AWS::AuditManager::Assessment - AWS CloudFormation

AWS::AuditManager::Assessment

The AWS::AuditManager::Assessment resource is an Audit Manager resource type that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::AuditManager::Assessment", "Properties" : { "AssessmentReportsDestination" : AssessmentReportsDestination, "AwsAccount" : AWSAccount, "Delegations" : [ Delegation, ... ], "Description" : String, "FrameworkId" : String, "Name" : String, "Roles" : [ Role, ... ], "Scope" : Scope, "Status" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::AuditManager::Assessment Properties: AssessmentReportsDestination: AssessmentReportsDestination AwsAccount: AWSAccount Delegations: - Delegation Description: String FrameworkId: String Name: String Roles: - Role Scope: Scope Status: String Tags: - Tag

Properties

AssessmentReportsDestination

The destination that evidence reports are stored in for the assessment.

Required: No

Type: AssessmentReportsDestination

Update requires: No interruption

AwsAccount

The AWS account that's associated with the assessment.

Required: No

Type: AWSAccount

Update requires: Replacement

Delegations

The delegations that are associated with the assessment.

Required: No

Type: Array of Delegation

Update requires: No interruption

Description

The description of the assessment.

Required: No

Type: String

Pattern: ^[\w\W\s\S]*$

Maximum: 1000

Update requires: No interruption

FrameworkId

The unique identifier for the framework.

Required: No

Type: String

Pattern: ^([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|.*\S.*)$

Minimum: 32

Maximum: 36

Update requires: Replacement

Name

The name of the assessment.

Required: No

Type: String

Pattern: ^[a-zA-Z0-9-_\.]+$

Minimum: 1

Maximum: 127

Update requires: No interruption

Roles

The roles that are associated with the assessment.

Required: No

Type: Array of Role

Update requires: No interruption

Scope

The wrapper of AWS accounts and services that are in scope for the assessment.

Required: No

Type: Scope

Update requires: No interruption

Status

The overall status of the assessment.

When you create a new assessment, the initial Status value is always ACTIVE. When you create an assessment, even if you specify the value as INACTIVE, the value overrides to ACTIVE.

After you create an assessment, you can change the value of the Status property at any time. For example, when you want to stop collecting evidence for your assessment, you can change the assessment status to INACTIVE.

Required: No

Type: String

Allowed values: ACTIVE | INACTIVE

Update requires: No interruption

Tags

The tags that are associated with the assessment.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the assessment ID. For example:

{ "Ref": "111A1A1A-22B2-33C3-DDD4-55E5E5E555E5" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the assessment.

AssessmentId

The unique identifier for the assessment.

CreationTime

Specifies when the assessment was created.

See also