBy (string) --

                The IAM user or role that most recently updated the control.

              • tags (dict) --

                The tags associated with the control.

                • (string) --
                  • (string) --
      • createdAt (datetime) --

        Specifies when the framework was created.

      • lastUpdatedAt (datetime) --

        Specifies when the framework was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the framework.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the framework.

      • tags (dict) --

        The tags associated with the framework.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
create_assessment_report(**kwargs)

Creates an assessment report for the specified assessment.

See also: AWS API Documentation

Request Syntax

response = client.create_assessment_report(
    name='string',
    description='string',
    assessmentId='string'
)
Parameters
  • name (string) --

    [REQUIRED]

    The name of the new assessment report.

  • description (string) -- The description of the assessment report.
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

Return type

dict

Returns

Response Syntax

{
    'assessmentReport': {
        'id': 'string',
        'name': 'string',
        'description': 'string',
        'awsAccountId': 'string',
        'assessmentId': 'string',
        'assessmentName': 'string',
        'author': 'string',
        'status': 'COMPLETE'|'IN_PROGRESS'|'FAILED',
        'creationTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • assessmentReport (dict) --

      The new assessment report returned by the CreateAssessmentReport API.

      • id (string) --

        The unique identifier for the specified assessment report.

      • name (string) --

        The name given to the assessment report.

      • description (string) --

        The description of the specified assessment report.

      • awsAccountId (string) --

        The identifier for the specified AWS account.

      • assessmentId (string) --

        The identifier for the specified assessment.

      • assessmentName (string) --

        The name of the associated assessment.

      • author (string) --

        The name of the user who created the assessment report.

      • status (string) --

        The current status of the specified assessment report.

      • creationTime (datetime) --

        Specifies when the assessment report was created.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
create_control(**kwargs)

Creates a new custom control in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.create_control(
    name='string',
    description='string',
    testingInformation='string',
    actionPlanTitle='string',
    actionPlanInstructions='string',
    controlMappingSources=[
        {
            'sourceName': 'string',
            'sourceDescription': 'string',
            'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
            'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
            'sourceKeyword': {
                'keywordInputType': 'SELECT_FROM_LIST',
                'keywordValue': 'string'
            },
            'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
            'troubleshootingText': 'string'
        },
    ],
    tags={
        'string': 'string'
    }
)
Parameters
  • name (string) --

    [REQUIRED]

    The name of the control.

  • description (string) -- The description of the control.
  • testingInformation (string) -- The steps to follow to determine if the control has been satisfied.
  • actionPlanTitle (string) -- The title of the action plan for remediating the control.
  • actionPlanInstructions (string) -- The recommended actions to carry out if the control is not fulfilled.
  • controlMappingSources (list) --

    [REQUIRED]

    The data mapping sources for the specified control.

    • (dict) --

      Control mapping fields that represent the source for evidence collection, along with related parameters and metadata. This does not contain mappingID .

      • sourceName (string) --

        The name of the control mapping data source.

      • sourceDescription (string) --

        The description of the data source that determines from where AWS Audit Manager collects evidence for the control.

      • sourceSetUpOption (string) --

        The setup option for the data source, which reflects if the evidence collection is automated or manual.

      • sourceType (string) --

        Specifies one of the five types of data sources for evidence collection.

      • sourceKeyword (dict) --

        The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

        • keywordInputType (string) --

          The method of input for the specified keyword.

        • keywordValue (string) --

          The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

      • sourceFrequency (string) --

        The frequency of evidence collection for the specified control mapping source.

      • troubleshootingText (string) --

        The instructions for troubleshooting the specified control.

  • tags (dict) --

    The tags associated with the control.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{
    'control': {
        'arn': 'string',
        'id': 'string',
        'type': 'Standard'|'Custom',
        'name': 'string',
        'description': 'string',
        'testingInformation': 'string',
        'actionPlanTitle': 'string',
        'actionPlanInstructions': 'string',
        'controlSources': 'string',
        'controlMappingSources': [
            {
                'sourceId': 'string',
                'sourceName': 'string',
                'sourceDescription': 'string',
                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                'sourceKeyword': {
                    'keywordInputType': 'SELECT_FROM_LIST',
                    'keywordValue': 'string'
                },
                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                'troubleshootingText': 'string'
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • control (dict) --

      The new control returned by the CreateControl API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified control.

      • id (string) --

        The unique identifier for the control.

      • type (string) --

        The type of control, such as custom or standard.

      • name (string) --

        The name of the specified control.

      • description (string) --

        The description of the specified control.

      • testingInformation (string) --

        The steps to follow to determine if the control has been satisfied.

      • actionPlanTitle (string) --

        The title of the action plan for remediating the control.

      • actionPlanInstructions (string) --

        The recommended actions to carry out if the control is not fulfilled.

      • controlSources (string) --

        The data source that determines from where AWS Audit Manager collects evidence for the control.

      • controlMappingSources (list) --

        The data mapping sources for the specified control.

        • (dict) --

          The data source that determines from where AWS Audit Manager collects evidence for the control.

          • sourceId (string) --

            The unique identifier for the specified source.

          • sourceName (string) --

            The name of the specified source.

          • sourceDescription (string) --

            The description of the specified source.

          • sourceSetUpOption (string) --

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

          • sourceType (string) --

            Specifies one of the five types of data sources for evidence collection.

          • sourceKeyword (dict) --

            The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

            • keywordInputType (string) --

              The method of input for the specified keyword.

            • keywordValue (string) --

              The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

          • sourceFrequency (string) --

            The frequency of evidence collection for the specified control mapping source.

          • troubleshootingText (string) --

            The instructions for troubleshooting the specified control.

      • createdAt (datetime) --

        Specifies when the control was created.

      • lastUpdatedAt (datetime) --

        Specifies when the control was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the control.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the control.

      • tags (dict) --

        The tags associated with the control.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
delete_assessment(**kwargs)

Deletes an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.delete_assessment(
    assessmentId='string'
)
Parameters
assessmentId (string) --

[REQUIRED]

The identifier for the specified assessment.

Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
delete_assessment_framework(**kwargs)

Deletes a custom framework in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.delete_assessment_framework(
    frameworkId='string'
)
Parameters
frameworkId (string) --

[REQUIRED]

The identifier for the specified framework.

Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
delete_assessment_report(**kwargs)

Deletes an assessment report from an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.delete_assessment_report(
    assessmentId='string',
    assessmentReportId='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • assessmentReportId (string) --

    [REQUIRED]

    The unique identifier for the assessment report.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
delete_control(**kwargs)

Deletes a custom control in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.delete_control(
    controlId='string'
)
Parameters
controlId (string) --

[REQUIRED]

The identifier for the specified control.

Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
deregister_account()

Deregisters an account in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.deregister_account()
Return type
dict
Returns
Response Syntax
{
    'status': 'ACTIVE'|'INACTIVE'|'PENDING_ACTIVATION'
}

Response Structure

  • (dict) --
    • status (string) --

      The registration status of the account.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
deregister_organization_admin_account(**kwargs)

Deregisters the delegated AWS administrator account from the AWS organization.

See also: AWS API Documentation

Request Syntax

response = client.deregister_organization_admin_account(
    adminAccountId='string'
)
Parameters
adminAccountId (string) -- The identifier for the specified administrator account.
Return type
dict
Returns
Response Syntax
{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
disassociate_assessment_report_evidence_folder(**kwargs)

Disassociates an evidence folder from the specified assessment report in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_assessment_report_evidence_folder(
    assessmentId='string',
    evidenceFolderId='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which evidence is stored.

Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
generate_presigned_url(ClientMethod, Params=None, ExpiresIn=3600, HttpMethod=None)

Generate a presigned url given a client, its method, and arguments

Parameters
  • ClientMethod (string) -- The client method to presign for
  • Params (dict) -- The parameters normally passed to ClientMethod.
  • ExpiresIn (int) -- The number of seconds the presigned url is valid for. By default it expires in an hour (3600 seconds)
  • HttpMethod (string) -- The http method to use on the generated url. By default, the http method is whatever is used in the method's model.
Returns

The presigned url

get_account_status()

Returns the registration status of an account in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_account_status()
Return type
dict
Returns
Response Syntax
{
    'status': 'ACTIVE'|'INACTIVE'|'PENDING_ACTIVATION'
}

Response Structure

  • (dict) --
    • status (string) --

      The status of the specified AWS account.

Exceptions

  • AuditManager.Client.exceptions.InternalServerException
get_assessment(**kwargs)

Returns an assessment from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_assessment(
    assessmentId='string'
)
Parameters
assessmentId (string) --

[REQUIRED]

The identifier for the specified assessment.

Return type
dict
Returns
Response Syntax
{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    },
    'userRole': {
        'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
        'roleArn': 'string'
    }
}

Response Structure

  • (dict) --
    • assessment (dict) --

      An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

      • arn (string) --

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) --

        The AWS account associated with the assessment.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

      • metadata (dict) --

        The metadata for the specified assessment.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • description (string) --

          The description of the assessment.

        • complianceType (string) --

          The name of a compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The overall status of the assessment.

        • assessmentReportsDestination (dict) --

          The destination in which evidence reports are stored for the specified assessment.

          • destinationType (string) --

            The destination type, such as Amazon S3.

          • destination (string) --

            The destination of the assessment report.

        • scope (dict) --

          The wrapper of AWS accounts and services in scope for the assessment.

          • awsAccounts (list) --

            The AWS accounts included in the scope of the assessment.

            • (dict) --

              The wrapper of AWS account details, such as account ID, email address, and so on.

              • id (string) --

                The identifier for the specified AWS account.

              • emailAddress (string) --

                The email address associated with the specified AWS account.

              • name (string) --

                The name of the specified AWS account.

          • awsServices (list) --

            The AWS services included in the scope of the assessment.

            • (dict) --

              An AWS service such as Amazon S3, AWS CloudTrail, and so on.

              • serviceName (string) --

                The name of the AWS service.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

      • framework (dict) --

        The framework from which the assessment was created.

        • id (string) --

          The unique identifier for the framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified framework.

        • metadata (dict) --

          The metadata of a framework, such as the name, ID, description, and so on.

          • name (string) --

            The name of the framework.

          • description (string) --

            The description of the framework.

          • logo (string) --

            The logo associated with the framework.

          • complianceType (string) --

            The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

        • controlSets (list) --

          The control sets associated with the framework.

          • (dict) --

            Represents a set of controls in an AWS Audit Manager assessment.

            • id (string) --

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) --

              The description for the control set.

            • status (string) --

              Specifies the current status of the control set.

            • roles (list) --

              The roles associated with the control set.

              • (dict) --

                The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) --

              The list of controls contained with the control set.

              • (dict) --

                The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

                • id (string) --

                  The identifier for the specified control.

                • name (string) --

                  The name of the specified control.

                • description (string) --

                  The description of the specified control.

                • status (string) --

                  The status of the specified control.

                • response (string) --

                  The response of the specified control.

                • comments (list) --

                  The list of comments attached to the specified control.

                  • (dict) --

                    A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

                    • authorName (string) --

                      The name of the user who authored the comment.

                    • commentBody (string) --

                      The body text of a control comment.

                    • postedDate (datetime) --

                      The time when the comment was posted.

                • evidenceSources (list) --

                  The list of data sources for the specified evidence.

                  • (string) --
                • evidenceCount (integer) --

                  The amount of evidence generated for the control.

                • assessmentReportEvidenceCount (integer) --

                  The amount of evidence in the assessment report.

            • delegations (list) --

              The delegations associated with the control set.

              • (dict) --

                The assignment of a control set to a delegate for review.

                • id (string) --

                  The unique identifier for the delegation.

                • assessmentName (string) --

                  The name of the associated assessment.

                • assessmentId (string) --

                  The identifier for the associated assessment.

                • status (string) --

                  The status of the delegation.

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • creationTime (datetime) --

                  Specifies when the delegation was created.

                • lastUpdated (datetime) --

                  Specifies when the delegation was last updated.

                • controlSetId (string) --

                  The identifier for the associated control set.

                • comment (string) --

                  The comment related to the delegation.

                • createdBy (string) --

                  The IAM user or role that created the delegation.

            • systemEvidenceCount (integer) --

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount (integer) --

              The total number of evidence objects uploaded manually to the control set.

      • tags (dict) --

        The tags associated with the assessment.

        • (string) --
          • (string) --
    • userRole (dict) --

      The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_assessment_framework(**kwargs)

Returns a framework from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_assessment_framework(
    frameworkId='string'
)
Parameters
frameworkId (string) --

[REQUIRED]

The identifier for the specified framework.

Return type
dict
Returns
Response Syntax
{
    'framework': {
        'arn': 'string',
        'id': 'string',
        'name': 'string',
        'type': 'Standard'|'Custom',
        'complianceType': 'string',
        'description': 'string',
        'logo': 'string',
        'controlSources': 'string',
        'controlSets': [
            {
                'id': 'string',
                'name': 'string',
                'controls': [
                    {
                        'arn': 'string',
                        'id': 'string',
                        'type': 'Standard'|'Custom',
                        'name': 'string',
                        'description': 'string',
                        'testingInformation': 'string',
                        'actionPlanTitle': 'string',
                        'actionPlanInstructions': 'string',
                        'controlSources': 'string',
                        'controlMappingSources': [
                            {
                                'sourceId': 'string',
                                'sourceName': 'string',
                                'sourceDescription': 'string',
                                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                                'sourceKeyword': {
                                    'keywordInputType': 'SELECT_FROM_LIST',
                                    'keywordValue': 'string'
                                },
                                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                                'troubleshootingText': 'string'
                            },
                        ],
                        'createdAt': datetime(2015, 1, 1),
                        'lastUpdatedAt': datetime(2015, 1, 1),
                        'createdBy': 'string',
                        'lastUpdatedBy': 'string',
                        'tags': {
                            'string': 'string'
                        }
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --
    • framework (dict) --

      The framework returned by the GetAssessmentFramework API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified framework.

      • id (string) --

        The unique identifier for the specified framework.

      • name (string) --

        The name of the specified framework.

      • type (string) --

        The framework type, such as custom or standard.

      • complianceType (string) --

        The compliance type that the new custom framework supports, such as CIS or HIPAA.

      • description (string) --

        The description of the specified framework.

      • logo (string) --

        The logo associated with the framework.

      • controlSources (string) --

        The sources from which AWS Audit Manager collects evidence for the control.

      • controlSets (list) --

        The control sets associated with the framework.

        • (dict) --

          A set of controls in AWS Audit Manager.

          • id (string) --

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name (string) --

            The name of the control set.

          • controls (list) --

            The list of controls within the control set.

            • (dict) --

              A control in AWS Audit Manager.

              • arn (string) --

                The Amazon Resource Name (ARN) of the specified control.

              • id (string) --

                The unique identifier for the control.

              • type (string) --

                The type of control, such as custom or standard.

              • name (string) --

                The name of the specified control.

              • description (string) --

                The description of the specified control.

              • testingInformation (string) --

                The steps to follow to determine if the control has been satisfied.

              • actionPlanTitle (string) --

                The title of the action plan for remediating the control.

              • actionPlanInstructions (string) --

                The recommended actions to carry out if the control is not fulfilled.

              • controlSources (string) --

                The data source that determines from where AWS Audit Manager collects evidence for the control.

              • controlMappingSources (list) --

                The data mapping sources for the specified control.

                • (dict) --

                  The data source that determines from where AWS Audit Manager collects evidence for the control.

                  • sourceId (string) --

                    The unique identifier for the specified source.

                  • sourceName (string) --

                    The name of the specified source.

                  • sourceDescription (string) --

                    The description of the specified source.

                  • sourceSetUpOption (string) --

                    The setup option for the data source, which reflects if the evidence collection is automated or manual.

                  • sourceType (string) --

                    Specifies one of the five types of data sources for evidence collection.

                  • sourceKeyword (dict) --

                    The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

                    • keywordInputType (string) --

                      The method of input for the specified keyword.

                    • keywordValue (string) --

                      The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

                  • sourceFrequency (string) --

                    The frequency of evidence collection for the specified control mapping source.

                  • troubleshootingText (string) --

                    The instructions for troubleshooting the specified control.

              • createdAt (datetime) --

                Specifies when the control was created.

              • lastUpdatedAt (datetime) --

                Specifies when the control was most recently updated.

              • createdBy (string) --

                The IAM user or role that created the control.

              • lastUpdatedBy (string) --

                The IAM user or role that most recently updated the control.

              • tags (dict) --

                The tags associated with the control.

                • (string) --
                  • (string) --
      • createdAt (datetime) --

        Specifies when the framework was created.

      • lastUpdatedAt (datetime) --

        Specifies when the framework was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the framework.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the framework.

      • tags (dict) --

        The tags associated with the framework.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_assessment_report_url(**kwargs)

Returns the URL of a specified assessment report in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_assessment_report_url(
    assessmentReportId='string',
    assessmentId='string'
)
Parameters
  • assessmentReportId (string) --

    [REQUIRED]

    The identifier for the assessment report.

  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

Return type

dict

Returns

Response Syntax

{
    'preSignedUrl': {
        'hyperlinkName': 'string',
        'link': 'string'
    }
}

Response Structure

  • (dict) --

    • preSignedUrl (dict) --

      A uniform resource locator, used as a unique identifier to locate a resource on the internet.

      • hyperlinkName (string) --

        The name or word used as a hyperlink to the URL.

      • link (string) --

        The unique identifier for the internet resource.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
get_change_logs(**kwargs)

Returns a list of changelogs from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_change_logs(
    assessmentId='string',
    controlSetId='string',
    controlId='string',
    nextToken='string',
    maxResults=123
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) -- The identifier for the specified control set.
  • controlId (string) -- The identifier for the specified control.
  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'changeLogs': [
        {
            'objectType': 'ASSESSMENT'|'CONTROL_SET'|'CONTROL'|'DELEGATION'|'ASSESSMENT_REPORT',
            'objectName': 'string',
            'action': 'CREATE'|'UPDATE_METADATA'|'ACTIVE'|'INACTIVE'|'DELETE'|'UNDER_REVIEW'|'REVIEWED'|'IMPORT_EVIDENCE',
            'createdAt': datetime(2015, 1, 1),
            'createdBy': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • changeLogs (list) --

      The list of user activity for the control.

      • (dict) --

        The record of a change within AWS Audit Manager, such as a modified assessment, a delegated control set, and so on.

        • objectType (string) --

          The changelog object type, such as an assessment, control, or control set.

        • objectName (string) --

          The name of the changelog object.

        • action (string) --

          The action performed.

        • createdAt (datetime) --

          The time of creation for the changelog object.

        • createdBy (string) --

          The IAM user or role that performed the action.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
get_control(**kwargs)

Returns a control from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_control(
    controlId='string'
)
Parameters
controlId (string) --

[REQUIRED]

The identifier for the specified control.

Return type
dict
Returns
Response Syntax
{
    'control': {
        'arn': 'string',
        'id': 'string',
        'type': 'Standard'|'Custom',
        'name': 'string',
        'description': 'string',
        'testingInformation': 'string',
        'actionPlanTitle': 'string',
        'actionPlanInstructions': 'string',
        'controlSources': 'string',
        'controlMappingSources': [
            {
                'sourceId': 'string',
                'sourceName': 'string',
                'sourceDescription': 'string',
                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                'sourceKeyword': {
                    'keywordInputType': 'SELECT_FROM_LIST',
                    'keywordValue': 'string'
                },
                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                'troubleshootingText': 'string'
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --
    • control (dict) --

      The name of the control returned by the GetControl API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified control.

      • id (string) --

        The unique identifier for the control.

      • type (string) --

        The type of control, such as custom or standard.

      • name (string) --

        The name of the specified control.

      • description (string) --

        The description of the specified control.

      • testingInformation (string) --

        The steps to follow to determine if the control has been satisfied.

      • actionPlanTitle (string) --

        The title of the action plan for remediating the control.

      • actionPlanInstructions (string) --

        The recommended actions to carry out if the control is not fulfilled.

      • controlSources (string) --

        The data source that determines from where AWS Audit Manager collects evidence for the control.

      • controlMappingSources (list) --

        The data mapping sources for the specified control.

        • (dict) --

          The data source that determines from where AWS Audit Manager collects evidence for the control.

          • sourceId (string) --

            The unique identifier for the specified source.

          • sourceName (string) --

            The name of the specified source.

          • sourceDescription (string) --

            The description of the specified source.

          • sourceSetUpOption (string) --

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

          • sourceType (string) --

            Specifies one of the five types of data sources for evidence collection.

          • sourceKeyword (dict) --

            The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

            • keywordInputType (string) --

              The method of input for the specified keyword.

            • keywordValue (string) --

              The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

          • sourceFrequency (string) --

            The frequency of evidence collection for the specified control mapping source.

          • troubleshootingText (string) --

            The instructions for troubleshooting the specified control.

      • createdAt (datetime) --

        Specifies when the control was created.

      • lastUpdatedAt (datetime) --

        Specifies when the control was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the control.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the control.

      • tags (dict) --

        The tags associated with the control.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_delegations(**kwargs)

Returns a list of delegations from an audit owner to a delegate.

See also: AWS API Documentation

Request Syntax

response = client.get_delegations(
    nextToken='string',
    maxResults=123
)
Parameters
  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'delegations': [
        {
            'id': 'string',
            'assessmentName': 'string',
            'assessmentId': 'string',
            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
            'roleArn': 'string',
            'creationTime': datetime(2015, 1, 1),
            'controlSetName': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • delegations (list) --

      The list of delegations returned by the GetDelegations API.

      • (dict) --

        The metadata associated with the specified delegation.

        • id (string) --

          The unique identifier for the delegation.

        • assessmentName (string) --

          The name of the associated assessment.

        • assessmentId (string) --

          The unique identifier for the specified assessment.

        • status (string) --

          The current status of the delgation.

        • roleArn (string) --

          The Amazon Resource Name (ARN) of the IAM role.

        • creationTime (datetime) --

          Specifies when the delegation was created.

        • controlSetName (string) --

          Specifies the name of the control set delegated for review.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_evidence(**kwargs)

Returns evidence from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_evidence(
    assessmentId='string',
    controlSetId='string',
    evidenceFolderId='string',
    evidenceId='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which the evidence is stored.

  • evidenceId (string) --

    [REQUIRED]

    The identifier for the evidence.

Return type

dict

Returns

Response Syntax

{
    'evidence': {
        'dataSource': 'string',
        'evidenceAwsAccountId': 'string',
        'time': datetime(2015, 1, 1),
        'eventSource': 'string',
        'eventName': 'string',
        'evidenceByType': 'string',
        'resourcesIncluded': [
            {
                'arn': 'string',
                'value': 'string'
            },
        ],
        'attributes': {
            'string': 'string'
        },
        'iamId': 'string',
        'complianceCheck': 'string',
        'awsOrganization': 'string',
        'awsAccountId': 'string',
        'evidenceFolderId': 'string',
        'id': 'string',
        'assessmentReportSelection': 'string'
    }
}

Response Structure

  • (dict) --

    • evidence (dict) --

      The evidence returned by the GetEvidenceResponse API.

      • dataSource (string) --

        The data source from which the specified evidence was collected.

      • evidenceAwsAccountId (string) --

        The identifier for the specified AWS account.

      • time (datetime) --

        The timestamp that represents when the evidence was collected.

      • eventSource (string) --

        The AWS service from which the evidence is collected.

      • eventName (string) --

        The name of the specified evidence event.

      • evidenceByType (string) --

        The type of automated evidence.

      • resourcesIncluded (list) --

        The list of resources assessed to generate the evidence.

        • (dict) --

          A system asset that is evaluated in an AWS Audit Manager assessment.

          • arn (string) --

            The Amazon Resource Name (ARN) for the specified resource.

          • value (string) --

            The value of the specified resource.

      • attributes (dict) --

        The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword ) and value (such as true or false ).

        • (string) --
          • (string) --
      • iamId (string) --

        The unique identifier for the IAM user or role associated with the evidence.

      • complianceCheck (string) --

        The evaluation status for evidence that falls under the compliance check category. For evidence collected from AWS Security Hub, a Pass or Fail result is shown. For evidence collected from AWS Config, a Compliant or Noncompliant result is shown.

      • awsOrganization (string) --

        The AWS account from which the evidence is collected, and its AWS organization path.

      • awsAccountId (string) --

        The identifier for the specified AWS account.

      • evidenceFolderId (string) --

        The identifier for the folder in which the evidence is stored.

      • id (string) --

        The identifier for the evidence.

      • assessmentReportSelection (string) --

        Specifies whether the evidence is included in the assessment report.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_evidence_by_evidence_folder(**kwargs)

Returns all evidence from a specified evidence folder in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_evidence_by_evidence_folder(
    assessmentId='string',
    controlSetId='string',
    evidenceFolderId='string',
    nextToken='string',
    maxResults=123
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the control set.

  • evidenceFolderId (string) --

    [REQUIRED]

    The unique identifier for the folder in which the evidence is stored.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'evidence': [
        {
            'dataSource': 'string',
            'evidenceAwsAccountId': 'string',
            'time': datetime(2015, 1, 1),
            'eventSource': 'string',
            'eventName': 'string',
            'evidenceByType': 'string',
            'resourcesIncluded': [
                {
                    'arn': 'string',
                    'value': 'string'
                },
            ],
            'attributes': {
                'string': 'string'
            },
            'iamId': 'string',
            'complianceCheck': 'string',
            'awsOrganization': 'string',
            'awsAccountId': 'string',
            'evidenceFolderId': 'string',
            'id': 'string',
            'assessmentReportSelection': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • evidence (list) --

      The list of evidence returned by the GetEvidenceByEvidenceFolder API.

      • (dict) --

        A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity triggered by a user, or a system configuration snapshot.

        • dataSource (string) --

          The data source from which the specified evidence was collected.

        • evidenceAwsAccountId (string) --

          The identifier for the specified AWS account.

        • time (datetime) --

          The timestamp that represents when the evidence was collected.

        • eventSource (string) --

          The AWS service from which the evidence is collected.

        • eventName (string) --

          The name of the specified evidence event.

        • evidenceByType (string) --

          The type of automated evidence.

        • resourcesIncluded (list) --

          The list of resources assessed to generate the evidence.

          • (dict) --

            A system asset that is evaluated in an AWS Audit Manager assessment.

            • arn (string) --

              The Amazon Resource Name (ARN) for the specified resource.

            • value (string) --

              The value of the specified resource.

        • attributes (dict) --

          The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword ) and value (such as true or false ).

          • (string) --
            • (string) --
        • iamId (string) --

          The unique identifier for the IAM user or role associated with the evidence.

        • complianceCheck (string) --

          The evaluation status for evidence that falls under the compliance check category. For evidence collected from AWS Security Hub, a Pass or Fail result is shown. For evidence collected from AWS Config, a Compliant or Noncompliant result is shown.

        • awsOrganization (string) --

          The AWS account from which the evidence is collected, and its AWS organization path.

        • awsAccountId (string) --

          The identifier for the specified AWS account.

        • evidenceFolderId (string) --

          The identifier for the folder in which the evidence is stored.

        • id (string) --

          The identifier for the evidence.

        • assessmentReportSelection (string) --

          Specifies whether the evidence is included in the assessment report.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_evidence_folder(**kwargs)

Returns an evidence folder from the specified assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_evidence_folder(
    assessmentId='string',
    controlSetId='string',
    evidenceFolderId='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • evidenceFolderId (string) --

    [REQUIRED]

    The identifier for the folder in which the evidence is stored.

Return type

dict

Returns

Response Syntax

{
    'evidenceFolder': {
        'name': 'string',
        'date': datetime(2015, 1, 1),
        'assessmentId': 'string',
        'controlSetId': 'string',
        'controlId': 'string',
        'id': 'string',
        'dataSource': 'string',
        'author': 'string',
        'totalEvidence': 123,
        'assessmentReportSelectionCount': 123,
        'controlName': 'string',
        'evidenceResourcesIncludedCount': 123,
        'evidenceByTypeConfigurationDataCount': 123,
        'evidenceByTypeManualCount': 123,
        'evidenceByTypeComplianceCheckCount': 123,
        'evidenceByTypeComplianceCheckIssuesCount': 123,
        'evidenceByTypeUserActivityCount': 123,
        'evidenceAwsServiceSourceCount': 123
    }
}

Response Structure

  • (dict) --

    • evidenceFolder (dict) --

      The folder in which evidence is stored.

      • name (string) --

        The name of the specified evidence folder.

      • date (datetime) --

        The date when the first evidence was added to the evidence folder.

      • assessmentId (string) --

        The identifier for the specified assessment.

      • controlSetId (string) --

        The identifier for the control set.

      • controlId (string) --

        The unique identifier for the specified control.

      • id (string) --

        The identifier for the folder in which evidence is stored.

      • dataSource (string) --

        The AWS service from which the evidence was collected.

      • author (string) --

        The name of the user who created the evidence folder.

      • totalEvidence (integer) --

        The total amount of evidence in the evidence folder.

      • assessmentReportSelectionCount (integer) --

        The total count of evidence included in the assessment report.

      • controlName (string) --

        The name of the control.

      • evidenceResourcesIncludedCount (integer) --

        The amount of evidence included in the evidence folder.

      • evidenceByTypeConfigurationDataCount (integer) --

        The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

      • evidenceByTypeManualCount (integer) --

        The number of evidence that falls under the manual category. This evidence is imported manually.

      • evidenceByTypeComplianceCheckCount (integer) --

        The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

      • evidenceByTypeComplianceCheckIssuesCount (integer) --

        The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

      • evidenceByTypeUserActivityCount (integer) --

        The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

      • evidenceAwsServiceSourceCount (integer) --

        The total number of AWS resources assessed to generate the evidence.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_evidence_folders_by_assessment(**kwargs)

Returns the evidence folders from a specified assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_evidence_folders_by_assessment(
    assessmentId='string',
    nextToken='string',
    maxResults=123
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'evidenceFolders': [
        {
            'name': 'string',
            'date': datetime(2015, 1, 1),
            'assessmentId': 'string',
            'controlSetId': 'string',
            'controlId': 'string',
            'id': 'string',
            'dataSource': 'string',
            'author': 'string',
            'totalEvidence': 123,
            'assessmentReportSelectionCount': 123,
            'controlName': 'string',
            'evidenceResourcesIncludedCount': 123,
            'evidenceByTypeConfigurationDataCount': 123,
            'evidenceByTypeManualCount': 123,
            'evidenceByTypeComplianceCheckCount': 123,
            'evidenceByTypeComplianceCheckIssuesCount': 123,
            'evidenceByTypeUserActivityCount': 123,
            'evidenceAwsServiceSourceCount': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • evidenceFolders (list) --

      The list of evidence folders returned by the GetEvidenceFoldersByAssessment API.

      • (dict) --

        The folder in which AWS Audit Manager stores evidence for an assessment.

        • name (string) --

          The name of the specified evidence folder.

        • date (datetime) --

          The date when the first evidence was added to the evidence folder.

        • assessmentId (string) --

          The identifier for the specified assessment.

        • controlSetId (string) --

          The identifier for the control set.

        • controlId (string) --

          The unique identifier for the specified control.

        • id (string) --

          The identifier for the folder in which evidence is stored.

        • dataSource (string) --

          The AWS service from which the evidence was collected.

        • author (string) --

          The name of the user who created the evidence folder.

        • totalEvidence (integer) --

          The total amount of evidence in the evidence folder.

        • assessmentReportSelectionCount (integer) --

          The total count of evidence included in the assessment report.

        • controlName (string) --

          The name of the control.

        • evidenceResourcesIncludedCount (integer) --

          The amount of evidence included in the evidence folder.

        • evidenceByTypeConfigurationDataCount (integer) --

          The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

        • evidenceByTypeManualCount (integer) --

          The number of evidence that falls under the manual category. This evidence is imported manually.

        • evidenceByTypeComplianceCheckCount (integer) --

          The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

        • evidenceByTypeComplianceCheckIssuesCount (integer) --

          The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

        • evidenceByTypeUserActivityCount (integer) --

          The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

        • evidenceAwsServiceSourceCount (integer) --

          The total number of AWS resources assessed to generate the evidence.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
get_evidence_folders_by_assessment_control(**kwargs)

Returns a list of evidence folders associated with a specified control of an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.get_evidence_folders_by_assessment_control(
    assessmentId='string',
    controlSetId='string',
    controlId='string',
    nextToken='string',
    maxResults=123
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • controlId (string) --

    [REQUIRED]

    The identifier for the specified control.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'evidenceFolders': [
        {
            'name': 'string',
            'date': datetime(2015, 1, 1),
            'assessmentId': 'string',
            'controlSetId': 'string',
            'controlId': 'string',
            'id': 'string',
            'dataSource': 'string',
            'author': 'string',
            'totalEvidence': 123,
            'assessmentReportSelectionCount': 123,
            'controlName': 'string',
            'evidenceResourcesIncludedCount': 123,
            'evidenceByTypeConfigurationDataCount': 123,
            'evidenceByTypeManualCount': 123,
            'evidenceByTypeComplianceCheckCount': 123,
            'evidenceByTypeComplianceCheckIssuesCount': 123,
            'evidenceByTypeUserActivityCount': 123,
            'evidenceAwsServiceSourceCount': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • evidenceFolders (list) --

      The list of evidence folders returned by the GetEvidenceFoldersByAssessmentControl API.

      • (dict) --

        The folder in which AWS Audit Manager stores evidence for an assessment.

        • name (string) --

          The name of the specified evidence folder.

        • date (datetime) --

          The date when the first evidence was added to the evidence folder.

        • assessmentId (string) --

          The identifier for the specified assessment.

        • controlSetId (string) --

          The identifier for the control set.

        • controlId (string) --

          The unique identifier for the specified control.

        • id (string) --

          The identifier for the folder in which evidence is stored.

        • dataSource (string) --

          The AWS service from which the evidence was collected.

        • author (string) --

          The name of the user who created the evidence folder.

        • totalEvidence (integer) --

          The total amount of evidence in the evidence folder.

        • assessmentReportSelectionCount (integer) --

          The total count of evidence included in the assessment report.

        • controlName (string) --

          The name of the control.

        • evidenceResourcesIncludedCount (integer) --

          The amount of evidence included in the evidence folder.

        • evidenceByTypeConfigurationDataCount (integer) --

          The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

        • evidenceByTypeManualCount (integer) --

          The number of evidence that falls under the manual category. This evidence is imported manually.

        • evidenceByTypeComplianceCheckCount (integer) --

          The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

        • evidenceByTypeComplianceCheckIssuesCount (integer) --

          The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

        • evidenceByTypeUserActivityCount (integer) --

          The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

        • evidenceAwsServiceSourceCount (integer) --

          The total number of AWS resources assessed to generate the evidence.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_organization_admin_account()

Returns the name of the delegated AWS administrator account for the AWS organization.

See also: AWS API Documentation

Request Syntax

response = client.get_organization_admin_account()
Return type
dict
Returns
Response Syntax
{
    'adminAccountId': 'string',
    'organizationId': 'string'
}

Response Structure

  • (dict) --
    • adminAccountId (string) --

      The identifier for the specified administrator account.

    • organizationId (string) --

      The identifier for the specified organization.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
get_paginator(operation_name)

Create a paginator for an operation.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Raises OperationNotPageableError
Raised if the operation is not pageable. You can use the client.can_paginate method to check if an operation is pageable.
Return type
L{botocore.paginate.Paginator}
Returns
A paginator object.
get_services_in_scope()

Returns a list of the in-scope AWS services for the specified assessment.

See also: AWS API Documentation

Request Syntax

response = client.get_services_in_scope()
Return type
dict
Returns
Response Syntax
{
    'serviceMetadata': [
        {
            'name': 'string',
            'displayName': 'string',
            'description': 'string',
            'category': 'string'
        },
    ]
}

Response Structure

  • (dict) --
    • serviceMetadata (list) --

      The metadata associated with the aAWS service.

      • (dict) --

        The metadata associated with the specified AWS service.

        • name (string) --

          The name of the AWS service.

        • displayName (string) --

          The display name of the AWS service.

        • description (string) --

          The description of the specified AWS service.

        • category (string) --

          The category in which the AWS service belongs, such as compute, storage, database, and so on.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
get_settings(**kwargs)

Returns the settings for the specified AWS account.

See also: AWS API Documentation

Request Syntax

response = client.get_settings(
    attribute='ALL'|'IS_AWS_ORG_ENABLED'|'SNS_TOPIC'|'DEFAULT_ASSESSMENT_REPORTS_DESTINATION'|'DEFAULT_PROCESS_OWNERS'
)
Parameters
attribute (string) --

[REQUIRED]

The list of SettingAttribute enum values.

Return type
dict
Returns
Response Syntax
{
    'settings': {
        'isAwsOrgEnabled': True|False,
        'snsTopic': 'string',
        'defaultAssessmentReportsDestination': {
            'destinationType': 'S3',
            'destination': 'string'
        },
        'defaultProcessOwners': [
            {
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                'roleArn': 'string'
            },
        ],
        'kmsKey': 'string'
    }
}

Response Structure

  • (dict) --
    • settings (dict) --

      The settings object that holds all supported AWS Audit Manager settings.

      • isAwsOrgEnabled (boolean) --

        Specifies whether AWS Organizations is enabled.

      • snsTopic (string) --

        The designated Amazon Simple Notification Service (Amazon SNS) topic.

      • defaultAssessmentReportsDestination (dict) --

        The default storage destination for assessment reports.

        • destinationType (string) --

          The destination type, such as Amazon S3.

        • destination (string) --

          The destination of the assessment report.

      • defaultProcessOwners (list) --

        The designated default audit owners.

        • (dict) --

          The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

          • roleType (string) --

            The type of customer persona.

            Note

            In CreateAssessment , roleType can only be PROCESS_OWNER .

            In UpdateSettings , roleType can only be PROCESS_OWNER .

            In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

          • roleArn (string) --

            The Amazon Resource Name (ARN) of the IAM role.

      • kmsKey (string) --

        The AWS KMS key details.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
get_waiter(waiter_name)

Returns an object that can wait for some condition.

Parameters
waiter_name (str) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters.
Returns
The specified waiter object.
Return type
botocore.waiter.Waiter
list_assessment_frameworks(**kwargs)

Returns a list of the frameworks available in the AWS Audit Manager framework library.

See also: AWS API Documentation

Request Syntax

response = client.list_assessment_frameworks(
    frameworkType='Standard'|'Custom',
    nextToken='string',
    maxResults=123
)
Parameters
  • frameworkType (string) --

    [REQUIRED]

    The type of framework, such as standard or custom.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'frameworkMetadataList': [
        {
            'arn': 'string',
            'id': 'string',
            'type': 'Standard'|'Custom',
            'name': 'string',
            'description': 'string',
            'logo': 'string',
            'complianceType': 'string',
            'controlsCount': 123,
            'controlSetsCount': 123,
            'createdAt': datetime(2015, 1, 1),
            'lastUpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • frameworkMetadataList (list) --

      The list of metadata objects for the specified framework.

      • (dict) --

        The metadata associated with a standard or custom framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the framework.

        • id (string) --

          The unique identified for the specified framework.

        • type (string) --

          The framework type, such as standard or custom.

        • name (string) --

          The name of the specified framework.

        • description (string) --

          The description of the specified framework.

        • logo (string) --

          The logo associated with the framework.

        • complianceType (string) --

          The compliance type that the new custom framework supports, such as CIS or HIPAA.

        • controlsCount (integer) --

          The number of controls associated with the specified framework.

        • controlSetsCount (integer) --

          The number of control sets associated with the specified framework.

        • createdAt (datetime) --

          Specifies when the framework was created.

        • lastUpdatedAt (datetime) --

          Specifies when the framework was most recently updated.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
list_assessment_reports(**kwargs)

Returns a list of assessment reports created in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.list_assessment_reports(
    nextToken='string',
    maxResults=123
)
Parameters
  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'assessmentReports': [
        {
            'id': 'string',
            'name': 'string',
            'description': 'string',
            'assessmentId': 'string',
            'assessmentName': 'string',
            'author': 'string',
            'status': 'COMPLETE'|'IN_PROGRESS'|'FAILED',
            'creationTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • assessmentReports (list) --

      The list of assessment reports returned by the ListAssessmentReports API.

      • (dict) --

        The metadata objects associated with the specified assessment report.

        • id (string) --

          The unique identifier for the assessment report.

        • name (string) --

          The name of the assessment report.

        • description (string) --

          The description of the specified assessment report.

        • assessmentId (string) --

          The unique identifier for the associated assessment.

        • assessmentName (string) --

          The name of the associated assessment.

        • author (string) --

          The name of the user who created the assessment report.

        • status (string) --

          The current status of the assessment report.

        • creationTime (datetime) --

          Specifies when the assessment report was created.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
list_assessments(**kwargs)

Returns a list of current and past assessments from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.list_assessments(
    nextToken='string',
    maxResults=123
)
Parameters
  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'assessmentMetadata': [
        {
            'name': 'string',
            'id': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • assessmentMetadata (list) --

      The metadata associated with the assessment.

      • (dict) --

        A metadata object associated with an assessment in AWS Audit Manager.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • complianceType (string) --

          The name of the compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The current status of the assessment.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
list_controls(**kwargs)

Returns a list of controls from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.list_controls(
    controlType='Standard'|'Custom',
    nextToken='string',
    maxResults=123
)
Parameters
  • controlType (string) --

    [REQUIRED]

    The type of control, such as standard or custom.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'controlMetadataList': [
        {
            'arn': 'string',
            'id': 'string',
            'name': 'string',
            'controlSources': 'string',
            'createdAt': datetime(2015, 1, 1),
            'lastUpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • controlMetadataList (list) --

      The list of control metadata objects returned by the ListControls API.

      • (dict) --

        The metadata associated with the specified standard or custom control.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified control.

        • id (string) --

          The unique identifier for the specified control.

        • name (string) --

          The name of the specified control.

        • controlSources (string) --

          The data source that determines from where AWS Audit Manager collects evidence for the control.

        • createdAt (datetime) --

          Specifies when the control was created.

        • lastUpdatedAt (datetime) --

          Specifies when the control was most recently updated.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
list_keywords_for_data_source(**kwargs)

Returns a list of keywords that pre-mapped to the specified control data source.

See also: AWS API Documentation

Request Syntax

response = client.list_keywords_for_data_source(
    source='AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
    nextToken='string',
    maxResults=123
)
Parameters
  • source (string) --

    [REQUIRED]

    The control mapping data source to which the keywords apply.

  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'keywords': [
        'string',
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • keywords (list) --

      The list of keywords for the specified event mapping source.

      • (string) --
    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
list_notifications(**kwargs)

Returns a list of all AWS Audit Manager notifications.

See also: AWS API Documentation

Request Syntax

response = client.list_notifications(
    nextToken='string',
    maxResults=123
)
Parameters
  • nextToken (string) -- The pagination token used to fetch the next set of results.
  • maxResults (integer) -- Represents the maximum number of results per page, or per API request call.
Return type

dict

Returns

Response Syntax

{
    'notifications': [
        {
            'id': 'string',
            'assessmentId': 'string',
            'assessmentName': 'string',
            'controlSetId': 'string',
            'controlSetName': 'string',
            'description': 'string',
            'eventTime': datetime(2015, 1, 1),
            'source': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • notifications (list) --

      The returned list of notifications.

      • (dict) --

        The notification used to inform a user of an update in AWS Audit Manager. For example, this includes the notification that is sent when a control set is delegated for review.

        • id (string) --

          The unique identifier for the notification.

        • assessmentId (string) --

          The identifier for the specified assessment.

        • assessmentName (string) --

          The name of the related assessment.

        • controlSetId (string) --

          The identifier for the specified control set.

        • controlSetName (string) --

          Specifies the name of the control set that the notification is about.

        • description (string) --

          The description of the notification.

        • eventTime (datetime) --

          The time when the notification was sent.

        • source (string) --

          The sender of the notification.

    • nextToken (string) --

      The pagination token used to fetch the next set of results.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.InternalServerException
list_tags_for_resource(**kwargs)

Returns a list of tags for the specified resource in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.list_tags_for_resource(
    resourceArn='string'
)
Parameters
resourceArn (string) --

[REQUIRED]

The Amazon Resource Name (ARN) of the specified resource.

Return type
dict
Returns
Response Syntax
{
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --
    • tags (dict) --

      The list of tags returned by the ListTagsForResource API.

      • (string) --
        • (string) --

Exceptions

  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.ResourceNotFoundException
register_account(**kwargs)

Enables AWS Audit Manager for the specified AWS account.

See also: AWS API Documentation

Request Syntax

response = client.register_account(
    kmsKey='string',
    delegatedAdminAccount='string'
)
Parameters
  • kmsKey (string) -- The AWS KMS key details.
  • delegatedAdminAccount (string) -- The delegated administrator account for AWS Audit Manager.
Return type

dict

Returns

Response Syntax

{
    'status': 'ACTIVE'|'INACTIVE'|'PENDING_ACTIVATION'
}

Response Structure

  • (dict) --

    • status (string) --

      The status of the account registration request.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
register_organization_admin_account(**kwargs)

Enables an AWS account within the organization as the delegated administrator for AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.register_organization_admin_account(
    adminAccountId='string'
)
Parameters
adminAccountId (string) --

[REQUIRED]

The identifier for the specified delegated administrator account.

Return type
dict
Returns
Response Syntax
{
    'adminAccountId': 'string',
    'organizationId': 'string'
}

Response Structure

  • (dict) --
    • adminAccountId (string) --

      The identifier for the specified delegated administrator account.

    • organizationId (string) --

      The identifier for the specified AWS organization.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException
tag_resource(**kwargs)

Tags the specified resource in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.tag_resource(
    resourceArn='string',
    tags={
        'string': 'string'
    }
)
Parameters
  • resourceArn (string) --

    [REQUIRED]

    The Amazon Resource Name (ARN) of the specified resource.

  • tags (dict) --

    [REQUIRED]

    The tags to be associated with the resource.

    • (string) --
      • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.ResourceNotFoundException
untag_resource(**kwargs)

Removes a tag from a resource in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.untag_resource(
    resourceArn='string',
    tagKeys=[
        'string',
    ]
)
Parameters
  • resourceArn (string) --

    [REQUIRED]

    The Amazon Resource Name (ARN) of the specified resource.

  • tagKeys (list) --

    [REQUIRED]

    The name or key of the tag.

    • (string) --
Return type

dict

Returns

Response Syntax

{}

Response Structure

  • (dict) --

Exceptions

  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.ResourceNotFoundException
update_assessment(**kwargs)

Edits an AWS Audit Manager assessment.

See also: AWS API Documentation

Request Syntax

response = client.update_assessment(
    assessmentId='string',
    assessmentName='string',
    assessmentDescription='string',
    scope={
        'awsAccounts': [
            {
                'id': 'string',
                'emailAddress': 'string',
                'name': 'string'
            },
        ],
        'awsServices': [
            {
                'serviceName': 'string'
            },
        ]
    },
    assessmentReportsDestination={
        'destinationType': 'S3',
        'destination': 'string'
    },
    roles=[
        {
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
            'roleArn': 'string'
        },
    ]
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • assessmentName (string) -- The name of the specified assessment to be updated.
  • assessmentDescription (string) -- The description of the specified assessment.
  • scope (dict) --

    [REQUIRED]

    The scope of the specified assessment.

    • awsAccounts (list) --

      The AWS accounts included in the scope of the assessment.

      • (dict) --

        The wrapper of AWS account details, such as account ID, email address, and so on.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

    • awsServices (list) --

      The AWS services included in the scope of the assessment.

      • (dict) --

        An AWS service such as Amazon S3, AWS CloudTrail, and so on.

        • serviceName (string) --

          The name of the AWS service.

  • assessmentReportsDestination (dict) --

    The assessment report storage destination for the specified assessment that is being updated.

    • destinationType (string) --

      The destination type, such as Amazon S3.

    • destination (string) --

      The destination of the assessment report.

  • roles (list) --

    The list of roles for the specified assessment.

    • (dict) --

      The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.

Return type

dict

Returns

Response Syntax

{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • assessment (dict) --

      The response object (name of the updated assessment) for the UpdateAssessmentRequest API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) --

        The AWS account associated with the assessment.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

      • metadata (dict) --

        The metadata for the specified assessment.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • description (string) --

          The description of the assessment.

        • complianceType (string) --

          The name of a compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The overall status of the assessment.

        • assessmentReportsDestination (dict) --

          The destination in which evidence reports are stored for the specified assessment.

          • destinationType (string) --

            The destination type, such as Amazon S3.

          • destination (string) --

            The destination of the assessment report.

        • scope (dict) --

          The wrapper of AWS accounts and services in scope for the assessment.

          • awsAccounts (list) --

            The AWS accounts included in the scope of the assessment.

            • (dict) --

              The wrapper of AWS account details, such as account ID, email address, and so on.

              • id (string) --

                The identifier for the specified AWS account.

              • emailAddress (string) --

                The email address associated with the specified AWS account.

              • name (string) --

                The name of the specified AWS account.

          • awsServices (list) --

            The AWS services included in the scope of the assessment.

            • (dict) --

              An AWS service such as Amazon S3, AWS CloudTrail, and so on.

              • serviceName (string) --

                The name of the AWS service.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

      • framework (dict) --

        The framework from which the assessment was created.

        • id (string) --

          The unique identifier for the framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified framework.

        • metadata (dict) --

          The metadata of a framework, such as the name, ID, description, and so on.

          • name (string) --

            The name of the framework.

          • description (string) --

            The description of the framework.

          • logo (string) --

            The logo associated with the framework.

          • complianceType (string) --

            The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

        • controlSets (list) --

          The control sets associated with the framework.

          • (dict) --

            Represents a set of controls in an AWS Audit Manager assessment.

            • id (string) --

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) --

              The description for the control set.

            • status (string) --

              Specifies the current status of the control set.

            • roles (list) --

              The roles associated with the control set.

              • (dict) --

                The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) --

              The list of controls contained with the control set.

              • (dict) --

                The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

                • id (string) --

                  The identifier for the specified control.

                • name (string) --

                  The name of the specified control.

                • description (string) --

                  The description of the specified control.

                • status (string) --

                  The status of the specified control.

                • response (string) --

                  The response of the specified control.

                • comments (list) --

                  The list of comments attached to the specified control.

                  • (dict) --

                    A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

                    • authorName (string) --

                      The name of the user who authored the comment.

                    • commentBody (string) --

                      The body text of a control comment.

                    • postedDate (datetime) --

                      The time when the comment was posted.

                • evidenceSources (list) --

                  The list of data sources for the specified evidence.

                  • (string) --
                • evidenceCount (integer) --

                  The amount of evidence generated for the control.

                • assessmentReportEvidenceCount (integer) --

                  The amount of evidence in the assessment report.

            • delegations (list) --

              The delegations associated with the control set.

              • (dict) --

                The assignment of a control set to a delegate for review.

                • id (string) --

                  The unique identifier for the delegation.

                • assessmentName (string) --

                  The name of the associated assessment.

                • assessmentId (string) --

                  The identifier for the associated assessment.

                • status (string) --

                  The status of the delegation.

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • creationTime (datetime) --

                  Specifies when the delegation was created.

                • lastUpdated (datetime) --

                  Specifies when the delegation was last updated.

                • controlSetId (string) --

                  The identifier for the associated control set.

                • comment (string) --

                  The comment related to the delegation.

                • createdBy (string) --

                  The IAM user or role that created the delegation.

            • systemEvidenceCount (integer) --

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount (integer) --

              The total number of evidence objects uploaded manually to the control set.

      • tags (dict) --

        The tags associated with the assessment.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_assessment_control(**kwargs)

Updates a control within an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.update_assessment_control(
    assessmentId='string',
    controlSetId='string',
    controlId='string',
    controlStatus='UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
    commentBody='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • controlId (string) --

    [REQUIRED]

    The identifier for the specified control.

  • controlStatus (string) -- The status of the specified control.
  • commentBody (string) -- The comment body text for the specified control.
Return type

dict

Returns

Response Syntax

{
    'control': {
        'id': 'string',
        'name': 'string',
        'description': 'string',
        'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
        'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
        'comments': [
            {
                'authorName': 'string',
                'commentBody': 'string',
                'postedDate': datetime(2015, 1, 1)
            },
        ],
        'evidenceSources': [
            'string',
        ],
        'evidenceCount': 123,
        'assessmentReportEvidenceCount': 123
    }
}

Response Structure

  • (dict) --

    • control (dict) --

      The name of the updated control set returned by the UpdateAssessmentControl API.

      • id (string) --

        The identifier for the specified control.

      • name (string) --

        The name of the specified control.

      • description (string) --

        The description of the specified control.

      • status (string) --

        The status of the specified control.

      • response (string) --

        The response of the specified control.

      • comments (list) --

        The list of comments attached to the specified control.

        • (dict) --

          A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

          • authorName (string) --

            The name of the user who authored the comment.

          • commentBody (string) --

            The body text of a control comment.

          • postedDate (datetime) --

            The time when the comment was posted.

      • evidenceSources (list) --

        The list of data sources for the specified evidence.

        • (string) --
      • evidenceCount (integer) --

        The amount of evidence generated for the control.

      • assessmentReportEvidenceCount (integer) --

        The amount of evidence in the assessment report.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_assessment_control_set_status(**kwargs)

Updates the status of a control set in an AWS Audit Manager assessment.

See also: AWS API Documentation

Request Syntax

response = client.update_assessment_control_set_status(
    assessmentId='string',
    controlSetId='string',
    status='ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
    comment='string'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • controlSetId (string) --

    [REQUIRED]

    The identifier for the specified control set.

  • status (string) --

    [REQUIRED]

    The status of the control set that is being updated.

  • comment (string) --

    [REQUIRED]

    The comment related to the status update.

Return type

dict

Returns

Response Syntax

{
    'controlSet': {
        'id': 'string',
        'description': 'string',
        'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
        'roles': [
            {
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                'roleArn': 'string'
            },
        ],
        'controls': [
            {
                'id': 'string',
                'name': 'string',
                'description': 'string',
                'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                'comments': [
                    {
                        'authorName': 'string',
                        'commentBody': 'string',
                        'postedDate': datetime(2015, 1, 1)
                    },
                ],
                'evidenceSources': [
                    'string',
                ],
                'evidenceCount': 123,
                'assessmentReportEvidenceCount': 123
            },
        ],
        'delegations': [
            {
                'id': 'string',
                'assessmentName': 'string',
                'assessmentId': 'string',
                'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                'roleArn': 'string',
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                'creationTime': datetime(2015, 1, 1),
                'lastUpdated': datetime(2015, 1, 1),
                'controlSetId': 'string',
                'comment': 'string',
                'createdBy': 'string'
            },
        ],
        'systemEvidenceCount': 123,
        'manualEvidenceCount': 123
    }
}

Response Structure

  • (dict) --

    • controlSet (dict) --

      The name of the updated control set returned by the UpdateAssessmentControlSetStatus API.

      • id (string) --

        The identifier of the control set in the assessment. This is the control set name in a plain string format.

      • description (string) --

        The description for the control set.

      • status (string) --

        Specifies the current status of the control set.

      • roles (list) --

        The roles associated with the control set.

        • (dict) --

          The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

          • roleType (string) --

            The type of customer persona.

            Note

            In CreateAssessment , roleType can only be PROCESS_OWNER .

            In UpdateSettings , roleType can only be PROCESS_OWNER .

            In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

          • roleArn (string) --

            The Amazon Resource Name (ARN) of the IAM role.

      • controls (list) --

        The list of controls contained with the control set.

        • (dict) --

          The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

          • id (string) --

            The identifier for the specified control.

          • name (string) --

            The name of the specified control.

          • description (string) --

            The description of the specified control.

          • status (string) --

            The status of the specified control.

          • response (string) --

            The response of the specified control.

          • comments (list) --

            The list of comments attached to the specified control.

            • (dict) --

              A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

              • authorName (string) --

                The name of the user who authored the comment.

              • commentBody (string) --

                The body text of a control comment.

              • postedDate (datetime) --

                The time when the comment was posted.

          • evidenceSources (list) --

            The list of data sources for the specified evidence.

            • (string) --
          • evidenceCount (integer) --

            The amount of evidence generated for the control.

          • assessmentReportEvidenceCount (integer) --

            The amount of evidence in the assessment report.

      • delegations (list) --

        The delegations associated with the control set.

        • (dict) --

          The assignment of a control set to a delegate for review.

          • id (string) --

            The unique identifier for the delegation.

          • assessmentName (string) --

            The name of the associated assessment.

          • assessmentId (string) --

            The identifier for the associated assessment.

          • status (string) --

            The status of the delegation.

          • roleArn (string) --

            The Amazon Resource Name (ARN) of the IAM role.

          • roleType (string) --

            The type of customer persona.

            Note

            In CreateAssessment , roleType can only be PROCESS_OWNER .

            In UpdateSettings , roleType can only be PROCESS_OWNER .

            In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

          • creationTime (datetime) --

            Specifies when the delegation was created.

          • lastUpdated (datetime) --

            Specifies when the delegation was last updated.

          • controlSetId (string) --

            The identifier for the associated control set.

          • comment (string) --

            The comment related to the delegation.

          • createdBy (string) --

            The IAM user or role that created the delegation.

      • systemEvidenceCount (integer) --

        The total number of evidence objects retrieved automatically for the control set.

      • manualEvidenceCount (integer) --

        The total number of evidence objects uploaded manually to the control set.

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_assessment_framework(**kwargs)

Updates a custom framework in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.update_assessment_framework(
    frameworkId='string',
    name='string',
    description='string',
    complianceType='string',
    controlSets=[
        {
            'id': 'string',
            'name': 'string',
            'controls': [
                {
                    'id': 'string'
                },
            ]
        },
    ]
)
Parameters
  • frameworkId (string) --

    [REQUIRED]

    The identifier for the specified framework.

  • name (string) --

    [REQUIRED]

    The name of the framework to be updated.

  • description (string) -- The description of the framework that is to be updated.
  • complianceType (string) -- The compliance type that the new custom framework supports, such as CIS or HIPAA.
  • controlSets (list) --

    [REQUIRED]

    The control sets associated with the framework.

    • (dict) --

      A controlSet entity that represents a collection of controls in AWS Audit Manager. This does not contain the control set ID.

      • id (string) --

        The unique identifier for the control set.

      • name (string) -- [REQUIRED]

        The name of the control set.

      • controls (list) --

        The list of controls contained within the control set.

        • (dict) --

          Control entity attributes that uniquely identify an existing control to be added to a framework in AWS Audit Manager.

          • id (string) --

            The unique identifier of the control.

Return type

dict

Returns

Response Syntax

{
    'framework': {
        'arn': 'string',
        'id': 'string',
        'name': 'string',
        'type': 'Standard'|'Custom',
        'complianceType': 'string',
        'description': 'string',
        'logo': 'string',
        'controlSources': 'string',
        'controlSets': [
            {
                'id': 'string',
                'name': 'string',
                'controls': [
                    {
                        'arn': 'string',
                        'id': 'string',
                        'type': 'Standard'|'Custom',
                        'name': 'string',
                        'description': 'string',
                        'testingInformation': 'string',
                        'actionPlanTitle': 'string',
                        'actionPlanInstructions': 'string',
                        'controlSources': 'string',
                        'controlMappingSources': [
                            {
                                'sourceId': 'string',
                                'sourceName': 'string',
                                'sourceDescription': 'string',
                                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                                'sourceKeyword': {
                                    'keywordInputType': 'SELECT_FROM_LIST',
                                    'keywordValue': 'string'
                                },
                                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                                'troubleshootingText': 'string'
                            },
                        ],
                        'createdAt': datetime(2015, 1, 1),
                        'lastUpdatedAt': datetime(2015, 1, 1),
                        'createdBy': 'string',
                        'lastUpdatedBy': 'string',
                        'tags': {
                            'string': 'string'
                        }
                    },
                ]
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • framework (dict) --

      The name of the specified framework.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified framework.

      • id (string) --

        The unique identifier for the specified framework.

      • name (string) --

        The name of the specified framework.

      • type (string) --

        The framework type, such as custom or standard.

      • complianceType (string) --

        The compliance type that the new custom framework supports, such as CIS or HIPAA.

      • description (string) --

        The description of the specified framework.

      • logo (string) --

        The logo associated with the framework.

      • controlSources (string) --

        The sources from which AWS Audit Manager collects evidence for the control.

      • controlSets (list) --

        The control sets associated with the framework.

        • (dict) --

          A set of controls in AWS Audit Manager.

          • id (string) --

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name (string) --

            The name of the control set.

          • controls (list) --

            The list of controls within the control set.

            • (dict) --

              A control in AWS Audit Manager.

              • arn (string) --

                The Amazon Resource Name (ARN) of the specified control.

              • id (string) --

                The unique identifier for the control.

              • type (string) --

                The type of control, such as custom or standard.

              • name (string) --

                The name of the specified control.

              • description (string) --

                The description of the specified control.

              • testingInformation (string) --

                The steps to follow to determine if the control has been satisfied.

              • actionPlanTitle (string) --

                The title of the action plan for remediating the control.

              • actionPlanInstructions (string) --

                The recommended actions to carry out if the control is not fulfilled.

              • controlSources (string) --

                The data source that determines from where AWS Audit Manager collects evidence for the control.

              • controlMappingSources (list) --

                The data mapping sources for the specified control.

                • (dict) --

                  The data source that determines from where AWS Audit Manager collects evidence for the control.

                  • sourceId (string) --

                    The unique identifier for the specified source.

                  • sourceName (string) --

                    The name of the specified source.

                  • sourceDescription (string) --

                    The description of the specified source.

                  • sourceSetUpOption (string) --

                    The setup option for the data source, which reflects if the evidence collection is automated or manual.

                  • sourceType (string) --

                    Specifies one of the five types of data sources for evidence collection.

                  • sourceKeyword (dict) --

                    The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

                    • keywordInputType (string) --

                      The method of input for the specified keyword.

                    • keywordValue (string) --

                      The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

                  • sourceFrequency (string) --

                    The frequency of evidence collection for the specified control mapping source.

                  • troubleshootingText (string) --

                    The instructions for troubleshooting the specified control.

              • createdAt (datetime) --

                Specifies when the control was created.

              • lastUpdatedAt (datetime) --

                Specifies when the control was most recently updated.

              • createdBy (string) --

                The IAM user or role that created the control.

              • lastUpdatedBy (string) --

                The IAM user or role that most recently updated the control.

              • tags (dict) --

                The tags associated with the control.

                • (string) --
                  • (string) --
      • createdAt (datetime) --

        Specifies when the framework was created.

      • lastUpdatedAt (datetime) --

        Specifies when the framework was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the framework.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the framework.

      • tags (dict) --

        The tags associated with the framework.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_assessment_status(**kwargs)

Updates the status of an assessment in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.update_assessment_status(
    assessmentId='string',
    status='ACTIVE'|'INACTIVE'
)
Parameters
  • assessmentId (string) --

    [REQUIRED]

    The identifier for the specified assessment.

  • status (string) --

    [REQUIRED]

    The current status of the specified assessment.

Return type

dict

Returns

Response Syntax

{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • assessment (dict) --

      The name of the updated assessment returned by the UpdateAssessmentStatus API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) --

        The AWS account associated with the assessment.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

      • metadata (dict) --

        The metadata for the specified assessment.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • description (string) --

          The description of the assessment.

        • complianceType (string) --

          The name of a compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The overall status of the assessment.

        • assessmentReportsDestination (dict) --

          The destination in which evidence reports are stored for the specified assessment.

          • destinationType (string) --

            The destination type, such as Amazon S3.

          • destination (string) --

            The destination of the assessment report.

        • scope (dict) --

          The wrapper of AWS accounts and services in scope for the assessment.

          • awsAccounts (list) --

            The AWS accounts included in the scope of the assessment.

            • (dict) --

              The wrapper of AWS account details, such as account ID, email address, and so on.

              • id (string) --

                The identifier for the specified AWS account.

              • emailAddress (string) --

                The email address associated with the specified AWS account.

              • name (string) --

                The name of the specified AWS account.

          • awsServices (list) --

            The AWS services included in the scope of the assessment.

            • (dict) --

              An AWS service such as Amazon S3, AWS CloudTrail, and so on.

              • serviceName (string) --

                The name of the AWS service.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

      • framework (dict) --

        The framework from which the assessment was created.

        • id (string) --

          The unique identifier for the framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified framework.

        • metadata (dict) --

          The metadata of a framework, such as the name, ID, description, and so on.

          • name (string) --

            The name of the framework.

          • description (string) --

            The description of the framework.

          • logo (string) --

            The logo associated with the framework.

          • complianceType (string) --

            The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

        • controlSets (list) --

          The control sets associated with the framework.

          • (dict) --

            Represents a set of controls in an AWS Audit Manager assessment.

            • id (string) --

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) --

              The description for the control set.

            • status (string) --

              Specifies the current status of the control set.

            • roles (list) --

              The roles associated with the control set.

              • (dict) --

                The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) --

              The list of controls contained with the control set.

              • (dict) --

                The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

                • id (string) --

                  The identifier for the specified control.

                • name (string) --

                  The name of the specified control.

                • description (string) --

                  The description of the specified control.

                • status (string) --

                  The status of the specified control.

                • response (string) --

                  The response of the specified control.

                • comments (list) --

                  The list of comments attached to the specified control.

                  • (dict) --

                    A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

                    • authorName (string) --

                      The name of the user who authored the comment.

                    • commentBody (string) --

                      The body text of a control comment.

                    • postedDate (datetime) --

                      The time when the comment was posted.

                • evidenceSources (list) --

                  The list of data sources for the specified evidence.

                  • (string) --
                • evidenceCount (integer) --

                  The amount of evidence generated for the control.

                • assessmentReportEvidenceCount (integer) --

                  The amount of evidence in the assessment report.

            • delegations (list) --

              The delegations associated with the control set.

              • (dict) --

                The assignment of a control set to a delegate for review.

                • id (string) --

                  The unique identifier for the delegation.

                • assessmentName (string) --

                  The name of the associated assessment.

                • assessmentId (string) --

                  The identifier for the associated assessment.

                • status (string) --

                  The status of the delegation.

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • creationTime (datetime) --

                  Specifies when the delegation was created.

                • lastUpdated (datetime) --

                  Specifies when the delegation was last updated.

                • controlSetId (string) --

                  The identifier for the associated control set.

                • comment (string) --

                  The comment related to the delegation.

                • createdBy (string) --

                  The IAM user or role that created the delegation.

            • systemEvidenceCount (integer) --

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount (integer) --

              The total number of evidence objects uploaded manually to the control set.

      • tags (dict) --

        The tags associated with the assessment.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_control(**kwargs)

Updates a custom control in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.update_control(
    controlId='string',
    name='string',
    description='string',
    testingInformation='string',
    actionPlanTitle='string',
    actionPlanInstructions='string',
    controlMappingSources=[
        {
            'sourceId': 'string',
            'sourceName': 'string',
            'sourceDescription': 'string',
            'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
            'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
            'sourceKeyword': {
                'keywordInputType': 'SELECT_FROM_LIST',
                'keywordValue': 'string'
            },
            'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
            'troubleshootingText': 'string'
        },
    ]
)
Parameters
  • controlId (string) --

    [REQUIRED]

    The identifier for the specified control.

  • name (string) --

    [REQUIRED]

    The name of the control to be updated.

  • description (string) -- The optional description of the control.
  • testingInformation (string) -- The steps that to follow to determine if the control has been satisfied.
  • actionPlanTitle (string) -- The title of the action plan for remediating the control.
  • actionPlanInstructions (string) -- The recommended actions to carry out if the control is not fulfilled.
  • controlMappingSources (list) --

    [REQUIRED]

    The data mapping sources for the specified control.

    • (dict) --

      The data source that determines from where AWS Audit Manager collects evidence for the control.

      • sourceId (string) --

        The unique identifier for the specified source.

      • sourceName (string) --

        The name of the specified source.

      • sourceDescription (string) --

        The description of the specified source.

      • sourceSetUpOption (string) --

        The setup option for the data source, which reflects if the evidence collection is automated or manual.

      • sourceType (string) --

        Specifies one of the five types of data sources for evidence collection.

      • sourceKeyword (dict) --

        The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

        • keywordInputType (string) --

          The method of input for the specified keyword.

        • keywordValue (string) --

          The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

      • sourceFrequency (string) --

        The frequency of evidence collection for the specified control mapping source.

      • troubleshootingText (string) --

        The instructions for troubleshooting the specified control.

Return type

dict

Returns

Response Syntax

{
    'control': {
        'arn': 'string',
        'id': 'string',
        'type': 'Standard'|'Custom',
        'name': 'string',
        'description': 'string',
        'testingInformation': 'string',
        'actionPlanTitle': 'string',
        'actionPlanInstructions': 'string',
        'controlSources': 'string',
        'controlMappingSources': [
            {
                'sourceId': 'string',
                'sourceName': 'string',
                'sourceDescription': 'string',
                'sourceSetUpOption': 'System_Controls_Mapping'|'Procedural_Controls_Mapping',
                'sourceType': 'AWS_Cloudtrail'|'AWS_Config'|'AWS_Security_Hub'|'AWS_API_Call'|'MANUAL',
                'sourceKeyword': {
                    'keywordInputType': 'SELECT_FROM_LIST',
                    'keywordValue': 'string'
                },
                'sourceFrequency': 'DAILY'|'WEEKLY'|'MONTHLY',
                'troubleshootingText': 'string'
            },
        ],
        'createdAt': datetime(2015, 1, 1),
        'lastUpdatedAt': datetime(2015, 1, 1),
        'createdBy': 'string',
        'lastUpdatedBy': 'string',
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • control (dict) --

      The name of the updated control set returned by the UpdateControl API.

      • arn (string) --

        The Amazon Resource Name (ARN) of the specified control.

      • id (string) --

        The unique identifier for the control.

      • type (string) --

        The type of control, such as custom or standard.

      • name (string) --

        The name of the specified control.

      • description (string) --

        The description of the specified control.

      • testingInformation (string) --

        The steps to follow to determine if the control has been satisfied.

      • actionPlanTitle (string) --

        The title of the action plan for remediating the control.

      • actionPlanInstructions (string) --

        The recommended actions to carry out if the control is not fulfilled.

      • controlSources (string) --

        The data source that determines from where AWS Audit Manager collects evidence for the control.

      • controlMappingSources (list) --

        The data mapping sources for the specified control.

        • (dict) --

          The data source that determines from where AWS Audit Manager collects evidence for the control.

          • sourceId (string) --

            The unique identifier for the specified source.

          • sourceName (string) --

            The name of the specified source.

          • sourceDescription (string) --

            The description of the specified source.

          • sourceSetUpOption (string) --

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

          • sourceType (string) --

            Specifies one of the five types of data sources for evidence collection.

          • sourceKeyword (dict) --

            The keyword to search for in AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names.

            • keywordInputType (string) --

              The method of input for the specified keyword.

            • keywordValue (string) --

              The value of the keyword used to search AWS CloudTrail logs, AWS Config rules, AWS Security Hub checks, and AWS API names when mapping a control data source.

          • sourceFrequency (string) --

            The frequency of evidence collection for the specified control mapping source.

          • troubleshootingText (string) --

            The instructions for troubleshooting the specified control.

      • createdAt (datetime) --

        Specifies when the control was created.

      • lastUpdatedAt (datetime) --

        Specifies when the control was most recently updated.

      • createdBy (string) --

        The IAM user or role that created the control.

      • lastUpdatedBy (string) --

        The IAM user or role that most recently updated the control.

      • tags (dict) --

        The tags associated with the control.

        • (string) --
          • (string) --

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException
  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
update_settings(**kwargs)

Updates AWS Audit Manager settings for the current user account.

See also: AWS API Documentation

Request Syntax

response = client.update_settings(
    snsTopic='string',
    defaultAssessmentReportsDestination={
        'destinationType': 'S3',
        'destination': 'string'
    },
    defaultProcessOwners=[
        {
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
            'roleArn': 'string'
        },
    ],
    kmsKey='string'
)
Parameters
  • snsTopic (string) -- The Amazon Simple Notification Service (Amazon SNS) topic to which AWS Audit Manager sends notifications.
  • defaultAssessmentReportsDestination (dict) --

    The default storage destination for assessment reports.

    • destinationType (string) --

      The destination type, such as Amazon S3.

    • destination (string) --

      The destination of the assessment report.

  • defaultProcessOwners (list) --

    A list of the default audit owners.

    • (dict) --

      The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.

  • kmsKey (string) -- The AWS KMS key details.
Return type

dict

Returns

Response Syntax

{
    'settings': {
        'isAwsOrgEnabled': True|False,
        'snsTopic': 'string',
        'defaultAssessmentReportsDestination': {
            'destinationType': 'S3',
            'destination': 'string'
        },
        'defaultProcessOwners': [
            {
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                'roleArn': 'string'
            },
        ],
        'kmsKey': 'string'
    }
}

Response Structure

  • (dict) --

    • settings (dict) --

      The current list of settings.

      • isAwsOrgEnabled (boolean) --

        Specifies whether AWS Organizations is enabled.

      • snsTopic (string) --

        The designated Amazon Simple Notification Service (Amazon SNS) topic.

      • defaultAssessmentReportsDestination (dict) --

        The default storage destination for assessment reports.

        • destinationType (string) --

          The destination type, such as Amazon S3.

        • destination (string) --

          The destination of the assessment report.

      • defaultProcessOwners (list) --

        The designated default audit owners.

        • (dict) --

          The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

          • roleType (string) --

            The type of customer persona.

            Note

            In CreateAssessment , roleType can only be PROCESS_OWNER .

            In UpdateSettings , roleType can only be PROCESS_OWNER .

            In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

          • roleArn (string) --

            The Amazon Resource Name (ARN) of the IAM role.

      • kmsKey (string) --

        The AWS KMS key details.

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
validate_assessment_report_integrity(**kwargs)

Validates the integrity of an assessment report in AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.validate_assessment_report_integrity(
    s3RelativePath='string'
)
Parameters
s3RelativePath (string) --

[REQUIRED]

The relative path of the specified Amazon S3 bucket in which the assessment report is stored.

Return type
dict
Returns
Response Syntax
{
    'signatureValid': True|False,
    'signatureAlgorithm': 'string',
    'signatureDateTime': 'string',
    'signatureKeyId': 'string',
    'validationErrors': [
        'string',
    ]
}

Response Structure

  • (dict) --
    • signatureValid (boolean) --

      Specifies whether the signature key is valid.

    • signatureAlgorithm (string) --

      The signature algorithm used to code sign the assessment report file.

    • signatureDateTime (string) --

      The date and time signature that specifies when the assessment report was created.

    • signatureKeyId (string) --

      The unique identifier for the validation signature key.

    • validationErrors (list) --

      Represents any errors that occurred when validating the assessment report.

      • (string) --

Exceptions

  • AuditManager.Client.exceptions.ValidationException
  • AuditManager.Client.exceptions.AccessDeniedException
  • AuditManager.Client.exceptions.InternalServerException
  • AuditManager.Client.exceptions.ResourceNotFoundException

Paginators

The available paginators are: