View Source aws_auditmanager (aws v1.0.4)
Welcome to the Audit Manager API reference.
This guide is for developers who need detailed information about the Audit Manager API operations, data types, and errors.
Audit Manager is a service that provides automated evidence collection so that you can continually audit your Amazon Web Services usage. You can use it to assess the effectiveness of your controls, manage risk, and simplify compliance.
Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with specific requirements.
Use the following links to get started with the Audit Manager API:
Actions: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_Operations.html: An alphabetical list of all Audit Manager API operations.
Data types: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_Types.html: An alphabetical list of all Audit Manager data types.
Common parameters: https://docs.aws.amazon.com/audit-manager/latest/APIReference/CommonParameters.html: Parameters that all operations can use.
Common errors: https://docs.aws.amazon.com/audit-manager/latest/APIReference/CommonErrors.html: Client and server errors that all operations can return.
Summary
Functions
Adds one or more pieces of evidence to a control in an Audit Manager assessment.
Deletes an assessment report in Audit Manager.
Deletes a custom control in Audit Manager.
Deregisters an account in Audit Manager.
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence.
Gets a list of all of the Amazon Web Services that you can choose to include in your assessment.
Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
Lists the latest analytics data for control domains across all of your active assessments.
Lists analytics data for control domains within a specified active assessment.
Lists the latest analytics data for controls within a specific control domain across all active assessments.
Creates a share request for a custom framework in Audit Manager.
Functions
associate_assessment_report_evidence_folder(Client, AssessmentId, Input)
View Sourceassociate_assessment_report_evidence_folder(Client, AssessmentId, Input0, Options0)
View Sourcebatch_associate_assessment_report_evidence(Client, AssessmentId, Input)
View Sourcebatch_associate_assessment_report_evidence(Client, AssessmentId, Input0, Options0)
View Sourcebatch_create_delegation_by_assessment(Client, AssessmentId, Input)
View Sourcebatch_create_delegation_by_assessment(Client, AssessmentId, Input0, Options0)
View Sourcebatch_delete_delegation_by_assessment(Client, AssessmentId, Input)
View Sourcebatch_delete_delegation_by_assessment(Client, AssessmentId, Input0, Options0)
View Sourcebatch_disassociate_assessment_report_evidence(Client, AssessmentId, Input)
View Sourcebatch_disassociate_assessment_report_evidence(Client, AssessmentId, Input0, Options0)
View Sourcebatch_import_evidence_to_assessment_control(Client, AssessmentId, ControlId, ControlSetId, Input)
View SourceAdds one or more pieces of evidence to a control in an Audit Manager assessment.
You can import manual evidence from any S3 bucket by specifying the S3 URI of the object. You can also upload a file from your browser, or enter plain text in response to a risk assessment question.
The following restrictions apply to this action:
manualEvidence
can be only one of the following:evidenceFileName
,s3ResourcePath
, ortextResponse
Maximum size of an individual evidence file: 100 MB
Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence: https://docs.aws.amazon.com/audit-manager/latest/userguide/upload-evidence.html#supported-manual-evidence-files in the Audit Manager User Guide
batch_import_evidence_to_assessment_control(Client, AssessmentId, ControlId, ControlSetId, Input0, Options0)
View Sourcedelete_assessment_framework(Client, FrameworkId, Input0, Options0)
View Sourcedelete_assessment_report(Client, AssessmentId, AssessmentReportId, Input)
View SourceDeletes an assessment report in Audit Manager.
When you run the DeleteAssessmentReport
operation, Audit Manager attempts to delete the following data:
The specified assessment report that’s stored in your S3 bucket
The associated metadata that’s stored in Audit Manager
If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the DeleteAssessmentReport
operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself.
403 (Forbidden)
or 404 (Not Found)
error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see Assessment report destination permissions: https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination in the Audit Manager User Guide. For information about the issues that could cause a 403 (Forbidden)
or 404 (Not Found
) error from Amazon S3, see List of Error Codes: https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList in the Amazon Simple Storage Service API Reference.
delete_assessment_report(Client, AssessmentId, AssessmentReportId, Input0, Options0)
View SourceDeletes a custom control in Audit Manager.
When you invoke this operation, the custom control is deleted from any frameworks or assessments that it’s currently part of. As a result, Audit Manager will stop collecting evidence for that custom control in all of your assessments. This includes assessments that you previously created before you deleted the custom control.Deregisters an account in Audit Manager.
Before you deregister, you can use the UpdateSettings: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_UpdateSettings.html API operation to set your preferred data retention policy. By default, Audit Manager retains your data. If you want to delete your data, you can use the DeregistrationPolicy
attribute to request the deletion of your data.
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.
Keep in mind the following cleanup task if you use evidence finder:
Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-eds-disable-termination.html.
This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.
When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.
To delete your Audit Manager resource data, see the following instructions:
DeleteAssessment: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessment.html (see also: Deleting an assessment: https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-assessment.html in the Audit Manager User Guide)
DeleteAssessmentFramework: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentFramework.html (see also: Deleting a custom framework: https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-custom-framework.html in the Audit Manager User Guide)
DeleteAssessmentFrameworkShare: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentFrameworkShare.html (see also: Deleting a share request: https://docs.aws.amazon.com/audit-manager/latest/userguide/deleting-shared-framework-requests.html in the Audit Manager User Guide)
DeleteAssessmentReport: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteAssessmentReport.html (see also: Deleting an assessment report: https://docs.aws.amazon.com/audit-manager/latest/userguide/generate-assessment-report.html#delete-assessment-report-steps in the Audit Manager User Guide)
DeleteControl: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeleteControl.html (see also: Deleting a custom control: https://docs.aws.amazon.com/audit-manager/latest/userguide/delete-controls.html in the Audit Manager User Guide)
disassociate_assessment_report_evidence_folder(Client, AssessmentId, Input)
View Sourcedisassociate_assessment_report_evidence_folder(Client, AssessmentId, Input0, Options0)
View Sourceget_assessment(Client, AssessmentId, QueryMap, HeadersMap, Options0)
View Sourceget_assessment_framework(Client, FrameworkId, QueryMap, HeadersMap)
View Sourceget_assessment_framework(Client, FrameworkId, QueryMap, HeadersMap, Options0)
View Sourceget_assessment_report_url(Client, AssessmentId, AssessmentReportId)
View Sourceget_assessment_report_url(Client, AssessmentId, AssessmentReportId, QueryMap, HeadersMap)
View Sourceget_assessment_report_url(Client, AssessmentId, AssessmentReportId, QueryMap, HeadersMap, Options0)
View Sourceget_change_logs(Client, AssessmentId, QueryMap, HeadersMap, Options0)
View Sourceget_evidence(Client, AssessmentId, ControlSetId, EvidenceFolderId, EvidenceId)
View Sourceget_evidence(Client, AssessmentId, ControlSetId, EvidenceFolderId, EvidenceId, QueryMap, HeadersMap)
View Sourceget_evidence(Client, AssessmentId, ControlSetId, EvidenceFolderId, EvidenceId, QueryMap, HeadersMap, Options0)
View Sourceget_evidence_by_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId)
View Sourceget_evidence_by_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId, QueryMap, HeadersMap)
View Sourceget_evidence_by_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId, QueryMap, HeadersMap, Options0)
View SourceCreates a presigned Amazon S3 URL that can be used to upload a file as manual evidence.
For instructions on how to use this operation, see Upload a file from your browser : https://docs.aws.amazon.com/audit-manager/latest/userguide/upload-evidence.html#how-to-upload-manual-evidence-files in the Audit Manager User Guide.
The following restrictions apply to this operation:
Maximum size of an individual evidence file: 100 MB
Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence: https://docs.aws.amazon.com/audit-manager/latest/userguide/upload-evidence.html#supported-manual-evidence-files in the Audit Manager User Guide
get_evidence_file_upload_url(Client, FileName, QueryMap, HeadersMap)
View Sourceget_evidence_file_upload_url(Client, FileName, QueryMap, HeadersMap, Options0)
View Sourceget_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId)
View Sourceget_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId, QueryMap, HeadersMap)
View Sourceget_evidence_folder(Client, AssessmentId, ControlSetId, EvidenceFolderId, QueryMap, HeadersMap, Options0)
View Sourceget_evidence_folders_by_assessment(Client, AssessmentId, QueryMap, HeadersMap)
View Sourceget_evidence_folders_by_assessment(Client, AssessmentId, QueryMap, HeadersMap, Options0)
View Sourceget_evidence_folders_by_assessment_control(Client, AssessmentId, ControlId, ControlSetId)
View Sourceget_evidence_folders_by_assessment_control(Client, AssessmentId, ControlId, ControlSetId, QueryMap, HeadersMap)
View Sourceget_evidence_folders_by_assessment_control(Client, AssessmentId, ControlId, ControlSetId, QueryMap, HeadersMap, Options0)
View Sourceget_insights_by_assessment(Client, AssessmentId, QueryMap, HeadersMap)
View Sourceget_insights_by_assessment(Client, AssessmentId, QueryMap, HeadersMap, Options0)
View Sourceget_organization_admin_account(Client, QueryMap, HeadersMap, Options0)
View SourceGets a list of all of the Amazon Web Services that you can choose to include in your assessment.
When you create an assessment: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_CreateAssessment.html, specify which of these services you want to include to narrow the assessment's scope: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_Scope.html.list_assessment_control_insights_by_control_domain(Client, AssessmentId, ControlDomainId)
View SourceLists the latest analytics data for controls within a specific control domain and a specific active assessment.
Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on thelastUpdated
date of controlInsightsByAssessment
. If neither of these conditions are met, no data is listed for that control.
list_assessment_control_insights_by_control_domain(Client, AssessmentId, ControlDomainId, QueryMap, HeadersMap)
View Sourcelist_assessment_control_insights_by_control_domain(Client, AssessmentId, ControlDomainId, QueryMap, HeadersMap, Options0)
View Sourcelist_assessment_frameworks(Client, FrameworkType, QueryMap, HeadersMap)
View Sourcelist_assessment_frameworks(Client, FrameworkType, QueryMap, HeadersMap, Options0)
View SourceLists the latest analytics data for control domains across all of your active assessments.
A control domain is listed only if at least one of the controls within that domain collected evidence on thelastUpdated
date of controlDomainInsights
. If this condition isn’t met, no data is listed for that control domain.
list_control_domain_insights(Client, QueryMap, HeadersMap, Options0)
View SourceLists analytics data for control domains within a specified active assessment.
A control domain is listed only if at least one of the controls within that domain collected evidence on thelastUpdated
date of controlDomainInsights
. If this condition isn’t met, no data is listed for that domain.
list_control_domain_insights_by_assessment(Client, AssessmentId, QueryMap, HeadersMap)
View Sourcelist_control_domain_insights_by_assessment(Client, AssessmentId, QueryMap, HeadersMap, Options0)
View SourceLists the latest analytics data for controls within a specific control domain across all active assessments.
Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on thelastUpdated
date of controlInsightsMetadata
. If neither of these conditions are met, no data is listed for that control.