CreateAssessment
Creates an assessment in AWS Audit Manager.
Request Syntax
POST /assessments HTTP/1.1
Content-type: application/json
{
"assessmentReportsDestination": {
"destination": "string",
"destinationType": "string"
},
"description": "string",
"frameworkId": "string",
"name": "string",
"roles": [
{
"roleArn": "string",
"roleType": "string"
}
],
"scope": {
"awsAccounts": [
{
"emailAddress": "string",
"id": "string",
"name": "string"
}
],
"awsServices": [
{
"serviceName": "string"
}
]
},
"tags": {
"string" : "string"
}
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- assessmentReportsDestination
-
The assessment report storage destination for the assessment that's being created.
Type: AssessmentReportsDestination object
Required: Yes
- description
-
The optional description of the assessment to be created.
Type: String
Length Constraints: Maximum length of 1000.
Pattern:
^[\w\W\s\S]*$Required: No
- frameworkId
-
The identifier for the framework that the assessment will be created from.
Type: String
Length Constraints: Fixed length of 36.
Pattern:
^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$Required: Yes
- name
-
The name of the assessment to be created.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 300.
Pattern:
^[^\\]*$Required: Yes
- roles
-
The list of roles for the assessment.
Type: Array of Role objects
Required: Yes
- scope
-
The wrapper that contains the AWS accounts that are in scope for the assessment.
Note
You no longer need to specify which AWS services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant AWS services.
If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct AWS services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.
Type: Scope object
Required: Yes
-
The tags that are associated with the assessment.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Key Pattern:
^(?!aws:)[a-zA-Z+-=._:/]+$Value Length Constraints: Minimum length of 0. Maximum length of 256.
Value Pattern:
.{0,255}Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"assessment": {
"arn": "string",
"awsAccount": {
"emailAddress": "string",
"id": "string",
"name": "string"
},
"framework": {
"arn": "string",
"controlSets": [
{
"controls": [
{
"assessmentReportEvidenceCount": number,
"comments": [
{
"authorName": "string",
"commentBody": "string",
"postedDate": number
}
],
"description": "string",
"evidenceCount": number,
"evidenceSources": [ "string" ],
"id": "string",
"name": "string",
"response": "string",
"status": "string"
}
],
"delegations": [
{
"assessmentId": "string",
"assessmentName": "string",
"comment": "string",
"controlSetId": "string",
"createdBy": "string",
"creationTime": number,
"id": "string",
"lastUpdated": number,
"roleArn": "string",
"roleType": "string",
"status": "string"
}
],
"description": "string",
"id": "string",
"manualEvidenceCount": number,
"roles": [
{
"roleArn": "string",
"roleType": "string"
}
],
"status": "string",
"systemEvidenceCount": number
}
],
"id": "string",
"metadata": {
"complianceType": "string",
"description": "string",
"logo": "string",
"name": "string"
}
},
"metadata": {
"assessmentReportsDestination": {
"destination": "string",
"destinationType": "string"
},
"complianceType": "string",
"creationTime": number,
"delegations": [
{
"assessmentId": "string",
"assessmentName": "string",
"comment": "string",
"controlSetId": "string",
"createdBy": "string",
"creationTime": number,
"id": "string",
"lastUpdated": number,
"roleArn": "string",
"roleType": "string",
"status": "string"
}
],
"description": "string",
"id": "string",
"lastUpdated": number,
"name": "string",
"roles": [
{
"roleArn": "string",
"roleType": "string"
}
],
"scope": {
"awsAccounts": [
{
"emailAddress": "string",
"id": "string",
"name": "string"
}
],
"awsServices": [
{
"serviceName": "string"
}
]
},
"status": "string"
},
"tags": {
"string" : "string"
}
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- assessment
-
An entity that defines the scope of audit evidence collected by AWS Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.
Type: Assessment object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.
HTTP Status Code: 403
- InternalServerException
-
An internal service error occurred during the processing of your request. Try again later.
HTTP Status Code: 500
- ResourceNotFoundException
-
The resource that's specified in the request can't be found.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for AWS Audit Manager.
HTTP Status Code: 402
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 429
- ValidationException
-
The request has invalid or missing parameters.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
