AuditManager / Client / get_settings

get_settings#

AuditManager.Client.get_settings(**kwargs)#

Gets the settings for a specified Amazon Web Services account.

See also: AWS API Documentation

Request Syntax

response = client.get_settings(
    attribute='ALL'|'IS_AWS_ORG_ENABLED'|'SNS_TOPIC'|'DEFAULT_ASSESSMENT_REPORTS_DESTINATION'|'DEFAULT_PROCESS_OWNERS'|'EVIDENCE_FINDER_ENABLEMENT'|'DEREGISTRATION_POLICY'|'DEFAULT_EXPORT_DESTINATION'
)
Parameters:

attribute (string) –

[REQUIRED]

The list of setting attribute enum values.

Return type:

dict

Returns:

Response Syntax

{
    'settings': {
        'isAwsOrgEnabled': True|False,
        'snsTopic': 'string',
        'defaultAssessmentReportsDestination': {
            'destinationType': 'S3',
            'destination': 'string'
        },
        'defaultProcessOwners': [
            {
                'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                'roleArn': 'string'
            },
        ],
        'kmsKey': 'string',
        'evidenceFinderEnablement': {
            'eventDataStoreArn': 'string',
            'enablementStatus': 'ENABLED'|'DISABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS',
            'backfillStatus': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED',
            'error': 'string'
        },
        'deregistrationPolicy': {
            'deleteResources': 'ALL'|'DEFAULT'
        },
        'defaultExportDestination': {
            'destinationType': 'S3',
            'destination': 'string'
        }
    }
}

Response Structure

  • (dict) –

    • settings (dict) –

      The settings object that holds all supported Audit Manager settings.

      • isAwsOrgEnabled (boolean) –

        Specifies whether Organizations is enabled.

      • snsTopic (string) –

        The designated Amazon Simple Notification Service (Amazon SNS) topic.

      • defaultAssessmentReportsDestination (dict) –

        The default S3 destination bucket for storing assessment reports.

        • destinationType (string) –

          The destination type, such as Amazon S3.

        • destination (string) –

          The destination bucket where Audit Manager stores assessment reports.

      • defaultProcessOwners (list) –

        The designated default audit owners.

        • (dict) –

          The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

          • roleType (string) –

            The type of customer persona.

            Note

            In CreateAssessment, roleType can only be PROCESS_OWNER.

            In UpdateSettings, roleType can only be PROCESS_OWNER.

            In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.

          • roleArn (string) –

            The Amazon Resource Name (ARN) of the IAM role.

      • kmsKey (string) –

        The KMS key details.

      • evidenceFinderEnablement (dict) –

        The current evidence finder status and event data store details.

        • eventDataStoreArn (string) –

          The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against.

        • enablementStatus (string) –

          The current status of the evidence finder feature and the related event data store.

          • ENABLE_IN_PROGRESS means that you requested to enable evidence finder. An event data store is currently being created to support evidence finder queries.

          • ENABLED means that an event data store was successfully created and evidence finder is enabled. We recommend that you wait 7 days until the event data store is backfilled with your past two years’ worth of evidence data. You can use evidence finder in the meantime, but not all data might be available until the backfill is complete.

          • DISABLE_IN_PROGRESS means that you requested to disable evidence finder, and your request is pending the deletion of the event data store.

          • DISABLED means that you have permanently disabled evidence finder and the event data store has been deleted. You can’t re-enable evidence finder after this point.

        • backfillStatus (string) –

          The current status of the evidence data backfill process.

          The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past two years’ worth of evidence data so that your evidence can be queried.

          • NOT_STARTED means that the backfill hasn’t started yet.

          • IN_PROGRESS means that the backfill is in progress. This can take up to 7 days to complete, depending on the amount of evidence data.

          • COMPLETED means that the backfill is complete. All of your past evidence is now queryable.

        • error (string) –

          Represents any errors that occurred when enabling or disabling evidence finder.

      • deregistrationPolicy (dict) –

        The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.

        • deleteResources (string) –

          Specifies which Audit Manager data will be deleted when you deregister Audit Manager.

          • If you set the value to ALL, all of your data is deleted within seven days of deregistration.

          • If you set the value to DEFAULT, none of your data is deleted at the time of deregistration. However, keep in mind that the Audit Manager data retention policy still applies. As a result, any evidence data will be deleted two years after its creation date. Your other Audit Manager resources will continue to exist indefinitely.

      • defaultExportDestination (dict) –

        The default S3 destination bucket for storing evidence finder exports.

        • destinationType (string) –

          The destination type, such as Amazon S3.

        • destination (string) –

          The destination bucket where Audit Manager stores exported files.

Exceptions

  • AuditManager.Client.exceptions.AccessDeniedException

  • AuditManager.Client.exceptions.InternalServerException