AWS::AuditManager::Assessment
The AWS::AuditManager::Assessment
resource is an Audit Manager
resource type that defines the scope of audit evidence collected by Audit Manager. An
Audit Manager assessment is an implementation of an Audit Manager framework.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::AuditManager::Assessment", "Properties" : { "AssessmentReportsDestination" :
AssessmentReportsDestination
, "AwsAccount" :AWSAccount
, "Delegations" :[ Delegation, ... ]
, "Description" :String
, "FrameworkId" :String
, "Name" :String
, "Roles" :[ Role, ... ]
, "Scope" :Scope
, "Status" :String
, "Tags" :[ Tag, ... ]
} }
YAML
Type: AWS::AuditManager::Assessment Properties: AssessmentReportsDestination:
AssessmentReportsDestination
AwsAccount:AWSAccount
Delegations:- Delegation
Description:String
FrameworkId:String
Name:String
Roles:- Role
Scope:Scope
Status:String
Tags:- Tag
Properties
AssessmentReportsDestination
-
The destination that evidence reports are stored in for the assessment.
Required: No
Type: AssessmentReportsDestination
Update requires: No interruption
AwsAccount
-
The AWS account that's associated with the assessment.
Required: No
Type: AWSAccount
Update requires: Replacement
Delegations
-
The delegations that are associated with the assessment.
Required: No
Type: List of Delegation
Update requires: No interruption
Description
-
The description of the assessment.
Required: No
Type: String
Maximum:
1000
Pattern:
^[\w\W\s\S]*$
Update requires: No interruption
FrameworkId
-
The unique identifier for the framework.
Required: No
Type: String
Minimum:
36
Maximum:
36
Pattern:
^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$
Update requires: Replacement
Name
-
The name of the assessment.
Required: No
Type: String
Minimum:
1
Maximum:
300
Pattern:
^[^\\]*$
Update requires: No interruption
Roles
-
The roles that are associated with the assessment.
Required: No
Type: List of Role
Update requires: No interruption
Scope
-
The wrapper of AWS accounts and services that are in scope for the assessment.
Required: No
Type: Scope
Update requires: No interruption
Status
-
The overall status of the assessment.
When you create a new assessment, the initial
Status
value is alwaysACTIVE
. When you create an assessment, even if you specify the value asINACTIVE
, the value overrides toACTIVE
.After you create an assessment, you can change the value of the
Status
property at any time. For example, when you want to stop collecting evidence for your assessment, you can change the assessment status toINACTIVE
.Required: No
Type: String
Allowed values:
ACTIVE | INACTIVE
Update requires: No interruption
Tags
-
The tags that are associated with the assessment.
Required: No
Type: List of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the assessment ID. For example:
{ "Ref": "111A1A1A-22B2-33C3-DDD4-55E5E5E555E5" }
For more information about using the Ref
function, see Ref.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt.
Arn
-
The Amazon Resource Name (ARN) of the assessment. For example,
arn:aws:auditmanager:us-east-1:123456789012:assessment/111A1A1A-22B2-33C3-DDD4-55E5E5E555E5
. AssessmentId
-
The unique identifier for the assessment. For example,
111A1A1A-22B2-33C3-DDD4-55E5E5E555E5
. CreationTime
-
The time when the assessment was created. For example,
1607582033.373
.
See also
-
CreateAssessment in the AWS Audit Manager API Reference.
-
DeleteAssessment in the AWS Audit Manager API Reference.
-
GetAssessment in the AWS Audit Manager API Reference.
-
UpdateAssessment in the AWS Audit Manager API Reference.