Evidence - AWS Audit Manager

Evidence

A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity triggered by a user, or a system configuration snapshot.

Contents

assessmentReportSelection

Specifies whether the evidence is included in the assessment report.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: .*

Required: No

attributes

The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword) and value (such as true or false).

Type: String to string map

Key Length Constraints: Maximum length of 100.

Key Pattern: ^[\w\W\s\S]*$

Value Length Constraints: Maximum length of 200.

Value Pattern: ^[\w\W\s\S]*$

Required: No

awsAccountId

The identifier for the specified AWS account.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: No

awsOrganization

The AWS account from which the evidence is collected, and its organization path.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: .*

Required: No

complianceCheck

The evaluation status for evidence that falls under the compliance check category. For evidence collected from AWS Security Hub, a Pass or Fail result is shown. For evidence collected from AWS Config, a Compliant or Noncompliant result is shown.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: .*

Required: No

dataSource

The data source from which the specified evidence was collected.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: .*

Required: No

eventName

The name of the specified evidence event.

Type: String

Length Constraints: Maximum length of 100.

Pattern: ^[\w\W\s\S]*$

Required: No

eventSource

The AWS service from which the evidence is collected.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 40.

Pattern: ^[a-zA-Z0-9-\s().]+$

Required: No

evidenceAwsAccountId

The identifier for the specified AWS account.

Type: String

Length Constraints: Fixed length of 12.

Pattern: ^[0-9]{12}$

Required: No

evidenceByType

The type of automated evidence.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Pattern: .*

Required: No

evidenceFolderId

The identifier for the folder in which the evidence is stored.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: No

iamId

The unique identifier for the IAM user or role associated with the evidence.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: ^arn:.*:iam:.*

Required: No

id

The identifier for the evidence.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: No

resourcesIncluded

The list of resources assessed to generate the evidence.

Type: Array of Resource objects

Required: No

time

The timestamp that represents when the evidence was collected.

Type: Timestamp

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: