Prerequisites Procedure Next steps Additional resources

Editing an assessment in AWS Audit Manager

You might encounter situations where you need to edit your existing assessments in AWS Audit Manager. Perhaps the scope of your audit has changed, requiring updates to the AWS accounts included in the assessment. Or, you might need to revise the list of audit owners assigned to the assessment due to personnel changes. In such cases, you can edit your active assessments and make necessary adjustments without disrupting your evidence collection.

The following page outlines the steps to edit your assessment details, change the AWS accounts in scope, update the audit owners, and review and save your changes.

Prerequisites

The following procedure assumes that you have previously created at least one assessment, and it is in an active state.

Make sure your IAM identity has appropriate permissions to edit an assessment in AWS Audit Manager. Two suggested policies that grant these permissions are AWSAuditManagerAdministratorAccess and Allow users management access to AWS Audit Manager.

Procedure

Tasks

Step 1: Edit assessment details

Follow these steps to edit the details of your assessment.

To edit an assessment

Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home.
In the navigation pane, choose Assessments.
Select an assessment, and choose Edit.
Under Edit assessment details, edit your assessment details as needed.
Choose Next.

Step 2: Edit AWS accounts in scope

In this step, you can change which accounts are included in your assessment. Audit Manager can support up to 200 accounts in the scope of an assessment, and 250 unique member accounts across all assessments.

To edit AWS accounts in scope

To add an AWS account, select the check box next to the account name.
To remove an AWS account, clear the check box next to the account name.
Choose Next.

Note

To edit the delegated administrator for Audit Manager, see Changing a delegated administrator.

Step 3: Edit audit owners

In this step, you can change which audit owners are included in your assessment.

To edit audit owners

To add an audit owner, select the check box next to the account name.
To remove an audit owner, clear the check box next to the account name.
Choose Next.

Audit owner permissions

The below policy is attached for all the audit owners of an assessment.

Audit Manager replaces the placeholder text with your account and resource identifiers before attaching the policy.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AuditOwner",
            "Effect": "Allow",
            "Principal": {
                "AWS": "Principal for user/role who are the audit owners of the Assessment"
            },
            "Action": [
                "auditmanager:GetAssessment",
                "auditmanager:UpdateAssessment",
                "auditmanager:UpdateAssessmentControlSetStatus",
                "auditmanager:UpdateAssessmentStatus",
                "auditmanager:UpdateAssessmentControl",
                "auditmanager:DeleteAssessment",
                "auditmanager:GetChangeLogs",
                "auditmanager:GetEvidenceFoldersByAssessment",
                "auditmanager:GetEvidenceFoldersByAssessmentControl",
                "auditmanager:BatchImportEvidenceToAssessmentControl",
                "auditmanager:GetEvidenceFolder",
                "auditmanager:GetEvidence",
                "auditmanager:GetEvidenceByEvidenceFolder",
                "auditmanager:BatchCreateDelegationByAssessment",
                "auditmanager:BatchDeleteDelegationByAssessment",
                "auditmanager:AssociateAssessmentReportEvidenceFolder",
                "auditmanager:BatchAssociateAssessmentReportEvidence",
                "auditmanager:BatchDisassociateAssessmentReportEvidence",
                "auditmanager:CreateAssessmentReport",
                "auditmanager:DeleteAssessmentReport",
                "auditmanager:DisassociateAssessmentReportEvidenceFolder",
                "auditmanager:GetAssessmentReportUrl"
            ],
            "Resource": [
                "arn:aws:auditmanager:region:account_ID:assessment/assessment_ID",
                "arn:aws:auditmanager:region:account_ID:assessment/assessment_ID/*"
            ]
        }
    ]
}

Step 4: Review and save

Review the information for your assessment. To change the information for a step, choose Edit. When you're finished, choose Save changes to confirm your edits.

After you complete your edits, the changes to the assessment take effect at 00:00 UTC the following day.

Next steps

When you no longer need to collect evidence for a specific assessment control, you can change the status of that control. For instructions, see Changing the status of an assessment control in AWS Audit Manager.

When you no longer need to collect evidence for the entire assessment, you can change the assessment status to inactive. For instructions, see Changing the status of an assessment to inactive in AWS Audit Manager.

Additional resources

For solutions to assessment issues in Audit Manager, see Troubleshooting assessment and evidence collection issues.
For information about why it's no longer possible to edit services in scope, see I can't edit the services in scope for my assessment in the Troubleshooting section of this guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Evidence details

Adding manual evidence