2021/04/05 - AWS Audit Manager - 1 updated api methods
Changes AWS Audit Manager has updated the GetAssessment API operation to include a new response field called userRole. The userRole field indicates the role information and IAM ARN of the API caller.
{'userRole': {'roleArn': 'string', 'roleType': 'PROCESS_OWNER | RESOURCE_OWNER'}}
Returns an assessment from AWS Audit Manager.
See also: AWS API Documentation
Request Syntax
client.get_assessment( assessmentId='string' )
string
[REQUIRED]
The identifier for the specified assessment.
dict
Response Syntax
{ 'assessment': { 'arn': 'string', 'awsAccount': { 'id': 'string', 'emailAddress': 'string', 'name': 'string' }, 'metadata': { 'name': 'string', 'id': 'string', 'description': 'string', 'complianceType': 'string', 'status': 'ACTIVE'|'INACTIVE', 'assessmentReportsDestination': { 'destinationType': 'S3', 'destination': 'string' }, 'scope': { 'awsAccounts': [ { 'id': 'string', 'emailAddress': 'string', 'name': 'string' }, ], 'awsServices': [ { 'serviceName': 'string' }, ] }, 'roles': [ { 'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER', 'roleArn': 'string' }, ], 'delegations': [ { 'id': 'string', 'assessmentName': 'string', 'assessmentId': 'string', 'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE', 'roleArn': 'string', 'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER', 'creationTime': datetime(2015, 1, 1), 'lastUpdated': datetime(2015, 1, 1), 'controlSetId': 'string', 'comment': 'string', 'createdBy': 'string' }, ], 'creationTime': datetime(2015, 1, 1), 'lastUpdated': datetime(2015, 1, 1) }, 'framework': { 'id': 'string', 'arn': 'string', 'metadata': { 'name': 'string', 'description': 'string', 'logo': 'string', 'complianceType': 'string' }, 'controlSets': [ { 'id': 'string', 'description': 'string', 'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED', 'roles': [ { 'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER', 'roleArn': 'string' }, ], 'controls': [ { 'id': 'string', 'name': 'string', 'description': 'string', 'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE', 'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE', 'comments': [ { 'authorName': 'string', 'commentBody': 'string', 'postedDate': datetime(2015, 1, 1) }, ], 'evidenceSources': [ 'string', ], 'evidenceCount': 123, 'assessmentReportEvidenceCount': 123 }, ], 'delegations': [ { 'id': 'string', 'assessmentName': 'string', 'assessmentId': 'string', 'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE', 'roleArn': 'string', 'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER', 'creationTime': datetime(2015, 1, 1), 'lastUpdated': datetime(2015, 1, 1), 'controlSetId': 'string', 'comment': 'string', 'createdBy': 'string' }, ], 'systemEvidenceCount': 123, 'manualEvidenceCount': 123 }, ] }, 'tags': { 'string': 'string' } }, 'userRole': { 'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER', 'roleArn': 'string' } }
Response Structure
(dict) --
assessment (dict) --
An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.
arn (string) --
The Amazon Resource Name (ARN) of the assessment.
awsAccount (dict) --
The AWS account associated with the assessment.
id (string) --
The identifier for the specified AWS account.
emailAddress (string) --
The email address associated with the specified AWS account.
name (string) --
The name of the specified AWS account.
metadata (dict) --
The metadata for the specified assessment.
name (string) --
The name of the assessment.
id (string) --
The unique identifier for the assessment.
description (string) --
The description of the assessment.
complianceType (string) --
The name of a compliance standard related to the assessment, such as PCI-DSS.
status (string) --
The overall status of the assessment.
assessmentReportsDestination (dict) --
The destination in which evidence reports are stored for the specified assessment.
destinationType (string) --
The destination type, such as Amazon S3.
destination (string) --
The destination of the assessment report.
scope (dict) --
The wrapper of AWS accounts and services in scope for the assessment.
awsAccounts (list) --
The AWS accounts included in the scope of the assessment.
(dict) --
The wrapper of AWS account details, such as account ID, email address, and so on.
id (string) --
The identifier for the specified AWS account.
emailAddress (string) --
The email address associated with the specified AWS account.
name (string) --
The name of the specified AWS account.
awsServices (list) --
The AWS services included in the scope of the assessment.
(dict) --
An AWS service such as Amazon S3, AWS CloudTrail, and so on.
serviceName (string) --
The name of the AWS service.
roles (list) --
The roles associated with the assessment.
(dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
delegations (list) --
The delegations associated with the assessment.
(dict) --
The assignment of a control set to a delegate for review.
id (string) --
The unique identifier for the delegation.
assessmentName (string) --
The name of the associated assessment.
assessmentId (string) --
The identifier for the associated assessment.
status (string) --
The status of the delegation.
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
creationTime (datetime) --
Specifies when the delegation was created.
lastUpdated (datetime) --
Specifies when the delegation was last updated.
controlSetId (string) --
The identifier for the associated control set.
comment (string) --
The comment related to the delegation.
createdBy (string) --
The IAM user or role that created the delegation.
creationTime (datetime) --
Specifies when the assessment was created.
lastUpdated (datetime) --
The time of the most recent update.
framework (dict) --
The framework from which the assessment was created.
id (string) --
The unique identifier for the framework.
arn (string) --
The Amazon Resource Name (ARN) of the specified framework.
metadata (dict) --
The metadata of a framework, such as the name, ID, description, and so on.
name (string) --
The name of the framework.
description (string) --
The description of the framework.
logo (string) --
The logo associated with the framework.
complianceType (string) --
The compliance standard associated with the framework, such as PCI-DSS or HIPAA.
controlSets (list) --
The control sets associated with the framework.
(dict) --
Represents a set of controls in an AWS Audit Manager assessment.
id (string) --
The identifier of the control set in the assessment. This is the control set name in a plain string format.
description (string) --
The description for the control set.
status (string) --
Specifies the current status of the control set.
roles (list) --
The roles associated with the control set.
(dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
controls (list) --
The list of controls contained with the control set.
(dict) --
The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.
id (string) --
The identifier for the specified control.
name (string) --
The name of the specified control.
description (string) --
The description of the specified control.
status (string) --
The status of the specified control.
response (string) --
The response of the specified control.
comments (list) --
The list of comments attached to the specified control.
(dict) --
A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
authorName (string) --
The name of the user who authored the comment.
commentBody (string) --
The body text of a control comment.
postedDate (datetime) --
The time when the comment was posted.
evidenceSources (list) --
The list of data sources for the specified evidence.
(string) --
evidenceCount (integer) --
The amount of evidence generated for the control.
assessmentReportEvidenceCount (integer) --
The amount of evidence in the assessment report.
delegations (list) --
The delegations associated with the control set.
(dict) --
The assignment of a control set to a delegate for review.
id (string) --
The unique identifier for the delegation.
assessmentName (string) --
The name of the associated assessment.
assessmentId (string) --
The identifier for the associated assessment.
status (string) --
The status of the delegation.
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
creationTime (datetime) --
Specifies when the delegation was created.
lastUpdated (datetime) --
Specifies when the delegation was last updated.
controlSetId (string) --
The identifier for the associated control set.
comment (string) --
The comment related to the delegation.
createdBy (string) --
The IAM user or role that created the delegation.
systemEvidenceCount (integer) --
The total number of evidence objects retrieved automatically for the control set.
manualEvidenceCount (integer) --
The total number of evidence objects uploaded manually to the control set.
tags (dict) --
The tags associated with the assessment.
(string) --
(string) --
userRole (dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.