@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class AbstractAWSAuditManager extends Object implements AWSAuditManager
AWSAuditManager
. Convenient method forms pass through to the corresponding
overload that takes a request object, which throws an UnsupportedOperationException
.ENDPOINT_PREFIX
public AssociateAssessmentReportEvidenceFolderResult associateAssessmentReportEvidenceFolder(AssociateAssessmentReportEvidenceFolderRequest request)
AWSAuditManager
Associates an evidence folder to an assessment report in an Audit Manager assessment.
associateAssessmentReportEvidenceFolder
in interface AWSAuditManager
public BatchAssociateAssessmentReportEvidenceResult batchAssociateAssessmentReportEvidence(BatchAssociateAssessmentReportEvidenceRequest request)
AWSAuditManager
Associates a list of evidence to an assessment report in an Audit Manager assessment.
batchAssociateAssessmentReportEvidence
in interface AWSAuditManager
public BatchCreateDelegationByAssessmentResult batchCreateDelegationByAssessment(BatchCreateDelegationByAssessmentRequest request)
AWSAuditManager
Creates a batch of delegations for an assessment in Audit Manager.
batchCreateDelegationByAssessment
in interface AWSAuditManager
public BatchDeleteDelegationByAssessmentResult batchDeleteDelegationByAssessment(BatchDeleteDelegationByAssessmentRequest request)
AWSAuditManager
Deletes a batch of delegations for an assessment in Audit Manager.
batchDeleteDelegationByAssessment
in interface AWSAuditManager
public BatchDisassociateAssessmentReportEvidenceResult batchDisassociateAssessmentReportEvidence(BatchDisassociateAssessmentReportEvidenceRequest request)
AWSAuditManager
Disassociates a list of evidence from an assessment report in Audit Manager.
batchDisassociateAssessmentReportEvidence
in interface AWSAuditManager
public BatchImportEvidenceToAssessmentControlResult batchImportEvidenceToAssessmentControl(BatchImportEvidenceToAssessmentControlRequest request)
AWSAuditManager
Adds one or more pieces of evidence to a control in an Audit Manager assessment.
You can import manual evidence from any S3 bucket by specifying the S3 URI of the object. You can also upload a file from your browser, or enter plain text in response to a risk assessment question.
The following restrictions apply to this action:
manualEvidence
can be only one of the following: evidenceFileName
,
s3ResourcePath
, or textResponse
Maximum size of an individual evidence file: 100 MB
Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
batchImportEvidenceToAssessmentControl
in interface AWSAuditManager
public CreateAssessmentResult createAssessment(CreateAssessmentRequest request)
AWSAuditManager
Creates an assessment in Audit Manager.
createAssessment
in interface AWSAuditManager
public CreateAssessmentFrameworkResult createAssessmentFramework(CreateAssessmentFrameworkRequest request)
AWSAuditManager
Creates a custom framework in Audit Manager.
createAssessmentFramework
in interface AWSAuditManager
public CreateAssessmentReportResult createAssessmentReport(CreateAssessmentReportRequest request)
AWSAuditManager
Creates an assessment report for the specified assessment.
createAssessmentReport
in interface AWSAuditManager
public CreateControlResult createControl(CreateControlRequest request)
AWSAuditManager
Creates a new custom control in Audit Manager.
createControl
in interface AWSAuditManager
public DeleteAssessmentResult deleteAssessment(DeleteAssessmentRequest request)
AWSAuditManager
Deletes an assessment in Audit Manager.
deleteAssessment
in interface AWSAuditManager
public DeleteAssessmentFrameworkResult deleteAssessmentFramework(DeleteAssessmentFrameworkRequest request)
AWSAuditManager
Deletes a custom framework in Audit Manager.
deleteAssessmentFramework
in interface AWSAuditManager
public DeleteAssessmentFrameworkShareResult deleteAssessmentFrameworkShare(DeleteAssessmentFrameworkShareRequest request)
AWSAuditManager
Deletes a share request for a custom framework in Audit Manager.
deleteAssessmentFrameworkShare
in interface AWSAuditManager
public DeleteAssessmentReportResult deleteAssessmentReport(DeleteAssessmentReportRequest request)
AWSAuditManager
Deletes an assessment report in Audit Manager.
When you run the DeleteAssessmentReport
operation, Audit Manager attempts to delete the following
data:
The specified assessment report that’s stored in your S3 bucket
The associated metadata that’s stored in Audit Manager
If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event,
the DeleteAssessmentReport
operation doesn’t fail. Instead, it proceeds to delete the associated
metadata only. You must then delete the assessment report from the S3 bucket yourself.
This scenario happens when Audit Manager receives a 403 (Forbidden)
or 404 (Not Found)
error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the
correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy
that you can use, see Assessment report destination permissions in the Audit Manager User Guide. For information about the
issues that could cause a 403 (Forbidden)
or 404 (Not Found
) error from Amazon S3, see
List of Error
Codes in the Amazon Simple Storage Service API Reference.
deleteAssessmentReport
in interface AWSAuditManager
public DeleteControlResult deleteControl(DeleteControlRequest request)
AWSAuditManager
Deletes a custom control in Audit Manager.
When you invoke this operation, the custom control is deleted from any frameworks or assessments that it’s currently part of. As a result, Audit Manager will stop collecting evidence for that custom control in all of your assessments. This includes assessments that you previously created before you deleted the custom control.
deleteControl
in interface AWSAuditManager
public DeregisterAccountResult deregisterAccount(DeregisterAccountRequest request)
AWSAuditManager
Deregisters an account in Audit Manager.
Before you deregister, you can use the UpdateSettings
API operation to set your preferred data retention policy. By default, Audit Manager retains your data. If you
want to delete your data, you can use the DeregistrationPolicy
attribute to request the deletion of
your data.
For more information about data retention, see Data Protection in the Audit Manager User Guide.
deregisterAccount
in interface AWSAuditManager
public DeregisterOrganizationAdminAccountResult deregisterOrganizationAdminAccount(DeregisterOrganizationAdminAccountRequest request)
AWSAuditManager
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.
Keep in mind the following cleanup task if you use evidence finder:
Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store.
This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.
When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.
To delete your Audit Manager resource data, see the following instructions:
DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)
DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)
DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)
DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)
DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)
At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.
deregisterOrganizationAdminAccount
in interface AWSAuditManager
public DisassociateAssessmentReportEvidenceFolderResult disassociateAssessmentReportEvidenceFolder(DisassociateAssessmentReportEvidenceFolderRequest request)
AWSAuditManager
Disassociates an evidence folder from the specified assessment report in Audit Manager.
disassociateAssessmentReportEvidenceFolder
in interface AWSAuditManager
public GetAccountStatusResult getAccountStatus(GetAccountStatusRequest request)
AWSAuditManager
Gets the registration status of an account in Audit Manager.
getAccountStatus
in interface AWSAuditManager
public GetAssessmentResult getAssessment(GetAssessmentRequest request)
AWSAuditManager
Gets information about a specified assessment.
getAssessment
in interface AWSAuditManager
public GetAssessmentFrameworkResult getAssessmentFramework(GetAssessmentFrameworkRequest request)
AWSAuditManager
Gets information about a specified framework.
getAssessmentFramework
in interface AWSAuditManager
public GetAssessmentReportUrlResult getAssessmentReportUrl(GetAssessmentReportUrlRequest request)
AWSAuditManager
Gets the URL of an assessment report in Audit Manager.
getAssessmentReportUrl
in interface AWSAuditManager
public GetChangeLogsResult getChangeLogs(GetChangeLogsRequest request)
AWSAuditManager
Gets a list of changelogs from Audit Manager.
getChangeLogs
in interface AWSAuditManager
public GetControlResult getControl(GetControlRequest request)
AWSAuditManager
Gets information about a specified control.
getControl
in interface AWSAuditManager
public GetDelegationsResult getDelegations(GetDelegationsRequest request)
AWSAuditManager
Gets a list of delegations from an audit owner to a delegate.
getDelegations
in interface AWSAuditManager
public GetEvidenceResult getEvidence(GetEvidenceRequest request)
AWSAuditManager
Gets information about a specified evidence item.
getEvidence
in interface AWSAuditManager
public GetEvidenceByEvidenceFolderResult getEvidenceByEvidenceFolder(GetEvidenceByEvidenceFolderRequest request)
AWSAuditManager
Gets all evidence from a specified evidence folder in Audit Manager.
getEvidenceByEvidenceFolder
in interface AWSAuditManager
public GetEvidenceFileUploadUrlResult getEvidenceFileUploadUrl(GetEvidenceFileUploadUrlRequest request)
AWSAuditManager
Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence. For instructions on how to use this operation, see Upload a file from your browser in the Audit Manager User Guide.
The following restrictions apply to this operation:
Maximum size of an individual evidence file: 100 MB
Number of daily manual evidence uploads per control: 100
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
getEvidenceFileUploadUrl
in interface AWSAuditManager
public GetEvidenceFolderResult getEvidenceFolder(GetEvidenceFolderRequest request)
AWSAuditManager
Gets an evidence folder from a specified assessment in Audit Manager.
getEvidenceFolder
in interface AWSAuditManager
public GetEvidenceFoldersByAssessmentResult getEvidenceFoldersByAssessment(GetEvidenceFoldersByAssessmentRequest request)
AWSAuditManager
Gets the evidence folders from a specified assessment in Audit Manager.
getEvidenceFoldersByAssessment
in interface AWSAuditManager
public GetEvidenceFoldersByAssessmentControlResult getEvidenceFoldersByAssessmentControl(GetEvidenceFoldersByAssessmentControlRequest request)
AWSAuditManager
Gets a list of evidence folders that are associated with a specified control in an Audit Manager assessment.
getEvidenceFoldersByAssessmentControl
in interface AWSAuditManager
public GetInsightsResult getInsights(GetInsightsRequest request)
AWSAuditManager
Gets the latest analytics data for all your current active assessments.
getInsights
in interface AWSAuditManager
public GetInsightsByAssessmentResult getInsightsByAssessment(GetInsightsByAssessmentRequest request)
AWSAuditManager
Gets the latest analytics data for a specific active assessment.
getInsightsByAssessment
in interface AWSAuditManager
public GetOrganizationAdminAccountResult getOrganizationAdminAccount(GetOrganizationAdminAccountRequest request)
AWSAuditManager
Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
getOrganizationAdminAccount
in interface AWSAuditManager
public GetServicesInScopeResult getServicesInScope(GetServicesInScopeRequest request)
AWSAuditManager
Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
Audit Manager defines which Amazon Web Services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services that are in this list.
For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.
getServicesInScope
in interface AWSAuditManager
public GetSettingsResult getSettings(GetSettingsRequest request)
AWSAuditManager
Gets the settings for a specified Amazon Web Services account.
getSettings
in interface AWSAuditManager
public ListAssessmentControlInsightsByControlDomainResult listAssessmentControlInsightsByControlDomain(ListAssessmentControlInsightsByControlDomainRequest request)
AWSAuditManager
Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
Control insights are listed only if the control belongs to the control domain and assessment that was specified.
Moreover, the control must have collected evidence on the lastUpdated
date of
controlInsightsByAssessment
. If neither of these conditions are met, no data is listed for that
control.
listAssessmentControlInsightsByControlDomain
in interface AWSAuditManager
public ListAssessmentFrameworkShareRequestsResult listAssessmentFrameworkShareRequests(ListAssessmentFrameworkShareRequestsRequest request)
AWSAuditManager
Returns a list of sent or received share requests for custom frameworks in Audit Manager.
listAssessmentFrameworkShareRequests
in interface AWSAuditManager
public ListAssessmentFrameworksResult listAssessmentFrameworks(ListAssessmentFrameworksRequest request)
AWSAuditManager
Returns a list of the frameworks that are available in the Audit Manager framework library.
listAssessmentFrameworks
in interface AWSAuditManager
public ListAssessmentReportsResult listAssessmentReports(ListAssessmentReportsRequest request)
AWSAuditManager
Returns a list of assessment reports created in Audit Manager.
listAssessmentReports
in interface AWSAuditManager
public ListAssessmentsResult listAssessments(ListAssessmentsRequest request)
AWSAuditManager
Returns a list of current and past assessments from Audit Manager.
listAssessments
in interface AWSAuditManager
public ListControlDomainInsightsResult listControlDomainInsights(ListControlDomainInsightsRequest request)
AWSAuditManager
Lists the latest analytics data for control domains across all of your active assessments.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For
information about how to find a list of available control domains, see
ListDomains
in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the
lastUpdated
date of controlDomainInsights
. If this condition isn’t met, no data is
listed for that control domain.
listControlDomainInsights
in interface AWSAuditManager
public ListControlDomainInsightsByAssessmentResult listControlDomainInsightsByAssessment(ListControlDomainInsightsByAssessmentRequest request)
AWSAuditManager
Lists analytics data for control domains within a specified active assessment.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For
information about how to find a list of available control domains, see
ListDomains
in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the
lastUpdated
date of controlDomainInsights
. If this condition isn’t met, no data is
listed for that domain.
listControlDomainInsightsByAssessment
in interface AWSAuditManager
public ListControlInsightsByControlDomainResult listControlInsightsByControlDomain(ListControlInsightsByControlDomainRequest request)
AWSAuditManager
Lists the latest analytics data for controls within a specific control domain across all active assessments.
Control insights are listed only if the control belongs to the control domain that was specified and the control
collected evidence on the lastUpdated
date of controlInsightsMetadata
. If neither of
these conditions are met, no data is listed for that control.
listControlInsightsByControlDomain
in interface AWSAuditManager
public ListControlsResult listControls(ListControlsRequest request)
AWSAuditManager
Returns a list of controls from Audit Manager.
listControls
in interface AWSAuditManager
public ListKeywordsForDataSourceResult listKeywordsForDataSource(ListKeywordsForDataSourceRequest request)
AWSAuditManager
Returns a list of keywords that are pre-mapped to the specified control data source.
listKeywordsForDataSource
in interface AWSAuditManager
public ListNotificationsResult listNotifications(ListNotificationsRequest request)
AWSAuditManager
Returns a list of all Audit Manager notifications.
listNotifications
in interface AWSAuditManager
public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)
AWSAuditManager
Returns a list of tags for the specified resource in Audit Manager.
listTagsForResource
in interface AWSAuditManager
public RegisterAccountResult registerAccount(RegisterAccountRequest request)
AWSAuditManager
Enables Audit Manager for the specified Amazon Web Services account.
registerAccount
in interface AWSAuditManager
public RegisterOrganizationAdminAccountResult registerOrganizationAdminAccount(RegisterOrganizationAdminAccountRequest request)
AWSAuditManager
Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
registerOrganizationAdminAccount
in interface AWSAuditManager
public StartAssessmentFrameworkShareResult startAssessmentFrameworkShare(StartAssessmentFrameworkShareRequest request)
AWSAuditManager
Creates a share request for a custom framework in Audit Manager.
The share request specifies a recipient and notifies them that a custom framework is available. Recipients have 120 days to accept or decline the request. If no action is taken, the share request expires.
When you create a share request, Audit Manager stores a snapshot of your custom framework in the US East (N. Virginia) Amazon Web Services Region. Audit Manager also stores a backup of the same snapshot in the US West (Oregon) Amazon Web Services Region.
Audit Manager deletes the snapshot and the backup snapshot when one of the following events occurs:
The sender revokes the share request.
The recipient declines the share request.
The recipient encounters an error and doesn't successfully accept the share request.
The share request expires before the recipient responds to the request.
When a sender resends a share request, the snapshot is replaced with an updated version that corresponds with the latest version of the custom framework.
When a recipient accepts a share request, the snapshot is replicated into their Amazon Web Services account under the Amazon Web Services Region that was specified in the share request.
When you invoke the StartAssessmentFrameworkShare
API, you are about to share a custom framework
with another Amazon Web Services account. You may not share a custom framework that is derived from a standard
framework if the standard framework is designated as not eligible for sharing by Amazon Web Services, unless you
have obtained permission to do so from the owner of the standard framework. To learn more about which standard
frameworks are eligible for sharing, see Framework sharing eligibility in the Audit Manager User Guide.
startAssessmentFrameworkShare
in interface AWSAuditManager
public TagResourceResult tagResource(TagResourceRequest request)
AWSAuditManager
Tags the specified resource in Audit Manager.
tagResource
in interface AWSAuditManager
public UntagResourceResult untagResource(UntagResourceRequest request)
AWSAuditManager
Removes a tag from a resource in Audit Manager.
untagResource
in interface AWSAuditManager
public UpdateAssessmentResult updateAssessment(UpdateAssessmentRequest request)
AWSAuditManager
Edits an Audit Manager assessment.
updateAssessment
in interface AWSAuditManager
public UpdateAssessmentControlResult updateAssessmentControl(UpdateAssessmentControlRequest request)
AWSAuditManager
Updates a control within an assessment in Audit Manager.
updateAssessmentControl
in interface AWSAuditManager
public UpdateAssessmentControlSetStatusResult updateAssessmentControlSetStatus(UpdateAssessmentControlSetStatusRequest request)
AWSAuditManager
Updates the status of a control set in an Audit Manager assessment.
updateAssessmentControlSetStatus
in interface AWSAuditManager
public UpdateAssessmentFrameworkResult updateAssessmentFramework(UpdateAssessmentFrameworkRequest request)
AWSAuditManager
Updates a custom framework in Audit Manager.
updateAssessmentFramework
in interface AWSAuditManager
public UpdateAssessmentFrameworkShareResult updateAssessmentFrameworkShare(UpdateAssessmentFrameworkShareRequest request)
AWSAuditManager
Updates a share request for a custom framework in Audit Manager.
updateAssessmentFrameworkShare
in interface AWSAuditManager
public UpdateAssessmentStatusResult updateAssessmentStatus(UpdateAssessmentStatusRequest request)
AWSAuditManager
Updates the status of an assessment in Audit Manager.
updateAssessmentStatus
in interface AWSAuditManager
public UpdateControlResult updateControl(UpdateControlRequest request)
AWSAuditManager
Updates a custom control in Audit Manager.
updateControl
in interface AWSAuditManager
public UpdateSettingsResult updateSettings(UpdateSettingsRequest request)
AWSAuditManager
Updates Audit Manager settings for the current account.
updateSettings
in interface AWSAuditManager
public ValidateAssessmentReportIntegrityResult validateAssessmentReportIntegrity(ValidateAssessmentReportIntegrityRequest request)
AWSAuditManager
Validates the integrity of an assessment report in Audit Manager.
validateAssessmentReportIntegrity
in interface AWSAuditManager
public void shutdown()
AWSAuditManager
shutdown
in interface AWSAuditManager
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
AWSAuditManager
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
getCachedResponseMetadata
in interface AWSAuditManager
request
- The originally executed request.