View Source AWS.AuditManager (aws-elixir v1.0.4)
Welcome to the Audit Manager API reference.
This guide is for developers who need detailed information about the Audit Manager API operations, data types, and errors.
Audit Manager is a service that provides automated evidence collection so that you can continually audit your Amazon Web Services usage. You can use it to assess the effectiveness of your controls, manage risk, and simplify compliance.
Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with specific requirements.
Use the following links to get started with the Audit Manager API:
*
Actions: An alphabetical list of all Audit Manager API operations.
*
Data types: An alphabetical list of all Audit Manager data types.
*
Common parameters: Parameters that all operations can use.
*
Common errors: Client and server errors that all operations can return.
If you're new to Audit Manager, we recommend that you review the Audit Manager User Guide.
Link to this section Summary
Functions
Associates an evidence folder to an assessment report in an Audit Manager assessment.
Associates a list of evidence to an assessment report in an Audit Manager assessment.
Creates a batch of delegations for an assessment in Audit Manager.
Deletes a batch of delegations for an assessment in Audit Manager.
Disassociates a list of evidence from an assessment report in Audit Manager.
Adds one or more pieces of evidence to a control in an Audit Manager assessment.
Creates an assessment in Audit Manager.
Creates a custom framework in Audit Manager.
Creates an assessment report for the specified assessment.
Creates a new custom control in Audit Manager.
Deletes an assessment in Audit Manager.
Deletes a custom framework in Audit Manager.
Deletes a share request for a custom framework in Audit Manager.
Deletes an assessment report in Audit Manager.
Deletes a custom control in Audit Manager.
Deregisters an account in Audit Manager.
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
Disassociates an evidence folder from the specified assessment report in Audit Manager.
Gets the registration status of an account in Audit Manager.
Gets information about a specified assessment.
Gets information about a specified framework.
Gets the URL of an assessment report in Audit Manager.
Gets a list of changelogs from Audit Manager.
Gets information about a specified control.
Gets a list of delegations from an audit owner to a delegate.
Gets information about a specified evidence item.
Gets all evidence from a specified evidence folder in Audit Manager.
Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence.
Gets an evidence folder from a specified assessment in Audit Manager.
Gets the evidence folders from a specified assessment in Audit Manager.
Gets a list of evidence folders that are associated with a specified control in an Audit Manager assessment.
Gets the latest analytics data for all your current active assessments.
Gets the latest analytics data for a specific active assessment.
Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
Gets the settings for a specified Amazon Web Services account.
Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
Returns a list of sent or received share requests for custom frameworks in Audit Manager.
Returns a list of the frameworks that are available in the Audit Manager framework library.
Returns a list of assessment reports created in Audit Manager.
Returns a list of current and past assessments from Audit Manager.
Lists the latest analytics data for control domains across all of your active assessments.
Lists analytics data for control domains within a specified active assessment.
Lists the latest analytics data for controls within a specific control domain across all active assessments.
Returns a list of controls from Audit Manager.
Returns a list of keywords that are pre-mapped to the specified control data source.
Returns a list of all Audit Manager notifications.
Returns a list of tags for the specified resource in Audit Manager.
Enables Audit Manager for the specified Amazon Web Services account.
Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
Creates a share request for a custom framework in Audit Manager.
Tags the specified resource in Audit Manager.
Removes a tag from a resource in Audit Manager.
Edits an Audit Manager assessment.
Updates a control within an assessment in Audit Manager.
Updates the status of a control set in an Audit Manager assessment.
Updates a custom framework in Audit Manager.
Updates a share request for a custom framework in Audit Manager.
Updates the status of an assessment in Audit Manager.
Updates a custom control in Audit Manager.
Updates Audit Manager settings for the current account.
Validates the integrity of an assessment report in Audit Manager.
Link to this section Functions
associate_assessment_report_evidence_folder(client, assessment_id, input, options \\ [])
View SourceAssociates an evidence folder to an assessment report in an Audit Manager assessment.
batch_associate_assessment_report_evidence(client, assessment_id, input, options \\ [])
View SourceAssociates a list of evidence to an assessment report in an Audit Manager assessment.
batch_create_delegation_by_assessment(client, assessment_id, input, options \\ [])
View SourceCreates a batch of delegations for an assessment in Audit Manager.
batch_delete_delegation_by_assessment(client, assessment_id, input, options \\ [])
View SourceDeletes a batch of delegations for an assessment in Audit Manager.
batch_disassociate_assessment_report_evidence(client, assessment_id, input, options \\ [])
View SourceDisassociates a list of evidence from an assessment report in Audit Manager.
batch_import_evidence_to_assessment_control(client, assessment_id, control_id, control_set_id, input, options \\ [])
View SourceAdds one or more pieces of evidence to a control in an Audit Manager assessment.
You can import manual evidence from any S3 bucket by specifying the S3 URI of the object. You can also upload a file from your browser, or enter plain text in response to a risk assessment question.
The following restrictions apply to this action:
*
manualEvidence can be only one of the following:
evidenceFileName, s3ResourcePath, or
textResponse
* Maximum size of an individual evidence file: 100 MB
* Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide*
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
Creates an assessment in Audit Manager.
Creates a custom framework in Audit Manager.
create_assessment_report(client, assessment_id, input, options \\ [])
View SourceCreates an assessment report for the specified assessment.
Creates a new custom control in Audit Manager.
Deletes an assessment in Audit Manager.
delete_assessment_framework(client, framework_id, input, options \\ [])
View SourceDeletes a custom framework in Audit Manager.
delete_assessment_report(client, assessment_id, assessment_report_id, input, options \\ [])
View SourceDeletes an assessment report in Audit Manager.
When you run the DeleteAssessmentReport operation, Audit Manager
attempts to delete the following data:
1. The specified assessment report that’s stored in your S3 bucket
2. The associated metadata that’s stored in Audit Manager
If Audit Manager can’t access the assessment report in your S3 bucket, the
report
isn’t deleted. In this event, the DeleteAssessmentReport operation doesn’t
fail. Instead, it proceeds to delete the associated metadata only. You must then
delete the
assessment report from the S3 bucket yourself.
This scenario happens when Audit Manager receives a 403 (Forbidden) or
404 (Not Found) error from Amazon S3. To avoid this, make sure that
your S3 bucket is available, and that you configured the correct permissions for
Audit Manager to delete resources in your S3 bucket. For an example permissions
policy that
you can use, see Assessment report destination permissions
in the Audit Manager User Guide. For information about the issues that could
cause a
403
(Forbidden)or 404 (Not Found) error from Amazon S3, see
List of Error Codes
in the Amazon Simple Storage Service API
Reference.
Deletes a custom control in Audit Manager.
When you invoke this operation, the custom control is deleted from any frameworks or assessments that it’s currently part of. As a result, Audit Manager will stop collecting evidence for that custom control in all of your assessments. This includes assessments that you previously created before you deleted the custom control.
Deregisters an account in Audit Manager.
Before you deregister, you can use the
UpdateSettings API operation to set your preferred data retention policy. By
default, Audit Manager retains your data. If you want to delete your data, you
can
use the DeregistrationPolicy attribute to request the deletion of your
data.
For more information about data retention, see Data Protection in the Audit Manager User Guide.
deregister_organization_admin_account(client, input, options \\ [])
View SourceRemoves the specified Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.
Keep in mind the following cleanup task if you use evidence finder:
Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store.
This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.
When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.
To delete your Audit Manager resource data, see the following instructions:
*
DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)
*
DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)
*
DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)
*
DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)
*
DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)
At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.
disassociate_assessment_report_evidence_folder(client, assessment_id, input, options \\ [])
View SourceDisassociates an evidence folder from the specified assessment report in Audit Manager.
Gets the registration status of an account in Audit Manager.
Gets information about a specified assessment.
Gets information about a specified framework.
get_assessment_report_url(client, assessment_id, assessment_report_id, options \\ [])
View SourceGets the URL of an assessment report in Audit Manager.
get_change_logs(client, assessment_id, control_id \\ nil, control_set_id \\ nil, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceGets a list of changelogs from Audit Manager.
Gets information about a specified control.
get_delegations(client, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceGets a list of delegations from an audit owner to a delegate.
get_evidence(client, assessment_id, control_set_id, evidence_folder_id, evidence_id, options \\ [])
View SourceGets information about a specified evidence item.
get_evidence_by_evidence_folder(client, assessment_id, control_set_id, evidence_folder_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceGets all evidence from a specified evidence folder in Audit Manager.
Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence.
For instructions on how to use this operation, see Upload a file from your browser in the Audit Manager User Guide.
The following restrictions apply to this operation:
* Maximum size of an individual evidence file: 100 MB
* Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide*
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
get_evidence_folder(client, assessment_id, control_set_id, evidence_folder_id, options \\ [])
View SourceGets an evidence folder from a specified assessment in Audit Manager.
get_evidence_folders_by_assessment(client, assessment_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceGets the evidence folders from a specified assessment in Audit Manager.
get_evidence_folders_by_assessment_control(client, assessment_id, control_id, control_set_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceGets a list of evidence folders that are associated with a specified control in an Audit Manager assessment.
Gets the latest analytics data for all your current active assessments.
Gets the latest analytics data for a specific active assessment.
Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
Audit Manager defines which Amazon Web Services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services that are in this list.
For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.
Gets the settings for a specified Amazon Web Services account.
list_assessment_control_insights_by_control_domain(client, assessment_id, control_domain_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceLists the latest analytics data for controls within a specific control domain and a specific active assessment.
Control insights are listed only if the control belongs to the control domain
and
assessment that was specified. Moreover, the control must have collected
evidence on the
lastUpdated date of controlInsightsByAssessment. If neither
of these conditions are met, no data is listed for that control.
list_assessment_frameworks(client, framework_type, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceReturns a list of the frameworks that are available in the Audit Manager framework library.
list_assessment_reports(client, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceReturns a list of assessment reports created in Audit Manager.
list_assessments(client, max_results \\ nil, next_token \\ nil, status \\ nil, options \\ [])
View SourceReturns a list of current and past assessments from Audit Manager.
list_control_domain_insights(client, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceLists the latest analytics data for control domains across all of your active assessments.
Audit Manager supports the control domains that are provided by Amazon Web
Services
Control Catalog. For information about how to find a list of available control
domains, see
ListDomains
in the Amazon Web Services Control
Catalog API Reference.
A control domain is listed only if at least one of the controls within that
domain
collected evidence on the lastUpdated date of
controlDomainInsights. If this condition isn’t met, no data is listed
for that control domain.
list_control_domain_insights_by_assessment(client, assessment_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceLists analytics data for control domains within a specified active assessment.
Audit Manager supports the control domains that are provided by Amazon Web
Services
Control Catalog. For information about how to find a list of available control
domains, see
ListDomains
in the Amazon Web Services Control
Catalog API Reference.
A control domain is listed only if at least one of the controls within that
domain
collected evidence on the lastUpdated date of
controlDomainInsights. If this condition isn’t met, no data is listed
for that domain.
list_control_insights_by_control_domain(client, control_domain_id, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceLists the latest analytics data for controls within a specific control domain across all active assessments.
Control insights are listed only if the control belongs to the control domain
that
was specified and the control collected evidence on the lastUpdated date of
controlInsightsMetadata. If neither of these conditions are met, no data
is listed for that control.
list_controls(client, control_catalog_id \\ nil, control_type, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceReturns a list of controls from Audit Manager.
list_keywords_for_data_source(client, max_results \\ nil, next_token \\ nil, source, options \\ [])
View SourceReturns a list of keywords that are pre-mapped to the specified control data source.
list_notifications(client, max_results \\ nil, next_token \\ nil, options \\ [])
View SourceReturns a list of all Audit Manager notifications.
Returns a list of tags for the specified resource in Audit Manager.
Enables Audit Manager for the specified Amazon Web Services account.
Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
Tags the specified resource in Audit Manager.
Removes a tag from a resource in Audit Manager.
Edits an Audit Manager assessment.
update_assessment_control(client, assessment_id, control_id, control_set_id, input, options \\ [])
View SourceUpdates a control within an assessment in Audit Manager.
update_assessment_control_set_status(client, assessment_id, control_set_id, input, options \\ [])
View SourceUpdates the status of a control set in an Audit Manager assessment.
update_assessment_framework(client, framework_id, input, options \\ [])
View SourceUpdates a custom framework in Audit Manager.
update_assessment_status(client, assessment_id, input, options \\ [])
View SourceUpdates the status of an assessment in Audit Manager.
Updates a custom control in Audit Manager.
Updates Audit Manager settings for the current account.
validate_assessment_report_integrity(client, input, options \\ [])
View SourceValidates the integrity of an assessment report in Audit Manager.