CreateAssessment - AWS Audit Manager

CreateAssessment

Creates an assessment in AWS Audit Manager.

Request Syntax

POST /assessments HTTP/1.1 Content-type: application/json { "assessmentReportsDestination": { "destination": "string", "destinationType": "string" }, "description": "string", "frameworkId": "string", "name": "string", "roles": [ { "roleArn": "string", "roleType": "string" } ], "scope": { "awsAccounts": [ { "emailAddress": "string", "id": "string", "name": "string" } ], "awsServices": [ { "serviceName": "string" } ] }, "tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

assessmentReportsDestination

The assessment report storage destination for the assessment that's being created.

Type: AssessmentReportsDestination object

Required: Yes

description

The optional description of the assessment to be created.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No

frameworkId

The identifier for the framework that the assessment will be created from.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

name

The name of the assessment to be created.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[^\\]*$

Required: Yes

roles

The list of roles for the assessment.

Type: Array of Role objects

Required: Yes

scope

The wrapper that contains the AWS accounts that are in scope for the assessment.

Note

You no longer need to specify which AWS services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant AWS services.

If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct AWS services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.

Type: Scope object

Required: Yes

tags

The tags that are associated with the assessment.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Value Pattern: .{0,255}

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "assessment": { "arn": "string", "awsAccount": { "emailAddress": "string", "id": "string", "name": "string" }, "framework": { "arn": "string", "controlSets": [ { "controls": [ { "assessmentReportEvidenceCount": number, "comments": [ { "authorName": "string", "commentBody": "string", "postedDate": number } ], "description": "string", "evidenceCount": number, "evidenceSources": [ "string" ], "id": "string", "name": "string", "response": "string", "status": "string" } ], "delegations": [ { "assessmentId": "string", "assessmentName": "string", "comment": "string", "controlSetId": "string", "createdBy": "string", "creationTime": number, "id": "string", "lastUpdated": number, "roleArn": "string", "roleType": "string", "status": "string" } ], "description": "string", "id": "string", "manualEvidenceCount": number, "roles": [ { "roleArn": "string", "roleType": "string" } ], "status": "string", "systemEvidenceCount": number } ], "id": "string", "metadata": { "complianceType": "string", "description": "string", "logo": "string", "name": "string" } }, "metadata": { "assessmentReportsDestination": { "destination": "string", "destinationType": "string" }, "complianceType": "string", "creationTime": number, "delegations": [ { "assessmentId": "string", "assessmentName": "string", "comment": "string", "controlSetId": "string", "createdBy": "string", "creationTime": number, "id": "string", "lastUpdated": number, "roleArn": "string", "roleType": "string", "status": "string" } ], "description": "string", "id": "string", "lastUpdated": number, "name": "string", "roles": [ { "roleArn": "string", "roleType": "string" } ], "scope": { "awsAccounts": [ { "emailAddress": "string", "id": "string", "name": "string" } ], "awsServices": [ { "serviceName": "string" } ] }, "status": "string" }, "tags": { "string" : "string" } } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

assessment

An entity that defines the scope of audit evidence collected by AWS Audit Manager. An Audit Manager assessment is an implementation of an Audit Manager framework.

Type: Assessment object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the Audit Manager settings page, and try again.

HTTP Status Code: 403

InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500

ResourceNotFoundException

The resource that's specified in the request can't be found.

HTTP Status Code: 404

ServiceQuotaExceededException

You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increase from the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for AWS Audit Manager.

HTTP Status Code: 402

ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 429

ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: