[ aws . auditmanager ]

create-assessment

Description

Creates an assessment in AWS Audit Manager.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-assessment
--name <value>
[--description <value>]
--assessment-reports-destination <value>
--scope <value>
--roles <value>
--framework-id <value>
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--name (string)

The name of the assessment to be created.

--description (string)

The optional description of the assessment to be created.

--assessment-reports-destination (structure)

The assessment report storage destination for the specified assessment that is being created.

destinationType -> (string)

The destination type, such as Amazon S3.

destination -> (string)

The destination of the assessment report.

Shorthand Syntax:

destinationType=string,destination=string

JSON Syntax:

{
  "destinationType": "S3",
  "destination": "string"
}

--scope (structure)

The wrapper that contains the AWS accounts and AWS services in scope for the assessment.

awsAccounts -> (list)

The AWS accounts included in the scope of the assessment.

(structure)

The wrapper of AWS account details, such as account ID, email address, and so on.

id -> (string)

The identifier for the specified AWS account.

emailAddress -> (string)

The email address associated with the specified AWS account.

name -> (string)

The name of the specified AWS account.

awsServices -> (list)

The AWS services included in the scope of the assessment.

(structure)

An AWS service such as Amazon S3, AWS CloudTrail, and so on.

serviceName -> (string)

The name of the AWS service.

Shorthand Syntax:

awsAccounts=[{id=string,emailAddress=string,name=string},{id=string,emailAddress=string,name=string}],awsServices=[{serviceName=string},{serviceName=string}]

JSON Syntax:

{
  "awsAccounts": [
    {
      "id": "string",
      "emailAddress": "string",
      "name": "string"
    }
    ...
  ],
  "awsServices": [
    {
      "serviceName": "string"
    }
    ...
  ]
}

--roles (list)

The list of roles for the specified assessment.

(structure)

The wrapper that contains AWS Audit Manager role information, such as the role type and IAM Amazon Resource Name (ARN).

roleType -> (string)

The type of customer persona.

Note

In CreateAssessment , roleType can only be PROCESS_OWNER .

In UpdateSettings , roleType can only be PROCESS_OWNER .

In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

roleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role.

Shorthand Syntax:

roleType=string,roleArn=string ...

JSON Syntax:

[
  {
    "roleType": "PROCESS_OWNER"|"RESOURCE_OWNER",
    "roleArn": "string"
  }
  ...
]

--framework-id (string)

The identifier for the specified framework.

--tags (map)

The tags associated with the assessment.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

assessment -> (structure)

An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

arn -> (string)

The Amazon Resource Name (ARN) of the assessment.

awsAccount -> (structure)

The AWS account associated with the assessment.

id -> (string)

The identifier for the specified AWS account.

emailAddress -> (string)

The email address associated with the specified AWS account.

name -> (string)

The name of the specified AWS account.

metadata -> (structure)

The metadata for the specified assessment.

name -> (string)

The name of the assessment.

id -> (string)

The unique identifier for the assessment.

description -> (string)

The description of the assessment.

complianceType -> (string)

The name of a compliance standard related to the assessment, such as PCI-DSS.

status -> (string)

The overall status of the assessment.

assessmentReportsDestination -> (structure)

The destination in which evidence reports are stored for the specified assessment.

destinationType -> (string)

The destination type, such as Amazon S3.

destination -> (string)

The destination of the assessment report.

scope -> (structure)

The wrapper of AWS accounts and services in scope for the assessment.

awsAccounts -> (list)

The AWS accounts included in the scope of the assessment.

(structure)

The wrapper of AWS account details, such as account ID, email address, and so on.

id -> (string)

The identifier for the specified AWS account.

emailAddress -> (string)

The email address associated with the specified AWS account.

name -> (string)

The name of the specified AWS account.

awsServices -> (list)

The AWS services included in the scope of the assessment.

(structure)

An AWS service such as Amazon S3, AWS CloudTrail, and so on.

serviceName -> (string)

The name of the AWS service.

roles -> (list)

The roles associated with the assessment.

(structure)

The wrapper that contains AWS Audit Manager role information, such as the role type and IAM Amazon Resource Name (ARN).

roleType -> (string)

The type of customer persona.

Note

In CreateAssessment , roleType can only be PROCESS_OWNER .

In UpdateSettings , roleType can only be PROCESS_OWNER .

In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

roleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role.

delegations -> (list)

The delegations associated with the assessment.

(structure)

The assignment of a control set to a delegate for review.

id -> (string)

The unique identifier for the delegation.

assessmentName -> (string)

The name of the associated assessment.

assessmentId -> (string)

The identifier for the associated assessment.

status -> (string)

The status of the delegation.

roleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role.

roleType -> (string)

The type of customer persona.

Note

In CreateAssessment , roleType can only be PROCESS_OWNER .

In UpdateSettings , roleType can only be PROCESS_OWNER .

In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

creationTime -> (timestamp)

Specifies when the delegation was created.

lastUpdated -> (timestamp)

Specifies when the delegation was last updated.

controlSetId -> (string)

The identifier for the associated control set.

comment -> (string)

The comment related to the delegation.

createdBy -> (string)

The IAM user or role that created the delegation.

creationTime -> (timestamp)

Specifies when the assessment was created.

lastUpdated -> (timestamp)

The time of the most recent update.

framework -> (structure)

The framework from which the assessment was created.

id -> (string)

The unique identifier for the framework.

arn -> (string)

The Amazon Resource Name (ARN) of the specified framework.

metadata -> (structure)

The metadata of a framework, such as the name, ID, description, and so on.

name -> (string)

The name of the framework.

description -> (string)

The description of the framework.

logo -> (string)

The logo associated with the framework.

complianceType -> (string)

The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

controlSets -> (list)

The control sets associated with the framework.

(structure)

Represents a set of controls in an AWS Audit Manager assessment.

id -> (string)

The identifier of the control set in the assessment. This is the control set name in a plain string format.

description -> (string)

The description for the control set.

status -> (string)

Specifies the current status of the control set.

roles -> (list)

The roles associated with the control set.

(structure)

The wrapper that contains AWS Audit Manager role information, such as the role type and IAM Amazon Resource Name (ARN).

roleType -> (string)

The type of customer persona.

Note

In CreateAssessment , roleType can only be PROCESS_OWNER .

In UpdateSettings , roleType can only be PROCESS_OWNER .

In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

roleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role.

controls -> (list)

The list of controls contained with the control set.

(structure)

The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.

id -> (string)

The identifier for the specified control.

name -> (string)

The name of the specified control.

description -> (string)

The description of the specified control.

status -> (string)

The status of the specified control.

response -> (string)

The response of the specified control.

comments -> (list)

The list of comments attached to the specified control.

(structure)

A comment posted by a user on a control. This includes the author’s name, the comment text, and a timestamp.

authorName -> (string)

The name of the user who authored the comment.

commentBody -> (string)

The body text of a control comment.

postedDate -> (timestamp)

The time when the comment was posted.

evidenceSources -> (list)

The list of data sources for the specified evidence.

(string)

evidenceCount -> (integer)

The amount of evidence generated for the control.

assessmentReportEvidenceCount -> (integer)

The amount of evidence in the assessment report.

delegations -> (list)

The delegations associated with the control set.

(structure)

The assignment of a control set to a delegate for review.

id -> (string)

The unique identifier for the delegation.

assessmentName -> (string)

The name of the associated assessment.

assessmentId -> (string)

The identifier for the associated assessment.

status -> (string)

The status of the delegation.

roleArn -> (string)

The Amazon Resource Name (ARN) of the IAM role.

roleType -> (string)

The type of customer persona.

Note

In CreateAssessment , roleType can only be PROCESS_OWNER .

In UpdateSettings , roleType can only be PROCESS_OWNER .

In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .

creationTime -> (timestamp)

Specifies when the delegation was created.

lastUpdated -> (timestamp)

Specifies when the delegation was last updated.

controlSetId -> (string)

The identifier for the associated control set.

comment -> (string)

The comment related to the delegation.

createdBy -> (string)

The IAM user or role that created the delegation.

systemEvidenceCount -> (integer)

The total number of evidence objects retrieved automatically for the control set.

manualEvidenceCount -> (integer)

The total number of evidence objects uploaded manually to the control set.

tags -> (map)

The tags associated with the assessment.

key -> (string)

value -> (string)