AWS Audit Manager

2021/04/05 - AWS Audit Manager - 1 updated api methods

Changes  AWS Audit Manager has updated the GetAssessment API operation to include a new response field called userRole. The userRole field indicates the role information and IAM ARN of the API caller.

GetAssessment (updated) Link ΒΆ
Changes (response)
{'userRole': {'roleArn': 'string',
              'roleType': 'PROCESS_OWNER | RESOURCE_OWNER'}}

Returns an assessment from AWS Audit Manager.

See also: AWS API Documentation

Request Syntax

client.get_assessment(
    assessmentId='string'
)
type assessmentId

string

param assessmentId

[REQUIRED]

The identifier for the specified assessment.

rtype

dict

returns

Response Syntax

{
    'assessment': {
        'arn': 'string',
        'awsAccount': {
            'id': 'string',
            'emailAddress': 'string',
            'name': 'string'
        },
        'metadata': {
            'name': 'string',
            'id': 'string',
            'description': 'string',
            'complianceType': 'string',
            'status': 'ACTIVE'|'INACTIVE',
            'assessmentReportsDestination': {
                'destinationType': 'S3',
                'destination': 'string'
            },
            'scope': {
                'awsAccounts': [
                    {
                        'id': 'string',
                        'emailAddress': 'string',
                        'name': 'string'
                    },
                ],
                'awsServices': [
                    {
                        'serviceName': 'string'
                    },
                ]
            },
            'roles': [
                {
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'roleArn': 'string'
                },
            ],
            'delegations': [
                {
                    'id': 'string',
                    'assessmentName': 'string',
                    'assessmentId': 'string',
                    'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                    'roleArn': 'string',
                    'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdated': datetime(2015, 1, 1),
                    'controlSetId': 'string',
                    'comment': 'string',
                    'createdBy': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdated': datetime(2015, 1, 1)
        },
        'framework': {
            'id': 'string',
            'arn': 'string',
            'metadata': {
                'name': 'string',
                'description': 'string',
                'logo': 'string',
                'complianceType': 'string'
            },
            'controlSets': [
                {
                    'id': 'string',
                    'description': 'string',
                    'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
                    'roles': [
                        {
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'roleArn': 'string'
                        },
                    ],
                    'controls': [
                        {
                            'id': 'string',
                            'name': 'string',
                            'description': 'string',
                            'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
                            'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
                            'comments': [
                                {
                                    'authorName': 'string',
                                    'commentBody': 'string',
                                    'postedDate': datetime(2015, 1, 1)
                                },
                            ],
                            'evidenceSources': [
                                'string',
                            ],
                            'evidenceCount': 123,
                            'assessmentReportEvidenceCount': 123
                        },
                    ],
                    'delegations': [
                        {
                            'id': 'string',
                            'assessmentName': 'string',
                            'assessmentId': 'string',
                            'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
                            'roleArn': 'string',
                            'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
                            'creationTime': datetime(2015, 1, 1),
                            'lastUpdated': datetime(2015, 1, 1),
                            'controlSetId': 'string',
                            'comment': 'string',
                            'createdBy': 'string'
                        },
                    ],
                    'systemEvidenceCount': 123,
                    'manualEvidenceCount': 123
                },
            ]
        },
        'tags': {
            'string': 'string'
        }
    },
    'userRole': {
        'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
        'roleArn': 'string'
    }
}

Response Structure

  • (dict) --

    • assessment (dict) --

      An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

      • arn (string) --

        The Amazon Resource Name (ARN) of the assessment.

      • awsAccount (dict) --

        The AWS account associated with the assessment.

        • id (string) --

          The identifier for the specified AWS account.

        • emailAddress (string) --

          The email address associated with the specified AWS account.

        • name (string) --

          The name of the specified AWS account.

      • metadata (dict) --

        The metadata for the specified assessment.

        • name (string) --

          The name of the assessment.

        • id (string) --

          The unique identifier for the assessment.

        • description (string) --

          The description of the assessment.

        • complianceType (string) --

          The name of a compliance standard related to the assessment, such as PCI-DSS.

        • status (string) --

          The overall status of the assessment.

        • assessmentReportsDestination (dict) --

          The destination in which evidence reports are stored for the specified assessment.

          • destinationType (string) --

            The destination type, such as Amazon S3.

          • destination (string) --

            The destination of the assessment report.

        • scope (dict) --

          The wrapper of AWS accounts and services in scope for the assessment.

          • awsAccounts (list) --

            The AWS accounts included in the scope of the assessment.

            • (dict) --

              The wrapper of AWS account details, such as account ID, email address, and so on.

              • id (string) --

                The identifier for the specified AWS account.

              • emailAddress (string) --

                The email address associated with the specified AWS account.

              • name (string) --

                The name of the specified AWS account.

          • awsServices (list) --

            The AWS services included in the scope of the assessment.

            • (dict) --

              An AWS service such as Amazon S3, AWS CloudTrail, and so on.

              • serviceName (string) --

                The name of the AWS service.

        • roles (list) --

          The roles associated with the assessment.

          • (dict) --

            The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

        • delegations (list) --

          The delegations associated with the assessment.

          • (dict) --

            The assignment of a control set to a delegate for review.

            • id (string) --

              The unique identifier for the delegation.

            • assessmentName (string) --

              The name of the associated assessment.

            • assessmentId (string) --

              The identifier for the associated assessment.

            • status (string) --

              The status of the delegation.

            • roleArn (string) --

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType (string) --

              The type of customer persona.

              Note

              In CreateAssessment , roleType can only be PROCESS_OWNER .

              In UpdateSettings , roleType can only be PROCESS_OWNER .

              In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

            • creationTime (datetime) --

              Specifies when the delegation was created.

            • lastUpdated (datetime) --

              Specifies when the delegation was last updated.

            • controlSetId (string) --

              The identifier for the associated control set.

            • comment (string) --

              The comment related to the delegation.

            • createdBy (string) --

              The IAM user or role that created the delegation.

        • creationTime (datetime) --

          Specifies when the assessment was created.

        • lastUpdated (datetime) --

          The time of the most recent update.

      • framework (dict) --

        The framework from which the assessment was created.

        • id (string) --

          The unique identifier for the framework.

        • arn (string) --

          The Amazon Resource Name (ARN) of the specified framework.

        • metadata (dict) --

          The metadata of a framework, such as the name, ID, description, and so on.

          • name (string) --

            The name of the framework.

          • description (string) --

            The description of the framework.

          • logo (string) --

            The logo associated with the framework.

          • complianceType (string) --

            The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

        • controlSets (list) --

          The control sets associated with the framework.

          • (dict) --

            Represents a set of controls in an AWS Audit Manager assessment.

            • id (string) --

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description (string) --

              The description for the control set.

            • status (string) --

              Specifies the current status of the control set.

            • roles (list) --

              The roles associated with the control set.

              • (dict) --

                The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

            • controls (list) --

              The list of controls contained with the control set.

              • (dict) --

                The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

                • id (string) --

                  The identifier for the specified control.

                • name (string) --

                  The name of the specified control.

                • description (string) --

                  The description of the specified control.

                • status (string) --

                  The status of the specified control.

                • response (string) --

                  The response of the specified control.

                • comments (list) --

                  The list of comments attached to the specified control.

                  • (dict) --

                    A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.

                    • authorName (string) --

                      The name of the user who authored the comment.

                    • commentBody (string) --

                      The body text of a control comment.

                    • postedDate (datetime) --

                      The time when the comment was posted.

                • evidenceSources (list) --

                  The list of data sources for the specified evidence.

                  • (string) --

                • evidenceCount (integer) --

                  The amount of evidence generated for the control.

                • assessmentReportEvidenceCount (integer) --

                  The amount of evidence in the assessment report.

            • delegations (list) --

              The delegations associated with the control set.

              • (dict) --

                The assignment of a control set to a delegate for review.

                • id (string) --

                  The unique identifier for the delegation.

                • assessmentName (string) --

                  The name of the associated assessment.

                • assessmentId (string) --

                  The identifier for the associated assessment.

                • status (string) --

                  The status of the delegation.

                • roleArn (string) --

                  The Amazon Resource Name (ARN) of the IAM role.

                • roleType (string) --

                  The type of customer persona.

                  Note

                  In CreateAssessment , roleType can only be PROCESS_OWNER .

                  In UpdateSettings , roleType can only be PROCESS_OWNER .

                  In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

                • creationTime (datetime) --

                  Specifies when the delegation was created.

                • lastUpdated (datetime) --

                  Specifies when the delegation was last updated.

                • controlSetId (string) --

                  The identifier for the associated control set.

                • comment (string) --

                  The comment related to the delegation.

                • createdBy (string) --

                  The IAM user or role that created the delegation.

            • systemEvidenceCount (integer) --

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount (integer) --

              The total number of evidence objects uploaded manually to the control set.

      • tags (dict) --

        The tags associated with the assessment.

        • (string) --

          • (string) --

    • userRole (dict) --

      The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).

      • roleType (string) --

        The type of customer persona.

        Note

        In CreateAssessment , roleType can only be PROCESS_OWNER .

        In UpdateSettings , roleType can only be PROCESS_OWNER .

        In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

      • roleArn (string) --

        The Amazon Resource Name (ARN) of the IAM role.