2021/04/05 - AWS Audit Manager - 1 updated api methods
Changes AWS Audit Manager has updated the GetAssessment API operation to include a new response field called userRole. The userRole field indicates the role information and IAM ARN of the API caller.
{'userRole': {'roleArn': 'string',
'roleType': 'PROCESS_OWNER | RESOURCE_OWNER'}}
Returns an assessment from AWS Audit Manager.
See also: AWS API Documentation
Request Syntax
client.get_assessment(
assessmentId='string'
)
string
[REQUIRED]
The identifier for the specified assessment.
dict
Response Syntax
{
'assessment': {
'arn': 'string',
'awsAccount': {
'id': 'string',
'emailAddress': 'string',
'name': 'string'
},
'metadata': {
'name': 'string',
'id': 'string',
'description': 'string',
'complianceType': 'string',
'status': 'ACTIVE'|'INACTIVE',
'assessmentReportsDestination': {
'destinationType': 'S3',
'destination': 'string'
},
'scope': {
'awsAccounts': [
{
'id': 'string',
'emailAddress': 'string',
'name': 'string'
},
],
'awsServices': [
{
'serviceName': 'string'
},
]
},
'roles': [
{
'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
'roleArn': 'string'
},
],
'delegations': [
{
'id': 'string',
'assessmentName': 'string',
'assessmentId': 'string',
'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
'roleArn': 'string',
'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
'creationTime': datetime(2015, 1, 1),
'lastUpdated': datetime(2015, 1, 1),
'controlSetId': 'string',
'comment': 'string',
'createdBy': 'string'
},
],
'creationTime': datetime(2015, 1, 1),
'lastUpdated': datetime(2015, 1, 1)
},
'framework': {
'id': 'string',
'arn': 'string',
'metadata': {
'name': 'string',
'description': 'string',
'logo': 'string',
'complianceType': 'string'
},
'controlSets': [
{
'id': 'string',
'description': 'string',
'status': 'ACTIVE'|'UNDER_REVIEW'|'REVIEWED',
'roles': [
{
'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
'roleArn': 'string'
},
],
'controls': [
{
'id': 'string',
'name': 'string',
'description': 'string',
'status': 'UNDER_REVIEW'|'REVIEWED'|'INACTIVE',
'response': 'MANUAL'|'AUTOMATE'|'DEFER'|'IGNORE',
'comments': [
{
'authorName': 'string',
'commentBody': 'string',
'postedDate': datetime(2015, 1, 1)
},
],
'evidenceSources': [
'string',
],
'evidenceCount': 123,
'assessmentReportEvidenceCount': 123
},
],
'delegations': [
{
'id': 'string',
'assessmentName': 'string',
'assessmentId': 'string',
'status': 'IN_PROGRESS'|'UNDER_REVIEW'|'COMPLETE',
'roleArn': 'string',
'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
'creationTime': datetime(2015, 1, 1),
'lastUpdated': datetime(2015, 1, 1),
'controlSetId': 'string',
'comment': 'string',
'createdBy': 'string'
},
],
'systemEvidenceCount': 123,
'manualEvidenceCount': 123
},
]
},
'tags': {
'string': 'string'
}
},
'userRole': {
'roleType': 'PROCESS_OWNER'|'RESOURCE_OWNER',
'roleArn': 'string'
}
}
Response Structure
(dict) --
assessment (dict) --
An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.
arn (string) --
The Amazon Resource Name (ARN) of the assessment.
awsAccount (dict) --
The AWS account associated with the assessment.
id (string) --
The identifier for the specified AWS account.
emailAddress (string) --
The email address associated with the specified AWS account.
name (string) --
The name of the specified AWS account.
metadata (dict) --
The metadata for the specified assessment.
name (string) --
The name of the assessment.
id (string) --
The unique identifier for the assessment.
description (string) --
The description of the assessment.
complianceType (string) --
The name of a compliance standard related to the assessment, such as PCI-DSS.
status (string) --
The overall status of the assessment.
assessmentReportsDestination (dict) --
The destination in which evidence reports are stored for the specified assessment.
destinationType (string) --
The destination type, such as Amazon S3.
destination (string) --
The destination of the assessment report.
scope (dict) --
The wrapper of AWS accounts and services in scope for the assessment.
awsAccounts (list) --
The AWS accounts included in the scope of the assessment.
(dict) --
The wrapper of AWS account details, such as account ID, email address, and so on.
id (string) --
The identifier for the specified AWS account.
emailAddress (string) --
The email address associated with the specified AWS account.
name (string) --
The name of the specified AWS account.
awsServices (list) --
The AWS services included in the scope of the assessment.
(dict) --
An AWS service such as Amazon S3, AWS CloudTrail, and so on.
serviceName (string) --
The name of the AWS service.
roles (list) --
The roles associated with the assessment.
(dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
delegations (list) --
The delegations associated with the assessment.
(dict) --
The assignment of a control set to a delegate for review.
id (string) --
The unique identifier for the delegation.
assessmentName (string) --
The name of the associated assessment.
assessmentId (string) --
The identifier for the associated assessment.
status (string) --
The status of the delegation.
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
creationTime (datetime) --
Specifies when the delegation was created.
lastUpdated (datetime) --
Specifies when the delegation was last updated.
controlSetId (string) --
The identifier for the associated control set.
comment (string) --
The comment related to the delegation.
createdBy (string) --
The IAM user or role that created the delegation.
creationTime (datetime) --
Specifies when the assessment was created.
lastUpdated (datetime) --
The time of the most recent update.
framework (dict) --
The framework from which the assessment was created.
id (string) --
The unique identifier for the framework.
arn (string) --
The Amazon Resource Name (ARN) of the specified framework.
metadata (dict) --
The metadata of a framework, such as the name, ID, description, and so on.
name (string) --
The name of the framework.
description (string) --
The description of the framework.
logo (string) --
The logo associated with the framework.
complianceType (string) --
The compliance standard associated with the framework, such as PCI-DSS or HIPAA.
controlSets (list) --
The control sets associated with the framework.
(dict) --
Represents a set of controls in an AWS Audit Manager assessment.
id (string) --
The identifier of the control set in the assessment. This is the control set name in a plain string format.
description (string) --
The description for the control set.
status (string) --
Specifies the current status of the control set.
roles (list) --
The roles associated with the control set.
(dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
controls (list) --
The list of controls contained with the control set.
(dict) --
The control entity that represents a standard or custom control used in an AWS Audit Manager assessment.
id (string) --
The identifier for the specified control.
name (string) --
The name of the specified control.
description (string) --
The description of the specified control.
status (string) --
The status of the specified control.
response (string) --
The response of the specified control.
comments (list) --
The list of comments attached to the specified control.
(dict) --
A comment posted by a user on a control. This includes the author's name, the comment text, and a timestamp.
authorName (string) --
The name of the user who authored the comment.
commentBody (string) --
The body text of a control comment.
postedDate (datetime) --
The time when the comment was posted.
evidenceSources (list) --
The list of data sources for the specified evidence.
(string) --
evidenceCount (integer) --
The amount of evidence generated for the control.
assessmentReportEvidenceCount (integer) --
The amount of evidence in the assessment report.
delegations (list) --
The delegations associated with the control set.
(dict) --
The assignment of a control set to a delegate for review.
id (string) --
The unique identifier for the delegation.
assessmentName (string) --
The name of the associated assessment.
assessmentId (string) --
The identifier for the associated assessment.
status (string) --
The status of the delegation.
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
creationTime (datetime) --
Specifies when the delegation was created.
lastUpdated (datetime) --
Specifies when the delegation was last updated.
controlSetId (string) --
The identifier for the associated control set.
comment (string) --
The comment related to the delegation.
createdBy (string) --
The IAM user or role that created the delegation.
systemEvidenceCount (integer) --
The total number of evidence objects retrieved automatically for the control set.
manualEvidenceCount (integer) --
The total number of evidence objects uploaded manually to the control set.
tags (dict) --
The tags associated with the assessment.
(string) --
(string) --
userRole (dict) --
The wrapper that contains the AWS Audit Manager role information of the current user, such as the role type and IAM Amazon Resource Name (ARN).
roleType (string) --
The type of customer persona.
Note
In CreateAssessment , roleType can only be PROCESS_OWNER .
In UpdateSettings , roleType can only be PROCESS_OWNER .
In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
roleArn (string) --
The Amazon Resource Name (ARN) of the IAM role.