SDK for PHP 3.x
AWS Audit Manager 2017-07-25
- Client: Aws\AuditManager\AuditManagerClient
- Service ID: auditmanager
- Version: 2017-07-25
This page describes the parameters and results for the operations of the AWS Audit Manager (2017-07-25), and shows how to use the Aws\AuditManager\AuditManagerClient object to call the described operations. This documentation is specific to the 2017-07-25 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AssociateAssessmentReportEvidenceFolder ( array $params = [] )
- Associates an evidence folder to an assessment report in an Audit Manager assessment.
- BatchAssociateAssessmentReportEvidence ( array $params = [] )
- Associates a list of evidence to an assessment report in an Audit Manager assessment.
- BatchCreateDelegationByAssessment ( array $params = [] )
- Creates a batch of delegations for an assessment in Audit Manager.
- BatchDeleteDelegationByAssessment ( array $params = [] )
- Deletes a batch of delegations for an assessment in Audit Manager.
- BatchDisassociateAssessmentReportEvidence ( array $params = [] )
- Disassociates a list of evidence from an assessment report in Audit Manager.
- BatchImportEvidenceToAssessmentControl ( array $params = [] )
- Adds one or more pieces of evidence to a control in an Audit Manager assessment.
- CreateAssessment ( array $params = [] )
- Creates an assessment in Audit Manager.
- CreateAssessmentFramework ( array $params = [] )
- Creates a custom framework in Audit Manager.
- CreateAssessmentReport ( array $params = [] )
- Creates an assessment report for the specified assessment.
- CreateControl ( array $params = [] )
- Creates a new custom control in Audit Manager.
- DeleteAssessment ( array $params = [] )
- Deletes an assessment in Audit Manager.
- DeleteAssessmentFramework ( array $params = [] )
- Deletes a custom framework in Audit Manager.
- DeleteAssessmentFrameworkShare ( array $params = [] )
- Deletes a share request for a custom framework in Audit Manager.
- DeleteAssessmentReport ( array $params = [] )
- Deletes an assessment report in Audit Manager.
- DeleteControl ( array $params = [] )
- Deletes a custom control in Audit Manager.
- DeregisterAccount ( array $params = [] )
- Deregisters an account in Audit Manager.
- DeregisterOrganizationAdminAccount ( array $params = [] )
- Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
- DisassociateAssessmentReportEvidenceFolder ( array $params = [] )
- Disassociates an evidence folder from the specified assessment report in Audit Manager.
- GetAccountStatus ( array $params = [] )
- Gets the registration status of an account in Audit Manager.
- GetAssessment ( array $params = [] )
- Gets information about a specified assessment.
- GetAssessmentFramework ( array $params = [] )
- Gets information about a specified framework.
- GetAssessmentReportUrl ( array $params = [] )
- Gets the URL of an assessment report in Audit Manager.
- GetChangeLogs ( array $params = [] )
- Gets a list of changelogs from Audit Manager.
- GetControl ( array $params = [] )
- Gets information about a specified control.
- GetDelegations ( array $params = [] )
- Gets a list of delegations from an audit owner to a delegate.
- GetEvidence ( array $params = [] )
- Gets information about a specified evidence item.
- GetEvidenceByEvidenceFolder ( array $params = [] )
- Gets all evidence from a specified evidence folder in Audit Manager.
- GetEvidenceFileUploadUrl ( array $params = [] )
- Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence.
- GetEvidenceFolder ( array $params = [] )
- Gets an evidence folder from a specified assessment in Audit Manager.
- GetEvidenceFoldersByAssessment ( array $params = [] )
- Gets the evidence folders from a specified assessment in Audit Manager.
- GetEvidenceFoldersByAssessmentControl ( array $params = [] )
- Gets a list of evidence folders that are associated with a specified control in an Audit Manager assessment.
- GetInsights ( array $params = [] )
- Gets the latest analytics data for all your current active assessments.
- GetInsightsByAssessment ( array $params = [] )
- Gets the latest analytics data for a specific active assessment.
- GetOrganizationAdminAccount ( array $params = [] )
- Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
- GetServicesInScope ( array $params = [] )
- Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
- GetSettings ( array $params = [] )
- Gets the settings for a specified Amazon Web Services account.
- ListAssessmentControlInsightsByControlDomain ( array $params = [] )
- Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
- ListAssessmentFrameworkShareRequests ( array $params = [] )
- Returns a list of sent or received share requests for custom frameworks in Audit Manager.
- ListAssessmentFrameworks ( array $params = [] )
- Returns a list of the frameworks that are available in the Audit Manager framework library.
- ListAssessmentReports ( array $params = [] )
- Returns a list of assessment reports created in Audit Manager.
- ListAssessments ( array $params = [] )
- Returns a list of current and past assessments from Audit Manager.
- ListControlDomainInsights ( array $params = [] )
- Lists the latest analytics data for control domains across all of your active assessments.
- ListControlDomainInsightsByAssessment ( array $params = [] )
- Lists analytics data for control domains within a specified active assessment.
- ListControlInsightsByControlDomain ( array $params = [] )
- Lists the latest analytics data for controls within a specific control domain across all active assessments.
- ListControls ( array $params = [] )
- Returns a list of controls from Audit Manager.
- ListKeywordsForDataSource ( array $params = [] )
- Returns a list of keywords that are pre-mapped to the specified control data source.
- ListNotifications ( array $params = [] )
- Returns a list of all Audit Manager notifications.
- ListTagsForResource ( array $params = [] )
- Returns a list of tags for the specified resource in Audit Manager.
- RegisterAccount ( array $params = [] )
- Enables Audit Manager for the specified Amazon Web Services account.
- RegisterOrganizationAdminAccount ( array $params = [] )
- Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
- StartAssessmentFrameworkShare ( array $params = [] )
- Creates a share request for a custom framework in Audit Manager.
- TagResource ( array $params = [] )
- Tags the specified resource in Audit Manager.
- UntagResource ( array $params = [] )
- Removes a tag from a resource in Audit Manager.
- UpdateAssessment ( array $params = [] )
- Edits an Audit Manager assessment.
- UpdateAssessmentControl ( array $params = [] )
- Updates a control within an assessment in Audit Manager.
- UpdateAssessmentControlSetStatus ( array $params = [] )
- Updates the status of a control set in an Audit Manager assessment.
- UpdateAssessmentFramework ( array $params = [] )
- Updates a custom framework in Audit Manager.
- UpdateAssessmentFrameworkShare ( array $params = [] )
- Updates a share request for a custom framework in Audit Manager.
- UpdateAssessmentStatus ( array $params = [] )
- Updates the status of an assessment in Audit Manager.
- UpdateControl ( array $params = [] )
- Updates a custom control in Audit Manager.
- UpdateSettings ( array $params = [] )
- Updates Audit Manager settings for the current account.
- ValidateAssessmentReportIntegrity ( array $params = [] )
- Validates the integrity of an assessment report in Audit Manager.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- GetChangeLogs
- GetDelegations
- GetEvidenceByEvidenceFolder
- GetEvidenceFoldersByAssessment
- GetEvidenceFoldersByAssessmentControl
- ListAssessmentControlInsightsByControlDomain
- ListAssessmentFrameworkShareRequests
- ListAssessmentFrameworks
- ListAssessmentReports
- ListAssessments
- ListControlDomainInsights
- ListControlDomainInsightsByAssessment
- ListControlInsightsByControlDomain
- ListControls
- ListKeywordsForDataSource
- ListNotifications
Operations
AssociateAssessmentReportEvidenceFolder
$result = $client->associateAssessmentReportEvidenceFolder([/* ... */]); $promise = $client->associateAssessmentReportEvidenceFolderAsync([/* ... */]);
Associates an evidence folder to an assessment report in an Audit Manager assessment.
Parameter Syntax
$result = $client->associateAssessmentReportEvidenceFolder([
'assessmentId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- evidenceFolderId
-
- Required: Yes
- Type: string
The identifier for the folder that the evidence is stored in.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
BatchAssociateAssessmentReportEvidence
$result = $client->batchAssociateAssessmentReportEvidence([/* ... */]); $promise = $client->batchAssociateAssessmentReportEvidenceAsync([/* ... */]);
Associates a list of evidence to an assessment report in an Audit Manager assessment.
Parameter Syntax
$result = $client->batchAssociateAssessmentReportEvidence([
'assessmentId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
'evidenceIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- evidenceFolderId
-
- Required: Yes
- Type: string
The identifier for the folder that the evidence is stored in.
- evidenceIds
-
- Required: Yes
- Type: Array of strings
The list of evidence identifiers.
Result Syntax
[
'errors' => [
[
'errorCode' => '<string>',
'errorMessage' => '<string>',
'evidenceId' => '<string>',
],
// ...
],
'evidenceIds' => ['<string>', ...],
]
Result Details
Members
- errors
-
- Type: Array of AssessmentReportEvidenceError structures
A list of errors that the
BatchAssociateAssessmentReportEvidenceAPI returned. - evidenceIds
-
- Type: Array of strings
The list of evidence identifiers.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
BatchCreateDelegationByAssessment
$result = $client->batchCreateDelegationByAssessment([/* ... */]); $promise = $client->batchCreateDelegationByAssessmentAsync([/* ... */]);
Creates a batch of delegations for an assessment in Audit Manager.
Parameter Syntax
$result = $client->batchCreateDelegationByAssessment([
'assessmentId' => '<string>', // REQUIRED
'createDelegationRequests' => [ // REQUIRED
[
'comment' => '<string>',
'controlSetId' => '<string>',
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- createDelegationRequests
-
- Required: Yes
- Type: Array of CreateDelegationRequest structures
The API request to batch create delegations in Audit Manager.
Result Syntax
[
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'errors' => [
[
'createDelegationRequest' => [
'comment' => '<string>',
'controlSetId' => '<string>',
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
'errorCode' => '<string>',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- delegations
-
- Type: Array of Delegation structures
The delegations that are associated with the assessment.
- errors
-
- Type: Array of BatchCreateDelegationByAssessmentError structures
A list of errors that the
BatchCreateDelegationByAssessmentAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
BatchDeleteDelegationByAssessment
$result = $client->batchDeleteDelegationByAssessment([/* ... */]); $promise = $client->batchDeleteDelegationByAssessmentAsync([/* ... */]);
Deletes a batch of delegations for an assessment in Audit Manager.
Parameter Syntax
$result = $client->batchDeleteDelegationByAssessment([
'assessmentId' => '<string>', // REQUIRED
'delegationIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- delegationIds
-
- Required: Yes
- Type: Array of strings
The identifiers for the delegations.
Result Syntax
[
'errors' => [
[
'delegationId' => '<string>',
'errorCode' => '<string>',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- errors
-
- Type: Array of BatchDeleteDelegationByAssessmentError structures
A list of errors that the
BatchDeleteDelegationByAssessmentAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
BatchDisassociateAssessmentReportEvidence
$result = $client->batchDisassociateAssessmentReportEvidence([/* ... */]); $promise = $client->batchDisassociateAssessmentReportEvidenceAsync([/* ... */]);
Disassociates a list of evidence from an assessment report in Audit Manager.
Parameter Syntax
$result = $client->batchDisassociateAssessmentReportEvidence([
'assessmentId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
'evidenceIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- evidenceFolderId
-
- Required: Yes
- Type: string
The identifier for the folder that the evidence is stored in.
- evidenceIds
-
- Required: Yes
- Type: Array of strings
The list of evidence identifiers.
Result Syntax
[
'errors' => [
[
'errorCode' => '<string>',
'errorMessage' => '<string>',
'evidenceId' => '<string>',
],
// ...
],
'evidenceIds' => ['<string>', ...],
]
Result Details
Members
- errors
-
- Type: Array of AssessmentReportEvidenceError structures
A list of errors that the
BatchDisassociateAssessmentReportEvidenceAPI returned. - evidenceIds
-
- Type: Array of strings
The identifier for the evidence.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
BatchImportEvidenceToAssessmentControl
$result = $client->batchImportEvidenceToAssessmentControl([/* ... */]); $promise = $client->batchImportEvidenceToAssessmentControlAsync([/* ... */]);
Adds one or more pieces of evidence to a control in an Audit Manager assessment.
You can import manual evidence from any S3 bucket by specifying the S3 URI of the object. You can also upload a file from your browser, or enter plain text in response to a risk assessment question.
The following restrictions apply to this action:
-
manualEvidencecan be only one of the following:evidenceFileName,s3ResourcePath, ortextResponse -
Maximum size of an individual evidence file: 100 MB
-
Number of daily manual evidence uploads per control: 100
-
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
Parameter Syntax
$result = $client->batchImportEvidenceToAssessmentControl([
'assessmentId' => '<string>', // REQUIRED
'controlId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'manualEvidence' => [ // REQUIRED
[
'evidenceFileName' => '<string>',
's3ResourcePath' => '<string>',
'textResponse' => '<string>',
],
// ...
],
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- controlId
-
- Required: Yes
- Type: string
The identifier for the control.
- controlSetId
-
- Required: Yes
- Type: string
The identifier for the control set.
- manualEvidence
-
- Required: Yes
- Type: Array of ManualEvidence structures
The list of manual evidence objects.
Result Syntax
[
'errors' => [
[
'errorCode' => '<string>',
'errorMessage' => '<string>',
'manualEvidence' => [
'evidenceFileName' => '<string>',
's3ResourcePath' => '<string>',
'textResponse' => '<string>',
],
],
// ...
],
]
Result Details
Members
- errors
-
- Type: Array of BatchImportEvidenceToAssessmentControlError structures
A list of errors that the
BatchImportEvidenceToAssessmentControlAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ThrottlingException:
The request was denied due to request throttling.
CreateAssessment
$result = $client->createAssessment([/* ... */]); $promise = $client->createAssessmentAsync([/* ... */]);
Creates an assessment in Audit Manager.
Parameter Syntax
$result = $client->createAssessment([
'assessmentReportsDestination' => [ // REQUIRED
'destination' => '<string>',
'destinationType' => 'S3',
],
'description' => '<string>',
'frameworkId' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
'roles' => [ // REQUIRED
[
'roleArn' => '<string>', // REQUIRED
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER', // REQUIRED
],
// ...
],
'scope' => [ // REQUIRED
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- assessmentReportsDestination
-
- Required: Yes
- Type: AssessmentReportsDestination structure
The assessment report storage destination for the assessment that's being created.
- description
-
- Type: string
The optional description of the assessment to be created.
- frameworkId
-
- Required: Yes
- Type: string
The identifier for the framework that the assessment will be created from.
- name
-
- Required: Yes
- Type: string
The name of the assessment to be created.
- roles
-
- Required: Yes
- Type: Array of Role structures
The list of roles for the assessment.
- scope
-
- Required: Yes
- Type: Scope structure
The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.
You no longer need to specify which Amazon Web Services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services.
If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the assessment.
Result Syntax
[
'assessment' => [
'arn' => '<string>',
'awsAccount' => [
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
'framework' => [
'arn' => '<string>',
'controlSets' => [
[
'controls' => [
[
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
// ...
],
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'manualEvidenceCount' => <integer>,
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED',
'systemEvidenceCount' => <integer>,
],
// ...
],
'id' => '<string>',
'metadata' => [
'complianceType' => '<string>',
'description' => '<string>',
'logo' => '<string>',
'name' => '<string>',
],
],
'metadata' => [
'assessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'scope' => [
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
'status' => 'ACTIVE|INACTIVE',
],
'tags' => ['<string>', ...],
],
]
Result Details
Members
- assessment
-
- Type: Assessment structure
An entity that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ServiceQuotaExceededException:
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
- ThrottlingException:
The request was denied due to request throttling.
CreateAssessmentFramework
$result = $client->createAssessmentFramework([/* ... */]); $promise = $client->createAssessmentFrameworkAsync([/* ... */]);
Creates a custom framework in Audit Manager.
Parameter Syntax
$result = $client->createAssessmentFramework([
'complianceType' => '<string>',
'controlSets' => [ // REQUIRED
[
'controls' => [
[
'id' => '<string>', // REQUIRED
],
// ...
],
'name' => '<string>', // REQUIRED
],
// ...
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- complianceType
-
- Type: string
The compliance type that the new custom framework supports, such as CIS or HIPAA.
- controlSets
-
- Required: Yes
- Type: Array of CreateAssessmentFrameworkControlSet structures
The control sets that are associated with the framework.
- description
-
- Type: string
An optional description for the new custom framework.
- name
-
- Required: Yes
- Type: string
The name of the new custom framework.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the framework.
Result Syntax
[
'framework' => [
'arn' => '<string>',
'complianceType' => '<string>',
'controlSets' => [
[
'controls' => [
[
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
// ...
],
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'logo' => '<string>',
'name' => '<string>',
'tags' => ['<string>', ...],
'type' => 'Standard|Custom',
],
]
Result Details
Members
- framework
-
- Type: Framework structure
The name of the new framework that the
CreateAssessmentFrameworkAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ServiceQuotaExceededException:
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
CreateAssessmentReport
$result = $client->createAssessmentReport([/* ... */]); $promise = $client->createAssessmentReportAsync([/* ... */]);
Creates an assessment report for the specified assessment.
Parameter Syntax
$result = $client->createAssessmentReport([
'assessmentId' => '<string>', // REQUIRED
'description' => '<string>',
'name' => '<string>', // REQUIRED
'queryStatement' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- description
-
- Type: string
The description of the assessment report.
- name
-
- Required: Yes
- Type: string
The name of the new assessment report.
- queryStatement
-
- Type: string
A SQL statement that represents an evidence finder query.
Provide this parameter when you want to generate an assessment report from the results of an evidence finder search query. When you use this parameter, Audit Manager generates a one-time report using only the evidence from the query output. This report does not include any assessment evidence that was manually added to a report using the console, or associated with a report using the API.
To use this parameter, the enablementStatus of evidence finder must be
ENABLED.For examples and help resolving
queryStatementvalidation exceptions, see Troubleshooting evidence finder issues in the Audit Manager User Guide.
Result Syntax
[
'assessmentReport' => [
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'author' => '<string>',
'awsAccountId' => '<string>',
'creationTime' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
'status' => 'COMPLETE|IN_PROGRESS|FAILED',
],
]
Result Details
Members
- assessmentReport
-
- Type: AssessmentReport structure
The new assessment report that the
CreateAssessmentReportAPI returned.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
CreateControl
$result = $client->createControl([/* ... */]); $promise = $client->createControlAsync([/* ... */]);
Creates a new custom control in Audit Manager.
Parameter Syntax
$result = $client->createControl([
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'controlMappingSources' => [ // REQUIRED
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
]);
Parameter Details
Members
- actionPlanInstructions
-
- Type: string
The recommended actions to carry out if the control isn't fulfilled.
- actionPlanTitle
-
- Type: string
The title of the action plan for remediating the control.
- controlMappingSources
-
- Required: Yes
- Type: Array of CreateControlMappingSource structures
The data mapping sources for the control.
- description
-
- Type: string
The description of the control.
- name
-
- Required: Yes
- Type: string
The name of the control.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the control.
- testingInformation
-
- Type: string
The steps to follow to determine if the control is satisfied.
Result Syntax
[
'control' => [
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
]
Result Details
Members
- control
-
- Type: Control structure
The new control that the
CreateControlAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ServiceQuotaExceededException:
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
DeleteAssessment
$result = $client->deleteAssessment([/* ... */]); $promise = $client->deleteAssessmentAsync([/* ... */]);
Deletes an assessment in Audit Manager.
Parameter Syntax
$result = $client->deleteAssessment([
'assessmentId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
DeleteAssessmentFramework
$result = $client->deleteAssessmentFramework([/* ... */]); $promise = $client->deleteAssessmentFrameworkAsync([/* ... */]);
Deletes a custom framework in Audit Manager.
Parameter Syntax
$result = $client->deleteAssessmentFramework([
'frameworkId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- frameworkId
-
- Required: Yes
- Type: string
The identifier for the custom framework.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
DeleteAssessmentFrameworkShare
$result = $client->deleteAssessmentFrameworkShare([/* ... */]); $promise = $client->deleteAssessmentFrameworkShareAsync([/* ... */]);
Deletes a share request for a custom framework in Audit Manager.
Parameter Syntax
$result = $client->deleteAssessmentFrameworkShare([
'requestId' => '<string>', // REQUIRED
'requestType' => 'SENT|RECEIVED', // REQUIRED
]);
Parameter Details
Members
- requestId
-
- Required: Yes
- Type: string
The unique identifier for the share request to be deleted.
- requestType
-
- Required: Yes
- Type: string
Specifies whether the share request is a sent request or a received request.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
DeleteAssessmentReport
$result = $client->deleteAssessmentReport([/* ... */]); $promise = $client->deleteAssessmentReportAsync([/* ... */]);
Deletes an assessment report in Audit Manager.
When you run the DeleteAssessmentReport operation, Audit Manager attempts to delete the following data:
-
The specified assessment report that’s stored in your S3 bucket
-
The associated metadata that’s stored in Audit Manager
If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the DeleteAssessmentReport operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself.
This scenario happens when Audit Manager receives a 403 (Forbidden) or 404 (Not Found) error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see Assessment report destination permissions in the Audit Manager User Guide. For information about the issues that could cause a 403 (Forbidden) or 404 (Not Found) error from Amazon S3, see List of Error Codes in the Amazon Simple Storage Service API Reference.
Parameter Syntax
$result = $client->deleteAssessmentReport([
'assessmentId' => '<string>', // REQUIRED
'assessmentReportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- assessmentReportId
-
- Required: Yes
- Type: string
The unique identifier for the assessment report.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
DeleteControl
$result = $client->deleteControl([/* ... */]); $promise = $client->deleteControlAsync([/* ... */]);
Deletes a custom control in Audit Manager.
When you invoke this operation, the custom control is deleted from any frameworks or assessments that it’s currently part of. As a result, Audit Manager will stop collecting evidence for that custom control in all of your assessments. This includes assessments that you previously created before you deleted the custom control.
Parameter Syntax
$result = $client->deleteControl([
'controlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- controlId
-
- Required: Yes
- Type: string
The unique identifier for the control.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
DeregisterAccount
$result = $client->deregisterAccount([/* ... */]); $promise = $client->deregisterAccountAsync([/* ... */]);
Deregisters an account in Audit Manager.
Before you deregister, you can use the UpdateSettings API operation to set your preferred data retention policy. By default, Audit Manager retains your data. If you want to delete your data, you can use the DeregistrationPolicy attribute to request the deletion of your data.
For more information about data retention, see Data Protection in the Audit Manager User Guide.
Parameter Syntax
$result = $client->deregisterAccount([ ]);
Parameter Details
Members
Result Syntax
[
'status' => 'ACTIVE|INACTIVE|PENDING_ACTIVATION',
]
Result Details
Members
- status
-
- Type: string
The registration status of the account.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
DeregisterOrganizationAdminAccount
$result = $client->deregisterOrganizationAdminAccount([/* ... */]); $promise = $client->deregisterOrganizationAdminAccountAsync([/* ... */]);
Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.
When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.
Keep in mind the following cleanup task if you use evidence finder:
Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually deletes the event data store.
This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.
When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.
To delete your Audit Manager resource data, see the following instructions:
-
DeleteAssessment (see also: Deleting an assessment in the Audit Manager User Guide)
-
DeleteAssessmentFramework (see also: Deleting a custom framework in the Audit Manager User Guide)
-
DeleteAssessmentFrameworkShare (see also: Deleting a share request in the Audit Manager User Guide)
-
DeleteAssessmentReport (see also: Deleting an assessment report in the Audit Manager User Guide)
-
DeleteControl (see also: Deleting a custom control in the Audit Manager User Guide)
At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.
Parameter Syntax
$result = $client->deregisterOrganizationAdminAccount([
'adminAccountId' => '<string>',
]);
Parameter Details
Members
- adminAccountId
-
- Type: string
The identifier for the administrator account.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
DisassociateAssessmentReportEvidenceFolder
$result = $client->disassociateAssessmentReportEvidenceFolder([/* ... */]); $promise = $client->disassociateAssessmentReportEvidenceFolderAsync([/* ... */]);
Disassociates an evidence folder from the specified assessment report in Audit Manager.
Parameter Syntax
$result = $client->disassociateAssessmentReportEvidenceFolder([
'assessmentId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- evidenceFolderId
-
- Required: Yes
- Type: string
The unique identifier for the folder that the evidence is stored in.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
GetAccountStatus
$result = $client->getAccountStatus([/* ... */]); $promise = $client->getAccountStatusAsync([/* ... */]);
Gets the registration status of an account in Audit Manager.
Parameter Syntax
$result = $client->getAccountStatus([ ]);
Parameter Details
Members
Result Syntax
[
'status' => 'ACTIVE|INACTIVE|PENDING_ACTIVATION',
]
Result Details
Members
- status
-
- Type: string
The status of the Amazon Web Services account.
Errors
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetAssessment
$result = $client->getAssessment([/* ... */]); $promise = $client->getAssessmentAsync([/* ... */]);
Gets information about a specified assessment.
Parameter Syntax
$result = $client->getAssessment([
'assessmentId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
Result Syntax
[
'assessment' => [
'arn' => '<string>',
'awsAccount' => [
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
'framework' => [
'arn' => '<string>',
'controlSets' => [
[
'controls' => [
[
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
// ...
],
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'manualEvidenceCount' => <integer>,
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED',
'systemEvidenceCount' => <integer>,
],
// ...
],
'id' => '<string>',
'metadata' => [
'complianceType' => '<string>',
'description' => '<string>',
'logo' => '<string>',
'name' => '<string>',
],
],
'metadata' => [
'assessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'scope' => [
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
'status' => 'ACTIVE|INACTIVE',
],
'tags' => ['<string>', ...],
],
'userRole' => [
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
]
Result Details
Members
- assessment
-
- Type: Assessment structure
An entity that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.
- userRole
-
- Type: Role structure
The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetAssessmentFramework
$result = $client->getAssessmentFramework([/* ... */]); $promise = $client->getAssessmentFrameworkAsync([/* ... */]);
Gets information about a specified framework.
Parameter Syntax
$result = $client->getAssessmentFramework([
'frameworkId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- frameworkId
-
- Required: Yes
- Type: string
The identifier for the framework.
Result Syntax
[
'framework' => [
'arn' => '<string>',
'complianceType' => '<string>',
'controlSets' => [
[
'controls' => [
[
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
// ...
],
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'logo' => '<string>',
'name' => '<string>',
'tags' => ['<string>', ...],
'type' => 'Standard|Custom',
],
]
Result Details
Members
- framework
-
- Type: Framework structure
The framework that the
GetAssessmentFrameworkAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetAssessmentReportUrl
$result = $client->getAssessmentReportUrl([/* ... */]); $promise = $client->getAssessmentReportUrlAsync([/* ... */]);
Gets the URL of an assessment report in Audit Manager.
Parameter Syntax
$result = $client->getAssessmentReportUrl([
'assessmentId' => '<string>', // REQUIRED
'assessmentReportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- assessmentReportId
-
- Required: Yes
- Type: string
The unique identifier for the assessment report.
Result Syntax
[
'preSignedUrl' => [
'hyperlinkName' => '<string>',
'link' => '<string>',
],
]
Result Details
Members
- preSignedUrl
-
- Type: URL structure
Short for uniform resource locator. A URL is used as a unique identifier to locate a resource on the internet.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
GetChangeLogs
$result = $client->getChangeLogs([/* ... */]); $promise = $client->getChangeLogsAsync([/* ... */]);
Gets a list of changelogs from Audit Manager.
Parameter Syntax
$result = $client->getChangeLogs([
'assessmentId' => '<string>', // REQUIRED
'controlId' => '<string>',
'controlSetId' => '<string>',
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- controlId
-
- Type: string
The unique identifier for the control.
- controlSetId
-
- Type: string
The unique identifier for the control set.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'changeLogs' => [
[
'action' => 'CREATE|UPDATE_METADATA|ACTIVE|INACTIVE|DELETE|UNDER_REVIEW|REVIEWED|IMPORT_EVIDENCE',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'objectName' => '<string>',
'objectType' => 'ASSESSMENT|CONTROL_SET|CONTROL|DELEGATION|ASSESSMENT_REPORT',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- changeLogs
-
- Type: Array of ChangeLog structures
The list of user activity for the control.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetControl
$result = $client->getControl([/* ... */]); $promise = $client->getControlAsync([/* ... */]);
Gets information about a specified control.
Parameter Syntax
$result = $client->getControl([
'controlId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- controlId
-
- Required: Yes
- Type: string
The identifier for the control.
Result Syntax
[
'control' => [
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
]
Result Details
Members
- control
-
- Type: Control structure
The details of the control that the
GetControlAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetDelegations
$result = $client->getDelegations([/* ... */]); $promise = $client->getDelegationsAsync([/* ... */]);
Gets a list of delegations from an audit owner to a delegate.
Parameter Syntax
$result = $client->getDelegations([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'controlSetName' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'roleArn' => '<string>',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- delegations
-
- Type: Array of DelegationMetadata structures
The list of delegations that the
GetDelegationsAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetEvidence
$result = $client->getEvidence([/* ... */]); $promise = $client->getEvidenceAsync([/* ... */]);
Gets information about a specified evidence item.
Parameter Syntax
$result = $client->getEvidence([
'assessmentId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
'evidenceId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- controlSetId
-
- Required: Yes
- Type: string
The unique identifier for the control set.
- evidenceFolderId
-
- Required: Yes
- Type: string
The unique identifier for the folder that the evidence is stored in.
- evidenceId
-
- Required: Yes
- Type: string
The unique identifier for the evidence.
Result Syntax
[
'evidence' => [
'assessmentReportSelection' => '<string>',
'attributes' => ['<string>', ...],
'awsAccountId' => '<string>',
'awsOrganization' => '<string>',
'complianceCheck' => '<string>',
'dataSource' => '<string>',
'eventName' => '<string>',
'eventSource' => '<string>',
'evidenceAwsAccountId' => '<string>',
'evidenceByType' => '<string>',
'evidenceFolderId' => '<string>',
'iamId' => '<string>',
'id' => '<string>',
'resourcesIncluded' => [
[
'arn' => '<string>',
'complianceCheck' => '<string>',
'value' => '<string>',
],
// ...
],
'time' => <DateTime>,
],
]
Result Details
Members
- evidence
-
- Type: Evidence structure
The evidence that the
GetEvidenceAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetEvidenceByEvidenceFolder
$result = $client->getEvidenceByEvidenceFolder([/* ... */]); $promise = $client->getEvidenceByEvidenceFolderAsync([/* ... */]);
Gets all evidence from a specified evidence folder in Audit Manager.
Parameter Syntax
$result = $client->getEvidenceByEvidenceFolder([
'assessmentId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- controlSetId
-
- Required: Yes
- Type: string
The identifier for the control set.
- evidenceFolderId
-
- Required: Yes
- Type: string
The unique identifier for the folder that the evidence is stored in.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'evidence' => [
[
'assessmentReportSelection' => '<string>',
'attributes' => ['<string>', ...],
'awsAccountId' => '<string>',
'awsOrganization' => '<string>',
'complianceCheck' => '<string>',
'dataSource' => '<string>',
'eventName' => '<string>',
'eventSource' => '<string>',
'evidenceAwsAccountId' => '<string>',
'evidenceByType' => '<string>',
'evidenceFolderId' => '<string>',
'iamId' => '<string>',
'id' => '<string>',
'resourcesIncluded' => [
[
'arn' => '<string>',
'complianceCheck' => '<string>',
'value' => '<string>',
],
// ...
],
'time' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- evidence
-
- Type: Array of Evidence structures
The list of evidence that the
GetEvidenceByEvidenceFolderAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetEvidenceFileUploadUrl
$result = $client->getEvidenceFileUploadUrl([/* ... */]); $promise = $client->getEvidenceFileUploadUrlAsync([/* ... */]);
Creates a presigned Amazon S3 URL that can be used to upload a file as manual evidence. For instructions on how to use this operation, see Upload a file from your browser in the Audit Manager User Guide.
The following restrictions apply to this operation:
-
Maximum size of an individual evidence file: 100 MB
-
Number of daily manual evidence uploads per control: 100
-
Supported file formats: See Supported file types for manual evidence in the Audit Manager User Guide
For more information about Audit Manager service restrictions, see Quotas and restrictions for Audit Manager.
Parameter Syntax
$result = $client->getEvidenceFileUploadUrl([
'fileName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- fileName
-
- Required: Yes
- Type: string
The file that you want to upload. For a list of supported file formats, see Supported file types for manual evidence in the Audit Manager User Guide.
Result Syntax
[
'evidenceFileName' => '<string>',
'uploadUrl' => '<string>',
]
Result Details
Members
- evidenceFileName
-
- Type: string
The name of the uploaded manual evidence file that the presigned URL was generated for.
- uploadUrl
-
- Type: string
The presigned URL that was generated.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ThrottlingException:
The request was denied due to request throttling.
GetEvidenceFolder
$result = $client->getEvidenceFolder([/* ... */]); $promise = $client->getEvidenceFolderAsync([/* ... */]);
Gets an evidence folder from a specified assessment in Audit Manager.
Parameter Syntax
$result = $client->getEvidenceFolder([
'assessmentId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'evidenceFolderId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- controlSetId
-
- Required: Yes
- Type: string
The unique identifier for the control set.
- evidenceFolderId
-
- Required: Yes
- Type: string
The unique identifier for the folder that the evidence is stored in.
Result Syntax
[
'evidenceFolder' => [
'assessmentId' => '<string>',
'assessmentReportSelectionCount' => <integer>,
'author' => '<string>',
'controlId' => '<string>',
'controlName' => '<string>',
'controlSetId' => '<string>',
'dataSource' => '<string>',
'date' => <DateTime>,
'evidenceAwsServiceSourceCount' => <integer>,
'evidenceByTypeComplianceCheckCount' => <integer>,
'evidenceByTypeComplianceCheckIssuesCount' => <integer>,
'evidenceByTypeConfigurationDataCount' => <integer>,
'evidenceByTypeManualCount' => <integer>,
'evidenceByTypeUserActivityCount' => <integer>,
'evidenceResourcesIncludedCount' => <integer>,
'id' => '<string>',
'name' => '<string>',
'totalEvidence' => <integer>,
],
]
Result Details
Members
- evidenceFolder
-
- Type: AssessmentEvidenceFolder structure
The folder that the evidence is stored in.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetEvidenceFoldersByAssessment
$result = $client->getEvidenceFoldersByAssessment([/* ... */]); $promise = $client->getEvidenceFoldersByAssessmentAsync([/* ... */]);
Gets the evidence folders from a specified assessment in Audit Manager.
Parameter Syntax
$result = $client->getEvidenceFoldersByAssessment([
'assessmentId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'evidenceFolders' => [
[
'assessmentId' => '<string>',
'assessmentReportSelectionCount' => <integer>,
'author' => '<string>',
'controlId' => '<string>',
'controlName' => '<string>',
'controlSetId' => '<string>',
'dataSource' => '<string>',
'date' => <DateTime>,
'evidenceAwsServiceSourceCount' => <integer>,
'evidenceByTypeComplianceCheckCount' => <integer>,
'evidenceByTypeComplianceCheckIssuesCount' => <integer>,
'evidenceByTypeConfigurationDataCount' => <integer>,
'evidenceByTypeManualCount' => <integer>,
'evidenceByTypeUserActivityCount' => <integer>,
'evidenceResourcesIncludedCount' => <integer>,
'id' => '<string>',
'name' => '<string>',
'totalEvidence' => <integer>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- evidenceFolders
-
- Type: Array of AssessmentEvidenceFolder structures
The list of evidence folders that the
GetEvidenceFoldersByAssessmentAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetEvidenceFoldersByAssessmentControl
$result = $client->getEvidenceFoldersByAssessmentControl([/* ... */]); $promise = $client->getEvidenceFoldersByAssessmentControlAsync([/* ... */]);
Gets a list of evidence folders that are associated with a specified control in an Audit Manager assessment.
Parameter Syntax
$result = $client->getEvidenceFoldersByAssessmentControl([
'assessmentId' => '<string>', // REQUIRED
'controlId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The identifier for the assessment.
- controlId
-
- Required: Yes
- Type: string
The identifier for the control.
- controlSetId
-
- Required: Yes
- Type: string
The identifier for the control set.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'evidenceFolders' => [
[
'assessmentId' => '<string>',
'assessmentReportSelectionCount' => <integer>,
'author' => '<string>',
'controlId' => '<string>',
'controlName' => '<string>',
'controlSetId' => '<string>',
'dataSource' => '<string>',
'date' => <DateTime>,
'evidenceAwsServiceSourceCount' => <integer>,
'evidenceByTypeComplianceCheckCount' => <integer>,
'evidenceByTypeComplianceCheckIssuesCount' => <integer>,
'evidenceByTypeConfigurationDataCount' => <integer>,
'evidenceByTypeManualCount' => <integer>,
'evidenceByTypeUserActivityCount' => <integer>,
'evidenceResourcesIncludedCount' => <integer>,
'id' => '<string>',
'name' => '<string>',
'totalEvidence' => <integer>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- evidenceFolders
-
- Type: Array of AssessmentEvidenceFolder structures
The list of evidence folders that the
GetEvidenceFoldersByAssessmentControlAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetInsights
$result = $client->getInsights([/* ... */]); $promise = $client->getInsightsAsync([/* ... */]);
Gets the latest analytics data for all your current active assessments.
Parameter Syntax
$result = $client->getInsights([ ]);
Parameter Details
Members
Result Syntax
[
'insights' => [
'activeAssessmentsCount' => <integer>,
'assessmentControlsCountByNoncompliantEvidence' => <integer>,
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'lastUpdated' => <DateTime>,
'noncompliantEvidenceCount' => <integer>,
'totalAssessmentControlsCount' => <integer>,
],
]
Result Details
Members
- insights
-
- Type: Insights structure
The analytics data that the
GetInsightsAPI returned.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetInsightsByAssessment
$result = $client->getInsightsByAssessment([/* ... */]); $promise = $client->getInsightsByAssessmentAsync([/* ... */]);
Gets the latest analytics data for a specific active assessment.
Parameter Syntax
$result = $client->getInsightsByAssessment([
'assessmentId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
Result Syntax
[
'insights' => [
'assessmentControlsCountByNoncompliantEvidence' => <integer>,
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'lastUpdated' => <DateTime>,
'noncompliantEvidenceCount' => <integer>,
'totalAssessmentControlsCount' => <integer>,
],
]
Result Details
Members
- insights
-
- Type: InsightsByAssessment structure
The assessment analytics data that the
GetInsightsByAssessmentAPI returned.
Errors
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetOrganizationAdminAccount
$result = $client->getOrganizationAdminAccount([/* ... */]); $promise = $client->getOrganizationAdminAccountAsync([/* ... */]);
Gets the name of the delegated Amazon Web Services administrator account for a specified organization.
Parameter Syntax
$result = $client->getOrganizationAdminAccount([ ]);
Parameter Details
Members
Result Syntax
[
'adminAccountId' => '<string>',
'organizationId' => '<string>',
]
Result Details
Members
- adminAccountId
-
- Type: string
The identifier for the administrator account.
- organizationId
-
- Type: string
The identifier for the organization.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
GetServicesInScope
$result = $client->getServicesInScope([/* ... */]); $promise = $client->getServicesInScopeAsync([/* ... */]);
Gets a list of the Amazon Web Services from which Audit Manager can collect evidence.
Audit Manager defines which Amazon Web Services are in scope for an assessment. Audit Manager infers this scope by examining the assessment’s controls and their data sources, and then mapping this information to one or more of the corresponding Amazon Web Services that are in this list.
For information about why it's no longer possible to specify services in scope manually, see I can't edit the services in scope for my assessment in the Troubleshooting section of the Audit Manager user guide.
Parameter Syntax
$result = $client->getServicesInScope([ ]);
Parameter Details
Members
Result Syntax
[
'serviceMetadata' => [
[
'category' => '<string>',
'description' => '<string>',
'displayName' => '<string>',
'name' => '<string>',
],
// ...
],
]
Result Details
Members
- serviceMetadata
-
- Type: Array of ServiceMetadata structures
The metadata that's associated with the Amazon Web Service.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
GetSettings
$result = $client->getSettings([/* ... */]); $promise = $client->getSettingsAsync([/* ... */]);
Gets the settings for a specified Amazon Web Services account.
Parameter Syntax
$result = $client->getSettings([
'attribute' => 'ALL|IS_AWS_ORG_ENABLED|SNS_TOPIC|DEFAULT_ASSESSMENT_REPORTS_DESTINATION|DEFAULT_PROCESS_OWNERS|EVIDENCE_FINDER_ENABLEMENT|DEREGISTRATION_POLICY|DEFAULT_EXPORT_DESTINATION', // REQUIRED
]);
Parameter Details
Members
- attribute
-
- Required: Yes
- Type: string
The list of setting attribute enum values.
Result Syntax
[
'settings' => [
'defaultAssessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultExportDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultProcessOwners' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'deregistrationPolicy' => [
'deleteResources' => 'ALL|DEFAULT',
],
'evidenceFinderEnablement' => [
'backfillStatus' => 'NOT_STARTED|IN_PROGRESS|COMPLETED',
'enablementStatus' => 'ENABLED|DISABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS',
'error' => '<string>',
'eventDataStoreArn' => '<string>',
],
'isAwsOrgEnabled' => true || false,
'kmsKey' => '<string>',
'snsTopic' => '<string>',
],
]
Result Details
Members
- settings
-
- Type: Settings structure
The settings object that holds all supported Audit Manager settings.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListAssessmentControlInsightsByControlDomain
$result = $client->listAssessmentControlInsightsByControlDomain([/* ... */]); $promise = $client->listAssessmentControlInsightsByControlDomainAsync([/* ... */]);
Lists the latest analytics data for controls within a specific control domain and a specific active assessment.
Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on the lastUpdated date of controlInsightsByAssessment. If neither of these conditions are met, no data is listed for that control.
Parameter Syntax
$result = $client->listAssessmentControlInsightsByControlDomain([
'assessmentId' => '<string>', // REQUIRED
'controlDomainId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the active assessment.
- controlDomainId
-
- Required: Yes
- Type: string
The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see
ListDomainsin the Amazon Web Services Control Catalog API Reference. - maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'controlInsightsByAssessment' => [
[
'controlSetName' => '<string>',
'evidenceInsights' => [
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'noncompliantEvidenceCount' => <integer>,
],
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- controlInsightsByAssessment
-
- Type: Array of ControlInsightsMetadataByAssessmentItem structures
The assessment control analytics data that the
ListAssessmentControlInsightsByControlDomainAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListAssessmentFrameworkShareRequests
$result = $client->listAssessmentFrameworkShareRequests([/* ... */]); $promise = $client->listAssessmentFrameworkShareRequestsAsync([/* ... */]);
Returns a list of sent or received share requests for custom frameworks in Audit Manager.
Parameter Syntax
$result = $client->listAssessmentFrameworkShareRequests([
'maxResults' => <integer>,
'nextToken' => '<string>',
'requestType' => 'SENT|RECEIVED', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
- requestType
-
- Required: Yes
- Type: string
Specifies whether the share request is a sent request or a received request.
Result Syntax
[
'assessmentFrameworkShareRequests' => [
[
'comment' => '<string>',
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'customControlsCount' => <integer>,
'destinationAccount' => '<string>',
'destinationRegion' => '<string>',
'expirationTime' => <DateTime>,
'frameworkDescription' => '<string>',
'frameworkId' => '<string>',
'frameworkName' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'sourceAccount' => '<string>',
'standardControlsCount' => <integer>,
'status' => 'ACTIVE|REPLICATING|SHARED|EXPIRING|FAILED|EXPIRED|DECLINED|REVOKED',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentFrameworkShareRequests
-
- Type: Array of AssessmentFrameworkShareRequest structures
The list of share requests that the
ListAssessmentFrameworkShareRequestsAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListAssessmentFrameworks
$result = $client->listAssessmentFrameworks([/* ... */]); $promise = $client->listAssessmentFrameworksAsync([/* ... */]);
Returns a list of the frameworks that are available in the Audit Manager framework library.
Parameter Syntax
$result = $client->listAssessmentFrameworks([
'frameworkType' => 'Standard|Custom', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- frameworkType
-
- Required: Yes
- Type: string
The type of framework, such as a standard framework or a custom framework.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'frameworkMetadataList' => [
[
'arn' => '<string>',
'complianceType' => '<string>',
'controlSetsCount' => <integer>,
'controlsCount' => <integer>,
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'logo' => '<string>',
'name' => '<string>',
'type' => 'Standard|Custom',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- frameworkMetadataList
-
- Type: Array of AssessmentFrameworkMetadata structures
A list of metadata that the
ListAssessmentFrameworksAPI returns for each framework. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListAssessmentReports
$result = $client->listAssessmentReports([/* ... */]); $promise = $client->listAssessmentReportsAsync([/* ... */]);
Returns a list of assessment reports created in Audit Manager.
Parameter Syntax
$result = $client->listAssessmentReports([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'assessmentReports' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'author' => '<string>',
'creationTime' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
'status' => 'COMPLETE|IN_PROGRESS|FAILED',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentReports
-
- Type: Array of AssessmentReportMetadata structures
The list of assessment reports that the
ListAssessmentReportsAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListAssessments
$result = $client->listAssessments([/* ... */]); $promise = $client->listAssessmentsAsync([/* ... */]);
Returns a list of current and past assessments from Audit Manager.
Parameter Syntax
$result = $client->listAssessments([
'maxResults' => <integer>,
'nextToken' => '<string>',
'status' => 'ACTIVE|INACTIVE',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
- status
-
- Type: string
The current status of the assessment.
Result Syntax
[
'assessmentMetadata' => [
[
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|INACTIVE',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- assessmentMetadata
-
- Type: Array of AssessmentMetadataItem structures
The metadata that the
ListAssessmentsAPI returns for each assessment. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListControlDomainInsights
$result = $client->listControlDomainInsights([/* ... */]); $promise = $client->listControlDomainInsightsAsync([/* ... */]);
Lists the latest analytics data for control domains across all of your active assessments.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that control domain.
Parameter Syntax
$result = $client->listControlDomainInsights([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'controlDomainInsights' => [
[
'controlsCountByNoncompliantEvidence' => <integer>,
'evidenceInsights' => [
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'noncompliantEvidenceCount' => <integer>,
],
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'totalControlsCount' => <integer>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- controlDomainInsights
-
- Type: Array of ControlDomainInsights structures
The control domain analytics data that the
ListControlDomainInsightsAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ValidationException:
The request has invalid or missing parameters.
ListControlDomainInsightsByAssessment
$result = $client->listControlDomainInsightsByAssessment([/* ... */]); $promise = $client->listControlDomainInsightsByAssessmentAsync([/* ... */]);
Lists analytics data for control domains within a specified active assessment.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see ListDomains in the Amazon Web Services Control Catalog API Reference.
A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that domain.
Parameter Syntax
$result = $client->listControlDomainInsightsByAssessment([
'assessmentId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the active assessment.
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'controlDomainInsights' => [
[
'controlsCountByNoncompliantEvidence' => <integer>,
'evidenceInsights' => [
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'noncompliantEvidenceCount' => <integer>,
],
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'totalControlsCount' => <integer>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- controlDomainInsights
-
- Type: Array of ControlDomainInsights structures
The control domain analytics data that the
ListControlDomainInsightsByAssessmentAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListControlInsightsByControlDomain
$result = $client->listControlInsightsByControlDomain([/* ... */]); $promise = $client->listControlInsightsByControlDomainAsync([/* ... */]);
Lists the latest analytics data for controls within a specific control domain across all active assessments.
Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on the lastUpdated date of controlInsightsMetadata. If neither of these conditions are met, no data is listed for that control.
Parameter Syntax
$result = $client->listControlInsightsByControlDomain([
'controlDomainId' => '<string>', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- controlDomainId
-
- Required: Yes
- Type: string
The unique identifier for the control domain.
Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see
ListDomainsin the Amazon Web Services Control Catalog API Reference. - maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'controlInsightsMetadata' => [
[
'evidenceInsights' => [
'compliantEvidenceCount' => <integer>,
'inconclusiveEvidenceCount' => <integer>,
'noncompliantEvidenceCount' => <integer>,
],
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- controlInsightsMetadata
-
- Type: Array of ControlInsightsMetadataItem structures
The control analytics data that the
ListControlInsightsByControlDomainAPI returned. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ValidationException:
The request has invalid or missing parameters.
ListControls
$result = $client->listControls([/* ... */]); $promise = $client->listControlsAsync([/* ... */]);
Returns a list of controls from Audit Manager.
Parameter Syntax
$result = $client->listControls([
'controlCatalogId' => '<string>',
'controlType' => 'Standard|Custom|Core', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- controlCatalogId
-
- Type: string
A filter that narrows the list of controls to a specific resource from the Amazon Web Services Control Catalog.
To use this parameter, specify the ARN of the Control Catalog resource. You can specify either a control domain, a control objective, or a common control. For information about how to find the ARNs for these resources, see
ListDomains,ListObjectives, andListCommonControls.You can only filter by one Control Catalog resource at a time. Specifying multiple resource ARNs isn’t currently supported. If you want to filter by more than one ARN, we recommend that you run the
ListControlsoperation separately for each ARN.Alternatively, specify
UNCATEGORIZEDto list controls that aren't mapped to a Control Catalog resource. For example, this operation might return a list of custom controls that don't belong to any control domain or control objective. - controlType
-
- Required: Yes
- Type: string
A filter that narrows the list of controls to a specific type.
- maxResults
-
- Type: int
The maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'controlMetadataList' => [
[
'arn' => '<string>',
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- controlMetadataList
-
- Type: Array of ControlMetadata structures
A list of metadata that the
ListControlsAPI returns for each control. - nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListKeywordsForDataSource
$result = $client->listKeywordsForDataSource([/* ... */]); $promise = $client->listKeywordsForDataSourceAsync([/* ... */]);
Returns a list of keywords that are pre-mapped to the specified control data source.
Parameter Syntax
$result = $client->listKeywordsForDataSource([
'maxResults' => <integer>,
'nextToken' => '<string>',
'source' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
- source
-
- Required: Yes
- Type: string
The control mapping data source that the keywords apply to.
Result Syntax
[
'keywords' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Members
- keywords
-
- Type: Array of strings
The list of keywords for the control mapping source.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListNotifications
$result = $client->listNotifications([/* ... */]); $promise = $client->listNotificationsAsync([/* ... */]);
Returns a list of all Audit Manager notifications.
Parameter Syntax
$result = $client->listNotifications([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
Represents the maximum number of results on a page or for an API request call.
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
Result Syntax
[
'nextToken' => '<string>',
'notifications' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'controlSetId' => '<string>',
'controlSetName' => '<string>',
'description' => '<string>',
'eventTime' => <DateTime>,
'id' => '<string>',
'source' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token that's used to fetch the next set of results.
- notifications
-
- Type: Array of Notification structures
The returned list of notifications.
Errors
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- ValidationException:
The request has invalid or missing parameters.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Returns a list of tags for the specified resource in Audit Manager.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The list of tags that the
ListTagsForResourceAPI returned.
Errors
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
RegisterAccount
$result = $client->registerAccount([/* ... */]); $promise = $client->registerAccountAsync([/* ... */]);
Enables Audit Manager for the specified Amazon Web Services account.
Parameter Syntax
$result = $client->registerAccount([
'delegatedAdminAccount' => '<string>',
'kmsKey' => '<string>',
]);
Parameter Details
Members
- delegatedAdminAccount
-
- Type: string
The delegated administrator account for Audit Manager.
- kmsKey
-
- Type: string
The KMS key details.
Result Syntax
[
'status' => 'ACTIVE|INACTIVE|PENDING_ACTIVATION',
]
Result Details
Members
- status
-
- Type: string
The status of the account registration request.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ThrottlingException:
The request was denied due to request throttling.
RegisterOrganizationAdminAccount
$result = $client->registerOrganizationAdminAccount([/* ... */]); $promise = $client->registerOrganizationAdminAccountAsync([/* ... */]);
Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.
Parameter Syntax
$result = $client->registerOrganizationAdminAccount([
'adminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- adminAccountId
-
- Required: Yes
- Type: string
The identifier for the delegated administrator account.
Result Syntax
[
'adminAccountId' => '<string>',
'organizationId' => '<string>',
]
Result Details
Members
- adminAccountId
-
- Type: string
The identifier for the delegated administrator account.
- organizationId
-
- Type: string
The identifier for the organization.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
StartAssessmentFrameworkShare
$result = $client->startAssessmentFrameworkShare([/* ... */]); $promise = $client->startAssessmentFrameworkShareAsync([/* ... */]);
Creates a share request for a custom framework in Audit Manager.
The share request specifies a recipient and notifies them that a custom framework is available. Recipients have 120 days to accept or decline the request. If no action is taken, the share request expires.
When you create a share request, Audit Manager stores a snapshot of your custom framework in the US East (N. Virginia) Amazon Web Services Region. Audit Manager also stores a backup of the same snapshot in the US West (Oregon) Amazon Web Services Region.
Audit Manager deletes the snapshot and the backup snapshot when one of the following events occurs:
-
The sender revokes the share request.
-
The recipient declines the share request.
-
The recipient encounters an error and doesn't successfully accept the share request.
-
The share request expires before the recipient responds to the request.
When a sender resends a share request, the snapshot is replaced with an updated version that corresponds with the latest version of the custom framework.
When a recipient accepts a share request, the snapshot is replicated into their Amazon Web Services account under the Amazon Web Services Region that was specified in the share request.
When you invoke the StartAssessmentFrameworkShare API, you are about to share a custom framework with another Amazon Web Services account. You may not share a custom framework that is derived from a standard framework if the standard framework is designated as not eligible for sharing by Amazon Web Services, unless you have obtained permission to do so from the owner of the standard framework. To learn more about which standard frameworks are eligible for sharing, see Framework sharing eligibility in the Audit Manager User Guide.
Parameter Syntax
$result = $client->startAssessmentFrameworkShare([
'comment' => '<string>',
'destinationAccount' => '<string>', // REQUIRED
'destinationRegion' => '<string>', // REQUIRED
'frameworkId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- comment
-
- Type: string
An optional comment from the sender about the share request.
- destinationAccount
-
- Required: Yes
- Type: string
The Amazon Web Services account of the recipient.
- destinationRegion
-
- Required: Yes
- Type: string
The Amazon Web Services Region of the recipient.
- frameworkId
-
- Required: Yes
- Type: string
The unique identifier for the custom framework to be shared.
Result Syntax
[
'assessmentFrameworkShareRequest' => [
'comment' => '<string>',
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'customControlsCount' => <integer>,
'destinationAccount' => '<string>',
'destinationRegion' => '<string>',
'expirationTime' => <DateTime>,
'frameworkDescription' => '<string>',
'frameworkId' => '<string>',
'frameworkName' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'sourceAccount' => '<string>',
'standardControlsCount' => <integer>,
'status' => 'ACTIVE|REPLICATING|SHARED|EXPIRING|FAILED|EXPIRED|DECLINED|REVOKED',
],
]
Result Details
Members
- assessmentFrameworkShareRequest
-
- Type: AssessmentFrameworkShareRequest structure
The share request that's created by the
StartAssessmentFrameworkShareAPI.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Tags the specified resource in Audit Manager.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the resource.
Result Syntax
[]
Result Details
Errors
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes a tag from a resource in Audit Manager.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the specified resource.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The name or key of the tag.
Result Syntax
[]
Result Details
Errors
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ValidationException:
The request has invalid or missing parameters.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
UpdateAssessment
$result = $client->updateAssessment([/* ... */]); $promise = $client->updateAssessmentAsync([/* ... */]);
Edits an Audit Manager assessment.
Parameter Syntax
$result = $client->updateAssessment([
'assessmentDescription' => '<string>',
'assessmentId' => '<string>', // REQUIRED
'assessmentName' => '<string>',
'assessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'roles' => [
[
'roleArn' => '<string>', // REQUIRED
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER', // REQUIRED
],
// ...
],
'scope' => [ // REQUIRED
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
]);
Parameter Details
Members
- assessmentDescription
-
- Type: string
The description of the assessment.
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- assessmentName
-
- Type: string
The name of the assessment to be updated.
- assessmentReportsDestination
-
- Type: AssessmentReportsDestination structure
The assessment report storage destination for the assessment that's being updated.
- roles
-
- Type: Array of Role structures
The list of roles for the assessment.
- scope
-
- Required: Yes
- Type: Scope structure
The scope of the assessment.
Result Syntax
[
'assessment' => [
'arn' => '<string>',
'awsAccount' => [
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
'framework' => [
'arn' => '<string>',
'controlSets' => [
[
'controls' => [
[
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
// ...
],
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'manualEvidenceCount' => <integer>,
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED',
'systemEvidenceCount' => <integer>,
],
// ...
],
'id' => '<string>',
'metadata' => [
'complianceType' => '<string>',
'description' => '<string>',
'logo' => '<string>',
'name' => '<string>',
],
],
'metadata' => [
'assessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'scope' => [
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
'status' => 'ACTIVE|INACTIVE',
],
'tags' => ['<string>', ...],
],
]
Result Details
Members
- assessment
-
- Type: Assessment structure
The response object for the
UpdateAssessmentAPI. This is the name of the updated assessment.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ThrottlingException:
The request was denied due to request throttling.
UpdateAssessmentControl
$result = $client->updateAssessmentControl([/* ... */]); $promise = $client->updateAssessmentControlAsync([/* ... */]);
Updates a control within an assessment in Audit Manager.
Parameter Syntax
$result = $client->updateAssessmentControl([
'assessmentId' => '<string>', // REQUIRED
'commentBody' => '<string>',
'controlId' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'controlStatus' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- commentBody
-
- Type: string
The comment body text for the control.
- controlId
-
- Required: Yes
- Type: string
The unique identifier for the control.
- controlSetId
-
- Required: Yes
- Type: string
The unique identifier for the control set.
- controlStatus
-
- Type: string
The status of the control.
Result Syntax
[
'control' => [
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
]
Result Details
Members
- control
-
- Type: AssessmentControl structure
The name of the updated control set that the
UpdateAssessmentControlAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
UpdateAssessmentControlSetStatus
$result = $client->updateAssessmentControlSetStatus([/* ... */]); $promise = $client->updateAssessmentControlSetStatusAsync([/* ... */]);
Updates the status of a control set in an Audit Manager assessment.
Parameter Syntax
$result = $client->updateAssessmentControlSetStatus([
'assessmentId' => '<string>', // REQUIRED
'comment' => '<string>', // REQUIRED
'controlSetId' => '<string>', // REQUIRED
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- comment
-
- Required: Yes
- Type: string
The comment that's related to the status update.
- controlSetId
-
- Required: Yes
- Type: string
The unique identifier for the control set.
- status
-
- Required: Yes
- Type: string
The status of the control set that's being updated.
Result Syntax
[
'controlSet' => [
'controls' => [
[
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
// ...
],
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'manualEvidenceCount' => <integer>,
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED',
'systemEvidenceCount' => <integer>,
],
]
Result Details
Members
- controlSet
-
- Type: AssessmentControlSet structure
The name of the updated control set that the
UpdateAssessmentControlSetStatusAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
UpdateAssessmentFramework
$result = $client->updateAssessmentFramework([/* ... */]); $promise = $client->updateAssessmentFrameworkAsync([/* ... */]);
Updates a custom framework in Audit Manager.
Parameter Syntax
$result = $client->updateAssessmentFramework([
'complianceType' => '<string>',
'controlSets' => [ // REQUIRED
[
'controls' => [ // REQUIRED
[
'id' => '<string>', // REQUIRED
],
// ...
],
'id' => '<string>',
'name' => '<string>', // REQUIRED
],
// ...
],
'description' => '<string>',
'frameworkId' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- complianceType
-
- Type: string
The compliance type that the new custom framework supports, such as CIS or HIPAA.
- controlSets
-
- Required: Yes
- Type: Array of UpdateAssessmentFrameworkControlSet structures
The control sets that are associated with the framework.
- description
-
- Type: string
The description of the updated framework.
- frameworkId
-
- Required: Yes
- Type: string
The unique identifier for the framework.
- name
-
- Required: Yes
- Type: string
The name of the framework to be updated.
Result Syntax
[
'framework' => [
'arn' => '<string>',
'complianceType' => '<string>',
'controlSets' => [
[
'controls' => [
[
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
// ...
],
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'logo' => '<string>',
'name' => '<string>',
'tags' => ['<string>', ...],
'type' => 'Standard|Custom',
],
]
Result Details
Members
- framework
-
- Type: Framework structure
The name of the framework.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
UpdateAssessmentFrameworkShare
$result = $client->updateAssessmentFrameworkShare([/* ... */]); $promise = $client->updateAssessmentFrameworkShareAsync([/* ... */]);
Updates a share request for a custom framework in Audit Manager.
Parameter Syntax
$result = $client->updateAssessmentFrameworkShare([
'action' => 'ACCEPT|DECLINE|REVOKE', // REQUIRED
'requestId' => '<string>', // REQUIRED
'requestType' => 'SENT|RECEIVED', // REQUIRED
]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
Specifies the update action for the share request.
- requestId
-
- Required: Yes
- Type: string
The unique identifier for the share request.
- requestType
-
- Required: Yes
- Type: string
Specifies whether the share request is a sent request or a received request.
Result Syntax
[
'assessmentFrameworkShareRequest' => [
'comment' => '<string>',
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'customControlsCount' => <integer>,
'destinationAccount' => '<string>',
'destinationRegion' => '<string>',
'expirationTime' => <DateTime>,
'frameworkDescription' => '<string>',
'frameworkId' => '<string>',
'frameworkName' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'sourceAccount' => '<string>',
'standardControlsCount' => <integer>,
'status' => 'ACTIVE|REPLICATING|SHARED|EXPIRING|FAILED|EXPIRED|DECLINED|REVOKED',
],
]
Result Details
Members
- assessmentFrameworkShareRequest
-
- Type: AssessmentFrameworkShareRequest structure
The updated share request that's returned by the
UpdateAssessmentFrameworkShareoperation.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ServiceQuotaExceededException:
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
UpdateAssessmentStatus
$result = $client->updateAssessmentStatus([/* ... */]); $promise = $client->updateAssessmentStatusAsync([/* ... */]);
Updates the status of an assessment in Audit Manager.
Parameter Syntax
$result = $client->updateAssessmentStatus([
'assessmentId' => '<string>', // REQUIRED
'status' => 'ACTIVE|INACTIVE', // REQUIRED
]);
Parameter Details
Members
- assessmentId
-
- Required: Yes
- Type: string
The unique identifier for the assessment.
- status
-
- Required: Yes
- Type: string
The current status of the assessment.
Result Syntax
[
'assessment' => [
'arn' => '<string>',
'awsAccount' => [
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
'framework' => [
'arn' => '<string>',
'controlSets' => [
[
'controls' => [
[
'assessmentReportEvidenceCount' => <integer>,
'comments' => [
[
'authorName' => '<string>',
'commentBody' => '<string>',
'postedDate' => <DateTime>,
],
// ...
],
'description' => '<string>',
'evidenceCount' => <integer>,
'evidenceSources' => ['<string>', ...],
'id' => '<string>',
'name' => '<string>',
'response' => 'MANUAL|AUTOMATE|DEFER|IGNORE',
'status' => 'UNDER_REVIEW|REVIEWED|INACTIVE',
],
// ...
],
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'manualEvidenceCount' => <integer>,
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'status' => 'ACTIVE|UNDER_REVIEW|REVIEWED',
'systemEvidenceCount' => <integer>,
],
// ...
],
'id' => '<string>',
'metadata' => [
'complianceType' => '<string>',
'description' => '<string>',
'logo' => '<string>',
'name' => '<string>',
],
],
'metadata' => [
'assessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'complianceType' => '<string>',
'creationTime' => <DateTime>,
'delegations' => [
[
'assessmentId' => '<string>',
'assessmentName' => '<string>',
'comment' => '<string>',
'controlSetId' => '<string>',
'createdBy' => '<string>',
'creationTime' => <DateTime>,
'id' => '<string>',
'lastUpdated' => <DateTime>,
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
'status' => 'IN_PROGRESS|UNDER_REVIEW|COMPLETE',
],
// ...
],
'description' => '<string>',
'id' => '<string>',
'lastUpdated' => <DateTime>,
'name' => '<string>',
'roles' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'scope' => [
'awsAccounts' => [
[
'emailAddress' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'awsServices' => [
[
'serviceName' => '<string>',
],
// ...
],
],
'status' => 'ACTIVE|INACTIVE',
],
'tags' => ['<string>', ...],
],
]
Result Details
Members
- assessment
-
- Type: Assessment structure
The name of the updated assessment that the
UpdateAssessmentStatusAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ServiceQuotaExceededException:
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
UpdateControl
$result = $client->updateControl([/* ... */]); $promise = $client->updateControlAsync([/* ... */]);
Updates a custom control in Audit Manager.
Parameter Syntax
$result = $client->updateControl([
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'controlId' => '<string>', // REQUIRED
'controlMappingSources' => [ // REQUIRED
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'testingInformation' => '<string>',
]);
Parameter Details
Members
- actionPlanInstructions
-
- Type: string
The recommended actions to carry out if the control isn't fulfilled.
- actionPlanTitle
-
- Type: string
The title of the action plan for remediating the control.
- controlId
-
- Required: Yes
- Type: string
The identifier for the control.
- controlMappingSources
-
- Required: Yes
- Type: Array of ControlMappingSource structures
The data mapping sources for the control.
- description
-
- Type: string
The optional description of the control.
- name
-
- Required: Yes
- Type: string
The name of the updated control.
- testingInformation
-
- Type: string
The steps that you should follow to determine if the control is met.
Result Syntax
[
'control' => [
'actionPlanInstructions' => '<string>',
'actionPlanTitle' => '<string>',
'arn' => '<string>',
'controlMappingSources' => [
[
'sourceDescription' => '<string>',
'sourceFrequency' => 'DAILY|WEEKLY|MONTHLY',
'sourceId' => '<string>',
'sourceKeyword' => [
'keywordInputType' => 'SELECT_FROM_LIST|UPLOAD_FILE|INPUT_TEXT',
'keywordValue' => '<string>',
],
'sourceName' => '<string>',
'sourceSetUpOption' => 'System_Controls_Mapping|Procedural_Controls_Mapping',
'sourceType' => 'AWS_Cloudtrail|AWS_Config|AWS_Security_Hub|AWS_API_Call|MANUAL|Common_Control|Core_Control',
'troubleshootingText' => '<string>',
],
// ...
],
'controlSources' => '<string>',
'createdAt' => <DateTime>,
'createdBy' => '<string>',
'description' => '<string>',
'id' => '<string>',
'lastUpdatedAt' => <DateTime>,
'lastUpdatedBy' => '<string>',
'name' => '<string>',
'state' => 'ACTIVE|END_OF_SUPPORT',
'tags' => ['<string>', ...],
'testingInformation' => '<string>',
'type' => 'Standard|Custom|Core',
],
]
Result Details
Members
- control
-
- Type: Control structure
The name of the updated control set that the
UpdateControlAPI returned.
Errors
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
UpdateSettings
$result = $client->updateSettings([/* ... */]); $promise = $client->updateSettingsAsync([/* ... */]);
Updates Audit Manager settings for the current account.
Parameter Syntax
$result = $client->updateSettings([
'defaultAssessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultExportDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultProcessOwners' => [
[
'roleArn' => '<string>', // REQUIRED
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER', // REQUIRED
],
// ...
],
'deregistrationPolicy' => [
'deleteResources' => 'ALL|DEFAULT',
],
'evidenceFinderEnabled' => true || false,
'kmsKey' => '<string>',
'snsTopic' => '<string>',
]);
Parameter Details
Members
- defaultAssessmentReportsDestination
-
- Type: AssessmentReportsDestination structure
The default S3 destination bucket for storing assessment reports.
- defaultExportDestination
-
- Type: DefaultExportDestination structure
The default S3 destination bucket for storing evidence finder exports.
- defaultProcessOwners
-
- Type: Array of Role structures
A list of the default audit owners.
- deregistrationPolicy
-
- Type: DeregistrationPolicy structure
The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
- evidenceFinderEnabled
-
- Type: boolean
Specifies whether the evidence finder feature is enabled. Change this attribute to enable or disable evidence finder.
When you use this attribute to disable evidence finder, Audit Manager deletes the event data store that’s used to query your evidence data. As a result, you can’t re-enable evidence finder and use the feature again. Your only alternative is to deregister and then re-register Audit Manager.
- kmsKey
-
- Type: string
The KMS key details.
- snsTopic
-
- Type: string
The Amazon Simple Notification Service (Amazon SNS) topic that Audit Manager sends notifications to.
Result Syntax
[
'settings' => [
'defaultAssessmentReportsDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultExportDestination' => [
'destination' => '<string>',
'destinationType' => 'S3',
],
'defaultProcessOwners' => [
[
'roleArn' => '<string>',
'roleType' => 'PROCESS_OWNER|RESOURCE_OWNER',
],
// ...
],
'deregistrationPolicy' => [
'deleteResources' => 'ALL|DEFAULT',
],
'evidenceFinderEnablement' => [
'backfillStatus' => 'NOT_STARTED|IN_PROGRESS|COMPLETED',
'enablementStatus' => 'ENABLED|DISABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS',
'error' => '<string>',
'eventDataStoreArn' => '<string>',
],
'isAwsOrgEnabled' => true || false,
'kmsKey' => '<string>',
'snsTopic' => '<string>',
],
]
Result Details
Members
- settings
-
- Type: Settings structure
The current list of settings.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
ValidateAssessmentReportIntegrity
$result = $client->validateAssessmentReportIntegrity([/* ... */]); $promise = $client->validateAssessmentReportIntegrityAsync([/* ... */]);
Validates the integrity of an assessment report in Audit Manager.
Parameter Syntax
$result = $client->validateAssessmentReportIntegrity([
's3RelativePath' => '<string>', // REQUIRED
]);
Parameter Details
Members
- s3RelativePath
-
- Required: Yes
- Type: string
The relative path of the Amazon S3 bucket that the assessment report is stored in.
Result Syntax
[
'signatureAlgorithm' => '<string>',
'signatureDateTime' => '<string>',
'signatureKeyId' => '<string>',
'signatureValid' => true || false,
'validationErrors' => ['<string>', ...],
]
Result Details
Members
- signatureAlgorithm
-
- Type: string
The signature algorithm that's used to code sign the assessment report file.
- signatureDateTime
-
- Type: string
The date and time signature that specifies when the assessment report was created.
- signatureKeyId
-
- Type: string
The unique identifier for the validation signature key.
- signatureValid
-
- Type: boolean
Specifies whether the signature key is valid.
- validationErrors
-
- Type: Array of strings
Represents any errors that occurred when validating the assessment report.
Errors
- ValidationException:
The request has invalid or missing parameters.
- AccessDeniedException:
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
- InternalServerException:
An internal service error occurred during the processing of your request. Try again later.
- ResourceNotFoundException:
The resource that's specified in the request can't be found.
Shapes
AWSAccount
Description
The wrapper of Amazon Web Services account details, such as account ID or email address.
Members
- emailAddress
-
- Type: string
The email address that's associated with the Amazon Web Services account.
- id
-
- Type: string
The identifier for the Amazon Web Services account.
- name
-
- Type: string
The name of the Amazon Web Services account.
AWSService
Description
An Amazon Web Service such as Amazon S3 or CloudTrail.
For an example of how to find an Amazon Web Service name and how to define it in your assessment scope, see the following:
Members
- serviceName
-
- Type: string
The name of the Amazon Web Service.
AccessDeniedException
Description
Your account isn't registered with Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
Members
- message
-
- Required: Yes
- Type: string
Assessment
Description
An entity that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the assessment.
- awsAccount
-
- Type: AWSAccount structure
The Amazon Web Services account that's associated with the assessment.
- framework
-
- Type: AssessmentFramework structure
The framework that the assessment was created from.
- metadata
-
- Type: AssessmentMetadata structure
The metadata for the assessment.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the assessment.
AssessmentControl
Description
The control entity that represents a standard control or a custom control in an Audit Manager assessment.
Members
- assessmentReportEvidenceCount
-
- Type: int
The amount of evidence in the assessment report.
- comments
-
- Type: Array of ControlComment structures
The list of comments that's attached to the control.
- description
-
- Type: string
The description of the control.
- evidenceCount
-
- Type: int
The amount of evidence that's collected for the control.
- evidenceSources
-
- Type: Array of strings
The list of data sources for the evidence.
- id
-
- Type: string
The identifier for the control.
- name
-
- Type: string
The name of the control.
- response
-
- Type: string
The response of the control.
- status
-
- Type: string
The status of the control.
AssessmentControlSet
Description
Represents a set of controls in an Audit Manager assessment.
Members
- controls
-
- Type: Array of AssessmentControl structures
The list of controls that's contained with the control set.
- delegations
-
- Type: Array of Delegation structures
The delegations that are associated with the control set.
- description
-
- Type: string
The description for the control set.
- id
-
- Type: string
The identifier of the control set in the assessment. This is the control set name in a plain string format.
- manualEvidenceCount
-
- Type: int
The total number of evidence objects that are uploaded manually to the control set.
- roles
-
- Type: Array of Role structures
The roles that are associated with the control set.
- status
-
- Type: string
The current status of the control set.
- systemEvidenceCount
-
- Type: int
The total number of evidence objects that are retrieved automatically for the control set.
AssessmentEvidenceFolder
Description
The folder where Audit Manager stores evidence for an assessment.
Members
- assessmentId
-
- Type: string
The identifier for the assessment.
- assessmentReportSelectionCount
-
- Type: int
The total count of evidence that's included in the assessment report.
- author
-
- Type: string
The name of the user who created the evidence folder.
- controlId
-
- Type: string
The unique identifier for the control.
- controlName
-
- Type: string
The name of the control.
- controlSetId
-
- Type: string
The identifier for the control set.
- dataSource
-
- Type: string
The Amazon Web Service that the evidence was collected from.
- date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the first evidence was added to the evidence folder.
- evidenceAwsServiceSourceCount
-
- Type: int
The total number of Amazon Web Services resources that were assessed to generate the evidence.
- evidenceByTypeComplianceCheckCount
-
- Type: int
The number of evidence that falls under the compliance check category. This evidence is collected from Config or Security Hub.
- evidenceByTypeComplianceCheckIssuesCount
-
- Type: int
The total number of issues that were reported directly from Security Hub, Config, or both.
- evidenceByTypeConfigurationDataCount
-
- Type: int
The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other Amazon Web Services such as Amazon EC2, Amazon S3, or IAM.
- evidenceByTypeManualCount
-
- Type: int
The number of evidence that falls under the manual category. This evidence is imported manually.
- evidenceByTypeUserActivityCount
-
- Type: int
The number of evidence that falls under the user activity category. This evidence is collected from CloudTrail logs.
- evidenceResourcesIncludedCount
-
- Type: int
The amount of evidence that's included in the evidence folder.
- id
-
- Type: string
The identifier for the folder that the evidence is stored in.
- name
-
- Type: string
The name of the evidence folder.
- totalEvidence
-
- Type: int
The total amount of evidence in the evidence folder.
AssessmentFramework
Description
The file used to structure and automate Audit Manager assessments for a given compliance standard.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the framework.
- controlSets
-
- Type: Array of AssessmentControlSet structures
The control sets that are associated with the framework.
- id
-
- Type: string
The unique identifier for the framework.
- metadata
-
- Type: FrameworkMetadata structure
The metadata of a framework, such as the name, ID, or description.
AssessmentFrameworkMetadata
Description
The metadata that's associated with a standard framework or a custom framework.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the framework.
- complianceType
-
- Type: string
The compliance type that the new custom framework supports, such as CIS or HIPAA.
- controlSetsCount
-
- Type: int
The number of control sets that are associated with the framework.
- controlsCount
-
- Type: int
The number of controls that are associated with the framework.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the framework was created.
- description
-
- Type: string
The description of the framework.
- id
-
- Type: string
The unique identifier for the framework.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the framework was most recently updated.
- logo
-
- Type: string
The logo that's associated with the framework.
- name
-
- Type: string
The name of the framework.
- type
-
- Type: string
The framework type, such as a standard framework or a custom framework.
AssessmentFrameworkShareRequest
Description
Represents a share request for a custom framework in Audit Manager.
Members
- comment
-
- Type: string
An optional comment from the sender about the share request.
- complianceType
-
- Type: string
The compliance type that the shared custom framework supports, such as CIS or HIPAA.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the share request was created.
- customControlsCount
-
- Type: int
The number of custom controls that are part of the shared custom framework.
- destinationAccount
-
- Type: string
The Amazon Web Services account of the recipient.
- destinationRegion
-
- Type: string
The Amazon Web Services Region of the recipient.
- expirationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the share request expires.
- frameworkDescription
-
- Type: string
The description of the shared custom framework.
- frameworkId
-
- Type: string
The unique identifier for the shared custom framework.
- frameworkName
-
- Type: string
The name of the custom framework that the share request is for.
- id
-
- Type: string
The unique identifier for the share request.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the share request was last updated.
- sourceAccount
-
- Type: string
The Amazon Web Services account of the sender.
- standardControlsCount
-
- Type: int
The number of standard controls that are part of the shared custom framework.
- status
-
- Type: string
The status of the share request.
AssessmentMetadata
Description
The metadata that's associated with the specified assessment.
Members
- assessmentReportsDestination
-
- Type: AssessmentReportsDestination structure
The destination that evidence reports are stored in for the assessment.
- complianceType
-
- Type: string
The name of the compliance standard that's related to the assessment, such as PCI-DSS.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the assessment was created.
- delegations
-
- Type: Array of Delegation structures
The delegations that are associated with the assessment.
- description
-
- Type: string
The description of the assessment.
- id
-
- Type: string
The unique identifier for the assessment.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time of the most recent update.
- name
-
- Type: string
The name of the assessment.
- roles
-
- Type: Array of Role structures
The roles that are associated with the assessment.
- scope
-
- Type: Scope structure
The wrapper of Amazon Web Services accounts and services that are in scope for the assessment.
- status
-
- Type: string
The overall status of the assessment.
AssessmentMetadataItem
Description
A metadata object that's associated with an assessment in Audit Manager.
Members
- complianceType
-
- Type: string
The name of the compliance standard that's related to the assessment, such as PCI-DSS.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the assessment was created.
- delegations
-
- Type: Array of Delegation structures
The delegations that are associated with the assessment.
- id
-
- Type: string
The unique identifier for the assessment.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time of the most recent update.
- name
-
- Type: string
The name of the assessment.
- roles
-
- Type: Array of Role structures
The roles that are associated with the assessment.
- status
-
- Type: string
The current status of the assessment.
AssessmentReport
Description
A finalized document that's generated from an Audit Manager assessment. These reports summarize the relevant evidence that was collected for your audit, and link to the relevant evidence folders. These evidence folders are named and organized according to the controls that are specified in your assessment.
Members
- assessmentId
-
- Type: string
The identifier for the specified assessment.
- assessmentName
-
- Type: string
The name of the associated assessment.
- author
-
- Type: string
The name of the user who created the assessment report.
- awsAccountId
-
- Type: string
The identifier for the specified Amazon Web Services account.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the assessment report was created.
- description
-
- Type: string
The description of the specified assessment report.
- id
-
- Type: string
The unique identifier for the assessment report.
- name
-
- Type: string
The name that's given to the assessment report.
- status
-
- Type: string
The current status of the specified assessment report.
AssessmentReportEvidenceError
Description
An error entity for assessment report evidence errors. This is used to provide more meaningful errors than a simple string message.
Members
- errorCode
-
- Type: string
The error code that was returned.
- errorMessage
-
- Type: string
The error message that was returned.
- evidenceId
-
- Type: string
The identifier for the evidence.
AssessmentReportMetadata
Description
The metadata objects that are associated with the specified assessment report.
Members
- assessmentId
-
- Type: string
The unique identifier for the associated assessment.
- assessmentName
-
- Type: string
The name of the associated assessment.
- author
-
- Type: string
The name of the user who created the assessment report.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the assessment report was created.
- description
-
- Type: string
The description of the assessment report.
- id
-
- Type: string
The unique identifier for the assessment report.
- name
-
- Type: string
The name of the assessment report.
- status
-
- Type: string
The current status of the assessment report.
AssessmentReportsDestination
Description
The location where Audit Manager saves assessment reports for the given assessment.
Members
- destination
-
- Type: string
The destination bucket where Audit Manager stores assessment reports.
- destinationType
-
- Type: string
The destination type, such as Amazon S3.
BatchCreateDelegationByAssessmentError
Description
An error entity for the BatchCreateDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.
Members
- createDelegationRequest
-
- Type: CreateDelegationRequest structure
The API request to batch create delegations in Audit Manager.
- errorCode
-
- Type: string
The error code that the
BatchCreateDelegationByAssessmentAPI returned. - errorMessage
-
- Type: string
The error message that the
BatchCreateDelegationByAssessmentAPI returned.
BatchDeleteDelegationByAssessmentError
Description
An error entity for the BatchDeleteDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.
Members
- delegationId
-
- Type: string
The identifier for the delegation.
- errorCode
-
- Type: string
The error code that the
BatchDeleteDelegationByAssessmentAPI returned. - errorMessage
-
- Type: string
The error message that the
BatchDeleteDelegationByAssessmentAPI returned.
BatchImportEvidenceToAssessmentControlError
Description
An error entity for the BatchImportEvidenceToAssessmentControl API. This is used to provide more meaningful errors than a simple string message.
Members
- errorCode
-
- Type: string
The error code that the
BatchImportEvidenceToAssessmentControlAPI returned. - errorMessage
-
- Type: string
The error message that the
BatchImportEvidenceToAssessmentControlAPI returned. - manualEvidence
-
- Type: ManualEvidence structure
Manual evidence that can't be collected automatically by Audit Manager.
ChangeLog
Description
The record of a change within Audit Manager. For example, this could be the status change of an assessment or the delegation of a control set.
Members
- action
-
- Type: string
The action that was performed.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the action was performed and the changelog record was created.
- createdBy
-
- Type: string
The user or role that performed the action.
- objectName
-
- Type: string
The name of the object that changed. This could be the name of an assessment, control, or control set.
- objectType
-
- Type: string
The object that was changed, such as an assessment, control, or control set.
Control
Description
A control in Audit Manager.
Members
- actionPlanInstructions
-
- Type: string
The recommended actions to carry out if the control isn't fulfilled.
- actionPlanTitle
-
- Type: string
The title of the action plan for remediating the control.
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the control.
- controlMappingSources
-
- Type: Array of ControlMappingSource structures
The data mapping sources for the control.
- controlSources
-
- Type: string
The data source types that determine where Audit Manager collects evidence from for the control.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control was created.
- createdBy
-
- Type: string
The user or role that created the control.
- description
-
- Type: string
The description of the control.
- id
-
- Type: string
The unique identifier for the control.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control was most recently updated.
- lastUpdatedBy
-
- Type: string
The user or role that most recently updated the control.
- name
-
- Type: string
The name of the control.
- state
-
- Type: string
The state of the control. The
END_OF_SUPPORTstate is applicable to standard controls only. This state indicates that the standard control can still be used to collect evidence, but Audit Manager is no longer updating or maintaining that control. - tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags associated with the control.
- testingInformation
-
- Type: string
The steps that you should follow to determine if the control has been satisfied.
- type
-
- Type: string
Specifies whether the control is a standard control or a custom control.
ControlComment
Description
A comment that's posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
Members
- authorName
-
- Type: string
The name of the user who authored the comment.
- commentBody
-
- Type: string
The body text of a control comment.
- postedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the comment was posted.
ControlDomainInsights
Description
A summary of the latest analytics data for a specific control domain.
Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
Members
- controlsCountByNoncompliantEvidence
-
- Type: int
The number of controls in the control domain that collected non-compliant evidence on the
lastUpdateddate. - evidenceInsights
-
- Type: EvidenceInsights structure
A breakdown of the compliance check status for the evidence that’s associated with the control domain.
- id
-
- Type: string
The unique identifier for the control domain. Audit Manager supports the control domains that are provided by Amazon Web Services Control Catalog. For information about how to find a list of available control domains, see
ListDomainsin the Amazon Web Services Control Catalog API Reference. - lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control domain insights were last updated.
- name
-
- Type: string
The name of the control domain.
- totalControlsCount
-
- Type: int
The total number of controls in the control domain.
ControlInsightsMetadataByAssessmentItem
Description
A summary of the latest analytics data for a specific control in a specific active assessment.
Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
Members
- controlSetName
-
- Type: string
The name of the control set that the assessment control belongs to.
- evidenceInsights
-
- Type: EvidenceInsights structure
A breakdown of the compliance check status for the evidence that’s associated with the assessment control.
- id
-
- Type: string
The unique identifier for the assessment control.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the assessment control insights were last updated.
- name
-
- Type: string
The name of the assessment control.
ControlInsightsMetadataItem
Description
A summary of the latest analytics data for a specific control.
This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
Members
- evidenceInsights
-
- Type: EvidenceInsights structure
A breakdown of the compliance check status for the evidence that’s associated with the control.
- id
-
- Type: string
The unique identifier for the control.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control insights were last updated.
- name
-
- Type: string
The name of the control.
ControlMappingSource
Description
The data source that determines where Audit Manager collects evidence from for the control.
Members
- sourceDescription
-
- Type: string
The description of the source.
- sourceFrequency
-
- Type: string
Specifies how often evidence is collected from the control mapping source.
- sourceId
-
- Type: string
The unique identifier for the source.
- sourceKeyword
-
- Type: SourceKeyword structure
A keyword that relates to the control data source.
For manual evidence, this keyword indicates if the manual evidence is a file or text.
For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.
To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:
- sourceName
-
- Type: string
The name of the source.
- sourceSetUpOption
-
- Type: string
The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for
sourceSetUpOption, Audit Manager automatically infers and populates the correct value based on thesourceTypethat you specify. - sourceType
-
- Type: string
Specifies which type of data source is used to collect evidence.
-
The source can be an individual data source type, such as
AWS_Cloudtrail,AWS_Config,AWS_Security_Hub,AWS_API_Call, orMANUAL. -
The source can also be a managed grouping of data sources, such as a
Core_Controlor aCommon_Control.
- troubleshootingText
-
- Type: string
The instructions for troubleshooting the control.
ControlMetadata
Description
The metadata that's associated with the standard control or custom control.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the control.
- controlSources
-
- Type: string
The data source that determines where Audit Manager collects evidence from for the control.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control was created.
- id
-
- Type: string
The unique identifier for the control.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the control was most recently updated.
- name
-
- Type: string
The name of the control.
ControlSet
Description
A set of controls in Audit Manager.
Members
- controls
-
- Type: Array of Control structures
The list of controls within the control set.
- id
-
- Type: string
The identifier of the control set in the assessment. This is the control set name in a plain string format.
- name
-
- Type: string
The name of the control set.
CreateAssessmentFrameworkControl
Description
The control entity attributes that uniquely identify an existing control to be added to a framework in Audit Manager.
Members
- id
-
- Required: Yes
- Type: string
The unique identifier of the control.
CreateAssessmentFrameworkControlSet
Description
A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.
Members
- controls
-
- Type: Array of CreateAssessmentFrameworkControl structures
The list of controls within the control set. This doesn't contain the control set ID.
- name
-
- Required: Yes
- Type: string
The name of the control set.
CreateControlMappingSource
Description
The mapping attributes that determine the evidence source for a given control, along with related parameters and metadata. This doesn't contain mappingID.
Members
- sourceDescription
-
- Type: string
The description of the data source that determines where Audit Manager collects evidence from for the control.
- sourceFrequency
-
- Type: string
Specifies how often evidence is collected from the control mapping source.
- sourceKeyword
-
- Type: SourceKeyword structure
A keyword that relates to the control data source.
For manual evidence, this keyword indicates if the manual evidence is a file or text.
For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.
To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:
- sourceName
-
- Type: string
The name of the control mapping data source.
- sourceSetUpOption
-
- Type: string
The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for
sourceSetUpOption, Audit Manager automatically infers and populates the correct value based on thesourceTypethat you specify. - sourceType
-
- Type: string
Specifies which type of data source is used to collect evidence.
-
The source can be an individual data source type, such as
AWS_Cloudtrail,AWS_Config,AWS_Security_Hub,AWS_API_Call, orMANUAL. -
The source can also be a managed grouping of data sources, such as a
Core_Controlor aCommon_Control.
- troubleshootingText
-
- Type: string
The instructions for troubleshooting the control.
CreateDelegationRequest
Description
A collection of attributes that's used to create a delegation for an assessment in Audit Manager.
Members
- comment
-
- Type: string
A comment that's related to the delegation request.
- controlSetId
-
- Type: string
The unique identifier for the control set.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role.
- roleType
-
- Type: string
The type of customer persona.
In
CreateAssessment,roleTypecan only bePROCESS_OWNER.In
UpdateSettings,roleTypecan only bePROCESS_OWNER.In
BatchCreateDelegationByAssessment,roleTypecan only beRESOURCE_OWNER.
DefaultExportDestination
Description
The default s3 bucket where Audit Manager saves the files that you export from evidence finder.
Members
- destination
-
- Type: string
The destination bucket where Audit Manager stores exported files.
- destinationType
-
- Type: string
The destination type, such as Amazon S3.
Delegation
Description
The assignment of a control set to a delegate for review.
Members
- assessmentId
-
- Type: string
The identifier for the assessment that's associated with the delegation.
- assessmentName
-
- Type: string
The name of the assessment that's associated with the delegation.
- comment
-
- Type: string
The comment that's related to the delegation.
- controlSetId
-
- Type: string
The identifier for the control set that's associated with the delegation.
- createdBy
-
- Type: string
The user or role that created the delegation.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the delegation was created.
- id
-
- Type: string
The unique identifier for the delegation.
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the delegation was last updated.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role.
- roleType
-
- Type: string
The type of customer persona.
In
CreateAssessment,roleTypecan only bePROCESS_OWNER.In
UpdateSettings,roleTypecan only bePROCESS_OWNER.In
BatchCreateDelegationByAssessment,roleTypecan only beRESOURCE_OWNER. - status
-
- Type: string
The status of the delegation.
DelegationMetadata
Description
The metadata that's associated with the delegation.
Members
- assessmentId
-
- Type: string
The unique identifier for the assessment.
- assessmentName
-
- Type: string
The name of the associated assessment.
- controlSetName
-
- Type: string
Specifies the name of the control set that was delegated for review.
- creationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the delegation was created.
- id
-
- Type: string
The unique identifier for the delegation.
- roleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM role.
- status
-
- Type: string
The current status of the delegation.
DeregistrationPolicy
Description
The deregistration policy for the data that's stored in Audit Manager. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
By default, Audit Manager retains evidence data for two years from the time of its creation. Other Audit Manager resources (including assessments, custom controls, and custom frameworks) remain in Audit Manager indefinitely, and are available if you re-register Audit Manager in the future. For more information about data retention, see Data Protection in the Audit Manager User Guide.
If you choose to delete all data, this action permanently deletes all evidence data in your account within seven days. It also deletes all of the Audit Manager resources that you created, including assessments, custom controls, and custom frameworks. Your data will not be available if you re-register Audit Manager in the future.
Members
- deleteResources
-
- Type: string
Specifies which Audit Manager data will be deleted when you deregister Audit Manager.
-
If you set the value to
ALL, all of your data is deleted within seven days of deregistration. -
If you set the value to
DEFAULT, none of your data is deleted at the time of deregistration. However, keep in mind that the Audit Manager data retention policy still applies. As a result, any evidence data will be deleted two years after its creation date. Your other Audit Manager resources will continue to exist indefinitely.
Evidence
Description
A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity invoked by a user, or a system configuration snapshot.
Members
- assessmentReportSelection
-
- Type: string
Specifies whether the evidence is included in the assessment report.
- attributes
-
- Type: Associative array of custom strings keys (EvidenceAttributeKey) to strings
The names and values that are used by the evidence event. This includes an attribute name (such as
allowUsersToChangePassword) and value (such astrueorfalse). - awsAccountId
-
- Type: string
The identifier for the Amazon Web Services account.
- awsOrganization
-
- Type: string
The Amazon Web Services account that the evidence is collected from, and its organization path.
- complianceCheck
-
- Type: string
The evaluation status for automated evidence that falls under the compliance check category.
-
Audit Manager classes evidence as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.
-
Audit Manager classes evidence as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.
-
If a compliance check isn't available or applicable, then no compliance evaluation can be made for that evidence. This is the case if the evidence uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the evidence uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).
- dataSource
-
- Type: string
The data source where the evidence was collected from.
- eventName
-
- Type: string
The name of the evidence event.
- eventSource
-
- Type: string
The Amazon Web Service that the evidence is collected from.
- evidenceAwsAccountId
-
- Type: string
The identifier for the Amazon Web Services account.
- evidenceByType
-
- Type: string
The type of automated evidence.
- evidenceFolderId
-
- Type: string
The identifier for the folder that the evidence is stored in.
- iamId
-
- Type: string
The unique identifier for the user or role that's associated with the evidence.
- id
-
- Type: string
The identifier for the evidence.
- resourcesIncluded
-
- Type: Array of Resource structures
The list of resources that are assessed to generate the evidence.
- time
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp that represents when the evidence was collected.
EvidenceFinderEnablement
Description
The settings object that specifies whether evidence finder is enabled. This object also describes the related event data store, and the backfill status for populating the event data store with evidence data.
Members
- backfillStatus
-
- Type: string
The current status of the evidence data backfill process.
The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past two years’ worth of evidence data so that your evidence can be queried.
-
NOT_STARTEDmeans that the backfill hasn’t started yet. -
IN_PROGRESSmeans that the backfill is in progress. This can take up to 7 days to complete, depending on the amount of evidence data. -
COMPLETEDmeans that the backfill is complete. All of your past evidence is now queryable.
- enablementStatus
-
- Type: string
The current status of the evidence finder feature and the related event data store.
-
ENABLE_IN_PROGRESSmeans that you requested to enable evidence finder. An event data store is currently being created to support evidence finder queries. -
ENABLEDmeans that an event data store was successfully created and evidence finder is enabled. We recommend that you wait 7 days until the event data store is backfilled with your past two years’ worth of evidence data. You can use evidence finder in the meantime, but not all data might be available until the backfill is complete. -
DISABLE_IN_PROGRESSmeans that you requested to disable evidence finder, and your request is pending the deletion of the event data store. -
DISABLEDmeans that you have permanently disabled evidence finder and the event data store has been deleted. You can't re-enable evidence finder after this point.
- error
-
- Type: string
Represents any errors that occurred when enabling or disabling evidence finder.
- eventDataStoreArn
-
- Type: string
The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against.
EvidenceInsights
Description
A breakdown of the latest compliance check status for the evidence in your Audit Manager assessments.
Members
- compliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.
- inconclusiveEvidenceCount
-
- Type: int
The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable in the console, it's classified as inconclusive in
EvidenceInsightsdata. - noncompliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.
Framework
Description
The file that's used to structure and automate Audit Manager assessments for a given compliance standard.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) of the framework.
- complianceType
-
- Type: string
The compliance type that the framework supports, such as CIS or HIPAA.
- controlSets
-
- Type: Array of ControlSet structures
The control sets that are associated with the framework.
- controlSources
-
- Type: string
The control data sources where Audit Manager collects evidence from.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the framework was created.
- createdBy
-
- Type: string
The user or role that created the framework.
- description
-
- Type: string
The description of the framework.
- id
-
- Type: string
The unique identifier for the framework.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the framework was most recently updated.
- lastUpdatedBy
-
- Type: string
The user or role that most recently updated the framework.
- logo
-
- Type: string
The logo that's associated with the framework.
- name
-
- Type: string
The name of the framework.
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
The tags that are associated with the framework.
- type
-
- Type: string
Specifies whether the framework is a standard framework or a custom framework.
FrameworkMetadata
Description
The metadata of a framework, such as the name, ID, or description.
Members
- complianceType
-
- Type: string
The compliance standard that's associated with the framework. For example, this could be PCI DSS or HIPAA.
- description
-
- Type: string
The description of the framework.
- logo
-
- Type: string
The logo that's associated with the framework.
- name
-
- Type: string
The name of the framework.
Insights
Description
A summary of the latest analytics data for all your active assessments.
This summary is a snapshot of the data that your active assessments collected on the lastUpdated date. It’s important to understand that the following totals are daily counts based on this date — they aren’t a total sum to date.
The Insights data is eventually consistent. This means that, when you read data from Insights, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response should return the latest data.
If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.
-
Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the
InsightsByAssessmentcounts for that day. -
Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the
InsightsByAssessmentcounts for that day.
Members
- activeAssessmentsCount
-
- Type: int
The number of active assessments in Audit Manager.
- assessmentControlsCountByNoncompliantEvidence
-
- Type: int
The number of assessment controls that collected non-compliant evidence on the
lastUpdateddate. - compliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as compliant on the
lastUpdateddate. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling. - inconclusiveEvidenceCount
-
- Type: int
The number of evidence without a compliance check ruling. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example: manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable, it's classed as inconclusive in
Insightsdata. - lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the cross-assessment insights were last updated.
- noncompliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as non-compliant on the
lastUpdateddate. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling. - totalAssessmentControlsCount
-
- Type: int
The total number of controls across all active assessments.
InsightsByAssessment
Description
A summary of the latest analytics data for a specific active assessment.
This summary is a snapshot of the data that was collected on the lastUpdated date. It’s important to understand that the totals in InsightsByAssessment are daily counts based on this date — they aren’t a total sum to date.
The InsightsByAssessment data is eventually consistent. This means that when you read data from InsightsByAssessment, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response returns the latest data.
If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.
-
Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the
InsightsByAssessmentcounts for that day. -
Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the
InsightsByAssessmentcounts for that day.
Members
- assessmentControlsCountByNoncompliantEvidence
-
- Type: int
The number of assessment controls that collected non-compliant evidence on the
lastUpdateddate. - compliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a Pass ruling, or collected from Config with a Compliant ruling.
- inconclusiveEvidenceCount
-
- Type: int
The amount of evidence without a compliance check ruling. Evidence is inconclusive if the associated control uses Security Hub or Config as a data source and you didn't enable those services. This is also the case if a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail).
If evidence has a compliance check status of not applicable, it's classified as inconclusive in
InsightsByAssessmentdata. - lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the assessment insights were last updated.
- noncompliantEvidenceCount
-
- Type: int
The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a Fail ruling, or collected from Config with a Non-compliant ruling.
- totalAssessmentControlsCount
-
- Type: int
The total number of controls in the assessment.
InternalServerException
Description
An internal service error occurred during the processing of your request. Try again later.
Members
- message
-
- Required: Yes
- Type: string
ManualEvidence
Description
Evidence that's manually added to a control in Audit Manager. manualEvidence can be one of the following: evidenceFileName, s3ResourcePath, or textResponse.
Members
- evidenceFileName
-
- Type: string
The name of the file that's uploaded as manual evidence. This name is populated using the
evidenceFileNamevalue from theGetEvidenceFileUploadUrlAPI response. - s3ResourcePath
-
- Type: string
The S3 URL of the object that's imported as manual evidence.
- textResponse
-
- Type: string
The plain text response that's entered and saved as manual evidence.
Notification
Description
The notification that informs a user of an update in Audit Manager. For example, this includes the notification that's sent when a control set is delegated for review.
Members
- assessmentId
-
- Type: string
The identifier for the assessment.
- assessmentName
-
- Type: string
The name of the related assessment.
- controlSetId
-
- Type: string
The identifier for the control set.
- controlSetName
-
- Type: string
Specifies the name of the control set that the notification is about.
- description
-
- Type: string
The description of the notification.
- eventTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the notification was sent.
- id
-
- Type: string
The unique identifier for the notification.
- source
-
- Type: string
The sender of the notification.
Resource
Description
A system asset that's evaluated in an Audit Manager assessment.
Members
- arn
-
- Type: string
The Amazon Resource Name (ARN) for the resource.
- complianceCheck
-
- Type: string
The evaluation status for a resource that was assessed when collecting compliance check evidence.
-
Audit Manager classes the resource as non-compliant if Security Hub reports a Fail result, or if Config reports a Non-compliant result.
-
Audit Manager classes the resource as compliant if Security Hub reports a Pass result, or if Config reports a Compliant result.
-
If a compliance check isn't available or applicable, then no compliance evaluation can be made for that resource. This is the case if a resource assessment uses Config or Security Hub as the underlying data source type, but those services aren't enabled. This is also the case if the resource assessment uses an underlying data source type that doesn't support compliance checks (such as manual evidence, Amazon Web Services API calls, or CloudTrail).
- value
-
- Type: string
The value of the resource.
ResourceNotFoundException
Description
The resource that's specified in the request can't be found.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The unique identifier for the resource.
- resourceType
-
- Required: Yes
- Type: string
The type of resource that's affected by the error.
Role
Description
The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).
Members
- roleArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the IAM role.
- roleType
-
- Required: Yes
- Type: string
The type of customer persona.
In
CreateAssessment,roleTypecan only bePROCESS_OWNER.In
UpdateSettings,roleTypecan only bePROCESS_OWNER.In
BatchCreateDelegationByAssessment,roleTypecan only beRESOURCE_OWNER.
Scope
Description
The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.
You no longer need to specify which Amazon Web Services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services.
If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.
Members
- awsAccounts
-
- Type: Array of AWSAccount structures
The Amazon Web Services accounts that are included in the scope of the assessment.
- awsServices
-
- Type: Array of AWSService structures
The Amazon Web Services services that are included in the scope of the assessment.
This API parameter is no longer supported. If you use this parameter to specify one or more Amazon Web Services, Audit Manager ignores this input. Instead, the value for
awsServiceswill show as empty.
ServiceMetadata
Description
The metadata that's associated with the Amazon Web Service.
Members
- category
-
- Type: string
The category that the Amazon Web Service belongs to, such as compute, storage, or database.
- description
-
- Type: string
The description of the Amazon Web Service.
- displayName
-
- Type: string
The display name of the Amazon Web Service.
- name
-
- Type: string
The name of the Amazon Web Service.
ServiceQuotaExceededException
Description
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
Members
- message
-
- Required: Yes
- Type: string
Settings
Description
The settings object that holds all supported Audit Manager settings.
Members
- defaultAssessmentReportsDestination
-
- Type: AssessmentReportsDestination structure
The default S3 destination bucket for storing assessment reports.
- defaultExportDestination
-
- Type: DefaultExportDestination structure
The default S3 destination bucket for storing evidence finder exports.
- defaultProcessOwners
-
- Type: Array of Role structures
The designated default audit owners.
- deregistrationPolicy
-
- Type: DeregistrationPolicy structure
The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
- evidenceFinderEnablement
-
- Type: EvidenceFinderEnablement structure
The current evidence finder status and event data store details.
- isAwsOrgEnabled
-
- Type: boolean
Specifies whether Organizations is enabled.
- kmsKey
-
- Type: string
The KMS key details.
- snsTopic
-
- Type: string
The designated Amazon Simple Notification Service (Amazon SNS) topic.
SourceKeyword
Description
A keyword that relates to the control data source.
For manual evidence, this keyword indicates if the manual evidence is a file or text.
For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.
To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:
Members
- keywordInputType
-
- Type: string
The input method for the keyword.
-
SELECT_FROM_LISTis used when mapping a data source for automated evidence.-
When
keywordInputTypeisSELECT_FROM_LIST, a keyword must be selected to collect automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
-
-
UPLOAD_FILEandINPUT_TEXTare only used when mapping a data source for manual evidence.-
When
keywordInputTypeisUPLOAD_FILE, a file must be uploaded as manual evidence. -
When
keywordInputTypeisINPUT_TEXT, text must be entered as manual evidence.
-
- keywordValue
-
- Type: string
The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
If you’re mapping a data source to a rule in Config, the
keywordValuethat you specify depends on the type of rule:-
For managed rules, you can use the rule identifier as the
keywordValue. You can find the rule identifier from the list of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, the rule namerestricted-sshhas the following rule identifier:INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.Keyword example for managed rules:
-
Managed rule name: s3-bucket-acl-prohibited
keywordValue:S3_BUCKET_ACL_PROHIBITED
-
-
For custom rules, you form the
keywordValueby adding theCustom_prefix to the rule name. This prefix distinguishes the custom rule from a managed rule.Keyword example for custom rules:
-
Custom rule name: my-custom-config-rule
keywordValue:Custom_my-custom-config-rule
-
-
For service-linked rules, you form the
keywordValueby adding theCustom_prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.Keyword examples for service-linked rules:
-
Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
keywordValue:Custom_CustomRuleForAccount-conformance-pack -
Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
keywordValue:Custom_OrgConfigRule-s3-bucket-versioning-enabled
-
The
keywordValueis case sensitive. If you enter a value incorrectly, Audit Manager might not recognize the data source mapping. As a result, you might not successfully collect evidence from that data source as intended.Keep in mind the following requirements, depending on the data source type that you're using.
-
For Config:
-
For managed rules, make sure that the
keywordValueis the rule identifier inALL_CAPS_WITH_UNDERSCORES. For example,CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you reference the list of supported Config managed rules. -
For custom rules, make sure that the
keywordValuehas theCustom_prefix followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you visit the Config console to verify your custom rule name.
-
-
For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference the list of supported Security Hub controls.
-
For Amazon Web Services API calls: Make sure that the
keywordValueis written asserviceprefix_ActionName. For example,iam_ListGroups. For accuracy, we recommend that you reference the list of supported API calls. -
For CloudTrail: Make sure that the
keywordValueis written asserviceprefix_ActionName. For example,cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference.
ThrottlingException
Description
The request was denied due to request throttling.
Members
- message
-
- Required: Yes
- Type: string
URL
Description
Short for uniform resource locator. A URL is used as a unique identifier to locate a resource on the internet.
Members
- hyperlinkName
-
- Type: string
The name or word that's used as a hyperlink to the URL.
- link
-
- Type: string
The unique identifier for the internet resource.
UpdateAssessmentFrameworkControlSet
Description
A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.
Members
- controls
-
- Required: Yes
- Type: Array of CreateAssessmentFrameworkControl structures
The list of controls that are contained within the control set.
- id
-
- Type: string
The unique identifier for the control set.
- name
-
- Required: Yes
- Type: string
The name of the control set.
ValidationException
Description
The request has invalid or missing parameters.
Members
- fields
-
- Type: Array of ValidationExceptionField structures
The fields that caused the error, if applicable.
- message
-
- Required: Yes
- Type: string
- reason
-
- Type: string
The reason the request failed validation.
ValidationExceptionField
Description
Indicates that the request has invalid or missing parameters for the field.
Members
- message
-
- Required: Yes
- Type: string
The body of the error message.
- name
-
- Required: Yes
- Type: string
The name of the validation error.