AWS Audit Manager is no longer open to new customers. Existing customers can continue to use the service as normal. For more information, see AWS Audit Manager availability change.
Prerequisites for setting up AWS Audit Manager
Before you can use AWS Audit Manager, you must make sure that you have properly set up your AWS account and user permissions.
This page outlines the necessary steps to create an AWS account (if needed), configure an administrative user, and grant the permissions required to access and enable Audit Manager.
Important
If you’re already set up with AWS and IAM, you can skip tasks 1 and 2. However, you must complete task 3 to ensure that you have the required permissions to set up Audit Manager.
Sign up for an AWS account
To get started with AWS, you need an AWS account. For information about creating an AWS account, see Getting started with an AWS account in the AWS Account Management Reference Guide.
Add the required permissions to access and enable Audit Manager
You must give users the required permissions to enable Audit Manager. For users who need full access to Audit Manager, use the AWSAuditManagerAdministratorAccess managed policy. This is an AWS managed policy that’s available in your AWS account, and it’s the recommended policy for Audit Manager administrators.
Tip
As a security best practice, we recommend that you get started with AWS managed policies and then move toward least-privilege permissions. AWS managed policies grant permissions for many common use cases. However, keep in mind that because AWS managed policies are available for use by all AWS customers, they might not grant least-privilege permissions for your specific use cases. As a result, we recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases. For more information, see AWS managed policies in the AWS Identity and Access Management User Guide.
To provide access, add permissions to your users, groups, or roles:
-
Users and groups in AWS IAM Identity Center:
Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center User Guide.
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Create a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Create a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-
Next steps
Now that you've set up your AWS account and granted the required permissions, you're ready to enable Audit Manager. For step-by-step instructions, see Enabling AWS Audit Manager.
