integrations.sh
← all integrations

amazonaws.com – auditmanager

OpenAPI apis-guru cloud

Welcome to the Audit Manager API reference. This guide is for developers who need detailed information about the Audit Manager API operations, data types, and errors.

Audit Manager is a service that provides automated evidence collection so that you can continually audit your Amazon Web Services usage. You can use it to assess the effectiveness of your controls, manage risk, and simplify compliance.

Audit Manager provides prebuilt frameworks that structure and automate assessments for a given compliance standard. Frameworks include a prebuilt collection of controls with descriptions and testing procedures. These controls are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with specific requirements.

Use the following links to get started with the Audit Manager API:

  • : An alphabetical list of all Audit Manager API operations.

  • : An alphabetical list of all Audit Manager data types.

  • : Parameters that all operations can use.

  • : Client and server errors that all operations can return.

If you're new to Audit Manager, we recommend that you review the .

Homepage
https://api.apis.guru/v2/specs/amazonaws.com:auditmanager/2017-07-25.json
Provider
amazonaws.com:auditmanager / auditmanager
OpenAPI version
3.0.0
Spec (JSON)
https://api.apis.guru/v2/specs/amazonaws.com/auditmanager/2017-07-25/openapi.json
Spec (YAML)
https://api.apis.guru/v2/specs/amazonaws.com/auditmanager/2017-07-25/openapi.yaml

Tools (63)

Extracted live via the executor SDK.

  • account.deregisterAccount

    Deregisters an account in Audit Manager.

    Before you deregister, you can use the API operation to set your preferred data retention policy. By default, Audit Manager retains your data. If you want to delete your data, you can use the DeregistrationPolicy attribute to request the deletion of your data.

    For more information about data retention, see in the Audit Manager User Guide.

  • account.deregisterOrganizationAdminAccount

    Removes the specified Amazon Web Services account as a delegated administrator for Audit Manager.

    When you remove a delegated administrator from your Audit Manager settings, you continue to have access to the evidence that you previously collected under that account. This is also the case when you deregister a delegated administrator from Organizations. However, Audit Manager stops collecting and attaching evidence to that delegated administrator account moving forward.

    Keep in mind the following cleanup task if you use evidence finder:

    Before you use your management account to remove a delegated administrator, make sure that the current delegated administrator account signs in to Audit Manager and disables evidence finder first. Disabling evidence finder automatically deletes the event data store that was created in their account when they enabled evidence finder. If this task isn’t completed, the event data store remains in their account. In this case, we recommend that the original delegated administrator goes to CloudTrail Lake and manually .

    This cleanup task is necessary to ensure that you don't end up with multiple event data stores. Audit Manager ignores an unused event data store after you remove or change a delegated administrator account. However, the unused event data store continues to incur storage costs from CloudTrail Lake if you don't delete it.

    When you deregister a delegated administrator account for Audit Manager, the data for that account isn’t deleted. If you want to delete resource data for a delegated administrator account, you must perform that task separately before you deregister the account. Either, you can do this in the Audit Manager console. Or, you can use one of the delete API operations that are provided by Audit Manager.

    To delete your Audit Manager resource data, see the following instructions:

    • (see also: in the Audit Manager User Guide)

    • (see also: in the Audit Manager User Guide)

    • (see also: in the Audit Manager User Guide)

    • (see also: in the Audit Manager User Guide)

    • (see also: in the Audit Manager User Guide)

    At this time, Audit Manager doesn't provide an option to delete evidence for a specific delegated administrator. Instead, when your management account deregisters Audit Manager, we perform a cleanup for the current delegated administrator account at the time of deregistration.

  • account.getAccountStatus

    Returns the registration status of an account in Audit Manager.

  • account.getOrganizationAdminAccount

    Returns the name of the delegated Amazon Web Services administrator account for the organization.

  • account.registerAccount

    Enables Audit Manager for the specified Amazon Web Services account.

  • account.registerOrganizationAdminAccount

    Enables an Amazon Web Services account within the organization as the delegated administrator for Audit Manager.

  • assessmentFrameworks.createAssessmentFramework

    Creates a custom framework in Audit Manager.

  • assessmentFrameworks.deleteAssessmentFramework

    Deletes a custom framework in Audit Manager.

  • assessmentFrameworks.getAssessmentFramework

    Returns a framework from Audit Manager.

  • assessmentFrameworks.startAssessmentFrameworkShare

    Creates a share request for a custom framework in Audit Manager.

    The share request specifies a recipient and notifies them that a custom framework is available. Recipients have 120 days to accept or decline the request. If no action is taken, the share request expires.

    When you create a share request, Audit Manager stores a snapshot of your custom framework in the US East (N. Virginia) Amazon Web Services Region. Audit Manager also stores a backup of the same snapshot in the US West (Oregon) Amazon Web Services Region.

    Audit Manager deletes the snapshot and the backup snapshot when one of the following events occurs:

    • The sender revokes the share request.

    • The recipient declines the share request.

    • The recipient encounters an error and doesn't successfully accept the share request.

    • The share request expires before the recipient responds to the request.

    When a sender , the snapshot is replaced with an updated version that corresponds with the latest version of the custom framework.

    When a recipient accepts a share request, the snapshot is replicated into their Amazon Web Services account under the Amazon Web Services Region that was specified in the share request.

    When you invoke the StartAssessmentFrameworkShare API, you are about to share a custom framework with another Amazon Web Services account. You may not share a custom framework that is derived from a standard framework if the standard framework is designated as not eligible for sharing by Amazon Web Services, unless you have obtained permission to do so from the owner of the standard framework. To learn more about which standard frameworks are eligible for sharing, see in the Audit Manager User Guide.

  • assessmentFrameworks.updateAssessmentFramework

    Updates a custom framework in Audit Manager.

  • assessmentFrameworksFrameworkType.listAssessmentFrameworks

    Returns a list of the frameworks that are available in the Audit Manager framework library.

  • assessmentFrameworkShareRequests.deleteAssessmentFrameworkShare

    Deletes a share request for a custom framework in Audit Manager.

  • assessmentFrameworkShareRequests.updateAssessmentFrameworkShare

    Updates a share request for a custom framework in Audit Manager.

  • assessmentFrameworkShareRequestsRequestType.listAssessmentFrameworkShareRequests

    Returns a list of sent or received share requests for custom frameworks in Audit Manager.

  • assessmentReports.listAssessmentReports

    Returns a list of assessment reports created in Audit Manager.

  • assessmentReports.validateAssessmentReportIntegrity

    Validates the integrity of an assessment report in Audit Manager.

  • assessments.associateAssessmentReportEvidenceFolder

    Associates an evidence folder to an assessment report in an Audit Manager assessment.

  • assessments.batchAssociateAssessmentReportEvidence

    Associates a list of evidence to an assessment report in an Audit Manager assessment.

  • assessments.batchCreateDelegationByAssessment

    Creates a batch of delegations for an assessment in Audit Manager.

  • assessments.batchDeleteDelegationByAssessment

    Deletes a batch of delegations for an assessment in Audit Manager.

  • assessments.batchDisassociateAssessmentReportEvidence

    Disassociates a list of evidence from an assessment report in Audit Manager.

  • assessments.batchImportEvidenceToAssessmentControl

    Uploads one or more pieces of evidence to a control in an Audit Manager assessment. You can upload manual evidence from any Amazon Simple Storage Service (Amazon S3) bucket by specifying the S3 URI of the evidence.

    You must upload manual evidence to your S3 bucket before you can upload it to your assessment. For instructions, see and in the Amazon Simple Storage Service API Reference.

    The following restrictions apply to this action:

    • Maximum size of an individual evidence file: 100 MB

    • Number of daily manual evidence uploads per control: 100

    • Supported file formats: See in the Audit Manager User Guide

    For more information about Audit Manager service restrictions, see .

  • assessments.createAssessment

    Creates an assessment in Audit Manager.

  • assessments.createAssessmentReport

    Creates an assessment report for the specified assessment.

  • assessments.deleteAssessment

    Deletes an assessment in Audit Manager.

  • assessments.deleteAssessmentReport

    Deletes an assessment report in Audit Manager.

    When you run the DeleteAssessmentReport operation, Audit Manager attempts to delete the following data:

    1. The specified assessment report that’s stored in your S3 bucket

    2. The associated metadata that’s stored in Audit Manager

    If Audit Manager can’t access the assessment report in your S3 bucket, the report isn’t deleted. In this event, the DeleteAssessmentReport operation doesn’t fail. Instead, it proceeds to delete the associated metadata only. You must then delete the assessment report from the S3 bucket yourself.

    This scenario happens when Audit Manager receives a 403 (Forbidden) or 404 (Not Found) error from Amazon S3. To avoid this, make sure that your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that you can use, see in the Audit Manager User Guide. For information about the issues that could cause a 403 (Forbidden) or 404 (Not Found) error from Amazon S3, see in the Amazon Simple Storage Service API Reference.

  • assessments.disassociateAssessmentReportEvidenceFolder

    Disassociates an evidence folder from the specified assessment report in Audit Manager.

  • assessments.getAssessment

    Returns an assessment from Audit Manager.

  • assessments.getAssessmentReportUrl

    Returns the URL of an assessment report in Audit Manager.

  • assessments.getChangeLogs

    Returns a list of changelogs from Audit Manager.

  • assessments.getEvidence

    Returns evidence from Audit Manager.

  • assessments.getEvidenceByEvidenceFolder

    Returns all evidence from a specified evidence folder in Audit Manager.

  • assessments.getEvidenceFolder

    Returns an evidence folder from the specified assessment in Audit Manager.

  • assessments.getEvidenceFoldersByAssessment

    Returns the evidence folders from a specified assessment in Audit Manager.

  • assessments.getEvidenceFoldersByAssessmentControl

    Returns a list of evidence folders that are associated with a specified control in an Audit Manager assessment.

  • assessments.listAssessments

    Returns a list of current and past assessments from Audit Manager.

  • assessments.updateAssessment

    Edits an Audit Manager assessment.

  • assessments.updateAssessmentControl

    Updates a control within an assessment in Audit Manager.

  • assessments.updateAssessmentControlSetStatus

    Updates the status of a control set in an Audit Manager assessment.

  • assessments.updateAssessmentStatus

    Updates the status of an assessment in Audit Manager.

  • controls.createControl

    Creates a new custom control in Audit Manager.

  • controls.deleteControl

    Deletes a custom control in Audit Manager.

  • controls.getControl

    Returns a control from Audit Manager.

  • controls.updateControl

    Updates a custom control in Audit Manager.

  • controlsControlType.listControls

    Returns a list of controls from Audit Manager.

  • dataSourceKeywordsSource.listKeywordsForDataSource

    Returns a list of keywords that are pre-mapped to the specified control data source.

  • delegations.getDelegations

    Returns a list of delegations from an audit owner to a delegate.

  • insights.getInsights

    Gets the latest analytics data for all your current active assessments.

  • insights.getInsightsByAssessment

    Gets the latest analytics data for a specific active assessment.

  • insights.listAssessmentControlInsightsByControlDomain

    Lists the latest analytics data for controls within a specific control domain and a specific active assessment.

    Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on the lastUpdated date of controlInsightsByAssessment. If neither of these conditions are met, no data is listed for that control.

  • insights.listControlDomainInsights

    Lists the latest analytics data for control domains across all of your active assessments.

    A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that control domain.

  • insights.listControlDomainInsightsByAssessment

    Lists analytics data for control domains within a specified active assessment.

    A control domain is listed only if at least one of the controls within that domain collected evidence on the lastUpdated date of controlDomainInsights. If this condition isn’t met, no data is listed for that domain.

  • insights.listControlInsightsByControlDomain

    Lists the latest analytics data for controls within a specific control domain across all active assessments.

    Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on the lastUpdated date of controlInsightsMetadata. If neither of these conditions are met, no data is listed for that control.

  • notifications.listNotifications

    Returns a list of all Audit Manager notifications.

  • services.getServicesInScope

    Returns a list of all of the Amazon Web Services that you can choose to include in your assessment. When you , specify which of these services you want to include to narrow the assessment's .

  • settings.getSettings

    Returns the settings for the specified Amazon Web Services account.

  • settings.updateSettings

    Updates Audit Manager settings for the current account.

  • tags.listTagsForResource

    Returns a list of tags for the specified resource in Audit Manager.

  • tags.tagResource

    Tags the specified resource in Audit Manager.

  • tags.untagResource

    Removes a tag from a resource in Audit Manager.

  • openapi.previewSpec

    Preview an OpenAPI document before adding it as a source

  • openapi.addSource

    Add an OpenAPI source and register its operations as tools