AuditManager / Client / create_assessment

create_assessment#

AuditManager.Client.create_assessment(**kwargs)#

Creates an assessment in Audit Manager.

See also: AWS API Documentation

Request Syntax

response = client.create_assessment(
    name='string',
    description='string',
    assessmentReportsDestination={
        'destinationType': 'S3',
        'destination': 'string'
    },
    scope={
        'awsAccounts': [
            {
                'id': 'string',
                'emailAddress': 'string',
                'name': 'string'
            },
        ],
        'awsServices': [
            {
                'serviceName': 'string'
            },
        ]
    },
    roles=[
        {
            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
            'roleArn': 'string'
        },
    ],
    frameworkId='string',
    tags={
        'string': 'string'
    }
)
Parameters:
  • name (string) –

    [REQUIRED]

    The name of the assessment to be created.

  • description (string) – The optional description of the assessment to be created.

  • assessmentReportsDestination (dict) –

    [REQUIRED]

    The assessment report storage destination for the assessment that’s being created.

    • destinationType (string) –

      The destination type, such as Amazon S3.

    • destination (string) –

      The destination bucket where Audit Manager stores assessment reports.

  • scope (dict) –

    [REQUIRED]

    The wrapper that contains the Amazon Web Services accounts and services that are in scope for the assessment.

    • awsAccounts (list) –

      The Amazon Web Services accounts that are included in the scope of the assessment.

      • (dict) –

        The wrapper of Amazon Web Services account details, such as account ID or email address.

        • id (string) –

          The identifier for the Amazon Web Services account.

        • emailAddress (string) –

          The email address that’s associated with the Amazon Web Services account.

        • name (string) –

          The name of the Amazon Web Services account.

    • awsServices (list) –

      The Amazon Web Services services that are included in the scope of the assessment.

  • roles (list) –

    [REQUIRED]

    The list of roles for the assessment.

    • (dict) –

      The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) – [REQUIRED]

        The type of customer persona.

        Note

        In CreateAssessment, roleType can only be PROCESS_OWNER.

        In UpdateSettings, roleType can only be PROCESS_OWNER.

        In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

      • roleArn (string) – [REQUIRED]

        The Amazon Resource Name (ARN) of the IAM role.

  • frameworkId (string) –

    [REQUIRED]

    The identifier for the framework that the assessment will be created from.

  • tags (dict) –

    The tags that are associated with the assessment.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    }
}

Response Structure

  • (dict) –

    • assessment (dict) –

      An entity that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.

      • arn (string) –

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) –

        The Amazon Web Services account that’s associated with the assessment.

        • id (string) –

          The identifier for the Amazon Web Services account.

        • emailAddress (string) –

          The email address that’s associated with the Amazon Web Services account.

        • name (string) –

          The name of the Amazon Web Services account.

      • metadata (dict) –

        The metadata for the assessment.

        • name (string) –

          The name of the assessment.

        • id (string) –

          The unique identifier for the assessment.

        • description (string) –

          The description of the assessment.

        • complianceType (string) –

          The name of the compliance standard that’s related to the assessment, such as PCI-DSS.

        • status (string) –

          The overall status of the assessment.

        • assessmentReportsDestination (dict) –

          The destination that evidence reports are stored in for the assessment.

          • destinationType (string) –

            The destination type, such as Amazon S3.

          • destination (string) –

            The destination bucket where Audit Manager stores assessment reports.

        • scope (dict) –

          The wrapper of Amazon Web Services accounts and services that are in scope for the assessment.

          • awsAccounts (list) –

            The Amazon Web Services accounts that are included in the scope of the assessment.

            • (dict) –

              The wrapper of Amazon Web Services account details, such as account ID or email address.

              • id (string) –

                The identifier for the Amazon Web Services account.

              • emailAddress (string) –

                The email address that’s associated with the Amazon Web Services account.

              • name (string) –

                The name of the Amazon Web Services account.

          • awsServices (list) –

            The Amazon Web Services services that are included in the scope of the assessment.

        • roles (list) –

          The roles that are associated with the assessment.

          • (dict) –

            The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) –

              The type of customer persona.

              Note

              In CreateAssessment, roleType can only be PROCESS_OWNER.

              In UpdateSettings, roleType can only be PROCESS_OWNER.

              In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

            • roleArn (string) –

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) –

          The delegations that are associated with the assessment.

          • (dict) –

            The assignment of a control set to a delegate for review.

            • id (string) –

              The unique identifier for the delegation.

            • assessmentName (string) –

              The name of the assessment that’s associated with the delegation.

            • assessmentId (string) –

              The identifier for the assessment that’s associated with the delegation.

            • status (string) –

              The status of the delegation.

            • roleArn (string) –

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) –

              The type of customer persona.

              Note

              In CreateAssessment, roleType can only be PROCESS_OWNER.

              In UpdateSettings, roleType can only be PROCESS_OWNER.

              In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

            • creationTime (datetime) –

              Specifies when the delegation was created.

            • lastUpdated (datetime) –

              Specifies when the delegation was last updated.

            • controlSetId (string) –

              The identifier for the control set that’s associated with the delegation.

            • comment (string) –

              The comment that’s related to the delegation.

            • createdBy (string) –

              The user or role that created the delegation.

        • creationTime (datetime) –

          Specifies when the assessment was created.

        • lastUpdated (datetime) –

          The time of the most recent update.

      • framework (dict) –

        The framework that the assessment was created from.

        • id (string) –

          The unique identifier for the framework.

        • arn (string) –

          The Amazon Resource Name (ARN) of the framework.

        • metadata (dict) –

          The metadata of a framework, such as the name, ID, or description.

          • name (string) –

            The name of the framework.

          • description (string) –

            The description of the framework.

          • logo (string) –

            The logo that’s associated with the framework.

          • complianceType (string) –

            The compliance standard that’s associated with the framework. For example, this could be PCI DSS or HIPAA.

        • controlSets (list) –

          The control sets that are associated with the framework.

          • (dict) –

            Represents a set of controls in an Audit Manager assessment.

            • id (string) –

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) –

              The description for the control set.

            • status (string) –

              The current status of the control set.

            • roles (list) –

              The roles that are associated with the control set.

              • (dict) –

                The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) –

                  The type of customer persona.

                  Note

                  In CreateAssessment, roleType can only be PROCESS_OWNER.

                  In UpdateSettings, roleType can only be PROCESS_OWNER.

                  In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

                • roleArn (string) –

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) –

              The list of controls that’s contained with the control set.

              • (dict) –

                The control entity that represents a standard control or a custom control in an Audit Manager assessment.

                • id (string) –

                  The identifier for the control.

                • name (string) –

                  The name of the control.

                • description (string) –

                  The description of the control.

                • status (string) –

                  The status of the control.

                • response (string) –

                  The response of the control.

                • comments (list) –

                  The list of comments that’s attached to the control.

                  • (dict) –

                    A comment that’s posted by a user on a control. This includes the author’s name, the comment text, and a timestamp.

                    • authorName (string) –

                      The name of the user who authored the comment.

                    • commentBody (string) –

                      The body text of a control comment.

                    • postedDate (datetime) –

                      The time when the comment was posted.

                • evidenceSources (list) –

                  The list of data sources for the evidence.

                  • (string) –

                • evidenceCount (integer) –

                  The amount of evidence that’s collected for the control.

                • assessmentReportEvidenceCount (integer) –

                  The amount of evidence in the assessment report.

            • delegations (list) –

              The delegations that are associated with the control set.

              • (dict) –

                The assignment of a control set to a delegate for review.

                • id (string) –

                  The unique identifier for the delegation.

                • assessmentName (string) –

                  The name of the assessment that’s associated with the delegation.

                • assessmentId (string) –

                  The identifier for the assessment that’s associated with the delegation.

                • status (string) –

                  The status of the delegation.

                • roleArn (string) –

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) –

                  The type of customer persona.

                  Note

                  In CreateAssessment, roleType can only be PROCESS_OWNER.

                  In UpdateSettings, roleType can only be PROCESS_OWNER.

                  In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

                • creationTime (datetime) –

                  Specifies when the delegation was created.

                • lastUpdated (datetime) –

                  Specifies when the delegation was last updated.

                • controlSetId (string) –

                  The identifier for the control set that’s associated with the delegation.

                • comment (string) –

                  The comment that’s related to the delegation.

                • createdBy (string) –

                  The user or role that created the delegation.

            • systemEvidenceCount (integer) –

              The total number of evidence objects that are retrieved automatically for the control set.

            • manualEvidenceCount (integer) –

              The total number of evidence objects that are uploaded manually to the control set.

      • tags (dict) –

        The tags that are associated with the assessment.

        • (string) –

          • (string) –

Exceptions

  • AuditManager.Client.exceptions.ResourceNotFoundException

  • AuditManager.Client.exceptions.ValidationException

  • AuditManager.Client.exceptions.AccessDeniedException

  • AuditManager.Client.exceptions.InternalServerException

  • AuditManager.Client.exceptions.ServiceQuotaExceededException