AWS Audit Manager will no longer be open to new customers starting April 30, 2026. If you would like to use Audit Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS Audit Manager availability change](https://docs.aws.amazon.com/audit-manager/latest/userguide/audit-manager-availability-change.html). 

# Supported data source types for automated evidence
<a name="control-data-sources"></a>



When you create a custom control in AWS Audit Manager, you can set up your control to collect automated evidence from the following data source types:
+ AWS CloudTrail 
+ AWS Security Hub CSPM
+ AWS Config
+ AWS API calls 

Each data source type offers distinct capabilities for capturing user activity logs, compliance findings, resource configurations, and more. 

In this chapter you can learn about each of these automated data source types, and the specific AWS Security Hub CSPM controls, AWS Config rules, and AWS API calls that are supported by Audit Manager.

## Key points
<a name="controls-automated-data-sources"></a>

The following table provides an overview of each automated data source type.


| Data source type | Description | Evidence collection frequency | To use this data source type... | When this control is active in an assessment... | Related troubleshooting tips | 
| --- | --- | --- | --- | --- | --- | 
|  AWS CloudTrail  |  Tracks a specific user activity.   | Continuous. |  Select from the list of [supported event names](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html).  |  Audit Manager filters your CloudTrail logs based on the keyword that you choose. The results are imported as **User activity** evidence.  | [My assessment isn’t collecting user activity evidence from AWS CloudTrail](evidence-collection-issues.md#no-evidence-from-cloudtrail) | 
|  AWS Config  |  Captures a snapshot of your resource security posture by reporting findings from AWS Config.  | Based on the triggers defined in the AWS Config rule. |  Choose a rule type, then select a rule. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources.html)  | Audit Manager gets the findings for this rule directly from AWS Config. The result is imported as Compliance check evidence. |  [My assessment isn’t collecting compliance check evidence from AWS Config](evidence-collection-issues.md#no-evidence-from-config) [AWS Config integration issues](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-issues.html#config-rule-integration.title)  | 
|  AWS Security Hub CSPM  |  Captures a snapshot of your resource security posture by reporting findings from Security Hub CSPM.  | Based on the schedule of the Security Hub CSPM check. |  Select from the list of [supported Security Hub CSPM control IDs](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html).  |  Audit Manager gets the result of the security check directly from Security Hub CSPM. The result is imported as **Compliance check** evidence.  | [My assessment isn’t collecting compliance check evidence from AWS Security Hub CSPM](evidence-collection-issues.md#no-evidence-from-security-hub) | 
| AWS API calls  |  Takes a snapshot of your resource configuration directly through an API call to the specified AWS service.   | Daily, weekly, or monthly. | Select from the list of [supported API calls](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html), then select your preferred frequency. | Audit Manager makes the API call based on the frequency that you specify. The response is imported as Configuration data evidence.  | [My assessment isn’t collecting configuration data evidence for an AWS API call](evidence-collection-issues.md#no-evidence-from-aws-api-calls) | 

**Tip**  
You can create custom controls that collect evidence using predefined groupings of the above data sources. These data source groupings are known as [AWS managed sources](https://docs.aws.amazon.com/audit-manager/latest/userguide/concepts.html#aws-managed-source). Each AWS managed source represents a common control or a core control that aligns with a common compliance requirement. This gives you an efficient way to map your compliance requirements to a relevant group of AWS data sources. To see the available common controls, see [Finding the available controls in AWS Audit Manager](access-available-controls.md).  
Alternatively, you can use the four data source types above to define your own custom data sources. This gives you the flexibility to upload manual evidence, or collect automated evidence from a business-specific resource such as a custom AWS Config rule.

## Next steps
<a name="controls-automated-data-sources-next-steps"></a>

To learn more about the specific data sources that you can use in your custom controls, see the following pages.
+ [AWS Config Rules supported by AWS Audit Manager](control-data-sources-config.md)
+ [AWS Security Hub CSPM controls supported by AWS Audit Manager](control-data-sources-ash.md)
+ [AWS API calls supported by AWS Audit Manager](control-data-sources-api.md)
+ [AWS CloudTrail event names supported by AWS Audit Manager](control-data-sources-cloudtrail.md)

# AWS Config Rules supported by AWS Audit Manager
<a name="control-data-sources-config"></a>



You can use Audit Manager to capture AWS Config evaluations as evidence for audits. When you create or edit a custom control, you can specify one or more AWS Config rules as a data source mapping for evidence collection. AWS Config performs compliance checks based on these rules, and Audit Manager reports the results as compliance check evidence.

In addition to managed rules, you can also map your custom rules to a control data source. 

**Contents**
+ [

## Key points
](#aws-config-key-points)
+ [

## Supported AWS Config managed rules
](#aws-config-managed-rules)
+ [

## Using AWS Config custom rules with Audit Manager
](#aws-config-custom-rules)
+ [

## Additional resources
](#aws-config-rules-troubleshoot)

## Key points
<a name="aws-config-key-points"></a>
+ Audit Manager doesn’t collect evidence from [service-linked AWS Config rules](https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html), with the exception of service-linked rules from Conformance Packs and from AWS Organizations. 
+ Audit Manager doesn't manage AWS Config rules for you. Before you start evidence collection, we recommend that you review your current AWS Config rule parameters. Then, validate those parameters against the requirements of your chosen framework. If needed, you can [update a rule's parameters in AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html) so that it aligns with framework requirements. This will help to ensure that your assessments collect the correct compliance check evidence for that framework. 

  For example, suppose that you’re creating an assessment for CIS v1.2.0. This framework has a control named [Ensure IAM password policy requires a minimum length of 14 or greater](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-15). In AWS Config, the [iam-password-policy](https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html) rule has a `MinimumPasswordLength` parameter that checks password length. The default value for this parameter is 14 characters. As a result, the rule aligns with the control requirements. If you aren’t using the default parameter value, ensure that the value you’re using is equal to or greater than the 14 character requirement from CIS v1.2.0. You can find the default parameter details for each managed rule in the [AWS Config documentation](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html).
+ If you need to verify if an AWS Config rule is a managed rule or a custom rule, you can do this using the [AWS Config console](https://console.aws.amazon.com/config/). From the left navigation menu, choose **Rules** and look for the rule in the table. If it's a managed rule, the **Type** column shows **AWS managed**.  
![\[A managed rule as shown in the AWS Config console.\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/images/rules-managed-console.png)

## Supported AWS Config managed rules
<a name="aws-config-managed-rules"></a>

The following AWS Config managed rules are supported by Audit Manager. You can use any of the following managed rule identifier keywords when you set up a data source for a custom control. For more information about any of the managed rules listed below, choose an item from the list or see [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) in the *AWS Config User Guide*.

**Tip**  
When you choose a managed rule in the Audit Manager console during custom control creation, make sure that you look for one of the following rule identifier keywords, and not the rule name. For information about the difference between the rule name and rule identifier, and how to find the identifier for a managed rule, see the [Troubleshooting](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-issues.html#managed-rule-missing) section of this user guide.


| Supported AWS Config managed rule keywords | 
| --- | 
|  [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html)  | 

## Using AWS Config custom rules with Audit Manager
<a name="aws-config-custom-rules"></a>

You can use AWS Config custom rules as a data source for audit reporting. When a control has a data source that's mapped to an AWS Config rule, Audit Manager adds the evaluation that was created by the AWS Config rule.

The custom rules that you can use depend on the AWS account that you sign in to Audit Manager with. If you can access a custom rule in AWS Config, you can use it as a data source mapping in Audit Manager.
+ **For individual AWS accounts** – You can use any of the custom rules that you created with your account.
+ **For accounts that are part of an organization** – Either, you can use any of your member-level custom rules. Or, you can use any of the organization-level custom rules that are available to you in AWS Config.

After you map your custom rules as a data source for a control, you can add that control to a custom framework in Audit Manager.

## Additional resources
<a name="aws-config-rules-troubleshoot"></a>
+ To find help with issues for this data source type, see [My assessment isn’t collecting compliance check evidence from AWS Config](evidence-collection-issues.md#no-evidence-from-config) and [AWS Config integration issues](https://docs.aws.amazon.com/audit-manager/latest/userguide/control-issues.html#config-rule-integration.title).
+ To create a custom control using this data source type, see [Creating a custom control in AWS Audit Manager](create-controls.md). 
+ To create a custom framework that uses your custom control, see [Creating a custom framework in AWS Audit Manager](custom-frameworks.md). 
+ To add your custom control to an existing custom framework, see [Editing a custom framework in AWS Audit Manager](edit-custom-frameworks.md).
+ To create a custom rule in AWS Config, see [Developing a custom rule for AWS Config](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html) in the *AWS Config Developer Guide*.

# AWS Security Hub CSPM controls supported by AWS Audit Manager
<a name="control-data-sources-ash"></a>



You can use Audit Manager to capture Security Hub CSPM findings as evidence for audits. When you create or edit a custom control, you can specify one or more Security Hub CSPM controls as a data source mapping for evidence collection. Security Hub CSPM performs compliance checks based on these controls, and Audit Manager reports the results as compliance check evidence.

**Contents**
+ [

## Key points
](#using-security-hub-controls)
+ [

## Supported Security Hub CSPM controls
](#security-hub-controls-for-custom-control-data-sources)
+ [

## Additional resources
](#using-security-hub-controls-additional-resources)

## Key points
<a name="using-security-hub-controls"></a>
+ Audit Manager doesn’t collect evidence from [service-linked AWS Config rules that are created by Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-awsconfigrules.html). 
+ On November 9, 2022, Security Hub CSPM launched automated security checks aligned to the Center for Internet Security’s (CIS) AWS Foundations Benchmark version 1.4.0 requirements, Level 1 and 2 (CIS v1.4.0). In Security Hub CSPM, the [CIS v1.4.0 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls-1.4.0.html) is supported in addition to the [CIS v1.2.0 standard](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cis-controls.html). 
+ We recommend that you turn on the [consolidated control findings](https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#consolidated-control-findings) setting in Security Hub CSPM if it's not turned on already. If you enable Security Hub CSPM on or after February 23, 2023, this setting is turned *on* by default. 

  When consolidated findings is enabled, Security Hub CSPM produces a single finding for each security check (even when the same check applies to multiple standards). Each Security Hub CSPM finding is collected as one unique resource assessment in Audit Manager. As a result, consolidated findings results in a decrease of the total unique resource assessments that Audit Manager performs for Security Hub CSPM findings. For this reason, using consolidated findings can often result in a reduction in your Audit Manager usages costs, without sacrificing evidence quality and availability. For more information about pricing, see [AWS Audit Manager Pricing](https://aws.amazon.com/audit-manager/pricing/).

 

### Examples of evidence when consolidated findings is turned on or off
<a name="collapsible-section-1"></a>

The following examples show a comparison of how Audit Manager collects and presents evidence depending on your Security Hub CSPM settings.

------
#### [ When consolidated findings is turned on  ]

Let's say that you have enabled the following three security standards in Security Hub CSPM: AWS FSBP, PCI DSS, and CIS Benchmark v1.2.0. 
+ All three of these standards use the same control ([IAM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-4)) with the same underlying AWS Config rule ([iam-root-access-key-check](https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html)).
+ Because the consolidated findings setting is **turned on**, Security Hub CSPM generates one single finding for this control.
+ Security Hub CSPM sends the consolidated finding to Audit Manager for this control.
+ The consolidated finding counts as one unique resource assessment in Audit Manager. As a result, one single piece of evidence is added to your assessment.

Here's an example of how that evidence might look:

```
{
    "SchemaVersion": "2018-10-08",
    "Id": "arn:aws:securityhub:us-west-2:111122223333:security-control/IAM.4/finding/09876543-p0o9-i8u7-y6t5-098765432109",
    "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/securityhub",
    "ProductName": "Security Hub",
    "CompanyName": "AWS",
    "Region": "us-west-2",
    "GeneratorId": "security-control/IAM.4",
    "AwsAccountId": "111122223333",
    "Types": [
        "Software and Configuration Checks/Industry and Regulatory Standards"
    ],
    "FirstObservedAt": "2023-10-25T11:32:24.861Z",
    "LastObservedAt": "2023-11-02T11:59:19.546Z",
    "CreatedAt": "2023-10-25T11:32:24.861Z",
    "UpdatedAt": "2023-11-02T11:59:15.127Z",
    "Severity": {
        "Label": "INFORMATIONAL",
        "Normalized": 0,
        "Original": "INFORMATIONAL"
    },
    "Title": "IAM root user access key should not exist",
    "Description": "This AWS control checks whether the root user access key is available.",
    "Remediation": {
        "Recommendation": {
            "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
            "Url": "https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation"
        }
    },
    "ProductFields": {
        "RelatedAWSResources:0/name": "securityhub-iam-root-access-key-check-000270f5",
        "RelatedAWSResources:0/type": "AWS::Config::ConfigRule",
        "aws/securityhub/ProductName": "Security Hub",
        "aws/securityhub/CompanyName": "AWS",
        "Resources:0/Id": "arn:aws:iam::111122223333:root",
        "aws/securityhub/FindingId": "arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:security-control/IAM.4/finding/09876543-p0o9-i8u7-y6t5-098765432109"
    },
    "Resources": [{
        "Type": "AwsAccount",
        "Id": "AWS::::Account:111122223333",
        "Partition": "aws",
        "Region": "us-west-2"
    }],
    "Compliance": {
        "Status": "PASSED",
        "RelatedRequirements": [
            "CIS AWS Foundations Benchmark v1.2.0/1.12"
        ],
        "SecurityControlId": "IAM.4",
        "AssociatedStandards": [{
                "StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0"
            },
            {
                "StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"
            }
        ]
    },
    "WorkflowState": "NEW",
    "Workflow": {
        "Status": "RESOLVED"
    },
    "RecordState": "ACTIVE",
    "FindingProviderFields": {
        "Severity": {
            "Label": "INFORMATIONAL",
            "Original": "INFORMATIONAL"
        },
        "Types": [
            "Software and Configuration Checks/Industry and Regulatory Standards"
        ]
    },
    "ProcessedAt": "2023-11-02T11:59:20.980Z"
}
```

------
#### [ When consolidated findings is turned off ]

Let's say that you have enabled the following three security standards in Security Hub CSPM: AWS FSBP, PCI DSS, and CIS Benchmark v1.2.0. 
+ All three of these standards use the same control ([IAM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-4)) with the same underlying AWS Config rule ([iam-root-access-key-check](https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html)).
+ Because the consolidated findings setting is **turned off**, Security Hub CSPM generates a separate finding per security check for each enabled standard (in this case, three findings).
+ Security Hub CSPM sends three separate standard-specific findings to Audit Manager for this control.
+ The three findings count as three unique resource assessments in Audit Manager. As a result, three separate pieces of evidence are added to your assessment.

Here's an example of how that evidence might look. Note that in this example, each of the following three payloads has the same security control ID (*`SecurityControlId":"IAM.4"`*). For this reason, the assessment control that collects this evidence in Audit Manager (IAM.4) receives three separate pieces of evidence when the following findings come in from Security Hub CSPM.

**Evidence for IAM.4 (FSBP)**

```
{
  "version":"0",
  "id":"12345678-1q2w-3e4r-5t6y-123456789012",
  "detail-type":"Security Hub Findings - Imported",
  "source":"aws.securityhub",
  "account":"111122223333",
  "time":"2023-10-27T18:55:59Z",
  "region":"us-west-2",
  "resources":[
     "arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0/Lambda.1/finding/b5e68d5d-43c3-46c8-902d-51cb0d4da568"
  ],
  "detail":{
     "findings":[
        {
           "SchemaVersion":"2018-10-08",
           "Id":"arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.4/finding/8e2e05a2-4d50-4c2e-a78f-3cbe9402d17d",
           "ProductArn":"arn:aws:securityhub:us-west-2::product/aws/securityhub",
           "ProductName":"Security Hub",
           "CompanyName":"AWS",
           "Region":"us-west-2",
           "GeneratorId":"aws-foundational-security-best-practices/v/1.0.0/IAM.4",
           "AwsAccountId":"111122223333",
           "Types":[
              "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"
           ],
           "FirstObservedAt":"2020-10-05T19:18:47.848Z",
           "LastObservedAt":"2023-11-01T14:12:04.106Z",
           "CreatedAt":"2020-10-05T19:18:47.848Z",
           "UpdatedAt":"2023-11-01T14:11:53.720Z",
           "Severity":{
              "Product":0,
              "Label":"INFORMATIONAL",
              "Normalized":0,
              "Original":"INFORMATIONAL"
           },
           "Title":"IAM.4 IAM root user access key should not exist",
           "Description":"This AWS control checks whether the root user access key is available.",
           "Remediation":{
              "Recommendation":{
                 "Text":"For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
                 "Url":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation"
              }
           },
           "ProductFields":{
              "StandardsArn":"arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0",
              "StandardsSubscriptionArn":"arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0",
              "ControlId":"IAM.4",
              "RecommendationUrl":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation",
              "RelatedAWSResources:0/name":"securityhub-iam-root-access-key-check-67cbb1c4",
              "RelatedAWSResources:0/type":"AWS::Config::ConfigRule",
              "StandardsControlArn":"arn:aws:securityhub:us-west-2:111122223333:control/aws-foundational-security-best-practices/v/1.0.0/IAM.4",
              "aws/securityhub/ProductName":"Security Hub",
              "aws/securityhub/CompanyName":"AWS",
              "Resources:0/Id":"arn:aws:iam::111122223333:root",
              "aws/securityhub/FindingId":"arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0/IAM.4/finding/8e2e05a2-4d50-4c2e-a78f-3cbe9402d17d"
           },
           "Resources":[
              {
                 "Type":"AwsAccount",
                 "Id":"AWS::::Account:111122223333",
                 "Partition":"aws",
                 "Region":"us-west-2"
              }
           ],
           "Compliance":{
              "Status":"PASSED",
              "SecurityControlId":"IAM.4",
              "AssociatedStandards":[
                 {
                    "StandardsId":"standards/aws-foundational-security-best-practices/v/1.0.0"
                 }
              ]
           },
           "WorkflowState":"NEW",
           "Workflow":{
              "Status":"RESOLVED"
           },
           "RecordState":"ACTIVE",
           "FindingProviderFields":{
              "Severity":{
                 "Label":"INFORMATIONAL",
                 "Original":"INFORMATIONAL"
              },
              "Types":[
                 "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"
              ]
           },
           "ProcessedAt":"2023-11-01T14:12:07.395Z"
        }
     ]
  }
}
```

**Evidence for IAM.4 (CIS 1.2)**

```
{
  "version":"0",
  "id":"12345678-1q2w-3e4r-5t6y-123456789012",
  "detail-type":"Security Hub Findings - Imported",
  "source":"aws.securityhub",
  "account":"111122223333",
  "time":"2023-10-27T18:55:59Z",
  "region":"us-west-2",
  "resources":[
     "arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0/Lambda.1/finding/1dd8f2f8-cf1b-47c9-a875-8d7387fc9c23"
  ],
  "detail":{
     "findings":[
        {
           "SchemaVersion":"2018-10-08",
           "Id":"arn:aws:securityhub:us-west-2:111122223333:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.12/finding/1dd8f2f8-cf1b-47c9-a875-8d7387fc9c23",
           "ProductArn":"arn:aws:securityhub:us-west-2::product/aws/securityhub",
           "ProductName":"Security Hub",
           "CompanyName":"AWS",
           "Region":"us-west-2",
           "GeneratorId":"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.12",
           "AwsAccountId":"111122223333",
           "Types":[
              "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
           ],
           "FirstObservedAt":"2020-10-05T19:18:47.775Z",
           "LastObservedAt":"2023-11-01T14:12:07.989Z",
           "CreatedAt":"2020-10-05T19:18:47.775Z",
           "UpdatedAt":"2023-11-01T14:11:53.720Z",
           "Severity":{
              "Product":0,
              "Label":"INFORMATIONAL",
              "Normalized":0,
              "Original":"INFORMATIONAL"
           },
           "Title":"1.12 Ensure no root user access key exists",
           "Description":"The root user is the most privileged user in an AWS account. AWS Access Keys provide programmatic access to a given AWS account. It is recommended that all access keys associated with the root user be removed.",
           "Remediation":{
              "Recommendation":{
                 "Text":"For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
                 "Url":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation"
              }
           },
           "ProductFields":{
              "StandardsGuideArn":"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0",
              "StandardsGuideSubscriptionArn":"arn:aws:securityhub:us-west-2:111122223333:subscription/cis-aws-foundations-benchmark/v/1.2.0",
              "RuleId":"1.12",
              "RecommendationUrl":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation",
              "RelatedAWSResources:0/name":"securityhub-iam-root-access-key-check-67cbb1c4",
              "RelatedAWSResources:0/type":"AWS::Config::ConfigRule",
              "StandardsControlArn":"arn:aws:securityhub:us-west-2:111122223333:control/cis-aws-foundations-benchmark/v/1.2.0/1.12",
              "aws/securityhub/ProductName":"Security Hub",
              "aws/securityhub/CompanyName":"AWS",
              "Resources:0/Id":"arn:aws:iam::111122223333:root",
              "aws/securityhub/FindingId":"arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/cis-aws-foundations-benchmark/v/1.2.0/1.12/finding/1dd8f2f8-cf1b-47c9-a875-8d7387fc9c23"
           },
           "Resources":[
              {
                 "Type":"AwsAccount",
                 "Id":"AWS::::Account:111122223333",
                 "Partition":"aws",
                 "Region":"us-west-2"
              }
           ],
           "Compliance":{
              "Status":"PASSED",
              "SecurityControlId":"IAM.4",
              "AssociatedStandards":[
                 {
                    "StandardsId":"ruleset/cis-aws-foundations-benchmark/v/1.2.0"
                 }
              ]
           },
           "WorkflowState":"NEW",
           "Workflow":{
              "Status":"RESOLVED"
           },
           "RecordState":"ACTIVE",
           "FindingProviderFields":{
              "Severity":{
                 "Label":"INFORMATIONAL",
                 "Original":"INFORMATIONAL"
              },
              "Types":[
                 "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark"
              ]
           },
           "ProcessedAt":"2023-11-01T14:12:13.436Z"
        }
     ]
  }
}
```

**Evidence for PCI.IAM.1 (PCI DSS)**

```
{
  "version":"0",
  "id":"12345678-1q2w-3e4r-5t6y-123456789012",
  "detail-type":"Security Hub Findings - Imported",
  "source":"aws.securityhub",
  "account":"111122223333",
  "time":"2023-10-27T18:55:59Z",
  "region":"us-west-2",
  "resources":[
     "arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/aws-foundational-security-best-practices/v/1.0.0/Lambda.1/finding/1dd8f2f8-cf1b-47c9-a875-8d7387fc9c23"
  ],
  "detail":{
     "findings":[
        {
           "SchemaVersion":"2018-10-08",
           "Id":"arn:aws:securityhub:us-west-2:111122223333:subscription/pci-dss/v/3.2.1/PCI.IAM.1/finding/3c75f651-6e2e-44f4-8e22-297d5c2d0c8b",
           "ProductArn":"arn:aws:securityhub:us-west-2::product/aws/securityhub",
           "ProductName":"Security Hub",
           "CompanyName":"AWS",
           "Region":"us-west-2",
           "GeneratorId":"pci-dss/v/3.2.1/PCI.IAM.1",
           "AwsAccountId":"111122223333",
           "Types":[
              "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
           ],
           "FirstObservedAt":"2020-10-05T19:18:47.788Z",
           "LastObservedAt":"2023-11-01T14:12:02.413Z",
           "CreatedAt":"2020-10-05T19:18:47.788Z",
           "UpdatedAt":"2023-11-01T14:11:53.720Z",
           "Severity":{
              "Product":0,
              "Label":"INFORMATIONAL",
              "Normalized":0,
              "Original":"INFORMATIONAL"
           },
           "Title":"PCI.IAM.1 IAM root user access key should not exist",
           "Description":"This AWS control checks whether the root user access key is available.",
           "Remediation":{
              "Recommendation":{
                 "Text":"For information on how to correct this issue, consult the AWS Security Hub controls documentation.",
                 "Url":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation"
              }
           },
           "ProductFields":{
              "StandardsArn":"arn:aws:securityhub:::standards/pci-dss/v/3.2.1",
              "StandardsSubscriptionArn":"arn:aws:securityhub:us-west-2:111122223333:subscription/pci-dss/v/3.2.1",
              "ControlId":"PCI.IAM.1",
              "RecommendationUrl":"https://docs.aws.amazon.com/console/securityhub/IAM.4/remediation",
              "RelatedAWSResources:0/name":"securityhub-iam-root-access-key-check-67cbb1c4",
              "RelatedAWSResources:0/type":"AWS::Config::ConfigRule",
              "StandardsControlArn":"arn:aws:securityhub:us-west-2:111122223333:control/pci-dss/v/3.2.1/PCI.IAM.1",
              "aws/securityhub/ProductName":"Security Hub",
              "aws/securityhub/CompanyName":"AWS",
              "Resources:0/Id":"arn:aws:iam::111122223333:root",
              "aws/securityhub/FindingId":"arn:aws:securityhub:us-west-2::product/aws/securityhub/arn:aws:securityhub:us-west-2:111122223333:subscription/pci-dss/v/3.2.1/PCI.IAM.1/finding/3c75f651-6e2e-44f4-8e22-297d5c2d0c8b"
           },
           "Resources":[
              {
                 "Type":"AwsAccount",
                 "Id":"AWS::::Account:111122223333",
                 "Partition":"aws",
                 "Region":"us-west-2"
              }
           ],
           "Compliance":{
              "Status":"PASSED",
              "RelatedRequirements":[
                 "PCI DSS 2.1",
                 "PCI DSS 2.2",
                 "PCI DSS 7.2.1"
              ],
              "SecurityControlId":"IAM.4",
              "AssociatedStandards":[
                 {
                    "StandardsId":"standards/pci-dss/v/3.2.1"
                 }
              ]
           },
           "WorkflowState":"NEW",
           "Workflow":{
              "Status":"RESOLVED"
           },
           "RecordState":"ACTIVE",
           "FindingProviderFields":{
              "Severity":{
                 "Label":"INFORMATIONAL",
                 "Original":"INFORMATIONAL"
              },
              "Types":[
                 "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS"
              ]
           },
           "ProcessedAt":"2023-11-01T14:12:05.950Z"
        }
     ]
  }
}
```

------

## Supported Security Hub CSPM controls
<a name="security-hub-controls-for-custom-control-data-sources"></a>

The following Security Hub CSPM controls are currently supported by Audit Manager. You can use any of the following standard-specific control ID keywords when you set up a data source for a custom control. 


| Security standard | Supported keyword in Audit Manager (standard control ID in Security Hub CSPM) | Related control documentation (corresponding security control ID in Security Hub CSPM) | 
| --- | --- | --- | 
| CIS v1.2.0 | 1.2 |  [IAM.5](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-5)  | 
| CIS v1.2.0 | 1.3 |  [IAM.8](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-8)  | 
| CIS v1.2.0 | 1.4 |  [IAM.3](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-3)  | 
| CIS v1.2.0 | 1.5 |  [IAM.11](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-11)  | 
| CIS v1.2.0 | 1.6  |  [IAM.12](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-12)  | 
| CIS v1.2.0 | 1.7  |  [IAM.13](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-13)  | 
| CIS v1.2.0 | 1.8  |  [IAM.14](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-14)  | 
| CIS v1.2.0 | 1.9  |  [IAM.15](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-15)  | 
| CIS v1.2.0 | 1.10 |  [IAM.16](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-16)  | 
| CIS v1.2.0 | 1.11 |  [IAM.17](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-17)  | 
| CIS v1.2.0 | 1.12 |  [IAM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-4)  | 
| CIS v1.2.0 |  1.13  |  [IAM.9](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-9)  | 
| CIS v1.2.0 |  1.14   |  [IAM.6](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-6)  | 
| CIS v1.2.0 |  1.16  |  [IAM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-2)  | 
| CIS v1.2.0 |  1.20  |  [IAM.18](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-18)  | 
| CIS v1.2.0 |  1.22   |  [IAM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-1)  | 
| CIS v1.2.0 |  2.1   |  [CloudTrail.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-1)  | 
| CIS v1.2.0 |  2.2   |  [CloudTrail.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-4)  | 
| CIS v1.2.0 |  2.3  |  [CloudTrail.6](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-6)  | 
| CIS v1.2.0 |  2.4   |  [CloudTrail.5](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-5)  | 
| CIS v1.2.0 |  2.5   |  [Config.1](https://docs.aws.amazon.com/securityhub/latest/userguide/config-controls.html#config-1)  | 
| CIS v1.2.0 |  2.6   |  [CloudTrail.7](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-7)  | 
| CIS v1.2.0 |  2.7   |  [CloudTrail.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-2)  | 
| CIS v1.2.0 |  2.8  |  [KMS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-4)  | 
| CIS v1.2.0 |  2.9  |  [EC2.6](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-6)  | 
| CIS v1.2.0 |  3.1   |  [CloudWatch.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-2)  | 
| CIS v1.2.0 |  3.2   |  [CloudWatch.3](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-3)  | 
| CIS v1.2.0 |  3.3  |  [CloudWatch.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-1)  | 
| CIS v1.2.0 |  3.4  |  [CloudWatch.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-4)  | 
| CIS v1.2.0 |  3.5  |  [CloudWatch.5](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-5)  | 
| CIS v1.2.0 |  3.6  |  [CloudWatch.6](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-6)  | 
| CIS v1.2.0 |  3.7   |  [CloudWatch.7](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-7)  | 
| CIS v1.2.0 |  3.8  |  [CloudWatch.8](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-8)  | 
| CIS v1.2.0 |  3.9  |  [CloudWatch.9](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-9)  | 
| CIS v1.2.0 |  3.10  |  [CloudWatch.10](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-10)  | 
| CIS v1.2.0 |  3.11   |  [CloudWatch.11](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-11)  | 
| CIS v1.2.0 |  3.12  |  [CloudWatch.12](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-12)  | 
| CIS v1.2.0 |  3.13   |  [CloudWatch.13](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-13)  | 
| CIS v1.2.0 |  3.14   |  [CloudWatch.14](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-14)  | 
| CIS v1.2.0 |  4.1  |  [EC2.13](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-13)  | 
| CIS v1.2.0 |  4.2  |  [EC2.14](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-14)  | 
| CIS v1.2.0 |  4.3   |  [EC2.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2)  | 
| PCI DSS |  PCI.AutoScaling.1   |  [AutoScaling.1](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-1)  | 
| PCI DSS |  PCI.CloudTrail.1   |  [CloudTrail.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-1)  | 
| PCI DSS |  PCI.CloudTrail.2   |  [CloudTrail.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-2)  | 
| PCI DSS |  PCI.CloudTrail.3   |  [CloudTrail.3](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-3)  | 
| PCI DSS  |  PCI.CloudTrail.4   |  [CloudTrail.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-4)  | 
| PCI DSS |  PCI.CodeBuild.1   |  [CodeBuild.1](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-1)  | 
| PCI DSS |  PCI.CodeBuild.2   |  [CodeBuild.2](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-2)  | 
| PCI DSS |  PCI.Config.1   |  [Config.1](https://docs.aws.amazon.com/securityhub/latest/userguide/config-controls.html#config-1)  | 
| PCI DSS  |  PCI.CW.1   |  [CloudWatch.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-1)  | 
| PCI DSS  |  PCI.DMS.1  |  [DMS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-1)  | 
| PCI DSS  |  PCI.EC2.1  |  [EC2.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-1)  | 
| PCI DSS |  PCI.EC2.2   |  [EC2.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2)  | 
| PCI DSS  |  PCI.EC2.3   |  [EC2.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-3)  | 
| PCI DSS |  PCI.EC2.4   |  [EC2.12](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-12)  | 
| PCI DSS  |  PCI.EC2.5   |  [EC2.13](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-13)  | 
| PCI DSS  |  PCI.EC2.6   |  [EC2.6](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-6)  | 
| PCI DSS |  PCI.ELBv2.1  |  [ELB.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-1)  | 
| PCI DSS  |  PCI.ES.1   |  [ ES.1](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-1)  | 
| PCI DSS  |  PCI.ES.2   |  [ ES.2](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-2)  | 
| PCI DSS  |  PCI.GuardDuty.1   |  [GuardDuty.1](https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-1)  | 
| PCI DSS  |  PCI.IAM.1   |  [IAM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-1)  | 
| PCI DSS  |  PCI.IAM.2   |  [IAM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-2)  | 
| PCI DSS  |  PCI.IAM.3   |  [IAM.3](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-3)  | 
| PCI DSS  |  PCI.IAM.4   |  [IAM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-4)  | 
| PCI DSS |  PCI.IAM.5   |  [IAM.9](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-9)  | 
| PCI DSS  |  PCI.IAM.6   |  [IAM.6](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-6)  | 
| PCI DSS  |   PCI.IAM.7  |   [PCI.IAM.7](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-7)  | 
| PCI DSS  |  PCI.IAM.8   |  [PCI.IAM8.](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-8)  | 
| PCI DSS  |  PCI.KMS.1   |  [PCI.KMS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-4)  | 
| PCI DSS |  PCI.Lambda.1  |  [Lambda.1](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-1)  | 
| PCI DSS |  PCI.Lambda.2   |  [Lambda.3](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-3)  | 
| PCI DSS |  PCI.Opensearch.1  |  [Opensearch.1](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-1)  | 
| PCI DSS  |  PCI.Opensearch.2   |  [Opensearch.2](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-2)  | 
| PCI DSS |  PCI.RDS.1  |  [RDS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-1)  | 
| PCI DSS  |  PCI.RDS.2   |  [RDS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-2)  | 
| PCI DSS  |  PCI.Redshift.1   |  [Redshift.1](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-1)  | 
| PCI DSS |  PCI.S3.1  |  [S3.1](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-1)  | 
| PCI DSS  |  PCI.S3.2  |  [S3.2](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2)  | 
| PCI DSS  |  PCI.S3.3   |  [S3.3](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3)  | 
| PCI DSS  |  PCI.S3.4   |  [S3.4](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-4)  | 
| PCI DSS  |  PCI.S3.5   |  [S3.5](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-5)  | 
| PCI DSS  |  PCI.S3.6   |  [S3.1](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-1)  | 
| PCI DSS  |  PCI.SageMaker.1   |  [SageMaker.1](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-1)  | 
| PCI DSS  |  PCI.SSM.1  |  [SSM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-1)  | 
| PCI DSS  |  PCI.SSM.2   |  [SSM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-2)  | 
| PCI DSS |  PCI.SSM.3  |  [SSM.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-3)  | 
| AWS Foundational Security Best Practices  |  Account.1  |  [Account.1](https://docs.aws.amazon.com/securityhub/latest/userguide/account-controls.html#account-1)  | 
| AWS Foundational Security Best Practices  |  Account.2  | [Account.2](https://docs.aws.amazon.com/securityhub/latest/userguide/account-controls.html#account-2) | 
| AWS Foundational Security Best Practices  |  ACM.1  |  [ACM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/acm-controls.html#acm-1)  | 
| AWS Foundational Security Best Practices  |  ACM.2  |  [ACM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/acm-controls.html#acm-2)  | 
| AWS Foundational Security Best Practices  |  APIGateway.1  |  [APIGateway.1](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-1)  | 
| AWS Foundational Security Best Practices  |  APIGateway.2  |  [APIGateway.2](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-2)  | 
| AWS Foundational Security Best Practices  |  APIGateway.3  |  [APIGateway.3](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-3)  | 
| AWS Foundational Security Best Practices  |  APIGateway.4  |  [APIGateway.4](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-4)  | 
| AWS Foundational Security Best Practices  |  APIGateway.5  |  [APIGateway.5](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-5)  | 
| AWS Foundational Security Best Practices  |  APIGateway.8  |  [APIGateway.8](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-8)  | 
| AWS Foundational Security Best Practices  |  APIGateway.9  |  [APIGateway.9](https://docs.aws.amazon.com/securityhub/latest/userguide/apigateway-controls.html#apigateway-9)  | 
| AWS Foundational Security Best Practices  |  AppSync.2  |  [AppSync.2](https://docs.aws.amazon.com/securityhub/latest/userguide/appsync-controls.html#appsync-2)  | 
| AWS Foundational Security Best Practices  |  AppSync.5  | [AppSync.5](https://docs.aws.amazon.com/securityhub/latest/userguide/appsync-controls.html#appsync-5) | 
| AWS Foundational Security Best Practices  |  Athena.1  | [Athena.1](https://docs.aws.amazon.com/securityhub/latest/userguide/athena-controls.html#athena-1) | 
| AWS Foundational Security Best Practices  |  AutoScaling.1  |  [AutoScaling.1](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-1)  | 
| AWS Foundational Security Best Practices  |  AutoScaling.2  |  [AutoScaling.2](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-2)  | 
| AWS Foundational Security Best Practices  |  AutoScaling.3  |  [AutoScaling.3](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-3)  | 
| AWS Foundational Security Best Practices  |  AutoScaling.4  |  [AutoScaling.4](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-4)  | 
| AWS Foundational Security Best Practices  |  Autoscaling.5  |  [Autoscaling.5](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-5)  | 
| AWS Foundational Security Best Practices  |  AutoScaling.6  |  [AutoScaling.6](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-6)  | 
| AWS Foundational Security Best Practices  |  AutoScaling.9  |  [AutoScaling.9](https://docs.aws.amazon.com/securityhub/latest/userguide/autoscaling-controls.html#autoscaling-9)  | 
| AWS Foundational Security Best Practices  |  Backup.1  |  [Backup.1](https://docs.aws.amazon.com/securityhub/latest/userguide/backup-controls.html#backup-1)  | 
| AWS Foundational Security Best Practices  |  CloudFormation.1  |  [CloudFormation.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudformation-controls.html#cloudformation-1)  | 
| AWS Foundational Security Best Practices  |  CloudFront.1  |  [CloudFront.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-1)  | 
| AWS Foundational Security Best Practices  |  CloudFront.2  |  [CloudFront.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-2)  | 
| AWS Foundational Security Best Practices  |  CloudFront.3  |  [CloudFront.3](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-3)  | 
| AWS Foundational Security Best Practices  |  CloudFront.4  |  [CloudFront.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-4)  | 
| AWS Foundational Security Best Practices  |  CloudFront.5  |  [CloudFront.5](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-5)  | 
| AWS Foundational Security Best Practices  |  CloudFront.6  |  [CloudFront.6](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-6)  | 
| AWS Foundational Security Best Practices  |  CloudFront.7  |  [CloudFront.7](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-7)  | 
| AWS Foundational Security Best Practices  |  CloudFront.8  |  [CloudFront.8](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-8)  | 
| AWS Foundational Security Best Practices  |  CloudFront.9  |  [CloudFront.9](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-9)  | 
| AWS Foundational Security Best Practices  |  CloudFront.10  |  [CloudFront.10](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-10)  | 
| AWS Foundational Security Best Practices  |  CloudFront.12  |  [CloudFront.12](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-12)  | 
| AWS Foundational Security Best Practices  |  CloudFront.13  |  [CloudFront.13](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudfront-controls.html#cloudfront-13)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.1  |  [CloudTrail.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-1)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.2  |  [CloudTrail.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-2)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.3  |  [CloudTrail.3](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-3)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.4  |  [CloudTrail.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-4)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.5  |  [CloudTrail.5](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-5)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.6  |  [CloudTrail.6](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-6)  | 
| AWS Foundational Security Best Practices  |  CloudTrail.7  |  [CloudTrail.7](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudtrail-controls.html#cloudtrail-7)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.1  |  [CloudWatch.1](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-1)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.2  |  [CloudWatch.2](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-2)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.3  |  [CloudWatch.3](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-3)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.4  |  [CloudWatch.4](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-4)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.5  |  [CloudWatch.5](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-5)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.6  |  [CloudWatch.6](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-6)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.7  |  [CloudWatch.7](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-7)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.8  |  [CloudWatch.8](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-8)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.9  |  [CloudWatch.9](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-9)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.10  |  [CloudWatch.10](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-10)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.11  |  [CloudWatch.11](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-11)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.12  |  [CloudWatch.12](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-12)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.13  |  [CloudWatch.13](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-13)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.14  |  [CloudWatch.14](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-14)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.15  |  [CloudWatch.15](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-15)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.16  |  [CloudWatch.16](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-16)  | 
| AWS Foundational Security Best Practices  |  CloudWatch.17  |  [CloudWatch.17](https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html#cloudwatch-17)  | 
| AWS Foundational Security Best Practices  |  CodeBuild.1  |  [CodeBuild.1](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-1)  | 
| AWS Foundational Security Best Practices  |  CodeBuild.2  |  [CodeBuild.2](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-2)  | 
| AWS Foundational Security Best Practices  |  CodeBuild.3  |  [CodeBuild.3](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-3)  | 
| AWS Foundational Security Best Practices  |  CodeBuild.4  |  [CodeBuild.4](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-4)  | 
| AWS Foundational Security Best Practices  |  CodeBuild.5  |  [CodeBuild.5](https://docs.aws.amazon.com/securityhub/latest/userguide/codebuild-controls.html#codebuild-5)  | 
| AWS Foundational Security Best Practices  |  Config.1  |  [Config.1](https://docs.aws.amazon.com/securityhub/latest/userguide/config-controls.html#config-1)  | 
| AWS Foundational Security Best Practices  |  DMS.1  |  [DMS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-1)  | 
| AWS Foundational Security Best Practices  |  DMS.6  |  [DMS.6](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-6)  | 
| AWS Foundational Security Best Practices  |  DMS.7  |  [DMS.7](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-7)  | 
| AWS Foundational Security Best Practices  |  DMS.8  |  [DMS.8](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-8)  | 
| AWS Foundational Security Best Practices  |  DMS.9  |  [DMS.9](https://docs.aws.amazon.com/securityhub/latest/userguide/dms-controls.html#dms-9)  | 
| AWS Foundational Security Best Practices |  DocumentDB.1  |  [DocumentDB.1](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-1)  | 
| AWS Foundational Security Best Practices |  DocumentDB.2  |  [DocumentDB.2](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-2)  | 
| AWS Foundational Security Best Practices |  DocumentDB.3  |  [DocumentDB.3](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-3)  | 
| AWS Foundational Security Best Practices |  DocumentDB.4  |  [DocumentDB.4](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-4)  | 
| AWS Foundational Security Best Practices |  DocumentDB.5  |  [DocumentDB.5](https://docs.aws.amazon.com/securityhub/latest/userguide/documentdb-controls.html#documentdb-5)  | 
| AWS Foundational Security Best Practices  |  DynamoDB.1  |  [DynamoDB.1](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-1)  | 
| AWS Foundational Security Best Practices  |  DynamoDB.2  |  [DynamoDB.2](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-2)  | 
| AWS Foundational Security Best Practices  |  DynamoDB.3  |  [DynamoDB.3](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-3)  | 
| AWS Foundational Security Best Practices |  DynamoDB.4  | [DynamoDB.4](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-4) | 
| AWS Foundational Security Best Practices |  DynamoDB.6  |  [DynamoDB.6](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-6)  | 
| AWS Foundational Security Best Practices  |  EC2.1  |  [EC2.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-1)  | 
| AWS Foundational Security Best Practices  |  EC2.2  |  [EC2.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-2)  | 
| AWS Foundational Security Best Practices  |  EC2.3  |  [EC2.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-3)  | 
| AWS Foundational Security Best Practices  |  EC2.4  |  [EC2.4](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-4)  | 
| AWS Foundational Security Best Practices  |  EC2.6  |  [EC2.6](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-6)  | 
| AWS Foundational Security Best Practices  |  EC2.7  |  [EC2.7](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-7)  | 
| AWS Foundational Security Best Practices  |  EC2.8  |  [EC2.8](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-8)  | 
| AWS Foundational Security Best Practices  |  EC2.9  |  [EC2.9](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-9)  | 
| AWS Foundational Security Best Practices  | EC2.10 | [EC2.10](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-10)  | 
| AWS Foundational Security Best Practices | EC2.12 |  [EC2.12](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-12)  | 
| AWS Foundational Security Best Practices | EC2.13 |  [EC2.13](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-13)  | 
| AWS Foundational Security Best Practices | EC2.14 |  [EC2.14](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-14)  | 
| AWS Foundational Security Best Practices  | EC2.15 |  [EC2.15](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-15)  | 
| AWS Foundational Security Best Practices  |  EC2.16  |  [EC2.16](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-16)  | 
| AWS Foundational Security Best Practices  |  EC2.17  |  [EC2.17](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-17)  | 
| AWS Foundational Security Best Practices  |  EC2.18  |  [EC2.18](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-18)  | 
| AWS Foundational Security Best Practices  |  EC2.19  |  [EC2.19](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-19)  | 
| AWS Foundational Security Best Practices  |  EC2.20  |  [EC2.20](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-20)  | 
| AWS Foundational Security Best Practices  |  EC2.21  |  [EC2.21](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-21)  | 
| AWS Foundational Security Best Practices  |  EC2.22  |  [EC2.22](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-22)  | 
| AWS Foundational Security Best Practices  |  EC2.23  |  [EC2.23](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-23)  | 
| AWS Foundational Security Best Practices  |  EC2.24  |  [EC2.24](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-24)  | 
| AWS Foundational Security Best Practices  |  EC2.25  |  [EC2.25](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-25)  | 
| AWS Foundational Security Best Practices |  EC2.28  |  [EC2.28](https://docs.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-28)  | 
| AWS Foundational Security Best Practices |  EC2.51  |  [EC2.51](https://portal.aws.amazon.com/securityhub/latest/userguide/ec2-controls.html#ec2-51)  | 
| AWS Foundational Security Best Practices  |  ECR.1  |  [ECR.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ecr-controls.html#ecr-1)  | 
| AWS Foundational Security Best Practices  |  ECR.2  |  [ECR.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ecr-controls.html#ecr-2)  | 
| AWS Foundational Security Best Practices  |  ECR.3  |  [ECR.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ecr-controls.html#ecr-3)  | 
| AWS Foundational Security Best Practices  |  ECS.1  |  [ECS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-1)  | 
| AWS Foundational Security Best Practices  |  ECS.2  |  [ECS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-2)  | 
| AWS Foundational Security Best Practices  |  ECS.3  |  [ECS.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-3)  | 
| AWS Foundational Security Best Practices  |  ECS.4  |  [ECS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-4)  | 
| AWS Foundational Security Best Practices  |  ECS.5  |  [ECS.5](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5)  | 
| AWS Foundational Security Best Practices  |  ECS.8  |  [ECS.8](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-8)  | 
| AWS Foundational Security Best Practices  |  ECS.9  | [ECS.9](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-9) | 
| AWS Foundational Security Best Practices  |  ECS.10  |  [ECS.10](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-10)  | 
| AWS Foundational Security Best Practices  |  ECS.12  |  [ECS.12](https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-12)  | 
| AWS Foundational Security Best Practices  |  EFS.1  |  [EFS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-1)  | 
| AWS Foundational Security Best Practices  |  EFS.2  |  [EFS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-2)  | 
| AWS Foundational Security Best Practices  |  EFS.3  |  [EFS.3](https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-3)  | 
| AWS Foundational Security Best Practices  |  EFS.4  |  [EFS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/efs-controls.html#efs-4)  | 
| AWS Foundational Security Best Practices  |  EKS.1  |  [EKS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html#eks-1)  | 
| AWS Foundational Security Best Practices  |  EKS.2  |  [EKS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html#eks-2)  | 
| AWS Foundational Security Best Practices  |  EKS.8  | [EKS.8](https://docs.aws.amazon.com/securityhub/latest/userguide/eks-controls.html#eks-8) | 
| AWS Foundational Security Best Practices  |  ElastiCache.1  | [ElastiCache.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-1) | 
| AWS Foundational Security Best Practices  |  ElastiCache.2  | [ElastiCache.2](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-2) | 
| AWS Foundational Security Best Practices  |  ElastiCache.3  | [ElastiCache.3](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-3) | 
| AWS Foundational Security Best Practices  |  ElastiCache.4  | [ElastiCache.4](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-4) | 
| AWS Foundational Security Best Practices  |  ElastiCache.5  | [ElastiCache.5](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-5) | 
| AWS Foundational Security Best Practices  |  ElastiCache.6  | [ElastiCache.6](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-6) | 
| AWS Foundational Security Best Practices  |  ElastiCache.7  | [ElastiCache.7](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticache-controls.html#elasticache-7) | 
| AWS Foundational Security Best Practices  |  ElasticBeanstalk.1  |  [ElasticBeanstalk.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticbeanstalk-controls.html#elasticbeanstalk-1)  | 
| AWS Foundational Security Best Practices  |  ElasticBeanstalk.2  |  [ElasticBeanstalk.2](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticbeanstalk-controls.html#elasticbeanstalk-2)  | 
| AWS Foundational Security Best Practices  |  ElasticBeanstalk.3  |  [ElasticBeanstalk.3](https://docs.aws.amazon.com/securityhub/latest/userguide/elasticbeanstalk-controls.html#elasticbeanstalk-3)  | 
| AWS Foundational Security Best Practices  |  ELB.1 | [ELB.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-1) | 
| AWS Foundational Security Best Practices  |  ELB.2  |  [ELB.2](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-2)  | 
| AWS Foundational Security Best Practices  |  ELB.3  |  [ELB.3](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-3)  | 
| AWS Foundational Security Best Practices  |  ELB.4  |  [ELB.4](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-4)  | 
| AWS Foundational Security Best Practices  |  ELB.5  |  [ELB.5](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-5)  | 
| AWS Foundational Security Best Practices  |  ELB.6  |  [ELB.6](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-6)  | 
| AWS Foundational Security Best Practices  |  ELB.7  |  [ELB.7](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-7)  | 
| AWS Foundational Security Best Practices  |  ELB.8  |  [ELB.8](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-8)  | 
| AWS Foundational Security Best Practices  |  ELB.9  |  [ELB.9](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-9)  | 
| AWS Foundational Security Best Practices  |  ELB.10  |  [ELB.10](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-10)  | 
| AWS Foundational Security Best Practices  |  ELB.12  |  [ELB.12](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-12)  | 
| AWS Foundational Security Best Practices  |  ELB.13  |  [ELB.13](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-13)  | 
| AWS Foundational Security Best Practices  |  ELB.14  |  [ELB.14](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-14)  | 
| AWS Foundational Security Best Practices  |  ELB.16  | [ELB.16](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-16) | 
| AWS Foundational Security Best Practices  |  ELBv2.1  |  [ELB.1](https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-1)  | 
| AWS Foundational Security Best Practices  |  EMR.1  |  [EMR.1](https://docs.aws.amazon.com/securityhub/latest/userguide/emr-controls.html#emr-1)  | 
| AWS Foundational Security Best Practices  |  EMR.2  | [EMR.2](https://docs.aws.amazon.com/securityhub/latest/userguide/emr-controls.html#emr-2) | 
| AWS Foundational Security Best Practices  |  ES.1  |  [ES.1](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-1)  | 
| AWS Foundational Security Best Practices  |  ES.2  |  [ES.2](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-2)  | 
| AWS Foundational Security Best Practices  |  ES.3  |  [ES.3](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-3)  | 
| AWS Foundational Security Best Practices  |  ES.4  |  [ES.4](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-4)  | 
| AWS Foundational Security Best Practices  |  ES.5  |  [ES.5](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-5)  | 
| AWS Foundational Security Best Practices  |  ES.6  |  [ES.6](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-6)  | 
| AWS Foundational Security Best Practices  |  ES.7  |  [ES.7](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-7)  | 
| AWS Foundational Security Best Practices  |  ES.8  |  [ES.8](https://docs.aws.amazon.com/securityhub/latest/userguide/es-controls.html#es-8)  | 
| AWS Foundational Security Best Practices  |  EventBridge.3  | [EventBridge3.](https://docs.aws.amazon.com/securityhub/latest/userguide/eventbridge-controls.html#eventbridge-3) | 
| AWS Foundational Security Best Practices  |  EventBridge.4  | [EventBridge.4](https://docs.aws.amazon.com/securityhub/latest/userguide/eventbridge-controls.html#eventbridge-4) | 
| AWS Foundational Security Best Practices  |  FSx.1  | [FSx.1](https://docs.aws.amazon.com/securityhub/latest/userguide/fsx-controls.html#fsx-1) | 
| AWS Foundational Security Best Practices  |  GuardDuty.1  |  [GuardDuty.1](https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-1)  | 
| AWS Foundational Security Best Practices  |  IAM.1  |  [IAM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-1)  | 
| AWS Foundational Security Best Practices  |  IAM.2  |  [IAM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-2)  | 
| AWS Foundational Security Best Practices  |  IAM.3  |  [IAM.3](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-3)  | 
| AWS Foundational Security Best Practices  |  IAM.4  |  [IAM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-4)  | 
| AWS Foundational Security Best Practices  |  IAM.5  |  [IAM.5](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-5)  | 
| AWS Foundational Security Best Practices  |  IAM.6  |  [IAM.6](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-6)  | 
| AWS Foundational Security Best Practices  |  IAM.7  |  [IAM.7](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-7)  | 
| AWS Foundational Security Best Practices  |  IAM.8  |  [IAM.8](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-8)  | 
| AWS Foundational Security Best Practices  |  IAM.9  | [IAM.9](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-9) | 
| AWS Foundational Security Best Practices  |  IAM.10  | [IAM.10](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-10) | 
| AWS Foundational Security Best Practices  |  IAM.11  | [IAM.11](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-11) | 
| AWS Foundational Security Best Practices  |  IAM.12  | [IAM.12](https://forums.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-12) | 
| AWS Foundational Security Best Practices  |  IAM.13  | [IAM.13](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-13) | 
| AWS Foundational Security Best Practices  |  IAM.14  | [IAM.14](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-14) | 
| AWS Foundational Security Best Practices |  IAM.15  | [IAM.15](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-15) | 
| AWS Foundational Security Best Practices  |  IAM.16  | [IAM.16](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-16) | 
| AWS Foundational Security Best Practices  |  IAM.17  | [IAM.17](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-17) | 
| AWS Foundational Security Best Practices  |  IAM.18  | [IAM.18](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-18) | 
| AWS Foundational Security Best Practices  |  IAM.19  | [IAM.19](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-19) | 
| AWS Foundational Security Best Practices  |  IAM.21  |  [IAM.21](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-21)  | 
| AWS Foundational Security Best Practices  |  IAM.22  | [IAM.22](https://docs.aws.amazon.com/securityhub/latest/userguide/iam-controls.html#iam-22) | 
| AWS Foundational Security Best Practices  |  Kinesis.1  |  [Kinesis.1](https://docs.aws.amazon.com/securityhub/latest/userguide/kinesis-controls.html#kinesis-1)  | 
| AWS Foundational Security Best Practices  |  KMS.1  |  [KMS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-1)  | 
| AWS Foundational Security Best Practices  |  KMS.2  |  [KMS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-2)  | 
| AWS Foundational Security Best Practices  |  KMS.3  |  [KMS.3](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-3)  | 
| AWS Foundational Security Best Practices  |  KMS.4  | [KMS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/kms-controls.html#kms-4) | 
| AWS Foundational Security Best Practices  |  Lambda.1  |  [Lambda.1](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-1)  | 
| AWS Foundational Security Best Practices  |  Lambda.2  |  [Lambda.2](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-2)  | 
| AWS Foundational Security Best Practices  |  Lambda.3  | [Lambda.3](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-3) | 
| AWS Foundational Security Best Practices  |  Lambda.5  |  [Lambda.5](https://docs.aws.amazon.com/securityhub/latest/userguide/lambda-controls.html#lambda-5)  | 
| AWS Foundational Security Best Practices  |  Macie.1  | [Macie.1](https://docs.aws.amazon.com/securityhub/latest/userguide/macie-controls.html#macie-1) | 
| AWS Foundational Security Best Practices  |  MQ.5  | [MQ.5](https://docs.aws.amazon.com/securityhub/latest/userguide/mq-controls.html#mq-5) | 
| AWS Foundational Security Best Practices  |  MQ.6  | [MQ.6](https://docs.aws.amazon.com/securityhub/latest/userguide/mq-controls.html#mq-6) | 
| AWS Foundational Security Best Practices  |  MSK.1  | [MSK.1](https://docs.aws.amazon.com/securityhub/latest/userguide/msk-controls.html#msk-1) | 
| AWS Foundational Security Best Practices  |  MSK.2  | [MSK.2](https://docs.aws.amazon.com/securityhub/latest/userguide/msk-controls.html#msk-2) | 
| AWS Foundational Security Best Practices  |  Neptune.1  | [Neptune.1](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-1) | 
| AWS Foundational Security Best Practices  |  Neptune.2  | [Neptune.2](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-2) | 
| AWS Foundational Security Best Practices  |  Neptune.3  | [Neptune.3](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-3) | 
| AWS Foundational Security Best Practices  |  Neptune.4  | [Neptune.4](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-4) | 
| AWS Foundational Security Best Practices |  Neptune.5  | [Neptune.5](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-5) | 
| AWS Foundational Security Best Practices  |  Neptune.6  | [Neptune.6](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-6) | 
| AWS Foundational Security Best Practices  |  Neptune.7  | [Neptune.7](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-7) | 
| AWS Foundational Security Best Practices  |  Neptune.8  | [Neptune.8](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-8) | 
| AWS Foundational Security Best Practices  |  Neptune.9  | [Neptune.9](https://docs.aws.amazon.com/securityhub/latest/userguide/neptune-controls.html#neptune-9) | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.1  | [NetworkFirewall.1](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-1) | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.2  | [NetworkFirewall.2](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-2) | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.3  |  [NetworkFirewall.3](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-3)  | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.4  |  [NetworkFirewall.4](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-4)  | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.5  |  [NetworkFirewall.5](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-5)  | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.6  |  [NetworkFirewall.6](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-6)  | 
| AWS Foundational Security Best Practices  |  NetworkFirewall.9  | [NetworkFirewall.9](https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-9) | 
| AWS Foundational Security Best Practices  |  Opensearch.1  |  [Opensearch.1](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-1)  | 
| AWS Foundational Security Best Practices  |  Opensearch.2  |  [Opensearch.2](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-2)  | 
| AWS Foundational Security Best Practices  |  Opensearch.3  |  [Opensearch.3](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-3)  | 
| AWS Foundational Security Best Practices  |  Opensearch.4  |  [Opensearch.4](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-4)  | 
| AWS Foundational Security Best Practices  |  Opensearch.5  |  [Opensearch.5](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-5)  | 
| AWS Foundational Security Best Practices  |  Opensearch.6  |  [Opensearch.6](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-6)  | 
| AWS Foundational Security Best Practices  |  Opensearch.7  |  [Opensearch.7](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-7)  | 
| AWS Foundational Security Best Practices  |  Opensearch.8  |  [Opensearch.8](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-8)  | 
| AWS Foundational Security Best Practices  |  Opensearch.10  | [Opensearch.10](https://docs.aws.amazon.com/securityhub/latest/userguide/opensearch-controls.html#opensearch-10) | 
| AWS Foundational Security Best Practices |  PCA.1  | [PCA.1](https://docs.aws.amazon.com/securityhub/latest/userguide/pca-controls.html#pca-1) | 
| AWS Foundational Security Best Practices  |  RDS.1  |  [RDS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-1)  | 
| AWS Foundational Security Best Practices  |  RDS.2  |  [RDS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-2)  | 
| AWS Foundational Security Best Practices  |  RDS.3  |  [RDS.3](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-3)  | 
| AWS Foundational Security Best Practices  |  RDS.4  |  [RDS.4](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-4)  | 
| AWS Foundational Security Best Practices  |  RDS.5  |  [RDS.5](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-5)  | 
| AWS Foundational Security Best Practices  |  RDS.6  |  [RDS.6](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-6)  | 
| AWS Foundational Security Best Practices  |  RDS.7  |  [RDS.7](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-7)  | 
| AWS Foundational Security Best Practices  |  RDS.8  |  [RDS.8](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-8)  | 
| AWS Foundational Security Best Practices  |  RDS.9  |  [RDS.9](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-9)  | 
| AWS Foundational Security Best Practices  |  RDS.10  |  [RDS.10](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-10)  | 
| AWS Foundational Security Best Practices  |  RDS.11  |  [RDS.11](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-11)  | 
| AWS Foundational Security Best Practices  |  RDS.12  |  [RDS.12](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-12)  | 
| AWS Foundational Security Best Practices  |  RDS.13  |  [RDS.13](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-13)  | 
| AWS Foundational Security Best Practices  |  RDS.14  |  [RDS.14](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-14)  | 
| AWS Foundational Security Best Practices  |  RDS.15  |  [RDS.15](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-15)  | 
| AWS Foundational Security Best Practices  |  RDS.16  |  [RDS.16](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-16)  | 
| AWS Foundational Security Best Practices  |  RDS.17  |  [RDS.17](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-17)  | 
| AWS Foundational Security Best Practices  |  RDS.18  |  [RDS.18](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-18)  | 
| AWS Foundational Security Best Practices  |  RDS.19  |  [RDS.19](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-19)  | 
| AWS Foundational Security Best Practices  |  RDS.20  |  [RDS.20](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-20)  | 
| AWS Foundational Security Best Practices  |  RDS.21  |  [RDS.21](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-21)  | 
| AWS Foundational Security Best Practices  |  RDS.22  |  [RDS.22](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-22)  | 
| AWS Foundational Security Best Practices  |  RDS.23  |  [RDS.23](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-23)  | 
| AWS Foundational Security Best Practices  |  RDS.24  |  [RDS.24](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-24)  | 
| AWS Foundational Security Best Practices  |  RDS.25  |  [RDS.25](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-25)  | 
| AWS Foundational Security Best Practices  |  RDS.26  | [RDS.26](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-27) | 
| AWS Foundational Security Best Practices  |  RDS.27  | [RDS.27](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-26) | 
| AWS Foundational Security Best Practices  |  RDS.34  | [RDS.34](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-34) | 
| AWS Foundational Security Best Practices  |  RDS.35  | [RDS.35](https://docs.aws.amazon.com/securityhub/latest/userguide/rds-controls.html#rds-35) | 
| AWS Foundational Security Best Practices  |  Redshift.1  |  [Redshift.1](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-1)  | 
| AWS Foundational Security Best Practices  |  Redshift.2  |  [Redshift.2](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-2)  | 
| AWS Foundational Security Best Practices  |  Redshift.3  |  [Redshift.3](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-3)  | 
| AWS Foundational Security Best Practices  |  Redshift.4  |  [Redshift.4](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-4)  | 
| AWS Foundational Security Best Practices  |  Redshift.6  |  [Redshift.6](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-6)  | 
| AWS Foundational Security Best Practices  |  Redshift.7  |  [Redshift.7](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-7)  | 
| AWS Foundational Security Best Practices  |  Redshift.8  |  [Redshift.8](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-8)  | 
| AWS Foundational Security Best Practices  |  Redshift.9  |  [Redshift.9](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-9)  | 
| AWS Foundational Security Best Practices  |  Redshift.10  |  [Redshift.10](https://docs.aws.amazon.com/securityhub/latest/userguide/redshift-controls.html#redshift-10)  | 
| AWS Foundational Security Best Practices  |  Route53.2  | [Route53.2](https://docs.aws.amazon.com/securityhub/latest/userguide/route53-controls.html#route53-2) | 
| AWS Foundational Security Best Practices  |  S3.1  |  [S3.1](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-1)  | 
| AWS Foundational Security Best Practices  |  S3.2  |  [S3.2](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2)  | 
| AWS Foundational Security Best Practices  |  S3.3  |  [S3.3](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3)  | 
| AWS Foundational Security Best Practices  |  S3.4  |  [S3.4](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-4)  | 
| AWS Foundational Security Best Practices  |  S3.5  |  [S3.5](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-5)  | 
| AWS Foundational Security Best Practices  |  S3.6  |  [S3.6](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-6)  | 
| AWS Foundational Security Best Practices  |  S3.7  | [S3.7](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-7) | 
| AWS Foundational Security Best Practices  |  S3.8  |  [S3.8](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-8)  | 
| AWS Foundational Security Best Practices  |  S3.9  |  [S3.9](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-9)  | 
| AWS Foundational Security Best Practices  |  S3.11  |  [S3.11](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-11)  | 
| AWS Foundational Security Best Practices  |  S3.12  |  [S3.12](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-12)  | 
| AWS Foundational Security Best Practices  |  S3.13  |  [S3.13](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-13)  | 
| AWS Foundational Security Best Practices  |  S3.14  | [S3.14](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-14) | 
| AWS Foundational Security Best Practices  |  S3.15  | [S3.15](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-15) | 
| AWS Foundational Security Best Practices  |  S3.17  | [S3.17](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-17) | 
| AWS Foundational Security Best Practices  |  S3.19  | [S3.19](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-19) | 
| AWS Foundational Security Best Practices  |  S3.19  | [S3.20](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-20) | 
| AWS Foundational Security Best Practices  |  SageMaker.1  |  [SageMaker.1](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-1)  | 
| AWS Foundational Security Best Practices  |  SageMaker.2  |  [SageMaker.2](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-2)  | 
| AWS Foundational Security Best Practices  |  SageMaker.3  |  [SageMaker.3](https://docs.aws.amazon.com/securityhub/latest/userguide/sagemaker-controls.html#sagemaker-3)  | 
| AWS Foundational Security Best Practices  |  SecretsManager.1  |  [SecretsManager.1](https://docs.aws.amazon.com/securityhub/latest/userguide/secretsmanager-controls.html#secretsmanager-1)  | 
| AWS Foundational Security Best Practices  |  SecretsManager.2  |  [SecretsManager.2](https://docs.aws.amazon.com/securityhub/latest/userguide/secretsmanager-controls.html#secretsmanager-2)  | 
| AWS Foundational Security Best Practices  |  SecretsManager.3  |  [SecretsManager.3](https://docs.aws.amazon.com/securityhub/latest/userguide/secretsmanager-controls.html#secretsmanager-3)  | 
| AWS Foundational Security Best Practices  |  SecretsManager.4  |  [SecretsManager.4](https://docs.aws.amazon.com/securityhub/latest/userguide/secretsmanager-controls.html#secretsmanager-4)  | 
| AWS Foundational Security Best Practices  |  SNS.1  |  [SNS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/sns-controls.html#sns-1)  | 
| AWS Foundational Security Best Practices  |  SNS.2  |  [SNS.2](https://docs.aws.amazon.com/securityhub/latest/userguide/sns-controls.html#sns-2)  | 
| AWS Foundational Security Best Practices  |  SQS.1  |  [SQS.1](https://docs.aws.amazon.com/securityhub/latest/userguide/sqs-controls.html#sqs-1)  | 
| AWS Foundational Security Best Practices  |  SSM.1  |  [SSM.1](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-1)  | 
| AWS Foundational Security Best Practices  |  SSM.2  |  [SSM.2](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-2)  | 
| AWS Foundational Security Best Practices  |  SSM.3  |  [SSM.3](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-3)  | 
| AWS Foundational Security Best Practices  |  SSM.4  |  [SSM.4](https://docs.aws.amazon.com/securityhub/latest/userguide/ssm-controls.html#ssm-4)  | 
| AWS Foundational Security Best Practices  |  StepFunctions.1  |  [StepFunctions.1](https://docs.aws.amazon.com/securityhub/latest/userguide/stepfunctions-controls.html#stepfunctions-1)  | 
| AWS Foundational Security Best Practices  |  WAF.1  |  [WAF.1](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-1)  | 
| AWS Foundational Security Best Practices  |  WAF.2  |  [WAF.2](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-2)  | 
| AWS Foundational Security Best Practices  |  WAF.3  |  [WAF.3](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-3)  | 
| AWS Foundational Security Best Practices  |  WAF.4  |  [WAF.4](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-4)  | 
| AWS Foundational Security Best Practices  |  WAF.6  |  [WAF.6](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-6)  | 
| AWS Foundational Security Best Practices  |  WAF.7  |  [WAF.7](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-7)  | 
| AWS Foundational Security Best Practices  |  WAF.8  |  [WAF.8](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-8)  | 
| AWS Foundational Security Best Practices  |  WAF.10  |  [WAF.10](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-10)  | 
| AWS Foundational Security Best Practices  |  WAF.11  | [WAF.11](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-11) | 
| AWS Foundational Security Best Practices  |  WAF.12  | [WAF.12](https://docs.aws.amazon.com/securityhub/latest/userguide/waf-controls.html#waf-12) | 

## Additional resources
<a name="using-security-hub-controls-additional-resources"></a>
+ To find help with evidence collection issues for this data source type, see [My assessment isn’t collecting compliance check evidence from AWS Security Hub CSPM](evidence-collection-issues.md#no-evidence-from-security-hub).
+ To create a custom control using this data source type, see [Creating a custom control in AWS Audit Manager](create-controls.md).
+ To create a custom framework that uses your custom control, see [Creating a custom framework in AWS Audit Manager](custom-frameworks.md). 
+ To add your custom control to an existing custom framework, see [Editing a custom framework in AWS Audit Manager](edit-custom-frameworks.md).

# AWS API calls supported by AWS Audit Manager
<a name="control-data-sources-api"></a>



You can use Audit Manager to capture snapshots of your AWS environment as evidence for audits. When you create or edit a custom control, you can specify one or more AWS API calls as a data source mapping for evidence collection. Audit Manager then makes API calls to the relevant AWS services, and collects a snapshot of the configuration details for your AWS resources. 

For every resource that's in the scope of an API call, Audit Manager captures a configuration snapshot and converts it into evidence. This results in one piece of evidence per resource, as opposed to one piece of evidence per API call.

For example, if the `ec2_DescribeRouteTables` API call captures configuration snapshots from five route tables, then you'll get five pieces of evidence in total for the single API call. Each piece of evidence is a snapshot of the configuration of an individual route table.

**Topics**
+ [

## Key points
](#control-data-sources-api-key-points)
+ [

## Supported API calls for custom control data sources
](#apis-for-custom-control-data-sources)
+ [

## API calls used in the AWS License Manager standard framework
](#apis-in-license-manager-framework)
+ [

## Additional resources
](#using-api-calls-additional-resources)

## Key points
<a name="control-data-sources-api-key-points"></a>

### Paginated API calls
<a name="paginated-api-calls"></a>

Many AWS services collect and store a large amount of data. As a result, when a `list`, `describe`, or `get` API call attempts to return your data, there can be a lot of results. If the amount of data is too large to return in a single response, the results can be broken into more manageable pieces through the use of *pagination*. This divides the results into "pages" of data, making the responses easier to handle. 

Some of the [Supported API calls for custom control data sources](#apis-for-custom-control-data-sources) are paginated. This means that they return partial results at first, and require subsequent requests to return the entire result set. For example, the Amazon RDS [DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html) operation returns up to 100 instances at a time, and subsequent requests are needed to return the next page of results.

As of March 08, 2023, Audit Manager supports paginated API calls as a data source for evidence collection. Previously, if a paginated API call was used as a data source, only a subset of your resources was returned in the API response (up to 100 results). Now, Audit Manager calls the paginated API operation multiple times, and gets each page of results until all resources are returned. For each resource, Audit Manager then captures a configuration snapshot and saves it as evidence. Because your complete set of resources is now captured in the API response, it’s likely that you’ll notice an increase in the amount of evidence that’s collected after March 08, 2023. 

Audit Manager handles API call pagination for you automatically. If you create a custom control that uses a paginated API call as a data source, you don’t need to specify any pagination parameters. 

## Supported API calls for custom control data sources
<a name="apis-for-custom-control-data-sources"></a>

In your custom controls, you can use any of the following API calls as a data source. Audit Manager can then use these API calls to collect evidence about your AWS usage.


| Supported API call | How Audit Manager uses this API to collect evidence | 
| --- | --- | 
| [acm\$1GetAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetAccountConfiguration.html) | Collect a snapshot of the account configuration options associated with your AWS account. | 
| [acm\$1ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) | Retrieve a list of certificate ARNs and domain names.  | 
| [autoscaling\$1DescribeAutoScalingGroups](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAutoScalingGroups.html) | Collect a snapshot about the Auto Scaling groups in your AWS account. | 
| [backup\$1ListBackupPlans](https://docs.aws.amazon.com/aws-backup/latest/devguide/API_ListBackupPlans.html) | Retrieve a list of all active backup plans in your AWS account.  | 
| [bedrock\$1GetModelInvocationLoggingConfiguration](https://docs.aws.amazon.com/bedrock/latest/APIReference/API_GetModelInvocationLoggingConfiguration.html) | Collect a snapshot of the current configuration values for model invocation logging for models in your AWS account. | 
| [cloudfront\$1ListDistributions](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributions.html) |  Retrieve a list of all distributions in your AWS account.  | 
|  [cloudtrail\$1DescribeTrails](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeTrails.html)  | Collect a snapshot of the settings for one or more trails associated with the current Region for your AWS account. | 
| [cloudtrail\$1ListTrails](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_ListTrails.html) | Retrieve a list of the trails that are in your AWS account.  | 
|  [cloudwatch\$1DescribeAlarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html)  | Collect a configuration snapshot of the alarms that are used for your AWS account. | 
| [config\$1DescribeConfigRules](https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeConfigRules.html) | Retrieve details about your AWS Config rules. | 
| [config\$1DescribeDeliveryChannels](https://docs.aws.amazon.com/config/latest/APIReference/API_DescribeDeliveryChannels.html) | Collect a configuration snapshot for the delivery channels in your in your AWS account. | 
| [directconnect\$1DescribeDirectConnectGateways](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeDirectConnectGateways.html) | Retrieve a list of all your Direct Connect gateways . | 
| [directconnect\$1DescribeVirtualGateways](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeVirtualGateways.html) | Retrieve a list of the virtual private gateways owned by your AWS account. | 
| [docdb\$1DescribeCertificates](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_DescribeCertificates.html) | Collect a list of certificates for your AWS account. | 
| [docdb\$1DescribeDBClusterParameterGroups](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_DescribeDBClusterParameterGroups.html) | Collect a list of DBCLusterParameterGroup descriptions for your AWS account. | 
| [docdb\$1DescribeDBInstances](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_DescribeDBInstances.html) | Collect information about provisioned Amazon DynamoDB instances for your AWS account. | 
|  [cloudwatch\$1DescribeAlarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DescribeAlarms.html)  | Collect information about the alarms in your AWS account. | 
|  [cloudtrail\$1DescribeTrails](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DescribeTrails.html)  | Collect a snapshot of the settings for one or more trails associated with your AWS account. | 
|  [dynamodb\$1DescribeTable](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html)  |  Collect configuration snapshots for the DynamoDB tables in your AWS account. When you use this API as a data source, you don't need to provide the name of a specific DynamoDB table. Instead, Audit Manager uses the `ListTables` operation to list all of your tables. For every table that's listed, Audit Manager then performs the `DescribeTable` operation to generate evidence for that resource.  | 
| [dynamodb\$1ListBackups](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListBackups.html) | Retrieve a list of the DynamoDB backups that are associated with your AWS account. | 
|  [dynamodb\$1ListTables](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ListTables.html)  | Retrieve a list of all of the table names that are associated with your AWS account and your current endpoint. | 
| [ec2\$1DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) | Collect a snapshot of your Elastic IP addresses. | 
| [ec2\$1DescribeCustomerGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCustomerGateways.html) | Collect a snapshot of your VPN customer gateways. | 
| [ec2\$1DescribeEgressOnlyInternetGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeEgressOnlyInternetGateways.html) | Collect a snapshot of your egress-only internet gateways. | 
|  [ec2\$1DescribeFlowLogs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeFlowLogs.html)  | Collect a snapshot of your flow logs. | 
|  [ec2\$1DescribeInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html)  | Collect a snapshot of your instances. | 
| [ec2\$1DescribeInternetGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html) | Collect a snapshot of your internet gateways. | 
| [ec2\$1DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations.html) | Collect a description of the associations between the virtual interface groups and the local gateway route tables in your AWS account. | 
| [ec2\$1DescribeLocalGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html) | Collect a snapshot of your local gateways. | 
| [ec2\$1DescribeLocalGatewayVirtualInterfaces](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayVirtualInterfaces.html) | Collect a snapshot of your local gateway virtual interfaces. | 
| [ec2\$1DescribeNatGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html) | Collect a snapshot of your NAT gateways. | 
|  [ec2\$1DescribeNetworkAcls](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html)  | Collect a snapshot of your network ACLs. | 
|  [ec2\$1DescribeRouteTables](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html)  | Collect a snapshot of your route tables. | 
|  [ec2\$1DescribeSecurityGroups](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html)  | Collect a snapshot of your security groups. | 
| [ec2\$1DescribeSecurityGroupRules](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroupRules.html) | Collect a snapshot of one or more of your security group rules. | 
| [ec2\$1DescribeTransitGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGateways.html) | Collect a snapshot of your transit gateways. | 
|  [ec2\$1DescribeVolumes](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html)  | Collect a snapshot of your VPC endpoints. | 
|  [ec2\$1DescribeVpcs](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html)  | Collect a snapshot of your VPCs. | 
|  [ec2\$1DescribeVpcEndpoints](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html)  | Collect a snapshot of your VPC endpoints. | 
| [ec2\$1DescribeVpcEndpointConnections](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointConnections.html) | Collect a snapshot of the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance. | 
| [ec2\$1DescribeVpcEndpointServiceConfigurations](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServiceConfigurations.html) | Collect a snapshot of the VPC endpoint service configurations in your AWS account. | 
| [ec2\$1DescribeVpcPeeringConnections](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html) | Collect a snapshot of your VPN connections. | 
| [ec2\$1DescribeVpnConnections](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html) | Collect a snapshot of your VPN connections. | 
| [ec2\$1DescribeVpnGateways](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html) | Collect a snapshot of your virtual private gateways. | 
| [ec2\$1GetEbsDefaultKmsKeyId](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetEbsDefaultKmsKeyId.html) | Collect a snapshot of the default AWS KMS key for EBS encryption for your AWS account in the current Region. | 
| [ec2\$1GetEbsEncryptionByDefault](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetEbsEncryptionByDefault.html) | Describe whether EBS encryption by default is enabled for your AWS account in the current Region. | 
| [ecs\$1DescribeClusters](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DescribeClusters.html) | Collect a snapshot of your ECS clusters. | 
| [eks\$1DescribeAddonVersions](https://docs.aws.amazon.com/eks/latest/APIReference/API_DescribeAddonVersions.html) | Collect a snapshot of your add-on versions. | 
| [elasticache\$1DescribeCacheClusters](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeCacheClusters.html) | Collect a snapshot of your provisioned clusters. | 
| [elasticache\$1DescribeServiceUpdates](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeServiceUpdates.html) | Collect a snapshot of service updates for Amazon ElastiCache. | 
| [elasticfilesystem\$1DescribeAccessPoints](https://docs.aws.amazon.com/efs/latest/ug/API_DescribeAccessPoints.html) | Collect a snapshot of the Amazon EFS access points in your AWS account. | 
|  [elasticfilesystem\$1DescribeFileSystems](https://docs.aws.amazon.com/efs/latest/ug/API_DescribeFileSystems.html)  | Collect a snapshot of your Amazon EFS file systems. | 
| [elasticloadbalancingv2\$1DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) |  Collect a snapshot of the load balancers in your AWS account.  | 
| [elasticloadbalancingv2\$1DescribeSSLPolicies](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeSSLPolicies.html) | Collect a snapshot of the policies that you use for SSL negotiation. | 
| [elasticloadbalancingv2\$1DescribeTargetGroups](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeTargetGroups.html) | Collect a snapshot of your ELB target groups. | 
| [elasticmapreduce\$1ListSecurityConfigurations](https://docs.aws.amazon.com/emr/latest/APIReference/API_ListSecurityConfigurations.html) | Retrieve a list of the security configurations that are visible to your AWS account, along with their creation dates and times, and their names. | 
| [events\$1ListConnections](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_ListConnections.html) | Retrieve a list of the Amazon EventBridge connections in your AWS account. | 
| [events\$1ListEventBuses](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_ListEventBuses.html) | Retrieve a list of the Amazon EventBridge event buses in your AWS account, including the default event bus, custom event buses, and partner event buses. | 
| [events\$1ListEventSources](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_ListEventSources.html) | Retrieve a list of the partner event sources that have been shared with your AWS account.  | 
| [events\$1ListRules](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_ListRules.html) | Retrieve a list of your Amazon EventBridge rules.  | 
| [firehose\$1ListDeliveryStreams](https://docs.aws.amazon.com/firehose/latest/APIReference/API_ListDeliveryStreams.html) | Retrieve a list of your delivery streams. | 
| [fsx\$1DescribeFileSystems](https://docs.aws.amazon.com/efs/latest/ug/API_DescribeFileSystems.html) | Collect a snapshot of the file systems that are owned by your AWS account. | 
| [guardduty\$1ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) |  Retrieve a list of the `detectorIds` for your Amazon GuardDuty detector resources.  | 
|  [iam\$1GenerateCredentialReport](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GenerateCredentialReport.html)  | Generate a credential report for your AWS account. | 
|  [iam\$1GetAccountPasswordPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html)  | Collect a snapshot of the password policy for your AWS account. | 
|  [iam\$1GetAccountSummary](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountSummary.html)  | Collect a snapshot of the IAM entity usage and IAM quotas in your AWS account. | 
|  [iam\$1ListGroups](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroups.html)  | Retrieve a list of the IAM groups that are associated with a path prefix that's available in your AWS account. | 
| [iam\$1ListOpenIDConnectProviders](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListOpenIDConnectProviders.html) | Retrieve a list of the IAM OpenID Connect (OIDC) provider resource objects that are defined in your AWS account. | 
|  [iam\$1ListPolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListPolicies.html)  | Retrieve a list of all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies. | 
|  [iam\$1ListRoles](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListRoles.html)  | Retrieve a list of the IAM roles that are associated with a path prefix that's available in your AWS account. | 
| [iam\$1ListSAMLProviders](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListSAMLProviders.html) | Retrieve a list of the SAML provider resource objects defined in IAM in your AWS account.  | 
|  [iam\$1ListUsers](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html)  | Retrieve a list of the IAM users in your AWS account. | 
| [iam\$1ListVirtualMFADevices](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListVirtualMFADevices.html) | Retrieve a list of the virtual MFA devices that are defined in your AWS account. | 
| [kafka\$1ListClusters](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clustersget) | Retrieve a list of the Amazon MSK clusters in your AWS account. | 
| [kafka\$1ListKafkaVersions](https://docs.aws.amazon.com/msk/1.0/apireference/kafka-versions.html#kafka-versionsget) | Retrieve a list of the Apache Kafka version objects in your AWS account. | 
| [kinesis\$1ListStreams](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_ListStreams.html) | Retrieve a list of your Kinesis data streams. | 
|  [ kms\$1GetKeyPolicy](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyPolicy.html)  |  Audit Manager uses this API to collect a snapshot of the key policies for the AWS KMS keys in your AWS account. When you use this API as a data source, you don't need to provide the name of a specific AWS KMS key. Instead, Audit Manager uses the `ListKeys` operation to list all of your KMS keys. For every KMS key that's listed, Audit Manager then performs the `GetKeyPolicy` operation to generate evidence for that resource.  | 
|  [ kms\$1GetKeyRotationStatus](https://docs.aws.amazon.com/kms/latest/APIReference/API_GetKeyRotationStatus.html)  |  Audit Manager uses this API to collect a snapshot of whether automatic rotation is enabled for the AWS KMS keys in your AWS account. When you use this API as a data source, you don't need to provide the name of a specific AWS KMS key. Instead, Audit Manager uses the `ListKeys` operation to list all of your KMS keys. For every KMS key that's listed, Audit Manager then performs the `GetKeyRotationStatus` operation to generate evidence for that resource.  | 
| [kms\$1ListKeys](https://docs.aws.amazon.com/kms/latest/APIReference/API_ListKeys.html) | Retrieve a list of the AWS KMS keys in your AWS account. | 
| [lambda\$1ListFunctions](https://docs.aws.amazon.com/lambda/latest/dg/API_ListFunctions.html) | Retrieve a list of Lambda functions in your AWS account, with the version-specific configuration of each.  | 
| [rds\$1DescribeDBClusters](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBClusters.html) | Collect a snapshot of the existing Amazon Aurora DB clusters and Multi-AZ DB clusters in your AWS account. | 
|  [rds\$1DescribeDBInstances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html)  | Collect a snapshot of the provisioned RDS instances in your AWS account. | 
| [rds\$1DescribeDbInstanceAutomatedBackups](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstanceAutomatedBackups.html) | Collect a snapshot of the backups for both current and deleted instances in your AWS account. | 
| [rds\$1DescribeDbSecurityGroups](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBSecurityGroups.html) | Collect a snapshot of the DBSecurityGroups in your AWS account. | 
|  [redshift\$1DescribeClusters](https://docs.aws.amazon.com/redshift/latest/APIReference/API_DescribeClusters.html)  | Collect a snapshot of the provisioned Amazon Redshift clusters in your AWS account. | 
|  [s3\$1GetBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketEncryption.html)  |  Collect a snapshot that shows the default encryption configuration for your S3 buckets. When you use this API as a data source, you don't need to provide the name of a specific S3 bucket. Instead, Audit Manager uses the `ListBuckets` operation to list the buckets that were created in the same AWS Region as your assessment. For every bucket that's listed, Audit Manager then performs the `GetBucketEncryption` operation to generate evidence for that resource. Audit Manager can only provide the encryption status for buckets that were created in the same AWS Region as your assessment. If you need to see the encryption status of all your S3 buckets across multiple AWS Regions, we recommend that you create an assessment in each AWS Region where you have an S3 bucket.  | 
|  [s3\$1ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html)  | Retrieve a list of the S3 buckets in your AWS account. Audit Manager can only list buckets that were created in the same AWS Region as your assessment. If you need to see all your S3 buckets across multiple AWS Regions, we recommend that you create an assessment in each AWS Region where you have an S3 bucket. | 
| [sagemaker\$1ListAlgorithms](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListAlgorithms.html) | Retrieve a list of the machine learning algorithms in your AWS account. | 
| [sagemaker\$1ListDomains](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListDomains.html) | Retrieve a list of the domains in your AWS account. | 
| [sagemaker\$1ListEndpoints](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpoints.html) | Retrieve a list of the endpoints in your AWS account. | 
| [sagemaker\$1ListEndpointConfigs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListEndpointConfigs.html) | Retrieve a list of the endpoint configurations in your AWS account. | 
| [sagemaker\$1ListFlowDefinitions](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListFlowDefinitions.html) | Retrieve a list of the flow definitions in your AWS account. | 
| [sagemaker\$1ListHumanTaskUis](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListHumanTaskUis.html) | Retrieve a list of the human task interfaces in your AWS account. | 
| [sagemaker\$1ListLabelingJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListLabelingJobs.html) | Retrieve a list of the labeling jobs in your AWS account. | 
| [sagemaker\$1ListModels](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModels.html) | Retrieve a list of the models in your AWS account. | 
| [sagemaker\$1ListModelBiasJobDefinitions](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelBiasJobDefinitions.html) | Retrieve a list of the model bias job definitions in your AWS account. | 
| [sagemaker\$1ListModelCards](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelCards.html) | Retrieve a list of the model cards in your AWS account. | 
| [sagemaker\$1ListModelQualityJobDefinitions](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListModelQualityJobDefinitions.html) | Retrieve a list of the model quality monitoring job definitions in your AWS account. | 
| [sagemaker\$1ListMonitoringAlerts](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListMonitoringAlerts.html) | Retrieve a list of the alerts for a given monitoring schedule. | 
| [sagemaker\$1ListMonitoringSchedules](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListMonitoringSchedules.html) | Retrieve a list of all monitoring schedules in your AWS account. | 
| [sagemaker\$1ListTrainingJobs](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListTrainingJobs.html) | Retrieve a list of training jobs in your AWS account. | 
| [sagemaker\$1ListUserProfiles](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_ListUserProfiles.html) | Retrieve a list of user profiles in your AWS account. | 
| [secretsmanager\$1ListSecrets](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_ListSecrets.html) | Retrieve a list of the secrets that are stored in your AWS account, not including secrets that are marked for deletion.  | 
| [sns\$1ListTopics](https://docs.aws.amazon.com/sns/latest/api/API_ListTopics.html) | Retrieve a list of the SNS topics in your AWS account. | 
| [sqs\$1ListQueues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ListQueues.html) | Retrieve a list of the SQS queues in your AWS account. | 
| [waf-regional\$1ListWebAcls](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListWebACLs.html) | Retrieve a list of the [WebACLSummary](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_WebACLSummary.html) objects for your AWS account. | 
| [waf-regional\$1ListRules](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_ListRules.html) | Retrieve a list of the [RuleSummary](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_RuleSummary.html) objects for your AWS account. | 
| [waf\$1ListRuleGroups](https://docs.aws.amazon.com/waf/latest/APIReference/API_ListWebACLs.html) | Retrieve a list of the [RuleGroupSummary](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroupSummary.html) objects for the rule groups in your AWS account. | 
| [waf\$1ListRules](https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListRules.html) | Retrieve a list of the [RuleSummary](https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_RuleSummary.html) objects for your AWS account. | 
| [waf\$1ListWebAcls](https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_ListWebACLs.html) | Retrieve a list of the [WebACLSummary](https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_WebACLSummary.html) objects for your AWS account. | 

## API calls used in the AWS License Manager standard framework
<a name="apis-in-license-manager-framework"></a>

In the [AWS License Manager](https://docs.aws.amazon.com/audit-manager/latest/userguide/Licensemanager.html) standard framework, Audit Manager uses a custom activity called `GetLicenseManagerSummary` to collect evidence. This activity calls the following three License Manager APIs: 
+ [ListLicenseConfigurations](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListLicenseConfigurations.html)
+ [ListAssociationsForLicenseConfiguration](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListAssociationsForLicenseConfiguration.html)
+ [ListUsageForLicenseConfiguration](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListUsageForLicenseConfiguration.html) 

The data that’s returned is then converted into evidence and attached to the relevant controls in your assessment.

**Example**  
Let's say that you use two licensed products (*SQL Service 2017* and *Oracle Database Enterprise Edition*). First, the `GetLicenseManagerSummary` activity calls the [ListLicenseConfigurations](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListLicenseConfigurations.html) API, which provides details of license configurations in your account. Next, it adds additional contextual data for each license configuration by calling [ListUsageForLicenseConfiguration](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListUsageForLicenseConfiguration.html) and [ListAssociationsForLicenseConfiguration](https://docs.aws.amazon.com/license-manager/latest/APIReference/API_ListAssociationsForLicenseConfiguration.html). Finally, it converts the license configuration data into evidence and attaches it to the respective controls in the framework (*4.5 - Customer managed license for SQL Server 2017* and *3.0.4 - Customer managed license for Oracle Database Enterprise Edition*). 

If you’re using a licensed product that isn’t covered by any of the controls in the framework, that license configuration data is attached as evidence to the following control: *5.0 - Customer managed license for other licenses*.

## Additional resources
<a name="using-api-calls-additional-resources"></a>
+ To find help with evidence collection issues for this data source type, see [My assessment isn’t collecting configuration data evidence for an AWS API call](evidence-collection-issues.md#no-evidence-from-aws-api-calls).
+ To create a custom control using this data source type, see [Creating a custom control in AWS Audit Manager](create-controls.md).
+ To create a custom framework that uses your custom control, see [Creating a custom framework in AWS Audit Manager](custom-frameworks.md). 
+ To add your custom control to an existing custom framework, see [Editing a custom framework in AWS Audit Manager](edit-custom-frameworks.md).

# AWS CloudTrail event names supported by AWS Audit Manager
<a name="control-data-sources-cloudtrail"></a>



You can use Audit Manager to capture AWS CloudTrail [management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-management-events) and [global service events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events) as evidence for audits. When you create or edit a custom control, you can specify one or more CloudTrail event names as a data source mapping for evidence collection. Audit Manager then filters your CloudTrail logs based on your chosen keywords, and imports the results as user activity evidence.

**Note**  
Audit Manager captures management events and global service events only. Data events and insights events are not available as evidence. For more information about the different types of CloudTrail events, see [CloudTrail concepts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-data-events) in the *AWS CloudTrail User Guide*. 

As an exception to the above, the following CloudTrail events aren't supported by Audit Manager:
+ kms\$1GenerateDataKey
+ kms\$1Decrypt
+ sts\$1AssumeRole
+ kinesisvideo\$1GetDataEndpoint
+ kinesisvideo\$1GetSignalingChannelEndpoint 
+ kinesisvideo\$1DescribeSignalingChannel 
+ kinesisvideo\$1DescribeStream

As of May 11, 2023, Audit Manager no longer supports read-only CloudTrail events as keywords for evidence collection. We removed a total of 3,135 read-only keywords. Because customers and AWS services both make read calls to APIs, read-only events are noisy. As a result, read-only keywords collect a lot of evidence that isn't reliable or relevant for audits. Read-only keywords include `List`, `Describe`, and `Get` API calls (for example, [GetObject](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html) and [ListBuckets](https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html) for Amazon S3). If you were using one of these keywords for evidence collection, you don't need to do anything. The keywords were automatically removed from the Audit Manager console and from your assessments, and evidence is no longer collected for these keywords.

## Additional resources
<a name="using-cloudtrail-events-additional-resources"></a>
+ To find help with evidence collection issues for this data source type, see [My assessment isn’t collecting user activity evidence from AWS CloudTrail](evidence-collection-issues.md#no-evidence-from-cloudtrail).
+ To create a custom control using this data source type, see [Creating a custom control in AWS Audit Manager](create-controls.md).
+ To create a custom framework that uses your custom control, see [Creating a custom framework in AWS Audit Manager](custom-frameworks.md). 
+ To add your custom control to an existing custom framework, see [Editing a custom framework in AWS Audit Manager](edit-custom-frameworks.md).