What is AWS Audit Manager? - AWS Audit Manager

What is AWS Audit Manager?

Welcome to the AWS Audit Manager User Guide.

AWS Audit Manager helps you continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards. Audit Manager automates evidence collection to make it easier to assess whether your policies, procedures, and activities—also known as controls—are operating effectively. When it's time for an audit, Audit Manager helps you manage stakeholder reviews of your controls. This means that you can build audit-ready reports with much less manual effort.

AWS Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard or regulation. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits according to your specific requirements.

You can create an assessment from any framework. When you create an assessment, AWS Audit Manager automatically runs resource assessments. These assessements collect data for both the AWS account and services that you define as in scope for your audit. The data that's collected is automatically transformed into audit-friendly evidence. Then, it's attached to the relevant controls to help you demonstrate compliance in security, change management, business continuity, and software licensing.

With AWS Audit Manager, you can do the following tasks:

  • Get started quickly — Select from a gallery of prebuilt frameworks that support a range of compliance standards and regulations. Then, initiate automatic evidence collection to audit your AWS service usage.

  • Support common compliance standards and regulations — Choose one of the AWS Audit Manager standard frameworks. These frameworks provide prebuilt control mappings for common compliance standards and regulations. These include the CIS Foundation Benchmark, PCI DSS, GDPR, HIPAA, HITRUST, SOC2, GxP, and AWS operational best practices.

  • Customize frameworks — Create your own frameworks with standard or custom controls based on your specific requirements for internal audits.

  • Support cross-team collaboration — Delegate control sets to subject matter experts who can review related evidence, add comments, and update the status of each control.

  • Create reports for auditors — Generate assessment reports that summarize the relevant evidence that's collected for your audit and link to folders that contain the detailed evidence.

  • Ensure evidence integrity — Store evidence in a secure location, where it remains unaltered.


AWS Audit Manager assists in collecting evidence that's relevant for verifying compliance with specific compliance standards and regulations. However, it doesn't assess your compliance itself. The evidence that's collected through AWS Audit Manager therefore might not include all the information about your AWS usage that's needed for audits. AWS Audit Manager isn't a substitute for legal counsel or compliance experts.

Review the following sections to learn more about some of the concepts and terminology that are used in AWS Audit Manager.