When you need assistance from a subject matter expert, you can choose the AWS account that you want to help you, and then delegate a control set to them for review.
Delegate permissions
The below policy is attached to a delegate to whom the control set is delegated to.
Audit Manager replaces the placeholder text with your account and
resource identifiers before attaching the policy.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Delegate", "Effect": "Allow", "Principal": { "AWS": "Principal for user/role who is delegated a Control Set of the Assessment" }, "Action": [ "auditmanager:UpdateAssessmentControl", "auditmanager:UpdateAssessmentControlSetStatus", "auditmanager:GetEvidenceFoldersByAssessmentControl", "auditmanager:BatchImportEvidenceToAssessmentControl", "auditmanager:GetEvidenceFolder", "auditmanager:GetEvidence", "auditmanager:GetEvidenceByEvidenceFolder" ], "Resource": "arn:aws:auditmanager:region:account_ID:assessment/assessment_ID/controlSet/control_set_ID" } ] }
Prerequisites
Make sure your IAM identity has appropriate permissions to create a delegation in AWS Audit Manager. Two suggested policies that grant these permissions are Allow users full administrator access to AWS Audit Manager and Allow users management access to AWS Audit Manager.
Procedure
You can use either of the following procedures to delegate a control set.
To delegate a control set from the assessment page
Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home
. -
In the navigation pane, choose Assessments.
Select the name of the assessment that contains the control set that you want to delegate.
From the assessment page, choose the Controls tab. This displays the control status summary and the list of controls in the assessment.
Select a control set and choose Delegate control set.
-
Under Delegate selection, a list of users and roles is displayed. Choose a user or role, or use the search bar to look for one.
-
Under Delegation details, review the control set name and the assessment name.
(Optional) Under Comments, add a comment with instructions to help the delegate fulfill their review task. Don't include any sensitive information in your comment.
-
Choose Delegate control set.
A green success banner confirms the successful delegation of the control set. Choose View delegation to see the delegation request. You can also view your delegations at any time by choosing Delegations in the left navigation pane of the AWS Audit Manager console.
To delegate a control set from the delegations page
Open the AWS Audit Manager console at https://console.aws.amazon.com/auditmanager/home
. -
In the navigation pane, choose Delegations.
From the delegations page, choose Create delegation.
Under Choose assessment and control set, specify the assessment and the control set that you want to delegate.
-
Under Delegate selection, you will see a list of users and roles. Choose a user or role, or use the search bar to look for one.
(Optional) Under Comments, add a comment with instructions to help the delegate fulfill their review task. Don't include any sensitive information in your comment.
-
Choose Create delegation.
A green success banner confirms the successful delegation of the control set. Choose View delegation to see the delegation request. You can also view your delegations at any time by choosing Delegations in the left navigation pane of the AWS Audit Manager console.
After you delegate a control set for review, the delegate receives a notification and can then begin to review the control set. This process that delegates follow is described in Understanding the different delegation tasks for delegates.
Next steps
To revisit your delegation at a later date, see Finding and reviewing the delegations that you've sent in AWS Audit Manager.
