Use AMS Self-Service Provisioning (SSP) mode to access Audit Manager capabilities directly in your AMS managed account. Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and
compliance with regulations and industry standards. Audit Manager automates evidence collection to
make it easier to assess if your policies, procedures, and activities are operating effectively.
When it is time for an audit, Audit Manager helps you manage stakeholder reviews of your controls and
helps you build audit-ready reports with significantly less manual effort.
To learn more, see Audit Manager
AWS Audit Manager in AWS Managed Services FAQs
Common questions and answers:
Q: How do I request access to AWS Audit Manager in my AMS account?
You can request access through the submission of the AWS Services RFC
Management | AWS service | Self-provisioned service | Add (review required) (ct-3qe6io8t6jtny). This RFC provisions the following IAM role
in your account: customer-audit-manager-admin-Role.
After provisioned in your account, you must onboard the role in your federation
solution.
Q: What are the restrictions to using AWS Audit Manager?
There are no restrictions for the use of AWS Audit Manager in your AMS account. Full functionality for AWS Audit Manager is provided.
Q: What are the prerequisites or dependencies to using AWS Audit Manager?
You need to provide AMS with the s3 bucket where you want reports/assessments to reside.
If you want to have encryption with the service, you need to provide AMS with the KMS CMK ARN to use.
If you want to send an SNS notifications to a Topic, you must provide the name of the topic or arn.
(Optional) There is an additional prerequisite if you want to enable Organizations as part of your multi-account landing zone in Audit Manager and you want a delegated administrator account: In the description field for RFC (Management | AWS service | Compatible Service| Add), mention that you want to use the delegated administrator account as part of Audit Manager Setup and provide the below details:
KMS CMK ARN (used to set up Audit Manager, initially)
Delegated administrator account ID for Audit Manager to use as part of this multi-account landing zone (can be a MALZ application account)
