Module types

Data structures used by operation inputs/outputs.

Modules

builders

Builders

error

Error types that AWS Audit Manager can respond with.

Structs

Assessment

An entity that defines the scope of audit evidence collected by Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.

AssessmentControl

The control entity that represents a standard control or a custom control in an Audit Manager assessment.

AssessmentControlSet

Represents a set of controls in an Audit Manager assessment.

AssessmentEvidenceFolder

The folder where Audit Manager stores evidence for an assessment.

AssessmentFramework

The file used to structure and automate Audit Manager assessments for a given compliance standard.

AssessmentFrameworkMetadata

The metadata that's associated with a standard framework or a custom framework.

AssessmentFrameworkShareRequest

Represents a share request for a custom framework in Audit Manager.

AssessmentMetadata

The metadata that's associated with the specified assessment.

AssessmentMetadataItem

A metadata object that's associated with an assessment in Audit Manager.

AssessmentReport

A finalized document that's generated from an Audit Manager assessment. These reports summarize the relevant evidence that was collected for your audit, and link to the relevant evidence folders. These evidence folders are named and organized according to the controls that are specified in your assessment.

AssessmentReportEvidenceError

An error entity for assessment report evidence errors. This is used to provide more meaningful errors than a simple string message.

AssessmentReportMetadata

The metadata objects that are associated with the specified assessment report.

AssessmentReportsDestination

The location where Audit Manager saves assessment reports for the given assessment.

AwsAccount

The wrapper of Amazon Web Services account details, such as account ID or email address.

AwsService

An Amazon Web Services service such as Amazon S3 or CloudTrail.

For an example of how to find an Amazon Web Services service name and how to define it in your assessment scope, see the following:

• Finding an Amazon Web Services service name to use in your assessment scope

• Defining an Amazon Web Services service name in your assessment scope

BatchCreateDelegationByAssessmentError

An error entity for the BatchCreateDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.

BatchDeleteDelegationByAssessmentError

An error entity for the BatchDeleteDelegationByAssessment API. This is used to provide more meaningful errors than a simple string message.

BatchImportEvidenceToAssessmentControlError

An error entity for the BatchImportEvidenceToAssessmentControl API. This is used to provide more meaningful errors than a simple string message.

ChangeLog

The record of a change within Audit Manager. For example, this could be the status change of an assessment or the delegation of a control set.

Control

A control in Audit Manager.

ControlComment

A comment that's posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

ControlDomainInsights

A summary of the latest analytics data for a specific control domain.

Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

ControlInsightsMetadataByAssessmentItem

A summary of the latest analytics data for a specific control in a specific active assessment.

Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

ControlInsightsMetadataItem

A summary of the latest analytics data for a specific control.

This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.

ControlMappingSource

The data source that determines where Audit Manager collects evidence from for the control.

ControlMetadata

The metadata that's associated with the standard control or custom control.

ControlSet

A set of controls in Audit Manager.

CreateAssessmentFrameworkControl

The control entity attributes that uniquely identify an existing control to be added to a framework in Audit Manager.

CreateAssessmentFrameworkControlSet

A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.

CreateControlMappingSource

The mapping attributes that determine the evidence source for a given control, along with related parameters and metadata. This doesn't contain mappingID.

CreateDelegationRequest

A collection of attributes that's used to create a delegation for an assessment in Audit Manager.

DefaultExportDestination

The default s3 bucket where Audit Manager saves the files that you export from evidence finder.

Delegation

The assignment of a control set to a delegate for review.

DelegationMetadata

The metadata that's associated with the delegation.

DeregistrationPolicy

The deregistration policy for the data that's stored in Audit Manager. You can use this attribute to determine how your data is handled when you deregister Audit Manager.

By default, Audit Manager retains evidence data for two years from the time of its creation. Other Audit Manager resources (including assessments, custom controls, and custom frameworks) remain in Audit Manager indefinitely, and are available if you re-register Audit Manager in the future. For more information about data retention, see Data Protection in the Audit Manager User Guide.

If you choose to delete all data, this action permanently deletes all evidence data in your account within seven days. It also deletes all of the Audit Manager resources that you created, including assessments, custom controls, and custom frameworks. Your data will not be available if you re-register Audit Manager in the future.

Evidence

A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity invoked by a user, or a system configuration snapshot.

EvidenceFinderEnablement

The settings object that specifies whether evidence finder is enabled. This object also describes the related event data store, and the backfill status for populating the event data store with evidence data.

EvidenceInsights

A breakdown of the latest compliance check status for the evidence in your Audit Manager assessments.

Framework

The file that's used to structure and automate Audit Manager assessments for a given compliance standard.

FrameworkMetadata

The metadata of a framework, such as the name, ID, or description.

Insights

A summary of the latest analytics data for all your active assessments.

This summary is a snapshot of the data that your active assessments collected on the lastUpdated date. It’s important to understand that the following totals are daily counts based on this date — they aren’t a total sum to date.

The Insights data is eventually consistent. This means that, when you read data from Insights, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response should return the latest data.

If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.

• Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the InsightsByAssessment counts for that day.

• Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the InsightsByAssessment counts for that day.

InsightsByAssessment

A summary of the latest analytics data for a specific active assessment.

This summary is a snapshot of the data that was collected on the lastUpdated date. It’s important to understand that the totals in InsightsByAssessment are daily counts based on this date — they aren’t a total sum to date.

The InsightsByAssessment data is eventually consistent. This means that when you read data from InsightsByAssessment, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response returns the latest data.

If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.

• Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the InsightsByAssessment counts for that day.

• Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the InsightsByAssessment counts for that day.

ManualEvidence

Evidence that's manually added to a control in Audit Manager. manualEvidence can be one of the following: evidenceFileName, s3ResourcePath, or textResponse.

Notification

The notification that informs a user of an update in Audit Manager. For example, this includes the notification that's sent when a control set is delegated for review.

Resource

A system asset that's evaluated in an Audit Manager assessment.

Role

The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN).

Scope

The wrapper that contains the Amazon Web Services accounts that are in scope for the assessment.

You no longer need to specify which Amazon Web Services services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services services.

If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.

ServiceMetadata

The metadata that's associated with the Amazon Web Services service.

Settings

The settings object that holds all supported Audit Manager settings.

SourceKeyword

A keyword that relates to the control data source.

For manual evidence, this keyword indicates if the manual evidence is a file or text.

For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.

To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:

• Config rules supported by Audit Manager

• Security Hub controls supported by Audit Manager

• API calls supported by Audit Manager

• CloudTrail event names supported by Audit Manager

UpdateAssessmentFrameworkControlSet

A controlSet entity that represents a collection of controls in Audit Manager. This doesn't contain the control set ID.

Url

Short for uniform resource locator. A URL is used as a unique identifier to locate a resource on the internet.

ValidationExceptionField

Indicates that the request has invalid or missing parameters for the field.

Enums

AccountStatus

When writing a match expression against AccountStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ActionEnum

When writing a match expression against ActionEnum, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

AssessmentReportDestinationType

When writing a match expression against AssessmentReportDestinationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

AssessmentReportStatus

When writing a match expression against AssessmentReportStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

AssessmentStatus

When writing a match expression against AssessmentStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlResponse

When writing a match expression against ControlResponse, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlSetStatus

When writing a match expression against ControlSetStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlState

When writing a match expression against ControlState, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlStatus

When writing a match expression against ControlStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ControlType

When writing a match expression against ControlType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DataSourceType

When writing a match expression against DataSourceType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DelegationStatus

When writing a match expression against DelegationStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

DeleteResources

When writing a match expression against DeleteResources, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EvidenceFinderBackfillStatus

When writing a match expression against EvidenceFinderBackfillStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

EvidenceFinderEnablementStatus

When writing a match expression against EvidenceFinderEnablementStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ExportDestinationType

When writing a match expression against ExportDestinationType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

FrameworkType

When writing a match expression against FrameworkType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

KeywordInputType

When writing a match expression against KeywordInputType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ObjectTypeEnum

When writing a match expression against ObjectTypeEnum, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

RoleType

When writing a match expression against RoleType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SettingAttribute

When writing a match expression against SettingAttribute, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ShareRequestAction

When writing a match expression against ShareRequestAction, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ShareRequestStatus

When writing a match expression against ShareRequestStatus, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ShareRequestType

When writing a match expression against ShareRequestType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SourceFrequency

When writing a match expression against SourceFrequency, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SourceSetUpOption

When writing a match expression against SourceSetUpOption, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

SourceType

When writing a match expression against SourceType, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.

ValidationExceptionReason

When writing a match expression against ValidationExceptionReason, it is important to ensure your code is forward-compatible. That is, if a match arm handles a case for a feature that is supported by the service but has not been represented as an enum variant in a current version of SDK, your code should continue to work when you upgrade SDK to a future version in which the enum does include a variant for that feature.