Sono disponibili altri esempi AWS SDK nel repository [AWS Doc SDK](https://github.com/awsdocs/aws-doc-sdk-examples) Examples. GitHub Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà. # Esempi di codice per l'utilizzo di Audit Manager AWS SDKs I seguenti esempi di codice mostrano come utilizzarlo AWS Audit Manager con un kit di sviluppo AWS software (SDK). *Scenari*: esempi di codice che mostrano come eseguire un’attività specifica chiamando più funzioni all’interno dello stesso servizio o combinate con altri Servizi AWS. **Altre risorse** + **[Guida per l’utente di Gestione audit](https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html)**: ulteriori informazioni su Gestione audit. + **[Documentazione di riferimento dell’API Gestione audit](https://docs.aws.amazon.com/audit-manager/latest/APIReference/Welcome.html)**: dettagli su tutte le azioni disponibili in Gestione audit. + **[AWS Developer Center](https://aws.amazon.com/developer/code-examples/?awsf.sdk-code-examples-product=product%23audit-mgr)**: esempi di codice che puoi filtrare per categoria o per ricerca completa. + **[AWS Esempi SDK](https://github.com/awsdocs/aws-doc-sdk-examples)**: GitHub repository con codice completo nelle lingue preferite. Include le istruzioni su come configurare ed eseguire il codice. **Contents** + [Scenari](auditmanager_code_examples_scenarios.md) + [Crea un framework personalizzato da un pacchetto di conformità AWS Config](auditmanager_example_auditmanager_Scenario_CustomFrameworkFromConformancePack_section.md) + [Creare un framework personalizzato che contenga i controlli CSPM di Security Hub](auditmanager_example_auditmanager_Scenario_CustomFrameworkFromSecurityHub_section.md) + [Creare un report di valutazione](auditmanager_example_auditmanager_Scenario_CreateAssessmentReport_section.md) # Scenari per l'utilizzo di Audit Manager AWS SDKs I seguenti esempi di codice mostrano come implementare scenari comuni in Audit Manager con AWS SDKs. Questi scenari illustrano come eseguire attività specifiche chiamando più funzioni all’interno di Gestione audit o in combinazione con altri Servizi AWS. Ogni scenario include un collegamento al codice sorgente completo, dove è possibile trovare le istruzioni su come configurare ed eseguire il codice. Gli scenari sono relativi a un livello intermedio di esperienza per aiutarti a comprendere le azioni di servizio nel contesto. **Topics** + [Crea un framework personalizzato da un pacchetto di conformità AWS Config](auditmanager_example_auditmanager_Scenario_CustomFrameworkFromConformancePack_section.md) + [Creare un framework personalizzato che contenga i controlli CSPM di Security Hub](auditmanager_example_auditmanager_Scenario_CustomFrameworkFromSecurityHub_section.md) + [Creare un report di valutazione](auditmanager_example_auditmanager_Scenario_CreateAssessmentReport_section.md) # Crea un framework personalizzato Audit Manager da un pacchetto di AWS Config conformità utilizzando un SDK AWS L’esempio di codice seguente mostra come: + Ottieni un elenco di pacchetti di AWS Config conformità. + Creare un controllo personalizzato di Gestione audit per ogni regola gestita in un pacchetto di conformità. + Creare un framework personalizzato di Gestione audit Manager contenente i controlli. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/auditmanager#code-examples). ``` import logging import boto3 from botocore.exceptions import ClientError logger = logging.getLogger(__name__) class ConformancePack: def __init__(self, config_client, auditmanager_client): self.config_client = config_client self.auditmanager_client = auditmanager_client def get_conformance_pack(self): """ Return a selected conformance pack from the list of conformance packs. :return: selected conformance pack """ try: conformance_packs = self.config_client.describe_conformance_packs() print( "Number of conformance packs fetched: ", len(conformance_packs.get("ConformancePackDetails")), ) print("Fetched the following conformance packs: ") all_cpack_names = { cp["ConformancePackName"] for cp in conformance_packs.get("ConformancePackDetails") } for pack in all_cpack_names: print(f"\t{pack}") cpack_name = input( "Provide ConformancePackName that you want to create a custom " "framework for: " ) if cpack_name not in all_cpack_names: print(f"{cpack_name} is not in the list of conformance packs!") print( "Provide a conformance pack name from the available list of " "conformance packs." ) raise Exception("Invalid conformance pack") print("-" * 88) except ClientError: logger.exception("Couldn't select conformance pack.") raise else: return cpack_name def create_custom_controls(self, cpack_name): """ Create custom controls for all managed AWS Config rules in a conformance pack. :param cpack_name: The name of the conformance pack to create controls for. :return: The list of custom control IDs. """ try: rules_in_pack = self.config_client.describe_conformance_pack_compliance( ConformancePackName=cpack_name ) print( "Number of rules in the conformance pack: ", len(rules_in_pack.get("ConformancePackRuleComplianceList")), ) for rule in rules_in_pack.get("ConformancePackRuleComplianceList"): print(f"\t{rule.get('ConfigRuleName')}") print("-" * 88) print( "Creating a custom control for each rule and a custom framework " "consisting of these rules in Audit Manager." ) am_controls = [] for rule in rules_in_pack.get("ConformancePackRuleComplianceList"): config_rule = self.config_client.describe_config_rules( ConfigRuleNames=[rule.get("ConfigRuleName")] ) source_id = ( config_rule.get("ConfigRules")[0] .get("Source", {}) .get("SourceIdentifier") ) custom_control = self.auditmanager_client.create_control( name="Config-" + rule.get("ConfigRuleName"), controlMappingSources=[ { "sourceName": "ConfigRule", "sourceSetUpOption": "System_Controls_Mapping", "sourceType": "AWS_Config", "sourceKeyword": { "keywordInputType": "SELECT_FROM_LIST", "keywordValue": source_id, }, } ], ).get("control", {}) am_controls.append({"id": custom_control.get("id")}) print("Successfully created a control for each config rule.") print("-" * 88) except ClientError: logger.exception("Failed to create custom controls.") raise else: return am_controls def create_custom_framework(self, cpack_name, am_control_ids): """ Create a custom Audit Manager framework from a selected AWS Config conformance pack. :param cpack_name: The name of the conformance pack to create a framework from. :param am_control_ids: The IDs of the custom controls created from the conformance pack. """ try: print("Creating custom framework...") custom_framework = self.auditmanager_client.create_assessment_framework( name="Config-Conformance-pack-" + cpack_name, controlSets=[{"name": cpack_name, "controls": am_control_ids}], ) print( f"Successfully created the custom framework: ", f"{custom_framework.get('framework').get('name')}: ", f"{custom_framework.get('framework').get('id')}", ) print("-" * 88) except ClientError: logger.exception("Failed to create custom framework.") raise def run_demo(): print("-" * 88) print("Welcome to the AWS Audit Manager custom framework demo!") print("-" * 88) print( "You can use this sample to select a conformance pack from AWS Config and " "use AWS Audit Manager to create a custom control for all the managed " "rules under the conformance pack. A custom framework is also created " "with these controls." ) print("-" * 88) conf_pack = ConformancePack(boto3.client("config"), boto3.client("auditmanager")) cpack_name = conf_pack.get_conformance_pack() am_controls = conf_pack.create_custom_controls(cpack_name) conf_pack.create_custom_framework(cpack_name, am_controls) if __name__ == "__main__": run_demo() ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Python (Boto3)*. + [CreateAssessmentFramework](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/CreateAssessmentFramework) + [CreateControl](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/CreateControl) ------ # Crea un framework personalizzato Audit Manager che contenga i controlli CSPM di Security Hub utilizzando un SDK AWS L’esempio di codice seguente mostra come: + Ottieni un elenco di tutti i controlli standard che hanno Security Hub CSPM come fonte di dati. + Creare un framework personalizzato di Gestione audit Manager contenente i controlli. ------ #### [ Python ] **SDK per Python (Boto3)** C'è di più su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/auditmanager#code-examples). ``` import logging import boto3 from botocore.exceptions import ClientError logger = logging.getLogger(__name__) class SecurityHub: def __init__(self, auditmanager_client): self.auditmanager_client = auditmanager_client def get_sechub_controls(self): """ Gets the list of controls that use Security Hub as their data source. :return: The list of Security Hub controls. """ print("-" * 88) next_token = None page = 1 sechub_control_list = [] while True: print("Page [" + str(page) + "]") if next_token is None: control_list = self.auditmanager_client.list_controls( controlType="Standard", maxResults=100 ) else: control_list = self.auditmanager_client.list_controls( controlType="Standard", nextToken=next_token, maxResults=100 ) print("Total controls found:", len(control_list.get("controlMetadataList"))) for control in control_list.get("controlMetadataList"): control_details = self.auditmanager_client.get_control( controlId=control.get("id") ).get("control", {}) if "AWS Security Hub" in control_details.get("controlSources"): sechub_control_list.append({"id": control_details.get("id")}) next_token = control_list.get("nextToken") if not next_token: break page += 1 print("Number of Security Hub controls found: ", len(sechub_control_list)) return sechub_control_list def create_custom_framework(self, am_controls): """ Create a custom framework with a list of controls. :param am_controls: The list of controls to include in the framework. """ try: print("Creating custom framework...") custom_framework = self.auditmanager_client.create_assessment_framework( name="All Security Hub Controls Framework", controlSets=[{"name": "Security-Hub", "controls": am_controls}], ) print( f"Successfully created the custom framework: " f"{custom_framework.get('framework').get('name')}: " f"{custom_framework.get('framework').get('id')}" ) print("-" * 88) except ClientError: logger.exception("Failed to create custom framework.") raise def run_demo(): print("-" * 88) print("Welcome to the AWS Audit Manager Security Hub demo!") print("-" * 88) print(" This script creates a custom framework with all Security Hub controls.") print("-" * 88) sechub = SecurityHub(boto3.client("auditmanager")) am_controls = sechub.get_sechub_controls() sechub.create_custom_framework(am_controls) if __name__ == "__main__": run_demo() ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Python (Boto3)*. + [CreateAssessmentFramework](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/CreateAssessmentFramework) + [GetControl](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/GetControl) + [ListControls](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/ListControls) ------ # Crea un rapporto di valutazione Audit Manager che contenga un giorno di prove utilizzando un AWS SDK L’esempio di codice seguente mostra come creare un report di valutazione di Gestione audit riferito a un giorno di prove. ------ #### [ Python ] **SDK per Python (Boto3)** C'è altro da fare. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel [Repository di esempi di codice AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/auditmanager#code-examples). ``` import dateutil.parser import logging import time import urllib.request import uuid import boto3 from botocore.exceptions import ClientError logger = logging.getLogger(__name__) class AuditReport: def __init__(self, auditmanager_client): self.auditmanager_client = auditmanager_client def get_input(self): print("-" * 40) try: assessment_id = input("Provide assessment id [uuid]: ").lower() try: assessment_uuid = uuid.UUID(assessment_id) except ValueError: logger.error("Assessment Id is not a valid UUID: %s", assessment_id) raise evidence_folder = input("Provide evidence date [yyyy-mm-dd]: ") try: evidence_date = dateutil.parser.parse(evidence_folder).date() except ValueError: logger.error("Invalid date : %s", evidence_folder) raise try: self.auditmanager_client.get_assessment( assessmentId=str(assessment_uuid) ) except ClientError: logger.exception("Couldn't get assessment %s.", assessment_uuid) raise except (ValueError, ClientError): return None, None else: return assessment_uuid, evidence_date def clear_staging(self, assessment_uuid, evidence_date): """ Find all the evidence in the report and clear it. """ next_token = None page = 1 interested_folder_id_list = [] while True: print(f"Page [{page}]") if next_token is None: folder_list = ( self.auditmanager_client.get_evidence_folders_by_assessment( assessmentId=str(assessment_uuid), maxResults=1000 ) ) else: folder_list = ( self.auditmanager_client.get_evidence_folders_by_assessment( assessmentId=str(assessment_uuid), nextToken=next_token, maxResults=1000, ) ) folders = folder_list.get("evidenceFolders") print(f"Got {len(folders)} folders.") for folder in folders: folder_id = folder.get("id") if folder.get("name") == str(evidence_date): interested_folder_id_list.append(folder_id) if folder.get("assessmentReportSelectionCount") == folder.get( "totalEvidence" ): print( f"Removing folder from report selection : {folder.get('name')} " f"{folder_id} {folder.get('controlId')}" ) self.auditmanager_client.disassociate_assessment_report_evidence_folder( assessmentId=str(assessment_uuid), evidenceFolderId=folder_id ) elif folder.get("assessmentReportSelectionCount") > 0: # Get all evidence in the folder and # add selected evidence in the selected_evidence_list. evidence_list = ( self.auditmanager_client.get_evidence_by_evidence_folder( assessmentId=str(assessment_uuid), controlSetId=folder_id, evidenceFolderId=folder_id, maxResults=1000, ) ) selected_evidence_list = [] for evidence in evidence_list.get("evidence"): if evidence.get("assessmentReportSelection") == "Yes": selected_evidence_list.append(evidence.get("id")) print( f"Removing evidence report selection : {folder.get('name')} " f"{len(selected_evidence_list)}" ) self.auditmanager_client.batch_disassociate_assessment_report_evidence( assessmentId=str(assessment_uuid), evidenceFolderId=folder_id, evidenceIds=selected_evidence_list, ) next_token = folder_list.get("nextToken") if not next_token: break page += 1 return interested_folder_id_list def add_folder_to_staging(self, assessment_uuid, folder_id_list): print(f"Adding folders to report : {folder_id_list}") for folder in folder_id_list: self.auditmanager_client.associate_assessment_report_evidence_folder( assessmentId=str(assessment_uuid), evidenceFolderId=folder ) def get_report(self, assessment_uuid): report = self.auditmanager_client.create_assessment_report( name="ReportViaScript", description="testing", assessmentId=str(assessment_uuid), ) if self._is_report_generated(report.get("assessmentReport").get("id")): report_url = self.auditmanager_client.get_assessment_report_url( assessmentReportId=report.get("assessmentReport").get("id"), assessmentId=str(assessment_uuid), ) print(report_url.get("preSignedUrl")) urllib.request.urlretrieve( report_url.get("preSignedUrl").get("link"), report_url.get("preSignedUrl").get("hyperlinkName"), ) print( f"Report saved as {report_url.get('preSignedUrl').get('hyperlinkName')}." ) else: print("Report generation did not finish in 15 minutes.") print( "Failed to download report. Go to the console and manually download " "the report." ) def _is_report_generated(self, assessment_report_id): max_wait_time = 0 while max_wait_time < 900: print(f"Checking status of the report {assessment_report_id}") report_list = self.auditmanager_client.list_assessment_reports(maxResults=1) if ( report_list.get("assessmentReports")[0].get("id") == assessment_report_id and report_list.get("assessmentReports")[0].get("status") == "COMPLETE" ): return True print("Sleeping for 5 seconds...") time.sleep(5) max_wait_time += 5 def run_demo(): print("-" * 88) print("Welcome to the AWS Audit Manager samples demo!") print("-" * 88) print( "This script creates an assessment report for an assessment with all the " "evidence collected on the provided date." ) print("-" * 88) report = AuditReport(boto3.client("auditmanager")) assessment_uuid, evidence_date = report.get_input() if assessment_uuid is not None and evidence_date is not None: folder_id_list = report.clear_staging(assessment_uuid, evidence_date) report.add_folder_to_staging(assessment_uuid, folder_id_list) report.get_report(assessment_uuid) if __name__ == "__main__": run_demo() ``` + Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella *documentazione di riferimento dell’API AWS SDK per Python (Boto3)*. + [AssociateAssessmentReportEvidenceFolder](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/AssociateAssessmentReportEvidenceFolder) + [BatchDisassociateAssessmentReportEvidence](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/BatchDisassociateAssessmentReportEvidence) + [CreateAssessmentReport](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/CreateAssessmentReport) + [DisassociateAssessmentReportEvidenceFolder](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/DisassociateAssessmentReportEvidenceFolder) + [GetAssessment](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/GetAssessment) + [GetAssessmentReportUrl](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/GetAssessmentReportUrl) + [GetEvidenceByEvidenceFolder](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/GetEvidenceByEvidenceFolder) + [GetEvidenceFoldersByAssessment](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/GetEvidenceFoldersByAssessment) + [ListAssessmentReports](https://docs.aws.amazon.com/goto/boto3/auditmanager-2017-07-25/ListAssessmentReports) ------