Deleting a custom control in AWS Audit Manager
If you created a custom control and you no longer need it, you can delete it from your
Audit Manager environment. This enables you to clean up your workspace and focus on the custom controls
that are relevant to your current tasks and priorities.
Prerequisites
The following procedure assumes that you have previously created a custom
control.
Make sure your IAM identity has appropriate permissions to delete a custom control in
AWS Audit Manager. Two suggested policies that grant these permissions are AWSAuditManagerAdministratorAccess and Allow users management access to
AWS Audit Manager.
Procedure
You can delete custom controls using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface
(AWS CLI).
When you delete a custom control, this action removes the control from any custom
frameworks or assessments that it's currently related to. As a result, Audit Manager will stop
collecting evidence for that custom control in all of your assessments. This includes
assessments that you previously created before you deleted the custom control.
- Audit Manager console
-
To delete a custom control on the Audit Manager console
Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.
-
In the navigation pane, choose Control library and then
choose the Custom controls tab.
-
Select the control that you want to delete, and then choose
Delete.
-
In the pop-up window that appears, choose Delete to confirm
deletion.
- AWS CLI
-
To delete a custom control in the AWS CLI
-
First, identify the custom control that you want to delete. To do this, run the
list-controls command and specify the --control-type
as
Custom
.
aws auditmanager list-controls --control-type Custom
The response returns a list of custom controls. Find the control that you want
to delete, and take note of the control ID.
-
Next, run the delete-control command and use the --control-id
parameter to
specify the control that you want to delete.
In the following example, replace the placeholder
text
with your own information.
aws auditmanager delete-control --control-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
- Audit Manager API
-
To delete a custom control using the API
-
Use the ListControls
operation and specify the controlType as Custom
. From the response, find the control
that you want to delete and note the control ID.
-
Use the DeleteControl operation to delete the custom control. In the request, use
the controlId parameter to specify the control that you want to
delete.
For more information about these API operations, choose any of the links in the
previous procedure to read more in the AWS Audit Manager API
Reference. This includes information about how to use these operations and
parameters in one of the language-specific AWS SDKs.
Additional resources
For information about data retention in Audit Manager, see Deletion of Audit Manager data.