UpdateSettings - AWS Audit Manager


Updates Audit Manager settings for the current account.

Request Syntax

PUT /settings HTTP/1.1 Content-type: application/json { "defaultAssessmentReportsDestination": { "destination": "string", "destinationType": "string" }, "defaultExportDestination": { "destination": "string", "destinationType": "string" }, "defaultProcessOwners": [ { "roleArn": "string", "roleType": "string" } ], "deregistrationPolicy": { "deleteResources": "string" }, "evidenceFinderEnabled": boolean, "kmsKey": "string", "snsTopic": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


The default S3 destination bucket for storing assessment reports.

Type: AssessmentReportsDestination object

Required: No


The default S3 destination bucket for storing evidence finder exports.

Type: DefaultExportDestination object

Required: No


A list of the default audit owners.

Type: Array of Role objects

Required: No


The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.

Type: DeregistrationPolicy object

Required: No


Specifies whether the evidence finder feature is enabled. Change this attribute to enable or disable evidence finder.


When you use this attribute to disable evidence finder, Audit Manager deletes the event data store that’s used to query your evidence data. As a result, you can’t re-enable evidence finder and use the feature again. Your only alternative is to deregister and then re-register Audit Manager.

Type: Boolean

Required: No


The AWS KMS key details.

Type: String

Length Constraints: Minimum length of 7. Maximum length of 2048.

Pattern: ^arn:.*:kms:.*|DEFAULT

Required: No


The Amazon Simple Notification Service (Amazon SNS) topic that AWS Audit Manager sends notifications to.

Type: String

Length Constraints: Minimum length of 4. Maximum length of 2048.

Pattern: ^arn:.*:sns:.*|NONE

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "settings": { "defaultAssessmentReportsDestination": { "destination": "string", "destinationType": "string" }, "defaultExportDestination": { "destination": "string", "destinationType": "string" }, "defaultProcessOwners": [ { "roleArn": "string", "roleType": "string" } ], "deregistrationPolicy": { "deleteResources": "string" }, "evidenceFinderEnablement": { "backfillStatus": "string", "enablementStatus": "string", "error": "string", "eventDataStoreArn": "string" }, "isAwsOrgEnabled": boolean, "kmsKey": "string", "snsTopic": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The current list of settings.

Type: Settings object


For information about the errors that are common to all actions, see Common Errors.


Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.

HTTP Status Code: 403


An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500


The request has invalid or missing parameters.

HTTP Status Code: 400


Enabling evidence finder

This is an example response for the GetSettings API operation, where the evidenceFinderEnabled parameter was used to enable evidence finder.

This response returns the following evidenceFinderEnablement data:

  • enablementStatus shows the current status of evidence finder. In this case, ENABLE_IN_PROGRESS indicates that you requested to enable evidence finder, and an event data store is being created to support evidence finder queries.

  • backfillStatus shows the current status of the evidence data backfill. In this case, NOT_STARTED indicates that the backfill hasn’t started yet.

Sample Response

{ "settings": { "isAwsOrgEnabled": false, "snsTopic": "arn:aws:sns:us-east-1:111122223333:my-assessment-topic", "defaultAssessmentReportsDestination": { "destinationType": "S3", "destination": "s3://my-assessment-report-destination" }, "defaultProcessOwners": [ { "roleType": "PROCESS_OWNER", "roleArn": "arn:aws:iam::111122223333:role/Administrator" } ], "kmsKey": "DEFAULT", "evidenceFinderEnablement": { "enablementStatus": "ENABLE_IN_PROGRESS", "backfillStatus": "NOT_STARTED" } } }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: