# Data Types The AWS Audit Manager API contains several data types that various actions use. This section describes each data type in detail. **Note** The order of each element in a data type structure is not guaranteed. Applications should not assume a particular order. The following data types are supported: + [Assessment](API_Assessment.md) + [AssessmentControl](API_AssessmentControl.md) + [AssessmentControlSet](API_AssessmentControlSet.md) + [AssessmentEvidenceFolder](API_AssessmentEvidenceFolder.md) + [AssessmentFramework](API_AssessmentFramework.md) + [AssessmentFrameworkMetadata](API_AssessmentFrameworkMetadata.md) + [AssessmentFrameworkShareRequest](API_AssessmentFrameworkShareRequest.md) + [AssessmentMetadata](API_AssessmentMetadata.md) + [AssessmentMetadataItem](API_AssessmentMetadataItem.md) + [AssessmentReport](API_AssessmentReport.md) + [AssessmentReportEvidenceError](API_AssessmentReportEvidenceError.md) + [AssessmentReportMetadata](API_AssessmentReportMetadata.md) + [AssessmentReportsDestination](API_AssessmentReportsDestination.md) + [AWSAccount](API_AWSAccount.md) + [AWSService](API_AWSService.md) + [BatchCreateDelegationByAssessmentError](API_BatchCreateDelegationByAssessmentError.md) + [BatchDeleteDelegationByAssessmentError](API_BatchDeleteDelegationByAssessmentError.md) + [BatchImportEvidenceToAssessmentControlError](API_BatchImportEvidenceToAssessmentControlError.md) + [ChangeLog](API_ChangeLog.md) + [Control](API_Control.md) + [ControlComment](API_ControlComment.md) + [ControlDomainInsights](API_ControlDomainInsights.md) + [ControlInsightsMetadataByAssessmentItem](API_ControlInsightsMetadataByAssessmentItem.md) + [ControlInsightsMetadataItem](API_ControlInsightsMetadataItem.md) + [ControlMappingSource](API_ControlMappingSource.md) + [ControlMetadata](API_ControlMetadata.md) + [ControlSet](API_ControlSet.md) + [CreateAssessmentFrameworkControl](API_CreateAssessmentFrameworkControl.md) + [CreateAssessmentFrameworkControlSet](API_CreateAssessmentFrameworkControlSet.md) + [CreateControlMappingSource](API_CreateControlMappingSource.md) + [CreateDelegationRequest](API_CreateDelegationRequest.md) + [DefaultExportDestination](API_DefaultExportDestination.md) + [Delegation](API_Delegation.md) + [DelegationMetadata](API_DelegationMetadata.md) + [DeregistrationPolicy](API_DeregistrationPolicy.md) + [Evidence](API_Evidence.md) + [EvidenceFinderEnablement](API_EvidenceFinderEnablement.md) + [EvidenceInsights](API_EvidenceInsights.md) + [Framework](API_Framework.md) + [FrameworkMetadata](API_FrameworkMetadata.md) + [Insights](API_Insights.md) + [InsightsByAssessment](API_InsightsByAssessment.md) + [ManualEvidence](API_ManualEvidence.md) + [Notification](API_Notification.md) + [Resource](API_Resource.md) + [Role](API_Role.md) + [Scope](API_Scope.md) + [ServiceMetadata](API_ServiceMetadata.md) + [Settings](API_Settings.md) + [SourceKeyword](API_SourceKeyword.md) + [UpdateAssessmentFrameworkControlSet](API_UpdateAssessmentFrameworkControlSet.md) + [URL](API_URL.md) + [ValidationExceptionField](API_ValidationExceptionField.md) # Assessment An entity that defines the scope of audit evidence collected by AWS Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework. ## Contents ** arn ** The Amazon Resource Name (ARN) of the assessment. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** awsAccount ** The AWS account that's associated with the assessment. Type: [AWSAccount](API_AWSAccount.md) object Required: No ** framework ** The framework that the assessment was created from. Type: [AssessmentFramework](API_AssessmentFramework.md) object Required: No ** metadata ** The metadata for the assessment. Type: [AssessmentMetadata](API_AssessmentMetadata.md) object Required: No ** tags ** The tags that are associated with the assessment. Type: String to string map Map Entries: Minimum number of 0 items. Maximum number of 50 items. Key Length Constraints: Minimum length of 1. Maximum length of 128. Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$` Value Length Constraints: Minimum length of 0. Maximum length of 256. Value Pattern: `.{0,255}` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Assessment) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Assessment) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Assessment) # AssessmentControl The control entity that represents a standard control or a custom control in an Audit Manager assessment. ## Contents ** assessmentReportEvidenceCount ** The amount of evidence in the assessment report. Type: Integer Required: No ** comments ** The list of comments that's attached to the control. Type: Array of [ControlComment](API_ControlComment.md) objects Required: No ** description ** *This member has been deprecated.* The description of the control. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** evidenceCount ** The amount of evidence that's collected for the control. Type: Integer Required: No ** evidenceSources ** The list of data sources for the evidence. Type: Array of strings Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** id ** The identifier for the control. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** name ** The name of the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** response ** The response of the control. Type: String Valid Values: `MANUAL | AUTOMATE | DEFER | IGNORE` Required: No ** status ** The status of the control. Type: String Valid Values: `UNDER_REVIEW | REVIEWED | INACTIVE` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentControl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentControl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentControl) # AssessmentControlSet Represents a set of controls in an Audit Manager assessment. ## Contents ** controls ** The list of controls that's contained with the control set. Type: Array of [AssessmentControl](API_AssessmentControl.md) objects Required: No ** delegations ** The delegations that are associated with the control set. Type: Array of [Delegation](API_Delegation.md) objects Required: No ** description ** The description for the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** id ** The identifier of the control set in the assessment. This is the control set name in a plain string format. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** manualEvidenceCount ** The total number of evidence objects that are uploaded manually to the control set. Type: Integer Required: No ** roles ** The roles that are associated with the control set. Type: Array of [Role](API_Role.md) objects Required: No ** status ** The current status of the control set. Type: String Valid Values: `ACTIVE | UNDER_REVIEW | REVIEWED` Required: No ** systemEvidenceCount ** The total number of evidence objects that are retrieved automatically for the control set. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentControlSet) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentControlSet) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentControlSet) # AssessmentEvidenceFolder The folder where AWS Audit Manager stores evidence for an assessment. ## Contents ** assessmentId ** The identifier for the assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentReportSelectionCount ** The total count of evidence that's included in the assessment report. Type: Integer Required: No ** author ** The name of the user who created the evidence folder. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** controlId ** The unique identifier for the control. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** controlName ** The name of the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** controlSetId ** The identifier for the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** dataSource ** The AWS service that the evidence was collected from. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** date ** The date when the first evidence was added to the evidence folder. Type: Timestamp Required: No ** evidenceAwsServiceSourceCount ** The total number of AWS resources that were assessed to generate the evidence. Type: Integer Required: No ** evidenceByTypeComplianceCheckCount ** The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub CSPM. Type: Integer Required: No ** evidenceByTypeComplianceCheckIssuesCount ** The total number of issues that were reported directly from AWS Security Hub CSPM, AWS Config, or both. Type: Integer Required: No ** evidenceByTypeConfigurationDataCount ** The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM. Type: Integer Required: No ** evidenceByTypeManualCount ** The number of evidence that falls under the manual category. This evidence is imported manually. Type: Integer Required: No ** evidenceByTypeUserActivityCount ** The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs. Type: Integer Required: No ** evidenceResourcesIncludedCount ** The amount of evidence that's included in the evidence folder. Type: Integer Required: No ** id ** The identifier for the folder that the evidence is stored in. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** name ** The name of the evidence folder. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** totalEvidence ** The total amount of evidence in the evidence folder. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentEvidenceFolder) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentEvidenceFolder) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentEvidenceFolder) # AssessmentFramework The file used to structure and automate AWS Audit Manager assessments for a given compliance standard. ## Contents ** arn ** The Amazon Resource Name (ARN) of the framework. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** controlSets ** The control sets that are associated with the framework. Type: Array of [AssessmentControlSet](API_AssessmentControlSet.md) objects Required: No ** id ** The unique identifier for the framework. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** metadata ** The metadata of a framework, such as the name, ID, or description. Type: [FrameworkMetadata](API_FrameworkMetadata.md) object Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentFramework) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentFramework) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentFramework) # AssessmentFrameworkMetadata The metadata that's associated with a standard framework or a custom framework. ## Contents ** arn ** The Amazon Resource Name (ARN) of the framework. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** complianceType ** The compliance type that the new custom framework supports, such as CIS or HIPAA. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** controlsCount ** The number of controls that are associated with the framework. Type: Integer Required: No ** controlSetsCount ** The number of control sets that are associated with the framework. Type: Integer Required: No ** createdAt ** The time when the framework was created. Type: Timestamp Required: No ** description ** The description of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the framework. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdatedAt ** The time when the framework was most recently updated. Type: Timestamp Required: No ** logo ** The logo that's associated with the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 255. Pattern: `^[\w,\s-]+\.[A-Za-z]+$` Required: No ** name ** The name of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** type ** The framework type, such as a standard framework or a custom framework. Type: String Valid Values: `Standard | Custom` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentFrameworkMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentFrameworkMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentFrameworkMetadata) # AssessmentFrameworkShareRequest Represents a share request for a custom framework in AWS Audit Manager. ## Contents ** comment ** An optional comment from the sender about the share request. Type: String Length Constraints: Maximum length of 500. Pattern: `^[\w\W\s\S]*$` Required: No ** complianceType ** The compliance type that the shared custom framework supports, such as CIS or HIPAA. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** creationTime ** The time when the share request was created. Type: Timestamp Required: No ** customControlsCount ** The number of custom controls that are part of the shared custom framework. Type: Integer Required: No ** destinationAccount ** The AWS account of the recipient. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** destinationRegion ** The AWS Region of the recipient. Type: String Pattern: `^[a-z]{2}-[a-z]+-[0-9]{1}$` Required: No ** expirationTime ** The time when the share request expires. Type: Timestamp Required: No ** frameworkDescription ** The description of the shared custom framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** frameworkId ** The unique identifier for the shared custom framework. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** frameworkName ** The name of the custom framework that the share request is for. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** id ** The unique identifier for the share request. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** Specifies when the share request was last updated. Type: Timestamp Required: No ** sourceAccount ** The AWS account of the sender. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** standardControlsCount ** The number of standard controls that are part of the shared custom framework. Type: Integer Required: No ** status ** The status of the share request. Type: String Valid Values: `ACTIVE | REPLICATING | SHARED | EXPIRING | FAILED | EXPIRED | DECLINED | REVOKED` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentFrameworkShareRequest) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentFrameworkShareRequest) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentFrameworkShareRequest) # AssessmentMetadata The metadata that's associated with the specified assessment. ## Contents ** assessmentReportsDestination ** The destination that evidence reports are stored in for the assessment. Type: [AssessmentReportsDestination](API_AssessmentReportsDestination.md) object Required: No ** complianceType ** The name of the compliance standard that's related to the assessment, such as PCI-DSS. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** creationTime ** Specifies when the assessment was created. Type: Timestamp Required: No ** delegations ** The delegations that are associated with the assessment. Type: Array of [Delegation](API_Delegation.md) objects Required: No ** description ** The description of the assessment. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** The time of the most recent update. Type: Timestamp Required: No ** name ** The name of the assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** roles ** The roles that are associated with the assessment. Type: Array of [Role](API_Role.md) objects Required: No ** scope ** The wrapper of AWS accounts and services that are in scope for the assessment. Type: [Scope](API_Scope.md) object Required: No ** status ** The overall status of the assessment. Type: String Valid Values: `ACTIVE | INACTIVE` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentMetadata) # AssessmentMetadataItem A metadata object that's associated with an assessment in AWS Audit Manager. ## Contents ** complianceType ** The name of the compliance standard that's related to the assessment, such as PCI-DSS. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** creationTime ** Specifies when the assessment was created. Type: Timestamp Required: No ** delegations ** The delegations that are associated with the assessment. Type: Array of [Delegation](API_Delegation.md) objects Required: No ** id ** The unique identifier for the assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** The time of the most recent update. Type: Timestamp Required: No ** name ** The name of the assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** roles ** The roles that are associated with the assessment. Type: Array of [Role](API_Role.md) objects Required: No ** status ** The current status of the assessment. Type: String Valid Values: `ACTIVE | INACTIVE` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentMetadataItem) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentMetadataItem) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentMetadataItem) # AssessmentReport A finalized document that's generated from an Audit Manager assessment. These reports summarize the relevant evidence that was collected for your audit, and link to the relevant evidence folders. These evidence folders are named and organized according to the controls that are specified in your assessment. ## Contents ** assessmentId ** The identifier for the specified assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentName ** The name of the associated assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** author ** The name of the user who created the assessment report. Type: String Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: `^[a-zA-Z0-9-_()\s\+=,.@]+$` Required: No ** awsAccountId ** The identifier for the specified AWS account. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** creationTime ** Specifies when the assessment report was created. Type: Timestamp Required: No ** description ** The description of the specified assessment report. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the assessment report. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** name ** The name that's given to the assessment report. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[a-zA-Z0-9-_\.]+$` Required: No ** status ** The current status of the specified assessment report. Type: String Valid Values: `COMPLETE | IN_PROGRESS | FAILED` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentReport) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentReport) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentReport) # AssessmentReportEvidenceError An error entity for assessment report evidence errors. This is used to provide more meaningful errors than a simple string message. ## Contents ** errorCode ** The error code that was returned. Type: String Length Constraints: Fixed length of 3. Pattern: `[0-9]{3}` Required: No ** errorMessage ** The error message that was returned. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** evidenceId ** The identifier for the evidence. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentReportEvidenceError) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentReportEvidenceError) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentReportEvidenceError) # AssessmentReportMetadata The metadata objects that are associated with the specified assessment report. ## Contents ** assessmentId ** The unique identifier for the associated assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentName ** The name of the associated assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** author ** The name of the user who created the assessment report. Type: String Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: `^[a-zA-Z0-9-_()\s\+=,.@]+$` Required: No ** creationTime ** Specifies when the assessment report was created. Type: Timestamp Required: No ** description ** The description of the assessment report. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the assessment report. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** name ** The name of the assessment report. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[a-zA-Z0-9-_\.]+$` Required: No ** status ** The current status of the assessment report. Type: String Valid Values: `COMPLETE | IN_PROGRESS | FAILED` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentReportMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentReportMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentReportMetadata) # AssessmentReportsDestination The location where AWS Audit Manager saves assessment reports for the given assessment. ## Contents ** destination ** The destination bucket where Audit Manager stores assessment reports. Type: String Length Constraints: Minimum length of 1. Maximum length of 1024. Pattern: `^(S|s)3:\/\/[a-zA-Z0-9\-\.\'\*\_\!\=\+\@\:\s\,\?\/]+$` Required: No ** destinationType ** The destination type, such as Amazon S3. Type: String Valid Values: `S3` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AssessmentReportsDestination) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AssessmentReportsDestination) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AssessmentReportsDestination) # AWSAccount The wrapper of AWS account details, such as account ID or email address. ## Contents ** emailAddress ** The email address that's associated with the AWS account. Type: String Length Constraints: Minimum length of 1. Maximum length of 320. Pattern: `^.*@.*$` Required: No ** id ** The identifier for the AWS account. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** name ** The name of the AWS account. Type: String Length Constraints: Minimum length of 1. Maximum length of 50. Pattern: `^[\u0020-\u007E]+$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AWSAccount) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AWSAccount) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AWSAccount) # AWSService An AWS service such as Amazon S3 or AWS CloudTrail. For an example of how to find an AWS service name and how to define it in your assessment scope, see the following: + [Finding an AWS service name to use in your assessment scope](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetServicesInScope.html#API_GetServicesInScope_Example_2) + [Defining an AWS service name in your assessment scope](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetServicesInScope.html#API_GetServicesInScope_Example_3) ## Contents ** serviceName ** The name of the AWS service. Type: String Length Constraints: Minimum length of 1. Maximum length of 40. Pattern: `^[a-zA-Z0-9-\s().]+$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/AWSService) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/AWSService) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/AWSService) # BatchCreateDelegationByAssessmentError An error entity for the `BatchCreateDelegationByAssessment` API. This is used to provide more meaningful errors than a simple string message. ## Contents ** createDelegationRequest ** The API request to batch create delegations in AWS Audit Manager. Type: [CreateDelegationRequest](API_CreateDelegationRequest.md) object Required: No ** errorCode ** The error code that the `BatchCreateDelegationByAssessment` API returned. Type: String Length Constraints: Fixed length of 3. Pattern: `[0-9]{3}` Required: No ** errorMessage ** The error message that the `BatchCreateDelegationByAssessment` API returned. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/BatchCreateDelegationByAssessmentError) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/BatchCreateDelegationByAssessmentError) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/BatchCreateDelegationByAssessmentError) # BatchDeleteDelegationByAssessmentError An error entity for the `BatchDeleteDelegationByAssessment` API. This is used to provide more meaningful errors than a simple string message. ## Contents ** delegationId ** The identifier for the delegation. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** errorCode ** The error code that the `BatchDeleteDelegationByAssessment` API returned. Type: String Length Constraints: Fixed length of 3. Pattern: `[0-9]{3}` Required: No ** errorMessage ** The error message that the `BatchDeleteDelegationByAssessment` API returned. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/BatchDeleteDelegationByAssessmentError) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/BatchDeleteDelegationByAssessmentError) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/BatchDeleteDelegationByAssessmentError) # BatchImportEvidenceToAssessmentControlError An error entity for the `BatchImportEvidenceToAssessmentControl` API. This is used to provide more meaningful errors than a simple string message. ## Contents ** errorCode ** The error code that the `BatchImportEvidenceToAssessmentControl` API returned. Type: String Length Constraints: Fixed length of 3. Pattern: `[0-9]{3}` Required: No ** errorMessage ** The error message that the `BatchImportEvidenceToAssessmentControl` API returned. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** manualEvidence ** Manual evidence that can't be collected automatically by Audit Manager. Type: [ManualEvidence](API_ManualEvidence.md) object Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/BatchImportEvidenceToAssessmentControlError) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/BatchImportEvidenceToAssessmentControlError) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/BatchImportEvidenceToAssessmentControlError) # ChangeLog The record of a change within AWS Audit Manager. For example, this could be the status change of an assessment or the delegation of a control set. ## Contents ** action ** The action that was performed. Type: String Valid Values: `CREATE | UPDATE_METADATA | ACTIVE | INACTIVE | DELETE | UNDER_REVIEW | REVIEWED | IMPORT_EVIDENCE` Required: No ** createdAt ** The time when the action was performed and the changelog record was created. Type: Timestamp Required: No ** createdBy ** The user or role that performed the action. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: No ** objectName ** The name of the object that changed. This could be the name of an assessment, control, or control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** objectType ** The object that was changed, such as an assessment, control, or control set. Type: String Valid Values: `ASSESSMENT | CONTROL_SET | CONTROL | DELEGATION | ASSESSMENT_REPORT` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ChangeLog) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ChangeLog) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ChangeLog) # Control A control in AWS Audit Manager. ## Contents ** actionPlanInstructions ** The recommended actions to carry out if the control isn't fulfilled. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** actionPlanTitle ** The title of the action plan for remediating the control. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** arn ** The Amazon Resource Name (ARN) of the control. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** controlMappingSources ** The data mapping sources for the control. Type: Array of [ControlMappingSource](API_ControlMappingSource.md) objects Array Members: Minimum number of 1 item. Required: No ** controlSources ** The data source types that determine where Audit Manager collects evidence from for the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z_0-9-\s.,]+$` Required: No ** createdAt ** The time when the control was created. Type: Timestamp Required: No ** createdBy ** The user or role that created the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z0-9\s-_()\[\]]+$` Required: No ** description ** The description of the control. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the control. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdatedAt ** The time when the control was most recently updated. Type: Timestamp Required: No ** lastUpdatedBy ** The user or role that most recently updated the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z0-9\s-_()\[\]]+$` Required: No ** name ** The name of the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** state ** The state of the control. The `END_OF_SUPPORT` state is applicable to standard controls only. This state indicates that the standard control can still be used to collect evidence, but Audit Manager is no longer updating or maintaining that control. Type: String Valid Values: `ACTIVE | END_OF_SUPPORT` Required: No ** tags ** The tags associated with the control. Type: String to string map Map Entries: Minimum number of 0 items. Maximum number of 50 items. Key Length Constraints: Minimum length of 1. Maximum length of 128. Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$` Value Length Constraints: Minimum length of 0. Maximum length of 256. Value Pattern: `.{0,255}` Required: No ** testingInformation ** The steps that you should follow to determine if the control has been satisfied. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** type ** Specifies whether the control is a standard control or a custom control. Type: String Valid Values: `Standard | Custom | Core` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Control) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Control) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Control) # ControlComment A comment that's posted by a user on a control. This includes the author's name, the comment text, and a timestamp. ## Contents ** authorName ** The name of the user who authored the comment. Type: String Length Constraints: Minimum length of 1. Maximum length of 128. Pattern: `^[a-zA-Z0-9-_()\s\+=,.@]+$` Required: No ** commentBody ** The body text of a control comment. Type: String Length Constraints: Maximum length of 500. Pattern: `^[\w\W\s\S]*$` Required: No ** postedDate ** The time when the comment was posted. Type: Timestamp Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlComment) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlComment) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlComment) # ControlDomainInsights A summary of the latest analytics data for a specific control domain. Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence. ## Contents ** controlsCountByNoncompliantEvidence ** The number of controls in the control domain that collected non-compliant evidence on the `lastUpdated` date. Type: Integer Required: No ** evidenceInsights ** A breakdown of the compliance check status for the evidence that’s associated with the control domain. Type: [EvidenceInsights](API_EvidenceInsights.md) object Required: No ** id ** The unique identifier for the control domain. Audit Manager supports the control domains that are provided by AWS Control Catalog. For information about how to find a list of available control domains, see [https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html](https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html) in the AWS Control Catalog API Reference. Type: String Length Constraints: Minimum length of 13. Maximum length of 2048. Pattern: `^arn:.*:controlcatalog:.*:.*:domain/.*|UNCATEGORIZED|^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** The time when the control domain insights were last updated. Type: Timestamp Required: No ** name ** The name of the control domain. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** totalControlsCount ** The total number of controls in the control domain. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlDomainInsights) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlDomainInsights) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlDomainInsights) # ControlInsightsMetadataByAssessmentItem A summary of the latest analytics data for a specific control in a specific active assessment. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence. ## Contents ** controlSetName ** The name of the control set that the assessment control belongs to. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** evidenceInsights ** A breakdown of the compliance check status for the evidence that’s associated with the assessment control. Type: [EvidenceInsights](API_EvidenceInsights.md) object Required: No ** id ** The unique identifier for the assessment control. Type: String Length Constraints: Minimum length of 13. Maximum length of 2048. Pattern: `^arn:.*:controlcatalog:.*:.*:domain/.*|UNCATEGORIZED|^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** The time when the assessment control insights were last updated. Type: Timestamp Required: No ** name ** The name of the assessment control. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlInsightsMetadataByAssessmentItem) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlInsightsMetadataByAssessmentItem) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlInsightsMetadataByAssessmentItem) # ControlInsightsMetadataItem A summary of the latest analytics data for a specific control. This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence. ## Contents ** evidenceInsights ** A breakdown of the compliance check status for the evidence that’s associated with the control. Type: [EvidenceInsights](API_EvidenceInsights.md) object Required: No ** id ** The unique identifier for the control. Type: String Length Constraints: Minimum length of 13. Maximum length of 2048. Pattern: `^arn:.*:controlcatalog:.*:.*:domain/.*|UNCATEGORIZED|^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** The time when the control insights were last updated. Type: Timestamp Required: No ** name ** The name of the control. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlInsightsMetadataItem) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlInsightsMetadataItem) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlInsightsMetadataItem) # ControlMappingSource The data source that determines where AWS Audit Manager collects evidence from for the control. ## Contents ** sourceDescription ** The description of the source. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** sourceFrequency ** Specifies how often evidence is collected from the control mapping source. Type: String Valid Values: `DAILY | WEEKLY | MONTHLY` Required: No ** sourceId ** The unique identifier for the source. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** sourceKeyword ** A keyword that relates to the control data source. For manual evidence, this keyword indicates if the manual evidence is a file or text. For automated evidence, this keyword identifies a specific CloudTrail event, AWS Config rule, Security Hub CSPM control, or AWS API name. To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the * AWS Audit Manager User Guide*: + [AWS Config rules supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html) + [AWS Security Hub CSPM controls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html) + [API calls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html) + [AWS CloudTrail event names supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html) Type: [SourceKeyword](API_SourceKeyword.md) object Required: No ** sourceName ** The name of the source. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Required: No ** sourceSetUpOption ** The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for `sourceSetUpOption`, AWS Audit Manager automatically infers and populates the correct value based on the `sourceType` that you specify. Type: String Valid Values: `System_Controls_Mapping | Procedural_Controls_Mapping` Required: No ** sourceType ** Specifies which type of data source is used to collect evidence. + The source can be an individual data source type, such as `AWS_Cloudtrail`, `AWS_Config`, `AWS_Security_Hub`, `AWS_API_Call`, or `MANUAL`. + The source can also be a managed grouping of data sources, such as a `Core_Control` or a `Common_Control`. Type: String Valid Values: `AWS_Cloudtrail | AWS_Config | AWS_Security_Hub | AWS_API_Call | MANUAL | Common_Control | Core_Control` Required: No ** troubleshootingText ** The instructions for troubleshooting the control. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlMappingSource) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlMappingSource) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlMappingSource) # ControlMetadata The metadata that's associated with the standard control or custom control. ## Contents ** arn ** The Amazon Resource Name (ARN) of the control. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** controlSources ** The data source that determines where Audit Manager collects evidence from for the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z_0-9-\s.,]+$` Required: No ** createdAt ** The time when the control was created. Type: Timestamp Required: No ** id ** The unique identifier for the control. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdatedAt ** The time when the control was most recently updated. Type: Timestamp Required: No ** name ** The name of the control. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlMetadata) # ControlSet A set of controls in AWS Audit Manager. ## Contents ** controls ** The list of controls within the control set. Type: Array of [Control](API_Control.md) objects Array Members: Minimum number of 1 item. Required: No ** id ** The identifier of the control set in the assessment. This is the control set name in a plain string format. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** name ** The name of the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\\_]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ControlSet) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ControlSet) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ControlSet) # CreateAssessmentFrameworkControl The control entity attributes that uniquely identify an existing control to be added to a framework in AWS Audit Manager. ## Contents ** id ** The unique identifier of the control. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: Yes ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/CreateAssessmentFrameworkControl) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/CreateAssessmentFrameworkControl) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/CreateAssessmentFrameworkControl) # CreateAssessmentFrameworkControlSet A `controlSet` entity that represents a collection of controls in AWS Audit Manager. This doesn't contain the control set ID. ## Contents ** name ** The name of the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\\_]*$` Required: Yes ** controls ** The list of controls within the control set. This doesn't contain the control set ID. Type: Array of [CreateAssessmentFrameworkControl](API_CreateAssessmentFrameworkControl.md) objects Array Members: Minimum number of 1 item. Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/CreateAssessmentFrameworkControlSet) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/CreateAssessmentFrameworkControlSet) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/CreateAssessmentFrameworkControlSet) # CreateControlMappingSource The mapping attributes that determine the evidence source for a given control, along with related parameters and metadata. This doesn't contain `mappingID`. ## Contents ** sourceDescription ** The description of the data source that determines where Audit Manager collects evidence from for the control. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** sourceFrequency ** Specifies how often evidence is collected from the control mapping source. Type: String Valid Values: `DAILY | WEEKLY | MONTHLY` Required: No ** sourceKeyword ** A keyword that relates to the control data source. For manual evidence, this keyword indicates if the manual evidence is a file or text. For automated evidence, this keyword identifies a specific CloudTrail event, AWS Config rule, Security Hub CSPM control, or AWS API name. To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the * AWS Audit Manager User Guide*: + [AWS Config rules supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html) + [AWS Security Hub CSPM controls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html) + [API calls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html) + [AWS CloudTrail event names supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html) Type: [SourceKeyword](API_SourceKeyword.md) object Required: No ** sourceName ** The name of the control mapping data source. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Required: No ** sourceSetUpOption ** The setup option for the data source. This option reflects if the evidence collection method is automated or manual. If you don’t provide a value for `sourceSetUpOption`, AWS Audit Manager automatically infers and populates the correct value based on the `sourceType` that you specify. Type: String Valid Values: `System_Controls_Mapping | Procedural_Controls_Mapping` Required: No ** sourceType ** Specifies which type of data source is used to collect evidence. + The source can be an individual data source type, such as `AWS_Cloudtrail`, `AWS_Config`, `AWS_Security_Hub`, `AWS_API_Call`, or `MANUAL`. + The source can also be a managed grouping of data sources, such as a `Core_Control` or a `Common_Control`. Type: String Valid Values: `AWS_Cloudtrail | AWS_Config | AWS_Security_Hub | AWS_API_Call | MANUAL | Common_Control | Core_Control` Required: No ** troubleshootingText ** The instructions for troubleshooting the control. Type: String Length Constraints: Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/CreateControlMappingSource) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/CreateControlMappingSource) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/CreateControlMappingSource) # CreateDelegationRequest A collection of attributes that's used to create a delegation for an assessment in AWS Audit Manager. ## Contents ** comment ** A comment that's related to the delegation request. Type: String Length Constraints: Maximum length of 350. Pattern: `^[\w\W\s\S]*$` Required: No ** controlSetId ** The unique identifier for the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** roleArn ** The Amazon Resource Name (ARN) of the IAM role. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: No ** roleType ** The type of customer persona. In `CreateAssessment`, `roleType` can only be `PROCESS_OWNER`. In `UpdateSettings`, `roleType` can only be `PROCESS_OWNER`. In `BatchCreateDelegationByAssessment`, `roleType` can only be `RESOURCE_OWNER`. Type: String Valid Values: `PROCESS_OWNER | RESOURCE_OWNER` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/CreateDelegationRequest) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/CreateDelegationRequest) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/CreateDelegationRequest) # DefaultExportDestination The default s3 bucket where Audit Manager saves the files that you export from evidence finder. ## Contents ** destination ** The destination bucket where Audit Manager stores exported files. Type: String Length Constraints: Minimum length of 1. Maximum length of 1024. Pattern: `^(S|s)3:\/\/[a-zA-Z0-9\-\.\'\*\_\!\=\+\@\:\s\,\?\/]+$` Required: No ** destinationType ** The destination type, such as Amazon S3. Type: String Valid Values: `S3` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/DefaultExportDestination) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/DefaultExportDestination) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/DefaultExportDestination) # Delegation The assignment of a control set to a delegate for review. ## Contents ** assessmentId ** The identifier for the assessment that's associated with the delegation. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentName ** The name of the assessment that's associated with the delegation. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** comment ** The comment that's related to the delegation. Type: String Length Constraints: Maximum length of 350. Pattern: `^[\w\W\s\S]*$` Required: No ** controlSetId ** The identifier for the control set that's associated with the delegation. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** createdBy ** The user or role that created the delegation. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z0-9\s-_()\[\]]+$` Required: No ** creationTime ** Specifies when the delegation was created. Type: Timestamp Required: No ** id ** The unique identifier for the delegation. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdated ** Specifies when the delegation was last updated. Type: Timestamp Required: No ** roleArn ** The Amazon Resource Name (ARN) of the IAM role. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: No ** roleType ** The type of customer persona. In `CreateAssessment`, `roleType` can only be `PROCESS_OWNER`. In `UpdateSettings`, `roleType` can only be `PROCESS_OWNER`. In `BatchCreateDelegationByAssessment`, `roleType` can only be `RESOURCE_OWNER`. Type: String Valid Values: `PROCESS_OWNER | RESOURCE_OWNER` Required: No ** status ** The status of the delegation. Type: String Valid Values: `IN_PROGRESS | UNDER_REVIEW | COMPLETE` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Delegation) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Delegation) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Delegation) # DelegationMetadata The metadata that's associated with the delegation. ## Contents ** assessmentId ** The unique identifier for the assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentName ** The name of the associated assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** controlSetName ** Specifies the name of the control set that was delegated for review. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** creationTime ** Specifies when the delegation was created. Type: Timestamp Required: No ** id ** The unique identifier for the delegation. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** roleArn ** The Amazon Resource Name (ARN) of the IAM role. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: No ** status ** The current status of the delegation. Type: String Valid Values: `IN_PROGRESS | UNDER_REVIEW | COMPLETE` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/DelegationMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/DelegationMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/DelegationMetadata) # DeregistrationPolicy The deregistration policy for the data that's stored in AWS Audit Manager. You can use this attribute to determine how your data is handled when you [deregister Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeregisterAccount.html). By default, Audit Manager retains evidence data for two years from the time of its creation. Other Audit Manager resources (including assessments, custom controls, and custom frameworks) remain in Audit Manager indefinitely, and are available if you [re-register Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_RegisterAccount.html) in the future. For more information about data retention, see [Data Protection](https://docs.aws.amazon.com/audit-manager/latest/userguide/data-protection.html) in the * AWS Audit Manager User Guide*. **Important** If you choose to delete all data, this action permanently deletes all evidence data in your account within seven days. It also deletes all of the Audit Manager resources that you created, including assessments, custom controls, and custom frameworks. Your data will not be available if you re-register Audit Manager in the future. ## Contents ** deleteResources ** Specifies which Audit Manager data will be deleted when you deregister Audit Manager. + If you set the value to `ALL`, all of your data is deleted within seven days of deregistration. + If you set the value to `DEFAULT`, none of your data is deleted at the time of deregistration. However, keep in mind that the Audit Manager data retention policy still applies. As a result, any evidence data will be deleted two years after its creation date. Your other Audit Manager resources will continue to exist indefinitely. Type: String Valid Values: `ALL | DEFAULT` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/DeregistrationPolicy) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/DeregistrationPolicy) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/DeregistrationPolicy) # Evidence A record that contains the information needed to demonstrate compliance with the requirements specified by a control. Examples of evidence include change activity invoked by a user, or a system configuration snapshot. ## Contents ** assessmentReportSelection ** Specifies whether the evidence is included in the assessment report. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** attributes ** The names and values that are used by the evidence event. This includes an attribute name (such as `allowUsersToChangePassword`) and value (such as `true` or `false`). Type: String to string map Key Length Constraints: Maximum length of 100. Key Pattern: `^[\w\W\s\S]*$` Value Length Constraints: Maximum length of 200. Value Pattern: `^[\w\W\s\S]*$` Required: No ** awsAccountId ** The identifier for the AWS account. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** awsOrganization ** The AWS account that the evidence is collected from, and its organization path. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** complianceCheck ** The evaluation status for automated evidence that falls under the compliance check category. + Audit Manager classes evidence as non-compliant if Security Hub CSPM reports a *Fail* result, or if AWS Config reports a *Non-compliant* result. + Audit Manager classes evidence as compliant if Security Hub CSPM reports a *Pass* result, or if AWS Config reports a *Compliant* result. + If a compliance check isn't available or applicable, then no compliance evaluation can be made for that evidence. This is the case if the evidence uses AWS Config or Security Hub CSPM as the underlying data source type, but those services aren't enabled. This is also the case if the evidence uses an underlying data source type that doesn't support compliance checks (such as manual evidence, AWS API calls, or CloudTrail). Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** dataSource ** The data source where the evidence was collected from. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** eventName ** The name of the evidence event. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** eventSource ** The AWS service that the evidence is collected from. Type: String Length Constraints: Minimum length of 1. Maximum length of 40. Pattern: `^[a-zA-Z0-9-\s().]+$` Required: No ** evidenceAwsAccountId ** The identifier for the AWS account. Type: String Length Constraints: Fixed length of 12. Pattern: `^[0-9]{12}$` Required: No ** evidenceByType ** The type of automated evidence. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** evidenceFolderId ** The identifier for the folder that the evidence is stored in. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** iamId ** The unique identifier for the user or role that's associated with the evidence. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: No ** id ** The identifier for the evidence. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** resourcesIncluded ** The list of resources that are assessed to generate the evidence. Type: Array of [Resource](API_Resource.md) objects Required: No ** time ** The timestamp that represents when the evidence was collected. Type: Timestamp Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Evidence) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Evidence) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Evidence) # EvidenceFinderEnablement The settings object that specifies whether evidence finder is enabled. This object also describes the related event data store, and the backfill status for populating the event data store with evidence data. ## Contents ** backfillStatus ** The current status of the evidence data backfill process. The backfill starts after you enable evidence finder. During this task, Audit Manager populates an event data store with your past two years’ worth of evidence data so that your evidence can be queried. + `NOT_STARTED` means that the backfill hasn’t started yet. + `IN_PROGRESS` means that the backfill is in progress. This can take up to 7 days to complete, depending on the amount of evidence data. + `COMPLETED` means that the backfill is complete. All of your past evidence is now queryable. Type: String Valid Values: `NOT_STARTED | IN_PROGRESS | COMPLETED` Required: No ** enablementStatus ** The current status of the evidence finder feature and the related event data store. + `ENABLE_IN_PROGRESS` means that you requested to enable evidence finder. An event data store is currently being created to support evidence finder queries. + `ENABLED` means that an event data store was successfully created and evidence finder is enabled. We recommend that you wait 7 days until the event data store is backfilled with your past two years’ worth of evidence data. You can use evidence finder in the meantime, but not all data might be available until the backfill is complete. + `DISABLE_IN_PROGRESS` means that you requested to disable evidence finder, and your request is pending the deletion of the event data store. + `DISABLED` means that you have permanently disabled evidence finder and the event data store has been deleted. You can't re-enable evidence finder after this point. Type: String Valid Values: `ENABLED | DISABLED | ENABLE_IN_PROGRESS | DISABLE_IN_PROGRESS` Required: No ** error ** Represents any errors that occurred when enabling or disabling evidence finder. Type: String Length Constraints: Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** eventDataStoreArn ** The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s used by evidence finder. The event data store is the lake of evidence data that evidence finder runs queries against. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:cloudtrail:.*` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/EvidenceFinderEnablement) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/EvidenceFinderEnablement) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/EvidenceFinderEnablement) # EvidenceInsights A breakdown of the latest compliance check status for the evidence in your Audit Manager assessments. ## Contents ** compliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from AWS Security Hub CSPM with a *Pass* ruling, or collected from AWS Config with a *Compliant* ruling. Type: Integer Required: No ** inconclusiveEvidenceCount ** The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses AWS Security Hub CSPM or AWS Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or AWS CloudTrail). If evidence has a compliance check status of *not applicable* in the console, it's classified as *inconclusive* in `EvidenceInsights` data. Type: Integer Required: No ** noncompliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from AWS Security Hub CSPM with a *Fail* ruling, or collected from AWS Config with a *Non-compliant* ruling. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/EvidenceInsights) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/EvidenceInsights) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/EvidenceInsights) # Framework The file that's used to structure and automate AWS Audit Manager assessments for a given compliance standard. ## Contents ** arn ** The Amazon Resource Name (ARN) of the framework. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:auditmanager:.*` Required: No ** complianceType ** The compliance type that the framework supports, such as CIS or HIPAA. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** controlSets ** The control sets that are associated with the framework. The `Controls` object returns a partial response when called through Framework APIs. For a complete `Controls` object, use `GetControl`. Type: Array of [ControlSet](API_ControlSet.md) objects Array Members: Minimum number of 1 item. Required: No ** controlSources ** *This member has been deprecated.* The control data sources where Audit Manager collects evidence from. This API parameter is no longer supported. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z_0-9-\s.,]+$` Required: No ** createdAt ** The time when the framework was created. Type: Timestamp Required: No ** createdBy ** The user or role that created the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z0-9\s-_()\[\]]+$` Required: No ** description ** The description of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ** id ** The unique identifier for the framework. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** lastUpdatedAt ** The time when the framework was most recently updated. Type: Timestamp Required: No ** lastUpdatedBy ** The user or role that most recently updated the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z0-9\s-_()\[\]]+$` Required: No ** logo ** The logo that's associated with the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 255. Pattern: `^[\w,\s-]+\.[A-Za-z]+$` Required: No ** name ** The name of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** tags ** The tags that are associated with the framework. Type: String to string map Map Entries: Minimum number of 0 items. Maximum number of 50 items. Key Length Constraints: Minimum length of 1. Maximum length of 128. Key Pattern: `^(?!aws:)[a-zA-Z+-=._:/]+$` Value Length Constraints: Minimum length of 0. Maximum length of 256. Value Pattern: `.{0,255}` Required: No ** type ** Specifies whether the framework is a standard framework or a custom framework. Type: String Valid Values: `Standard | Custom` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Framework) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Framework) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Framework) # FrameworkMetadata The metadata of a framework, such as the name, ID, or description. ## Contents ** complianceType ** The compliance standard that's associated with the framework. For example, this could be PCI DSS or HIPAA. Type: String Length Constraints: Maximum length of 100. Pattern: `^[\w\W\s\S]*$` Required: No ** description ** The description of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 200. Pattern: `^[\w\W\s\S]*$` Required: No ** logo ** The logo that's associated with the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 255. Pattern: `^[\w,\s-]+\.[A-Za-z]+$` Required: No ** name ** The name of the framework. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/FrameworkMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/FrameworkMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/FrameworkMetadata) # Insights A summary of the latest analytics data for all your active assessments. This summary is a snapshot of the data that your active assessments collected on the `lastUpdated` date. It’s important to understand that the following totals are daily counts based on this date — they aren’t a total sum to date. The `Insights` data is eventually consistent. This means that, when you read data from `Insights`, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response should return the latest data. **Note** If you delete an assessment or change its status to inactive, `InsightsByAssessment` includes data for that assessment as follows. **Inactive assessments** - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the `InsightsByAssessment` counts for that day. **Deleted assessments** - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the `InsightsByAssessment` counts for that day. ## Contents ** activeAssessmentsCount ** The number of active assessments in Audit Manager. Type: Integer Required: No ** assessmentControlsCountByNoncompliantEvidence ** The number of assessment controls that collected non-compliant evidence on the `lastUpdated` date. Type: Integer Required: No ** compliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as compliant on the `lastUpdated` date. This includes evidence that was collected from AWS Security Hub CSPM with a *Pass* ruling, or collected from AWS Config with a *Compliant* ruling. Type: Integer Required: No ** inconclusiveEvidenceCount ** The number of evidence without a compliance check ruling. Evidence is inconclusive when the associated control uses AWS Security Hub CSPM or AWS Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example: manual evidence, API calls, or AWS CloudTrail). If evidence has a compliance check status of *not applicable*, it's classed as *inconclusive* in `Insights` data. Type: Integer Required: No ** lastUpdated ** The time when the cross-assessment insights were last updated. Type: Timestamp Required: No ** noncompliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as non-compliant on the `lastUpdated` date. This includes evidence that was collected from AWS Security Hub CSPM with a *Fail* ruling, or collected from AWS Config with a *Non-compliant* ruling. Type: Integer Required: No ** totalAssessmentControlsCount ** The total number of controls across all active assessments. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Insights) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Insights) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Insights) # InsightsByAssessment A summary of the latest analytics data for a specific active assessment. This summary is a snapshot of the data that was collected on the `lastUpdated` date. It’s important to understand that the totals in `InsightsByAssessment` are daily counts based on this date — they aren’t a total sum to date. The `InsightsByAssessment` data is eventually consistent. This means that when you read data from `InsightsByAssessment`, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response returns the latest data. **Note** If you delete an assessment or change its status to inactive, `InsightsByAssessment` includes data for that assessment as follows. **Inactive assessments** - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the `InsightsByAssessment` counts for that day. **Deleted assessments** - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the `InsightsByAssessment` counts for that day. ## Contents ** assessmentControlsCountByNoncompliantEvidence ** The number of assessment controls that collected non-compliant evidence on the `lastUpdated` date. Type: Integer Required: No ** compliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from AWS Security Hub CSPM with a *Pass* ruling, or collected from AWS Config with a *Compliant* ruling. Type: Integer Required: No ** inconclusiveEvidenceCount ** The amount of evidence without a compliance check ruling. Evidence is inconclusive if the associated control uses AWS Security Hub CSPM or AWS Config as a data source and you didn't enable those services. This is also the case if a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or AWS CloudTrail). If evidence has a compliance check status of *not applicable*, it's classified as *inconclusive* in `InsightsByAssessment` data. Type: Integer Required: No ** lastUpdated ** The time when the assessment insights were last updated. Type: Timestamp Required: No ** noncompliantEvidenceCount ** The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from AWS Security Hub CSPM with a *Fail* ruling, or collected from AWS Config with a *Non-compliant* ruling. Type: Integer Required: No ** totalAssessmentControlsCount ** The total number of controls in the assessment. Type: Integer Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/InsightsByAssessment) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/InsightsByAssessment) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/InsightsByAssessment) # ManualEvidence Evidence that's manually added to a control in AWS Audit Manager. `manualEvidence` can be one of the following: `evidenceFileName`, `s3ResourcePath`, or `textResponse`. ## Contents ** evidenceFileName ** The name of the file that's uploaded as manual evidence. This name is populated using the `evidenceFileName` value from the [https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html) API response. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `[^\/]*` Required: No ** s3ResourcePath ** The S3 URL of the object that's imported as manual evidence. Type: String Length Constraints: Minimum length of 1. Maximum length of 1024. Pattern: `^(S|s)3:\/\/[a-zA-Z0-9\-\.\'\*\_\!\=\+\@\:\s\,\?\/]+$` Required: No ** textResponse ** The plain text response that's entered and saved as manual evidence. Type: String Length Constraints: Minimum length of 1. Maximum length of 1000. Pattern: `^[\w\W\s\S]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ManualEvidence) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ManualEvidence) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ManualEvidence) # Notification The notification that informs a user of an update in AWS Audit Manager. For example, this includes the notification that's sent when a control set is delegated for review. ## Contents ** assessmentId ** The identifier for the assessment. Type: String Length Constraints: Fixed length of 36. Pattern: `^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** assessmentName ** The name of the related assessment. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\]*$` Required: No ** controlSetId ** The identifier for the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[\w\W\s\S]*$` Required: No ** controlSetName ** Specifies the name of the control set that the notification is about. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** description ** The description of the notification. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** eventTime ** The time when the notification was sent. Type: Timestamp Required: No ** id ** The unique identifier for the notification. Type: String Length Constraints: Minimum length of 47. Maximum length of 50. Pattern: `^[0-9]{10,13}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$` Required: No ** source ** The sender of the notification. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Notification) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Notification) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Notification) # Resource A system asset that's evaluated in an Audit Manager assessment. ## Contents ** arn ** The Amazon Resource Name (ARN) for the resource. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*` Required: No ** complianceCheck ** The evaluation status for a resource that was assessed when collecting compliance check evidence. + Audit Manager classes the resource as non-compliant if Security Hub CSPM reports a *Fail* result, or if AWS Config reports a *Non-compliant* result. + Audit Manager classes the resource as compliant if Security Hub CSPM reports a *Pass* result, or if AWS Config reports a *Compliant* result. + If a compliance check isn't available or applicable, then no compliance evaluation can be made for that resource. This is the case if a resource assessment uses AWS Config or Security Hub CSPM as the underlying data source type, but those services aren't enabled. This is also the case if the resource assessment uses an underlying data source type that doesn't support compliance checks (such as manual evidence, AWS API calls, or CloudTrail). Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ** value ** The value of the resource. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Resource) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Resource) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Resource) # Role The wrapper that contains the Audit Manager role information of the current user. This includes the role type and IAM Amazon Resource Name (ARN). ## Contents ** roleArn ** The Amazon Resource Name (ARN) of the IAM role. Type: String Length Constraints: Minimum length of 20. Maximum length of 2048. Pattern: `^arn:.*:iam:.*` Required: Yes ** roleType ** The type of customer persona. In `CreateAssessment`, `roleType` can only be `PROCESS_OWNER`. In `UpdateSettings`, `roleType` can only be `PROCESS_OWNER`. In `BatchCreateDelegationByAssessment`, `roleType` can only be `RESOURCE_OWNER`. Type: String Valid Values: `PROCESS_OWNER | RESOURCE_OWNER` Required: Yes ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Role) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Role) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Role) # Scope The wrapper that contains the AWS accounts that are in scope for the assessment. **Note** You no longer need to specify which AWS services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant AWS services. If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct AWS services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment. ## Contents ** awsAccounts ** The AWS accounts that are included in the scope of the assessment. Type: Array of [AWSAccount](API_AWSAccount.md) objects Array Members: Minimum number of 1 item. Maximum number of 200 items. Required: No ** awsServices ** *This member has been deprecated.* The AWS services that are included in the scope of the assessment. This API parameter is no longer supported. If you use this parameter to specify one or more AWS services, Audit Manager ignores this input. Instead, the value for `awsServices` will show as empty. Type: Array of [AWSService](API_AWSService.md) objects Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Scope) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Scope) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Scope) # ServiceMetadata The metadata that's associated with the AWS service. ## Contents ** category ** The category that the AWS service belongs to, such as compute, storage, or database. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** description ** The description of the AWS service. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** displayName ** The display name of the AWS service. Type: String Length Constraints: Minimum length of 1. Maximum length of 2048. Pattern: `.*\S.*` Required: No ** name ** The name of the AWS service. Type: String Length Constraints: Minimum length of 1. Maximum length of 40. Pattern: `^[a-zA-Z0-9-\s().]+$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ServiceMetadata) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ServiceMetadata) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ServiceMetadata) # Settings The settings object that holds all supported Audit Manager settings. ## Contents ** defaultAssessmentReportsDestination ** The default S3 destination bucket for storing assessment reports. Type: [AssessmentReportsDestination](API_AssessmentReportsDestination.md) object Required: No ** defaultExportDestination ** The default S3 destination bucket for storing evidence finder exports. Type: [DefaultExportDestination](API_DefaultExportDestination.md) object Required: No ** defaultProcessOwners ** The designated default audit owners. Type: Array of [Role](API_Role.md) objects Required: No ** deregistrationPolicy ** The deregistration policy for your Audit Manager data. You can use this attribute to determine how your data is handled when you deregister Audit Manager. Type: [DeregistrationPolicy](API_DeregistrationPolicy.md) object Required: No ** evidenceFinderEnablement ** The current evidence finder status and event data store details. Type: [EvidenceFinderEnablement](API_EvidenceFinderEnablement.md) object Required: No ** isAwsOrgEnabled ** Specifies whether AWS Organizations is enabled. Type: Boolean Required: No ** kmsKey ** The AWS KMS key details. Type: String Length Constraints: Minimum length of 7. Maximum length of 2048. Pattern: `^arn:.*:kms:.*|DEFAULT` Required: No ** snsTopic ** The designated Amazon Simple Notification Service (Amazon SNS) topic. Type: String Length Constraints: Minimum length of 1. Maximum length of 255. Pattern: `^[a-zA-Z0-9-_\[\]]+$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/Settings) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/Settings) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/Settings) # SourceKeyword A keyword that relates to the control data source. For manual evidence, this keyword indicates if the manual evidence is a file or text. For automated evidence, this keyword identifies a specific CloudTrail event, AWS Config rule, Security Hub CSPM control, or AWS API name. To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the * AWS Audit Manager User Guide*: + [AWS Config rules supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html) + [AWS Security Hub CSPM controls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html) + [API calls supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html) + [AWS CloudTrail event names supported by AWS Audit Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html) ## Contents ** keywordInputType ** The input method for the keyword. + `SELECT_FROM_LIST` is used when mapping a data source for automated evidence. + When `keywordInputType` is `SELECT_FROM_LIST`, a keyword must be selected to collect automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for AWS Config, a Security Hub CSPM control, or the name of an AWS API call. + `UPLOAD_FILE` and `INPUT_TEXT` are only used when mapping a data source for manual evidence. + When `keywordInputType` is `UPLOAD_FILE`, a file must be uploaded as manual evidence. + When `keywordInputType` is `INPUT_TEXT`, text must be entered as manual evidence. Type: String Valid Values: `SELECT_FROM_LIST | UPLOAD_FILE | INPUT_TEXT` Required: No ** keywordValue ** The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for AWS Config, a Security Hub CSPM control, or the name of an AWS API call. If you’re mapping a data source to a rule in AWS Config, the `keywordValue` that you specify depends on the type of rule: + For [managed rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html), you can use the rule identifier as the `keywordValue`. You can find the rule identifier from the [list of AWS Config managed rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html). For some rules, the rule identifier is different from the rule name. For example, the rule name `restricted-ssh` has the following rule identifier: `INCOMING_SSH_DISABLED`. Make sure to use the rule identifier, not the rule name. Keyword example for managed rules: + Managed rule name: [s3-bucket-acl-prohibited](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html) `keywordValue`: `S3_BUCKET_ACL_PROHIBITED` + For [custom rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html), you form the `keywordValue` by adding the `Custom_` prefix to the rule name. This prefix distinguishes the custom rule from a managed rule. Keyword example for custom rules: + Custom rule name: my-custom-config-rule `keywordValue`: `Custom_my-custom-config-rule` + For [service-linked rules](https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html), you form the `keywordValue` by adding the `Custom_` prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name. Keyword examples for service-linked rules: + Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w `keywordValue`: `Custom_CustomRuleForAccount-conformance-pack` + Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba `keywordValue`: `Custom_OrgConfigRule-s3-bucket-versioning-enabled` The `keywordValue` is case sensitive. If you enter a value incorrectly, Audit Manager might not recognize the data source mapping. As a result, you might not successfully collect evidence from that data source as intended. Keep in mind the following requirements, depending on the data source type that you're using. 1. For AWS Config: + For managed rules, make sure that the `keywordValue` is the rule identifier in `ALL_CAPS_WITH_UNDERSCORES`. For example, `CLOUDWATCH_LOG_GROUP_ENCRYPTED`. For accuracy, we recommend that you reference the list of [supported AWS Config managed rules](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html). + For custom rules, make sure that the `keywordValue` has the `Custom_` prefix followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you visit the [AWS Config console](https://console.aws.amazon.com/config/) to verify your custom rule name. 1. For Security Hub CSPM: The format varies for Security Hub CSPM control names. For accuracy, we recommend that you reference the list of [supported AWS Security Hub CSPM controls](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html). 1. For AWS API calls: Make sure that the `keywordValue` is written as `serviceprefix_ActionName`. For example, `iam_ListGroups`. For accuracy, we recommend that you reference the list of [supported API calls](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html). 1. For CloudTrail: Make sure that the `keywordValue` is written as `serviceprefix_ActionName`. For example, `cloudtrail_StartLogging`. For accuracy, we recommend that you review the AWS service prefix and action names in the [Service Authorization Reference](https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html). Type: String Length Constraints: Minimum length of 1. Maximum length of 100. Pattern: `^[a-zA-Z_0-9-\s().:\/]+$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/SourceKeyword) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/SourceKeyword) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/SourceKeyword) # UpdateAssessmentFrameworkControlSet A `controlSet` entity that represents a collection of controls in AWS Audit Manager. This doesn't contain the control set ID. ## Contents ** controls ** The list of controls that are contained within the control set. Type: Array of [CreateAssessmentFrameworkControl](API_CreateAssessmentFrameworkControl.md) objects Array Members: Minimum number of 1 item. Required: Yes ** name ** The name of the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\\_]*$` Required: Yes ** id ** The unique identifier for the control set. Type: String Length Constraints: Minimum length of 1. Maximum length of 300. Pattern: `^[^\\\_]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/UpdateAssessmentFrameworkControlSet) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/UpdateAssessmentFrameworkControlSet) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/UpdateAssessmentFrameworkControlSet) # URL Short for uniform resource locator. A URL is used as a unique identifier to locate a resource on the internet. ## Contents ** hyperlinkName ** The name or word that's used as a hyperlink to the URL. Type: String Length Constraints: Minimum length of 1. Maximum length of 200. Pattern: `^[\w\W\s\S]*$` Required: No ** link ** The unique identifier for the internet resource. Type: String Length Constraints: Minimum length of 1. Maximum length of 8192. Pattern: `^(https?:\/\/)?(www\.)?[a-zA-Z0-9-_]+([\.]+[a-zA-Z]+)+[\/\w]*$` Required: No ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/URL) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/URL) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/URL) # ValidationExceptionField Indicates that the request has invalid or missing parameters for the field. ## Contents ** message ** The body of the error message. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: Yes ** name ** The name of the validation error. Type: String Length Constraints: Minimum length of 0. Maximum length of 2048. Pattern: `.*` Required: Yes ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/auditmanager-2017-07-25/ValidationExceptionField) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/auditmanager-2017-07-25/ValidationExceptionField) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/auditmanager-2017-07-25/ValidationExceptionField)