AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Class: AWS.AuditManager

Inherits:
AWS.Service show all
Identifier:
auditmanager
API Version:
2017-07-25
Defined in:
(unknown)

Overview

Constructs a service interface object. Each API operation is exposed as a function on service.

Service Description

Welcome to the AWS Audit Manager API reference. This guide is for developers who need detailed information about the AWS Audit Manager API operations, data types, and errors.

AWS Audit Manager is a service that provides automated evidence collection so that you can continuously audit your AWS usage, and assess the effectiveness of your controls to better manage risk and simplify compliance.

AWS Audit Manager provides pre-built frameworks that structure and automate assessments for a given compliance standard. Frameworks include a pre-built collection of controls with descriptions and testing procedures, which are grouped according to the requirements of the specified compliance standard or regulation. You can also customize frameworks and controls to support internal audits with unique requirements.

Use the following links to get started with the AWS Audit Manager API:

  • Actions: An alphabetical list of all AWS Audit Manager API operations.

  • Data types: An alphabetical list of all AWS Audit Manager data types.

  • Common parameters: Parameters that all Query operations can use.

  • Common errors: Client and server errors that all operations can return.

If you're new to AWS Audit Manager, we recommend that you review the AWS Audit Manager User Guide.

Sending a Request Using AuditManager

var auditmanager = new AWS.AuditManager();
auditmanager.associateAssessmentReportEvidenceFolder(params, function (err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Locking the API Version

In order to ensure that the AuditManager object uses this specific API, you can construct the object by passing the apiVersion option to the constructor:

var auditmanager = new AWS.AuditManager({apiVersion: '2017-07-25'});

You can also set the API version globally in AWS.config.apiVersions using the auditmanager service identifier:

AWS.config.apiVersions = {
  auditmanager: '2017-07-25',
  // other service API versions
};

var auditmanager = new AWS.AuditManager();

Version:

  • 2017-07-25

Constructor Summary collapse

Property Summary collapse

Properties inherited from AWS.Service

apiVersions

Method Summary collapse

Methods inherited from AWS.Service

makeRequest, makeUnauthenticatedRequest, waitFor, setupRequestListeners, defineService

Constructor Details

new AWS.AuditManager(options = {}) ⇒ Object

Constructs a service object. This object has one method for each API operation.

Examples:

Constructing a AuditManager object

var auditmanager = new AWS.AuditManager({apiVersion: '2017-07-25'});

Options Hash (options):

  • params (map)

    An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.

  • endpoint (String|AWS.Endpoint)

    The endpoint URI to send requests to. The default endpoint is built from the configured region. The endpoint should be a string like 'https://{service}.{region}.amazonaws.com' or an Endpoint object.

  • accessKeyId (String)

    your AWS access key ID.

  • secretAccessKey (String)

    your AWS secret access key.

  • sessionToken (AWS.Credentials)

    the optional AWS session token to sign requests with.

  • credentials (AWS.Credentials)

    the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.

  • credentialProvider (AWS.CredentialProviderChain)

    the provider chain used to resolve credentials if no static credentials property is set.

  • region (String)

    the region to send service requests to. See AWS.AuditManager.region for more information.

  • maxRetries (Integer)

    the maximum amount of retries to attempt with a request. See AWS.AuditManager.maxRetries for more information.

  • maxRedirects (Integer)

    the maximum amount of redirects to follow with a request. See AWS.AuditManager.maxRedirects for more information.

  • sslEnabled (Boolean)

    whether to enable SSL for requests.

  • paramValidation (Boolean|map)

    whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:

    • min [Boolean] — Validates that a value meets the min constraint. This is enabled by default when paramValidation is set to true.
    • max [Boolean] — Validates that a value meets the max constraint.
    • pattern [Boolean] — Validates that a string value matches a regular expression.
    • enum [Boolean] — Validates that a string value matches one of the allowable enum values.
  • computeChecksums (Boolean)

    whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)

  • convertResponseTypes (Boolean)

    whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to true.

  • correctClockSkew (Boolean)

    whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to false.

  • s3ForcePathStyle (Boolean)

    whether to force path style URLs for S3 objects.

  • s3BucketEndpoint (Boolean)

    whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an endpoint to be provided explicitly to the service constructor.

  • s3DisableBodySigning (Boolean)

    whether S3 body signing should be disabled when using signature version v4. Body signing can only be disabled when using https. Defaults to true.

  • s3UsEast1RegionalEndpoint ('legacy'|'regional')

    when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to legacy

  • s3UseArnRegion (Boolean)

    whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to true

  • retryDelayOptions (map)

    A set of options to configure the retry delay on retryable errors. Currently supported options are:

    • base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
    • customBackoff [function] — A custom function that accepts a retry count and error and returns the amount of time to delay in milliseconds. If the result is a non-zero negative value, no further retry attempts will be made. The base option will be ignored if this option is supplied. The function is only called for retryable errors.
  • httpOptions (map)

    A set of options to pass to the low-level HTTP request. Currently supported options are:

    • proxy [String] — the URL to proxy requests through
    • agent [http.Agent, https.Agent] — the Agent object to perform HTTP requests with. Used for connection pooling. Defaults to the global agent (http.globalAgent) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment.
    • connectTimeout [Integer] — Sets the socket to timeout after failing to establish a connection with the server after connectTimeout milliseconds. This timeout has no effect once a socket connection has been established.
    • timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
    • xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
    • xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
  • apiVersion (String, Date)

    a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by apiVersions). Specify 'latest' to use the latest possible version.

  • apiVersions (map<String, String|Date>)

    a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.

  • logger (#write, #log)

    an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests

  • systemClockOffset (Number)

    an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global AWS.config object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds.

  • signatureVersion (String)

    the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.

  • signatureCache (Boolean)

    whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to true.

  • dynamoDbCrc32 (Boolean)

    whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default: true.

  • useAccelerateEndpoint (Boolean)

    Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default: false.

  • clientSideMonitoring (Boolean)

    whether to collect and publish this client's performance metrics of all its API requests.

  • endpointDiscoveryEnabled (Boolean|undefined)

    whether to call operations with endpoints given by service dynamically. Setting this

  • endpointCacheSize (Number)

    the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000

  • hostPrefixEnabled (Boolean)

    whether to marshal request parameters to the prefix of hostname. Defaults to true.

  • stsRegionalEndpoints ('legacy'|'regional')

    whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.

Property Details

endpointAWS.Endpoint (readwrite)

Returns an Endpoint object representing the endpoint URL for service requests.

Returns:

  • (AWS.Endpoint)

    an Endpoint object representing the endpoint URL for service requests.

Method Details

associateAssessmentReportEvidenceFolder(params = {}, callback) ⇒ AWS.Request

Associates an evidence folder to the specified assessment report in AWS Audit Manager.

Examples:

Calling the associateAssessmentReportEvidenceFolder operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE' /* required */
};
auditmanager.associateAssessmentReportEvidenceFolder(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • evidenceFolderId — (String)

      The identifier for the folder in which evidence is stored.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchAssociateAssessmentReportEvidence(params = {}, callback) ⇒ AWS.Request

Associates a list of evidence to an assessment report in an AWS Audit Manager assessment.

Examples:

Calling the batchAssociateAssessmentReportEvidence operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE', /* required */
  evidenceIds: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
auditmanager.batchAssociateAssessmentReportEvidence(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The unique identifier for the specified assessment.

    • evidenceFolderId — (String)

      The identifier for the folder in which the evidence is stored.

    • evidenceIds — (Array<String>)

      The list of evidence identifiers.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidenceIds — (Array<String>)

        The identifier for the evidence.

      • errors — (Array<map>)

        A list of errors returned by the BatchAssociateAssessmentReportEvidence API.

        • evidenceId — (String)

          The identifier for the evidence.

        • errorCode — (String)

          The error code returned by the AssessmentReportEvidence API.

        • errorMessage — (String)

          The error message returned by the AssessmentReportEvidence API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchCreateDelegationByAssessment(params = {}, callback) ⇒ AWS.Request

Create a batch of delegations for a specified assessment in AWS Audit Manager.

Examples:

Calling the batchCreateDelegationByAssessment operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  createDelegationRequests: [ /* required */
    {
      comment: 'STRING_VALUE',
      controlSetId: 'STRING_VALUE',
      roleArn: 'STRING_VALUE',
      roleType: PROCESS_OWNER | RESOURCE_OWNER
    },
    /* more items */
  ]
};
auditmanager.batchCreateDelegationByAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • createDelegationRequests — (Array<map>)

      The API request to batch create delegations in AWS Audit Manager.

      • comment — (String)

        A comment related to the delegation request.

      • controlSetId — (String)

        The unique identifier for the control set.

      • roleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role.

      • roleType — (String)

        The type of customer persona.

        Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
        Possible values include:
        • "PROCESS_OWNER"
        • "RESOURCE_OWNER"
    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • delegations — (Array<map>)

        The delegations associated with the assessment.

        • id — (String)

          The unique identifier for the delegation.

        • assessmentName — (String)

          The name of the associated assessment.

        • assessmentId — (String)

          The identifier for the associated assessment.

        • status — (String)

          The status of the delegation.

          Possible values include:
          • "IN_PROGRESS"
          • "UNDER_REVIEW"
          • "COMPLETE"
        • roleArn — (String)

          The Amazon Resource Name (ARN) of the IAM role.

        • roleType — (String)

          The type of customer persona.

          Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
          Possible values include:
          • "PROCESS_OWNER"
          • "RESOURCE_OWNER"
        • creationTime — (Date)

          Specifies when the delegation was created.

        • lastUpdated — (Date)

          Specifies when the delegation was last updated.

        • controlSetId — (String)

          The identifier for the associated control set.

        • comment — (String)

          The comment related to the delegation.

        • createdBy — (String)

          The IAM user or role that created the delegation.

      • errors — (Array<map>)

        A list of errors returned by the BatchCreateDelegationByAssessment API.

        • createDelegationRequest — (map)

          The API request to batch create delegations in AWS Audit Manager.

          • comment — (String)

            A comment related to the delegation request.

          • controlSetId — (String)

            The unique identifier for the control set.

          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
        • errorCode — (String)

          The error code returned by the BatchCreateDelegationByAssessment API.

        • errorMessage — (String)

          The error message returned by the BatchCreateDelegationByAssessment API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchDeleteDelegationByAssessment(params = {}, callback) ⇒ AWS.Request

Deletes the delegations in the specified AWS Audit Manager assessment.

Examples:

Calling the batchDeleteDelegationByAssessment operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  delegationIds: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
auditmanager.batchDeleteDelegationByAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • delegationIds — (Array<String>)

      The identifiers for the specified delegations.

    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • errors — (Array<map>)

        A list of errors returned by the BatchDeleteDelegationByAssessment API.

        • delegationId — (String)

          The identifier for the specified delegation.

        • errorCode — (String)

          The error code returned by the BatchDeleteDelegationByAssessment API.

        • errorMessage — (String)

          The error message returned by the BatchDeleteDelegationByAssessment API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchDisassociateAssessmentReportEvidence(params = {}, callback) ⇒ AWS.Request

Disassociates a list of evidence from the specified assessment report in AWS Audit Manager.

Examples:

Calling the batchDisassociateAssessmentReportEvidence operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE', /* required */
  evidenceIds: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
auditmanager.batchDisassociateAssessmentReportEvidence(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • evidenceFolderId — (String)

      The identifier for the folder in which evidence is stored.

    • evidenceIds — (Array<String>)

      The list of evidence identifiers.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidenceIds — (Array<String>)

        The identifier for the evidence.

      • errors — (Array<map>)

        A list of errors returned by the BatchDisassociateAssessmentReportEvidence API.

        • evidenceId — (String)

          The identifier for the evidence.

        • errorCode — (String)

          The error code returned by the AssessmentReportEvidence API.

        • errorMessage — (String)

          The error message returned by the AssessmentReportEvidence API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

batchImportEvidenceToAssessmentControl(params = {}, callback) ⇒ AWS.Request

Uploads one or more pieces of evidence to the specified control in the assessment in AWS Audit Manager.

Examples:

Calling the batchImportEvidenceToAssessmentControl operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  manualEvidence: [ /* required */
    {
      s3ResourcePath: 'STRING_VALUE'
    },
    /* more items */
  ]
};
auditmanager.batchImportEvidenceToAssessmentControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • controlId — (String)

      The identifier for the specified control.

    • manualEvidence — (Array<map>)

      The list of manual evidence objects.

      • s3ResourcePath — (String)

        The Amazon S3 URL that points to a manual evidence object.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • errors — (Array<map>)

        A list of errors returned by the BatchImportEvidenceToAssessmentControl API.

        • manualEvidence — (map)

          Manual evidence that cannot be collected automatically by AWS Audit Manager.

          • s3ResourcePath — (String)

            The Amazon S3 URL that points to a manual evidence object.

        • errorCode — (String)

          The error code returned by the BatchImportEvidenceToAssessmentControl API.

        • errorMessage — (String)

          The error message returned by the BatchImportEvidenceToAssessmentControl API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAssessment(params = {}, callback) ⇒ AWS.Request

Creates an assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the createAssessment operation

var params = {
  assessmentReportsDestination: { /* required */
    destination: 'STRING_VALUE',
    destinationType: S3
  },
  frameworkId: 'STRING_VALUE', /* required */
  name: 'STRING_VALUE', /* required */
  roles: [ /* required */
    {
      roleArn: 'STRING_VALUE',
      roleType: PROCESS_OWNER | RESOURCE_OWNER
    },
    /* more items */
  ],
  scope: { /* required */
    awsAccounts: [
      {
        emailAddress: 'STRING_VALUE',
        id: 'STRING_VALUE',
        name: 'STRING_VALUE'
      },
      /* more items */
    ],
    awsServices: [
      {
        serviceName: 'STRING_VALUE'
      },
      /* more items */
    ]
  },
  description: 'STRING_VALUE',
  tags: {
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  }
};
auditmanager.createAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      The name of the assessment to be created.

    • description — (String)

      The optional description of the assessment to be created.

    • assessmentReportsDestination — (map)

      The assessment report storage destination for the specified assessment that is being created.

      • destinationType — (String)

        The destination type, such as Amazon S3.

        Possible values include:
        • "S3"
      • destination — (String)

        The destination of the assessment report.

    • scope — (map)

      The wrapper that contains the AWS accounts and AWS services in scope for the assessment.

      • awsAccounts — (Array<map>)

        The AWS accounts included in the scope of the assessment.

        • id — (String)

          The identifier for the specified AWS account.

        • emailAddress — (String)

          The email address associated with the specified AWS account.

        • name — (String)

          The name of the specified AWS account.

      • awsServices — (Array<map>)

        The AWS services included in the scope of the assessment.

        • serviceName — (String)

          The name of the AWS service.

    • roles — (Array<map>)

      The list of roles for the specified assessment.

      • roleType — (String)

        The type of customer persona.

        Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
        Possible values include:
        • "PROCESS_OWNER"
        • "RESOURCE_OWNER"
      • roleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role.

    • frameworkId — (String)

      The identifier for the specified framework.

    • tags — (map<String>)

      The tags associated with the assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessment — (map)

        An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

        • arn — (String)

          The Amazon Resource Name (ARN) of the assessment.

        • awsAccount — (map)

          The AWS account associated with the assessment.

          • id — (String)

            The identifier for the specified AWS account.

          • emailAddress — (String)

            The email address associated with the specified AWS account.

          • name — (String)

            The name of the specified AWS account.

        • metadata — (map)

          The metadata for the specified assessment.

          • name — (String)

            The name of the assessment.

          • id — (String)

            The unique identifier for the assessment.

          • description — (String)

            The description of the assessment.

          • complianceType — (String)

            The name of a compliance standard related to the assessment, such as PCI-DSS.

          • status — (String)

            The overall status of the assessment.

            Possible values include:
            • "ACTIVE"
            • "INACTIVE"
          • assessmentReportsDestination — (map)

            The destination in which evidence reports are stored for the specified assessment.

            • destinationType — (String)

              The destination type, such as Amazon S3.

              Possible values include:
              • "S3"
            • destination — (String)

              The destination of the assessment report.

          • scope — (map)

            The wrapper of AWS accounts and services in scope for the assessment.

            • awsAccounts — (Array<map>)

              The AWS accounts included in the scope of the assessment.

              • id — (String)

                The identifier for the specified AWS account.

              • emailAddress — (String)

                The email address associated with the specified AWS account.

              • name — (String)

                The name of the specified AWS account.

            • awsServices — (Array<map>)

              The AWS services included in the scope of the assessment.

              • serviceName — (String)

                The name of the AWS service.

          • roles — (Array<map>)

            The roles associated with the assessment.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

          • delegations — (Array<map>)

            The delegations associated with the assessment.

            • id — (String)

              The unique identifier for the delegation.

            • assessmentName — (String)

              The name of the associated assessment.

            • assessmentId — (String)

              The identifier for the associated assessment.

            • status — (String)

              The status of the delegation.

              Possible values include:
              • "IN_PROGRESS"
              • "UNDER_REVIEW"
              • "COMPLETE"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • creationTime — (Date)

              Specifies when the delegation was created.

            • lastUpdated — (Date)

              Specifies when the delegation was last updated.

            • controlSetId — (String)

              The identifier for the associated control set.

            • comment — (String)

              The comment related to the delegation.

            • createdBy — (String)

              The IAM user or role that created the delegation.

          • creationTime — (Date)

            Specifies when the assessment was created.

          • lastUpdated — (Date)

            The time of the most recent update.

        • framework — (map)

          The framework from which the assessment was created.

          • id — (String)

            The unique identifier for the framework.

          • arn — (String)

            The Amazon Resource Name (ARN) of the specified framework.

          • metadata — (map)

            The metadata of a framework, such as the name, ID, description, and so on.

            • name — (String)

              The name of the framework.

            • description — (String)

              The description of the framework.

            • logo — (String)

              The logo associated with the framework.

            • complianceType — (String)

              The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

          • controlSets — (Array<map>)

            The control sets associated with the framework.

            • id — (String)

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description — (String)

              The description for the control set.

            • status — (String)

              Specifies the current status of the control set.

              Possible values include:
              • "ACTIVE"
              • "UNDER_REVIEW"
              • "REVIEWED"
            • roles — (Array<map>)

              The roles associated with the control set.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

            • controls — (Array<map>)

              The list of controls contained with the control set.

              • id — (String)

                The identifier for the specified control.

              • name — (String)

                The name of the specified control.

              • description — (String)

                The description of the specified control.

              • status — (String)

                The status of the specified control.

                Possible values include:
                • "UNDER_REVIEW"
                • "REVIEWED"
                • "INACTIVE"
              • response — (String)

                The response of the specified control.

                Possible values include:
                • "MANUAL"
                • "AUTOMATE"
                • "DEFER"
                • "IGNORE"
              • comments — (Array<map>)

                The list of comments attached to the specified control.

                • authorName — (String)

                  The name of the user who authored the comment.

                • commentBody — (String)

                  The body text of a control comment.

                • postedDate — (Date)

                  The time when the comment was posted.

              • evidenceSources — (Array<String>)

                The list of data sources for the specified evidence.

              • evidenceCount — (Integer)

                The amount of evidence generated for the control.

              • assessmentReportEvidenceCount — (Integer)

                The amount of evidence in the assessment report.

            • delegations — (Array<map>)

              The delegations associated with the control set.

              • id — (String)

                The unique identifier for the delegation.

              • assessmentName — (String)

                The name of the associated assessment.

              • assessmentId — (String)

                The identifier for the associated assessment.

              • status — (String)

                The status of the delegation.

                Possible values include:
                • "IN_PROGRESS"
                • "UNDER_REVIEW"
                • "COMPLETE"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • creationTime — (Date)

                Specifies when the delegation was created.

              • lastUpdated — (Date)

                Specifies when the delegation was last updated.

              • controlSetId — (String)

                The identifier for the associated control set.

              • comment — (String)

                The comment related to the delegation.

              • createdBy — (String)

                The IAM user or role that created the delegation.

            • systemEvidenceCount — (Integer)

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount — (Integer)

              The total number of evidence objects uploaded manually to the control set.

        • tags — (map<String>)

          The tags associated with the assessment.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAssessmentFramework(params = {}, callback) ⇒ AWS.Request

Creates a custom framework in AWS Audit Manager.

Service Reference:

Examples:

Calling the createAssessmentFramework operation

var params = {
  controlSets: [ /* required */
    {
      controls: [
        {
          id: 'STRING_VALUE'
        },
        /* more items */
      ],
      name: 'STRING_VALUE'
    },
    /* more items */
  ],
  name: 'STRING_VALUE', /* required */
  complianceType: 'STRING_VALUE',
  description: 'STRING_VALUE',
  tags: {
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  }
};
auditmanager.createAssessmentFramework(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      The name of the new custom framework.

    • description — (String)

      An optional description for the new custom framework.

    • complianceType — (String)

      The compliance type that the new custom framework supports, such as CIS or HIPAA.

    • controlSets — (Array<map>)

      The control sets to be associated with the framework.

      • name — (String)

        The name of the specified control set.

      • controls — (Array<map>)

        The list of controls within the control set. This does not contain the control set ID.

        • id — (String)

          The unique identifier of the control.

    • tags — (map<String>)

      The tags associated with the framework.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • framework — (map)

        The name of the new framework returned by the CreateAssessmentFramework API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified framework.

        • id — (String)

          The unique identifier for the specified framework.

        • name — (String)

          The name of the specified framework.

        • type — (String)

          The framework type, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • complianceType — (String)

          The compliance type that the new custom framework supports, such as CIS or HIPAA.

        • description — (String)

          The description of the specified framework.

        • logo — (String)

          The logo associated with the framework.

        • controlSources — (String)

          The sources from which AWS Audit Manager collects evidence for the control.

        • controlSets — (Array<map>)

          The control sets associated with the framework.

          • id — (String)

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name — (String)

            The name of the control set.

          • controls — (Array<map>)

            The list of controls within the control set.

            • arn — (String)

              The Amazon Resource Name (ARN) of the specified control.

            • id — (String)

              The unique identifier for the control.

            • type — (String)

              The type of control, such as custom or standard.

              Possible values include:
              • "Standard"
              • "Custom"
            • name — (String)

              The name of the specified control.

            • description — (String)

              The description of the specified control.

            • testingInformation — (String)

              The steps to follow to determine if the control has been satisfied.

            • actionPlanTitle — (String)

              The title of the action plan for remediating the control.

            • actionPlanInstructions — (String)

              The recommended actions to carry out if the control is not fulfilled.

            • controlSources — (String)

              The data source that determines from where AWS Audit Manager collects evidence for the control.

            • controlMappingSources — (Array<map>)

              The data mapping sources for the specified control.

              • sourceId — (String)

                The unique identifier for the specified source.

              • sourceName — (String)

                The name of the specified source.

              • sourceDescription — (String)

                The description of the specified source.

              • sourceSetUpOption — (String)

                The setup option for the data source, which reflects if the evidence collection is automated or manual.

                Possible values include:
                • "System_Controls_Mapping"
                • "Procedural_Controls_Mapping"
              • sourceType — (String)

                Specifies one of the five types of data sources for evidence collection.

                Possible values include:
                • "AWS_Cloudtrail"
                • "AWS_Config"
                • "AWS_Security_Hub"
                • "AWS_API_Call"
                • "MANUAL"
              • sourceKeyword — (map)

                The keyword to search for in AWS CloudTrail logs.

                • keywordInputType — (String)

                  The method of input for the specified keyword.

                  Possible values include:
                  • "SELECT_FROM_LIST"
                • keywordValue — (String)

                  The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

              • sourceFrequency — (String)

                The frequency of evidence collection for the specified control mapping source.

                Possible values include:
                • "DAILY"
                • "WEEKLY"
                • "MONTHLY"
              • troubleshootingText — (String)

                The instructions for troubleshooting the specified control.

            • createdAt — (Date)

              Specifies when the control was created.

            • lastUpdatedAt — (Date)

              Specifies when the control was most recently updated.

            • createdBy — (String)

              The IAM user or role that created the control.

            • lastUpdatedBy — (String)

              The IAM user or role that most recently updated the control.

            • tags — (map<String>)

              The tags associated with the control.

        • createdAt — (Date)

          Specifies when the framework was created.

        • lastUpdatedAt — (Date)

          Specifies when the framework was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the framework.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the framework.

        • tags — (map<String>)

          The tags associated with the framework.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createAssessmentReport(params = {}, callback) ⇒ AWS.Request

Creates an assessment report for the specified assessment.

Service Reference:

Examples:

Calling the createAssessmentReport operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  name: 'STRING_VALUE', /* required */
  description: 'STRING_VALUE'
};
auditmanager.createAssessmentReport(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      The name of the new assessment report.

    • description — (String)

      The description of the assessment report.

    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessmentReport — (map)

        The new assessment report returned by the CreateAssessmentReport API.

        • id — (String)

          The unique identifier for the specified assessment report.

        • name — (String)

          The name given to the assessment report.

        • description — (String)

          The description of the specified assessment report.

        • awsAccountId — (String)

          The identifier for the specified AWS account.

        • assessmentId — (String)

          The identifier for the specified assessment.

        • assessmentName — (String)

          The name of the associated assessment.

        • author — (String)

          The name of the user who created the assessment report.

        • status — (String)

          The current status of the specified assessment report.

          Possible values include:
          • "COMPLETE"
          • "IN_PROGRESS"
          • "FAILED"
        • creationTime — (Date)

          Specifies when the assessment report was created.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

createControl(params = {}, callback) ⇒ AWS.Request

Creates a new custom control in AWS Audit Manager.

Service Reference:

Examples:

Calling the createControl operation

var params = {
  controlMappingSources: [ /* required */
    {
      sourceDescription: 'STRING_VALUE',
      sourceFrequency: DAILY | WEEKLY | MONTHLY,
      sourceKeyword: {
        keywordInputType: SELECT_FROM_LIST,
        keywordValue: 'STRING_VALUE'
      },
      sourceName: 'STRING_VALUE',
      sourceSetUpOption: System_Controls_Mapping | Procedural_Controls_Mapping,
      sourceType: AWS_Cloudtrail | AWS_Config | AWS_Security_Hub | AWS_API_Call | MANUAL,
      troubleshootingText: 'STRING_VALUE'
    },
    /* more items */
  ],
  name: 'STRING_VALUE', /* required */
  actionPlanInstructions: 'STRING_VALUE',
  actionPlanTitle: 'STRING_VALUE',
  description: 'STRING_VALUE',
  tags: {
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  },
  testingInformation: 'STRING_VALUE'
};
auditmanager.createControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • name — (String)

      The name of the control.

    • description — (String)

      The description of the control.

    • testingInformation — (String)

      The steps to follow to determine if the control has been satisfied.

    • actionPlanTitle — (String)

      The title of the action plan for remediating the control.

    • actionPlanInstructions — (String)

      The recommended actions to carry out if the control is not fulfilled.

    • controlMappingSources — (Array<map>)

      The data mapping sources for the specified control.

      • sourceName — (String)

        The name of the control mapping data source.

      • sourceDescription — (String)

        The description of the data source that determines from where AWS Audit Manager collects evidence for the control.

      • sourceSetUpOption — (String)

        The setup option for the data source, which reflects if the evidence collection is automated or manual.

        Possible values include:
        • "System_Controls_Mapping"
        • "Procedural_Controls_Mapping"
      • sourceType — (String)

        Specifies one of the five types of data sources for evidence collection.

        Possible values include:
        • "AWS_Cloudtrail"
        • "AWS_Config"
        • "AWS_Security_Hub"
        • "AWS_API_Call"
        • "MANUAL"
      • sourceKeyword — (map)

        The keyword to search for in AWS CloudTrail logs.

        • keywordInputType — (String)

          The method of input for the specified keyword.

          Possible values include:
          • "SELECT_FROM_LIST"
        • keywordValue — (String)

          The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

      • sourceFrequency — (String)

        The frequency of evidence collection for the specified control mapping source.

        Possible values include:
        • "DAILY"
        • "WEEKLY"
        • "MONTHLY"
      • troubleshootingText — (String)

        The instructions for troubleshooting the specified control.

    • tags — (map<String>)

      The tags associated with the control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • control — (map)

        The new control returned by the CreateControl API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified control.

        • id — (String)

          The unique identifier for the control.

        • type — (String)

          The type of control, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • name — (String)

          The name of the specified control.

        • description — (String)

          The description of the specified control.

        • testingInformation — (String)

          The steps to follow to determine if the control has been satisfied.

        • actionPlanTitle — (String)

          The title of the action plan for remediating the control.

        • actionPlanInstructions — (String)

          The recommended actions to carry out if the control is not fulfilled.

        • controlSources — (String)

          The data source that determines from where AWS Audit Manager collects evidence for the control.

        • controlMappingSources — (Array<map>)

          The data mapping sources for the specified control.

          • sourceId — (String)

            The unique identifier for the specified source.

          • sourceName — (String)

            The name of the specified source.

          • sourceDescription — (String)

            The description of the specified source.

          • sourceSetUpOption — (String)

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

            Possible values include:
            • "System_Controls_Mapping"
            • "Procedural_Controls_Mapping"
          • sourceType — (String)

            Specifies one of the five types of data sources for evidence collection.

            Possible values include:
            • "AWS_Cloudtrail"
            • "AWS_Config"
            • "AWS_Security_Hub"
            • "AWS_API_Call"
            • "MANUAL"
          • sourceKeyword — (map)

            The keyword to search for in AWS CloudTrail logs.

            • keywordInputType — (String)

              The method of input for the specified keyword.

              Possible values include:
              • "SELECT_FROM_LIST"
            • keywordValue — (String)

              The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

          • sourceFrequency — (String)

            The frequency of evidence collection for the specified control mapping source.

            Possible values include:
            • "DAILY"
            • "WEEKLY"
            • "MONTHLY"
          • troubleshootingText — (String)

            The instructions for troubleshooting the specified control.

        • createdAt — (Date)

          Specifies when the control was created.

        • lastUpdatedAt — (Date)

          Specifies when the control was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the control.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the control.

        • tags — (map<String>)

          The tags associated with the control.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAssessment(params = {}, callback) ⇒ AWS.Request

Deletes an assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the deleteAssessment operation

var params = {
  assessmentId: 'STRING_VALUE' /* required */
};
auditmanager.deleteAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAssessmentFramework(params = {}, callback) ⇒ AWS.Request

Deletes a custom framework in AWS Audit Manager.

Service Reference:

Examples:

Calling the deleteAssessmentFramework operation

var params = {
  frameworkId: 'STRING_VALUE' /* required */
};
auditmanager.deleteAssessmentFramework(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • frameworkId — (String)

      The identifier for the specified framework.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteAssessmentReport(params = {}, callback) ⇒ AWS.Request

Deletes an assessment report from an assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the deleteAssessmentReport operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  assessmentReportId: 'STRING_VALUE' /* required */
};
auditmanager.deleteAssessmentReport(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • assessmentReportId — (String)

      The unique identifier for the assessment report.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deleteControl(params = {}, callback) ⇒ AWS.Request

Deletes a custom control in AWS Audit Manager.

Service Reference:

Examples:

Calling the deleteControl operation

var params = {
  controlId: 'STRING_VALUE' /* required */
};
auditmanager.deleteControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • controlId — (String)

      The identifier for the specified control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deregisterAccount(params = {}, callback) ⇒ AWS.Request

Deregisters an account in AWS Audit Manager.

Service Reference:

Examples:

Calling the deregisterAccount operation

var params = {
};
auditmanager.deregisterAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • status — (String)

        The registration status of the account.

        Possible values include:
        • "ACTIVE"
        • "INACTIVE"
        • "PENDING_ACTIVATION"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

deregisterOrganizationAdminAccount(params = {}, callback) ⇒ AWS.Request

Deregisters the delegated AWS administrator account from the AWS organization.

Examples:

Calling the deregisterOrganizationAdminAccount operation

var params = {
  adminAccountId: 'STRING_VALUE'
};
auditmanager.deregisterOrganizationAdminAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • adminAccountId — (String)

      The identifier for the specified administrator account.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

disassociateAssessmentReportEvidenceFolder(params = {}, callback) ⇒ AWS.Request

Disassociates an evidence folder from the specified assessment report in AWS Audit Manager.

Examples:

Calling the disassociateAssessmentReportEvidenceFolder operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE' /* required */
};
auditmanager.disassociateAssessmentReportEvidenceFolder(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • evidenceFolderId — (String)

      The identifier for the folder in which evidence is stored.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAccountStatus(params = {}, callback) ⇒ AWS.Request

Returns the registration status of an account in AWS Audit Manager.

Service Reference:

Examples:

Calling the getAccountStatus operation

var params = {
};
auditmanager.getAccountStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • status — (String)

        The status of the specified AWS account.

        Possible values include:
        • "ACTIVE"
        • "INACTIVE"
        • "PENDING_ACTIVATION"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAssessment(params = {}, callback) ⇒ AWS.Request

Returns an assessment from AWS Audit Manager.

Service Reference:

Examples:

Calling the getAssessment operation

var params = {
  assessmentId: 'STRING_VALUE' /* required */
};
auditmanager.getAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessment — (map)

        An entity that defines the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

        • arn — (String)

          The Amazon Resource Name (ARN) of the assessment.

        • awsAccount — (map)

          The AWS account associated with the assessment.

          • id — (String)

            The identifier for the specified AWS account.

          • emailAddress — (String)

            The email address associated with the specified AWS account.

          • name — (String)

            The name of the specified AWS account.

        • metadata — (map)

          The metadata for the specified assessment.

          • name — (String)

            The name of the assessment.

          • id — (String)

            The unique identifier for the assessment.

          • description — (String)

            The description of the assessment.

          • complianceType — (String)

            The name of a compliance standard related to the assessment, such as PCI-DSS.

          • status — (String)

            The overall status of the assessment.

            Possible values include:
            • "ACTIVE"
            • "INACTIVE"
          • assessmentReportsDestination — (map)

            The destination in which evidence reports are stored for the specified assessment.

            • destinationType — (String)

              The destination type, such as Amazon S3.

              Possible values include:
              • "S3"
            • destination — (String)

              The destination of the assessment report.

          • scope — (map)

            The wrapper of AWS accounts and services in scope for the assessment.

            • awsAccounts — (Array<map>)

              The AWS accounts included in the scope of the assessment.

              • id — (String)

                The identifier for the specified AWS account.

              • emailAddress — (String)

                The email address associated with the specified AWS account.

              • name — (String)

                The name of the specified AWS account.

            • awsServices — (Array<map>)

              The AWS services included in the scope of the assessment.

              • serviceName — (String)

                The name of the AWS service.

          • roles — (Array<map>)

            The roles associated with the assessment.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

          • delegations — (Array<map>)

            The delegations associated with the assessment.

            • id — (String)

              The unique identifier for the delegation.

            • assessmentName — (String)

              The name of the associated assessment.

            • assessmentId — (String)

              The identifier for the associated assessment.

            • status — (String)

              The status of the delegation.

              Possible values include:
              • "IN_PROGRESS"
              • "UNDER_REVIEW"
              • "COMPLETE"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • creationTime — (Date)

              Specifies when the delegation was created.

            • lastUpdated — (Date)

              Specifies when the delegation was last updated.

            • controlSetId — (String)

              The identifier for the associated control set.

            • comment — (String)

              The comment related to the delegation.

            • createdBy — (String)

              The IAM user or role that created the delegation.

          • creationTime — (Date)

            Specifies when the assessment was created.

          • lastUpdated — (Date)

            The time of the most recent update.

        • framework — (map)

          The framework from which the assessment was created.

          • id — (String)

            The unique identifier for the framework.

          • arn — (String)

            The Amazon Resource Name (ARN) of the specified framework.

          • metadata — (map)

            The metadata of a framework, such as the name, ID, description, and so on.

            • name — (String)

              The name of the framework.

            • description — (String)

              The description of the framework.

            • logo — (String)

              The logo associated with the framework.

            • complianceType — (String)

              The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

          • controlSets — (Array<map>)

            The control sets associated with the framework.

            • id — (String)

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description — (String)

              The description for the control set.

            • status — (String)

              Specifies the current status of the control set.

              Possible values include:
              • "ACTIVE"
              • "UNDER_REVIEW"
              • "REVIEWED"
            • roles — (Array<map>)

              The roles associated with the control set.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

            • controls — (Array<map>)

              The list of controls contained with the control set.

              • id — (String)

                The identifier for the specified control.

              • name — (String)

                The name of the specified control.

              • description — (String)

                The description of the specified control.

              • status — (String)

                The status of the specified control.

                Possible values include:
                • "UNDER_REVIEW"
                • "REVIEWED"
                • "INACTIVE"
              • response — (String)

                The response of the specified control.

                Possible values include:
                • "MANUAL"
                • "AUTOMATE"
                • "DEFER"
                • "IGNORE"
              • comments — (Array<map>)

                The list of comments attached to the specified control.

                • authorName — (String)

                  The name of the user who authored the comment.

                • commentBody — (String)

                  The body text of a control comment.

                • postedDate — (Date)

                  The time when the comment was posted.

              • evidenceSources — (Array<String>)

                The list of data sources for the specified evidence.

              • evidenceCount — (Integer)

                The amount of evidence generated for the control.

              • assessmentReportEvidenceCount — (Integer)

                The amount of evidence in the assessment report.

            • delegations — (Array<map>)

              The delegations associated with the control set.

              • id — (String)

                The unique identifier for the delegation.

              • assessmentName — (String)

                The name of the associated assessment.

              • assessmentId — (String)

                The identifier for the associated assessment.

              • status — (String)

                The status of the delegation.

                Possible values include:
                • "IN_PROGRESS"
                • "UNDER_REVIEW"
                • "COMPLETE"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • creationTime — (Date)

                Specifies when the delegation was created.

              • lastUpdated — (Date)

                Specifies when the delegation was last updated.

              • controlSetId — (String)

                The identifier for the associated control set.

              • comment — (String)

                The comment related to the delegation.

              • createdBy — (String)

                The IAM user or role that created the delegation.

            • systemEvidenceCount — (Integer)

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount — (Integer)

              The total number of evidence objects uploaded manually to the control set.

        • tags — (map<String>)

          The tags associated with the assessment.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAssessmentFramework(params = {}, callback) ⇒ AWS.Request

Returns a framework from AWS Audit Manager.

Service Reference:

Examples:

Calling the getAssessmentFramework operation

var params = {
  frameworkId: 'STRING_VALUE' /* required */
};
auditmanager.getAssessmentFramework(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • frameworkId — (String)

      The identifier for the specified framework.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • framework — (map)

        The framework returned by the GetAssessmentFramework API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified framework.

        • id — (String)

          The unique identifier for the specified framework.

        • name — (String)

          The name of the specified framework.

        • type — (String)

          The framework type, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • complianceType — (String)

          The compliance type that the new custom framework supports, such as CIS or HIPAA.

        • description — (String)

          The description of the specified framework.

        • logo — (String)

          The logo associated with the framework.

        • controlSources — (String)

          The sources from which AWS Audit Manager collects evidence for the control.

        • controlSets — (Array<map>)

          The control sets associated with the framework.

          • id — (String)

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name — (String)

            The name of the control set.

          • controls — (Array<map>)

            The list of controls within the control set.

            • arn — (String)

              The Amazon Resource Name (ARN) of the specified control.

            • id — (String)

              The unique identifier for the control.

            • type — (String)

              The type of control, such as custom or standard.

              Possible values include:
              • "Standard"
              • "Custom"
            • name — (String)

              The name of the specified control.

            • description — (String)

              The description of the specified control.

            • testingInformation — (String)

              The steps to follow to determine if the control has been satisfied.

            • actionPlanTitle — (String)

              The title of the action plan for remediating the control.

            • actionPlanInstructions — (String)

              The recommended actions to carry out if the control is not fulfilled.

            • controlSources — (String)

              The data source that determines from where AWS Audit Manager collects evidence for the control.

            • controlMappingSources — (Array<map>)

              The data mapping sources for the specified control.

              • sourceId — (String)

                The unique identifier for the specified source.

              • sourceName — (String)

                The name of the specified source.

              • sourceDescription — (String)

                The description of the specified source.

              • sourceSetUpOption — (String)

                The setup option for the data source, which reflects if the evidence collection is automated or manual.

                Possible values include:
                • "System_Controls_Mapping"
                • "Procedural_Controls_Mapping"
              • sourceType — (String)

                Specifies one of the five types of data sources for evidence collection.

                Possible values include:
                • "AWS_Cloudtrail"
                • "AWS_Config"
                • "AWS_Security_Hub"
                • "AWS_API_Call"
                • "MANUAL"
              • sourceKeyword — (map)

                The keyword to search for in AWS CloudTrail logs.

                • keywordInputType — (String)

                  The method of input for the specified keyword.

                  Possible values include:
                  • "SELECT_FROM_LIST"
                • keywordValue — (String)

                  The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

              • sourceFrequency — (String)

                The frequency of evidence collection for the specified control mapping source.

                Possible values include:
                • "DAILY"
                • "WEEKLY"
                • "MONTHLY"
              • troubleshootingText — (String)

                The instructions for troubleshooting the specified control.

            • createdAt — (Date)

              Specifies when the control was created.

            • lastUpdatedAt — (Date)

              Specifies when the control was most recently updated.

            • createdBy — (String)

              The IAM user or role that created the control.

            • lastUpdatedBy — (String)

              The IAM user or role that most recently updated the control.

            • tags — (map<String>)

              The tags associated with the control.

        • createdAt — (Date)

          Specifies when the framework was created.

        • lastUpdatedAt — (Date)

          Specifies when the framework was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the framework.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the framework.

        • tags — (map<String>)

          The tags associated with the framework.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getAssessmentReportUrl(params = {}, callback) ⇒ AWS.Request

Returns the URL of a specified assessment report in AWS Audit Manager.

Service Reference:

Examples:

Calling the getAssessmentReportUrl operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  assessmentReportId: 'STRING_VALUE' /* required */
};
auditmanager.getAssessmentReportUrl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentReportId — (String)

      The identifier for the assessment report.

    • assessmentId — (String)

      The identifier for the specified assessment.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • preSignedUrl — (map)

        A uniform resource locator, used as a unique identifier to locate a resource on the internet.

        • hyperlinkName — (String)

          The name or word used as a hyperlink to the URL.

        • link — (String)

          The unique identifier for the internet resource.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getChangeLogs(params = {}, callback) ⇒ AWS.Request

Returns a list of changelogs from AWS Audit Manager.

Service Reference:

Examples:

Calling the getChangeLogs operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlId: 'STRING_VALUE',
  controlSetId: 'STRING_VALUE',
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.getChangeLogs(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • controlId — (String)

      The identifier for the specified control.

    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • changeLogs — (Array<map>)

        The list of user activity for the control.

        • objectType — (String)

          The changelog object type, such as an assessment, control, or control set.

          Possible values include:
          • "ASSESSMENT"
          • "CONTROL_SET"
          • "CONTROL"
          • "DELEGATION"
          • "ASSESSMENT_REPORT"
        • objectName — (String)

          The name of the changelog object.

        • action — (String)

          The action performed.

          Possible values include:
          • "CREATE"
          • "UPDATE_METADATA"
          • "ACTIVE"
          • "INACTIVE"
          • "DELETE"
          • "UNDER_REVIEW"
          • "REVIEWED"
          • "IMPORT_EVIDENCE"
        • createdAt — (Date)

          The time of creation for the changelog object.

        • createdBy — (String)

          The IAM user or role that performed the action.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getControl(params = {}, callback) ⇒ AWS.Request

Returns a control from AWS Audit Manager.

Service Reference:

Examples:

Calling the getControl operation

var params = {
  controlId: 'STRING_VALUE' /* required */
};
auditmanager.getControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • controlId — (String)

      The identifier for the specified control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • control — (map)

        The name of the control returned by the GetControl API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified control.

        • id — (String)

          The unique identifier for the control.

        • type — (String)

          The type of control, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • name — (String)

          The name of the specified control.

        • description — (String)

          The description of the specified control.

        • testingInformation — (String)

          The steps to follow to determine if the control has been satisfied.

        • actionPlanTitle — (String)

          The title of the action plan for remediating the control.

        • actionPlanInstructions — (String)

          The recommended actions to carry out if the control is not fulfilled.

        • controlSources — (String)

          The data source that determines from where AWS Audit Manager collects evidence for the control.

        • controlMappingSources — (Array<map>)

          The data mapping sources for the specified control.

          • sourceId — (String)

            The unique identifier for the specified source.

          • sourceName — (String)

            The name of the specified source.

          • sourceDescription — (String)

            The description of the specified source.

          • sourceSetUpOption — (String)

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

            Possible values include:
            • "System_Controls_Mapping"
            • "Procedural_Controls_Mapping"
          • sourceType — (String)

            Specifies one of the five types of data sources for evidence collection.

            Possible values include:
            • "AWS_Cloudtrail"
            • "AWS_Config"
            • "AWS_Security_Hub"
            • "AWS_API_Call"
            • "MANUAL"
          • sourceKeyword — (map)

            The keyword to search for in AWS CloudTrail logs.

            • keywordInputType — (String)

              The method of input for the specified keyword.

              Possible values include:
              • "SELECT_FROM_LIST"
            • keywordValue — (String)

              The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

          • sourceFrequency — (String)

            The frequency of evidence collection for the specified control mapping source.

            Possible values include:
            • "DAILY"
            • "WEEKLY"
            • "MONTHLY"
          • troubleshootingText — (String)

            The instructions for troubleshooting the specified control.

        • createdAt — (Date)

          Specifies when the control was created.

        • lastUpdatedAt — (Date)

          Specifies when the control was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the control.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the control.

        • tags — (map<String>)

          The tags associated with the control.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getDelegations(params = {}, callback) ⇒ AWS.Request

Returns a list of delegations from an audit owner to a delegate.

Service Reference:

Examples:

Calling the getDelegations operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.getDelegations(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • delegations — (Array<map>)

        The list of delegations returned by the GetDelegations API.

        • id — (String)

          The unique identifier for the delegation.

        • assessmentName — (String)

          The name of the associated assessment.

        • assessmentId — (String)

          The unique identifier for the specified assessment.

        • status — (String)

          The current status of the delgation.

          Possible values include:
          • "IN_PROGRESS"
          • "UNDER_REVIEW"
          • "COMPLETE"
        • roleArn — (String)

          The Amazon Resource Name (ARN) of the IAM role.

        • creationTime — (Date)

          Specifies when the delegation was created.

        • controlSetName — (String)

          Specifies the name of the control set delegated for review.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getEvidence(params = {}, callback) ⇒ AWS.Request

Returns evidence from AWS Audit Manager.

Service Reference:

Examples:

Calling the getEvidence operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE', /* required */
  evidenceId: 'STRING_VALUE' /* required */
};
auditmanager.getEvidence(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • evidenceFolderId — (String)

      The identifier for the folder in which the evidence is stored.

    • evidenceId — (String)

      The identifier for the evidence.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidence — (map)

        The evidence returned by the GetEvidenceResponse API.

        • dataSource — (String)

          The data source from which the specified evidence was collected.

        • evidenceAwsAccountId — (String)

          The identifier for the specified AWS account.

        • time — (Date)

          The timestamp that represents when the evidence was collected.

        • eventSource — (String)

          The AWS service from which the evidence is collected.

        • eventName — (String)

          The name of the specified evidence event.

        • evidenceByType — (String)

          The type of automated evidence.

        • resourcesIncluded — (Array<map>)

          The list of resources assessed to generate the evidence.

          • arn — (String)

            The Amazon Resource Name (ARN) for the specified resource.

          • value — (String)

            The value of the specified resource.

        • attributes — (map<String>)

          The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword) and value (such as true or false).

        • iamId — (String)

          The unique identifier for the IAM user or role associated with the evidence.

        • complianceCheck — (String)

          The evaluation status for evidence that falls under the compliance check category. For evidence collected from AWS Security Hub, a Pass or Fail result is shown. For evidence collected from AWS Config, a Compliant or Noncompliant result is shown.

        • awsOrganization — (String)

          The AWS account from which the evidence is collected, and its AWS organization path.

        • awsAccountId — (String)

          The identifier for the specified AWS account.

        • evidenceFolderId — (String)

          The identifier for the folder in which the evidence is stored.

        • id — (String)

          The identifier for the evidence.

        • assessmentReportSelection — (String)

          Specifies whether the evidence is inclded in the assessment report.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getEvidenceByEvidenceFolder(params = {}, callback) ⇒ AWS.Request

Returns all evidence from a specified evidence folder in AWS Audit Manager.

Service Reference:

Examples:

Calling the getEvidenceByEvidenceFolder operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE', /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.getEvidenceByEvidenceFolder(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the control set.

    • evidenceFolderId — (String)

      The unique identifier for the folder in which the evidence is stored.

    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidence — (Array<map>)

        The list of evidence returned by the GetEvidenceByEvidenceFolder API.

        • dataSource — (String)

          The data source from which the specified evidence was collected.

        • evidenceAwsAccountId — (String)

          The identifier for the specified AWS account.

        • time — (Date)

          The timestamp that represents when the evidence was collected.

        • eventSource — (String)

          The AWS service from which the evidence is collected.

        • eventName — (String)

          The name of the specified evidence event.

        • evidenceByType — (String)

          The type of automated evidence.

        • resourcesIncluded — (Array<map>)

          The list of resources assessed to generate the evidence.

          • arn — (String)

            The Amazon Resource Name (ARN) for the specified resource.

          • value — (String)

            The value of the specified resource.

        • attributes — (map<String>)

          The names and values used by the evidence event, including an attribute name (such as allowUsersToChangePassword) and value (such as true or false).

        • iamId — (String)

          The unique identifier for the IAM user or role associated with the evidence.

        • complianceCheck — (String)

          The evaluation status for evidence that falls under the compliance check category. For evidence collected from AWS Security Hub, a Pass or Fail result is shown. For evidence collected from AWS Config, a Compliant or Noncompliant result is shown.

        • awsOrganization — (String)

          The AWS account from which the evidence is collected, and its AWS organization path.

        • awsAccountId — (String)

          The identifier for the specified AWS account.

        • evidenceFolderId — (String)

          The identifier for the folder in which the evidence is stored.

        • id — (String)

          The identifier for the evidence.

        • assessmentReportSelection — (String)

          Specifies whether the evidence is inclded in the assessment report.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getEvidenceFolder(params = {}, callback) ⇒ AWS.Request

Returns an evidence folder from the specified assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the getEvidenceFolder operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  evidenceFolderId: 'STRING_VALUE' /* required */
};
auditmanager.getEvidenceFolder(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • evidenceFolderId — (String)

      The identifier for the folder in which the evidence is stored.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidenceFolder — (map)

        The folder in which evidence is stored.

        • name — (String)

          The name of the specified evidence folder.

        • date — (Date)

          The date when the first evidence was added to the evidence folder.

        • assessmentId — (String)

          The identifier for the specified assessment.

        • controlSetId — (String)

          The identifier for the control set.

        • controlId — (String)

          The unique identifier for the specified control.

        • id — (String)

          The identifier for the folder in which evidence is stored.

        • dataSource — (String)

          The AWS service from which the evidence was collected.

        • author — (String)

          The name of the user who created the evidence folder.

        • totalEvidence — (Integer)

          The total amount of evidence in the evidence folder.

        • assessmentReportSelectionCount — (Integer)

          The total count of evidence included in the assessment report.

        • controlName — (String)

          The name of the control.

        • evidenceResourcesIncludedCount — (Integer)

          The amount of evidence included in the evidence folder.

        • evidenceByTypeConfigurationDataCount — (Integer)

          The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

        • evidenceByTypeManualCount — (Integer)

          The number of evidence that falls under the manual category. This evidence is imported manually.

        • evidenceByTypeComplianceCheckCount — (Integer)

          The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

        • evidenceByTypeComplianceCheckIssuesCount — (Integer)

          The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

        • evidenceByTypeUserActivityCount — (Integer)

          The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

        • evidenceAwsServiceSourceCount — (Integer)

          The total number of AWS resources assessed to generate the evidence.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getEvidenceFoldersByAssessment(params = {}, callback) ⇒ AWS.Request

Returns the evidence folders from a specified assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the getEvidenceFoldersByAssessment operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.getEvidenceFoldersByAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidenceFolders — (Array<map>)

        The list of evidence folders returned by the GetEvidenceFoldersByAssessment API.

        • name — (String)

          The name of the specified evidence folder.

        • date — (Date)

          The date when the first evidence was added to the evidence folder.

        • assessmentId — (String)

          The identifier for the specified assessment.

        • controlSetId — (String)

          The identifier for the control set.

        • controlId — (String)

          The unique identifier for the specified control.

        • id — (String)

          The identifier for the folder in which evidence is stored.

        • dataSource — (String)

          The AWS service from which the evidence was collected.

        • author — (String)

          The name of the user who created the evidence folder.

        • totalEvidence — (Integer)

          The total amount of evidence in the evidence folder.

        • assessmentReportSelectionCount — (Integer)

          The total count of evidence included in the assessment report.

        • controlName — (String)

          The name of the control.

        • evidenceResourcesIncludedCount — (Integer)

          The amount of evidence included in the evidence folder.

        • evidenceByTypeConfigurationDataCount — (Integer)

          The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

        • evidenceByTypeManualCount — (Integer)

          The number of evidence that falls under the manual category. This evidence is imported manually.

        • evidenceByTypeComplianceCheckCount — (Integer)

          The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

        • evidenceByTypeComplianceCheckIssuesCount — (Integer)

          The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

        • evidenceByTypeUserActivityCount — (Integer)

          The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

        • evidenceAwsServiceSourceCount — (Integer)

          The total number of AWS resources assessed to generate the evidence.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getEvidenceFoldersByAssessmentControl(params = {}, callback) ⇒ AWS.Request

Returns a list of evidence folders associated with a specified control of an assessment in AWS Audit Manager.

Examples:

Calling the getEvidenceFoldersByAssessmentControl operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.getEvidenceFoldersByAssessmentControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • controlId — (String)

      The identifier for the specified control.

    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • evidenceFolders — (Array<map>)

        The list of evidence folders returned by the GetEvidenceFoldersByAssessmentControl API.

        • name — (String)

          The name of the specified evidence folder.

        • date — (Date)

          The date when the first evidence was added to the evidence folder.

        • assessmentId — (String)

          The identifier for the specified assessment.

        • controlSetId — (String)

          The identifier for the control set.

        • controlId — (String)

          The unique identifier for the specified control.

        • id — (String)

          The identifier for the folder in which evidence is stored.

        • dataSource — (String)

          The AWS service from which the evidence was collected.

        • author — (String)

          The name of the user who created the evidence folder.

        • totalEvidence — (Integer)

          The total amount of evidence in the evidence folder.

        • assessmentReportSelectionCount — (Integer)

          The total count of evidence included in the assessment report.

        • controlName — (String)

          The name of the control.

        • evidenceResourcesIncludedCount — (Integer)

          The amount of evidence included in the evidence folder.

        • evidenceByTypeConfigurationDataCount — (Integer)

          The number of evidence that falls under the configuration data category. This evidence is collected from configuration snapshots of other AWS services such as Amazon EC2, Amazon S3, or IAM.

        • evidenceByTypeManualCount — (Integer)

          The number of evidence that falls under the manual category. This evidence is imported manually.

        • evidenceByTypeComplianceCheckCount — (Integer)

          The number of evidence that falls under the compliance check category. This evidence is collected from AWS Config or AWS Security Hub.

        • evidenceByTypeComplianceCheckIssuesCount — (Integer)

          The total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.

        • evidenceByTypeUserActivityCount — (Integer)

          The number of evidence that falls under the user activity category. This evidence is collected from AWS CloudTrail logs.

        • evidenceAwsServiceSourceCount — (Integer)

          The total number of AWS resources assessed to generate the evidence.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getOrganizationAdminAccount(params = {}, callback) ⇒ AWS.Request

Returns the name of the delegated AWS administrator account for the AWS organization.

Service Reference:

Examples:

Calling the getOrganizationAdminAccount operation

var params = {
};
auditmanager.getOrganizationAdminAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • adminAccountId — (String)

        The identifier for the specified administrator account.

      • organizationId — (String)

        The identifier for the specified organization.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getServicesInScope(params = {}, callback) ⇒ AWS.Request

Returns a list of the in-scope AWS services for the specified assessment.

Service Reference:

Examples:

Calling the getServicesInScope operation

var params = {
};
auditmanager.getServicesInScope(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • serviceMetadata — (Array<map>)

        The metadata associated with the aAWS service.

        • name — (String)

          The name of the AWS service.

        • displayName — (String)

          The display name of the AWS service.

        • description — (String)

          The description of the specified AWS service.

        • category — (String)

          The category in which the AWS service belongs, such as compute, storage, database, and so on.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

getSettings(params = {}, callback) ⇒ AWS.Request

Returns the settings for the specified AWS account.

Service Reference:

Examples:

Calling the getSettings operation

var params = {
  attribute: ALL | IS_AWS_ORG_ENABLED | SNS_TOPIC | DEFAULT_ASSESSMENT_REPORTS_DESTINATION | DEFAULT_PROCESS_OWNERS /* required */
};
auditmanager.getSettings(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • attribute — (String)

      The list of SettingAttribute enum values.

      Possible values include:
      • "ALL"
      • "IS_AWS_ORG_ENABLED"
      • "SNS_TOPIC"
      • "DEFAULT_ASSESSMENT_REPORTS_DESTINATION"
      • "DEFAULT_PROCESS_OWNERS"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • settings — (map)

        The settings object that holds all supported AWS Audit Manager settings.

        • isAwsOrgEnabled — (Boolean)

          Specifies whether AWS Organizations is enabled.

        • snsTopic — (String)

          The designated Amazon Simple Notification Service (Amazon SNS) topic.

        • defaultAssessmentReportsDestination — (map)

          The default storage destination for assessment reports.

          • destinationType — (String)

            The destination type, such as Amazon S3.

            Possible values include:
            • "S3"
          • destination — (String)

            The destination of the assessment report.

        • defaultProcessOwners — (Array<map>)

          The designated default audit owners.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

        • kmsKey — (String)

          The AWS KMS key details.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAssessmentFrameworks(params = {}, callback) ⇒ AWS.Request

Returns a list of the frameworks available in the AWS Audit Manager framework library.

Service Reference:

Examples:

Calling the listAssessmentFrameworks operation

var params = {
  frameworkType: Standard | Custom, /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listAssessmentFrameworks(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • frameworkType — (String)

      The type of framework, such as standard or custom.

      Possible values include:
      • "Standard"
      • "Custom"
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • frameworkMetadataList — (Array<map>)

        The list of metadata objects for the specified framework.

        • arn — (String)

          The Amazon Resource Name (ARN) of the framework.

        • id — (String)

          The unique identified for the specified framework.

        • type — (String)

          The framework type, such as standard or custom.

          Possible values include:
          • "Standard"
          • "Custom"
        • name — (String)

          The name of the specified framework.

        • description — (String)

          The description of the specified framework.

        • logo — (String)

          The logo associated with the framework.

        • complianceType — (String)

          The compliance type that the new custom framework supports, such as CIS or HIPAA.

        • controlsCount — (Integer)

          The number of controls associated with the specified framework.

        • controlSetsCount — (Integer)

          The number of control sets associated with the specified framework.

        • createdAt — (Date)

          Specifies when the framework was created.

        • lastUpdatedAt — (Date)

          Specifies when the framework was most recently updated.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAssessmentReports(params = {}, callback) ⇒ AWS.Request

Returns a list of assessment reports created in AWS Audit Manager.

Service Reference:

Examples:

Calling the listAssessmentReports operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listAssessmentReports(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessmentReports — (Array<map>)

        The list of assessment reports returned by the ListAssessmentReports API.

        • id — (String)

          The unique identifier for the assessment report.

        • name — (String)

          The name of the assessment report.

        • description — (String)

          The description of the specified assessment report.

        • assessmentId — (String)

          The unique identifier for the associated assessment.

        • assessmentName — (String)

          The name of the associated assessment.

        • author — (String)

          The name of the user who created the assessment report.

        • status — (String)

          The current status of the assessment report.

          Possible values include:
          • "COMPLETE"
          • "IN_PROGRESS"
          • "FAILED"
        • creationTime — (Date)

          Specifies when the assessment report was created.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listAssessments(params = {}, callback) ⇒ AWS.Request

Returns a list of current and past assessments from AWS Audit Manager.

Service Reference:

Examples:

Calling the listAssessments operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listAssessments(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessmentMetadata — (Array<map>)

        The metadata associated with the assessment.

        • name — (String)

          The name of the assessment.

        • id — (String)

          The unique identifier for the assessment.

        • complianceType — (String)

          The name of the compliance standard related to the assessment, such as PCI-DSS.

        • status — (String)

          The current status of the assessment.

          Possible values include:
          • "ACTIVE"
          • "INACTIVE"
        • roles — (Array<map>)

          The roles associated with the assessment.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

        • delegations — (Array<map>)

          The delegations associated with the assessment.

          • id — (String)

            The unique identifier for the delegation.

          • assessmentName — (String)

            The name of the associated assessment.

          • assessmentId — (String)

            The identifier for the associated assessment.

          • status — (String)

            The status of the delegation.

            Possible values include:
            • "IN_PROGRESS"
            • "UNDER_REVIEW"
            • "COMPLETE"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • creationTime — (Date)

            Specifies when the delegation was created.

          • lastUpdated — (Date)

            Specifies when the delegation was last updated.

          • controlSetId — (String)

            The identifier for the associated control set.

          • comment — (String)

            The comment related to the delegation.

          • createdBy — (String)

            The IAM user or role that created the delegation.

        • creationTime — (Date)

          Specifies when the assessment was created.

        • lastUpdated — (Date)

          The time of the most recent update.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listControls(params = {}, callback) ⇒ AWS.Request

Returns a list of controls from AWS Audit Manager.

Service Reference:

Examples:

Calling the listControls operation

var params = {
  controlType: Standard | Custom, /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listControls(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • controlType — (String)

      The type of control, such as standard or custom.

      Possible values include:
      • "Standard"
      • "Custom"
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • controlMetadataList — (Array<map>)

        The list of control metadata objects returned by the ListControls API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified control.

        • id — (String)

          The unique identifier for the specified control.

        • name — (String)

          The name of the specified control.

        • controlSources — (String)

          The data source that determines from where AWS Audit Manager collects evidence for the control.

        • createdAt — (Date)

          Specifies when the control was created.

        • lastUpdatedAt — (Date)

          Specifies when the control was most recently updated.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listKeywordsForDataSource(params = {}, callback) ⇒ AWS.Request

Returns a list of keywords that pre-mapped to the specified control data source.

Service Reference:

Examples:

Calling the listKeywordsForDataSource operation

var params = {
  source: AWS_Cloudtrail | AWS_Config | AWS_Security_Hub | AWS_API_Call | MANUAL, /* required */
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listKeywordsForDataSource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • source — (String)

      The control mapping data source to which the keywords apply.

      Possible values include:
      • "AWS_Cloudtrail"
      • "AWS_Config"
      • "AWS_Security_Hub"
      • "AWS_API_Call"
      • "MANUAL"
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • keywords — (Array<String>)

        The list of keywords for the specified event mapping source.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listNotifications(params = {}, callback) ⇒ AWS.Request

Returns a list of all AWS Audit Manager notifications.

Service Reference:

Examples:

Calling the listNotifications operation

var params = {
  maxResults: 'NUMBER_VALUE',
  nextToken: 'STRING_VALUE'
};
auditmanager.listNotifications(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • nextToken — (String)

      The pagination token used to fetch the next set of results.

    • maxResults — (Integer)

      Represents the maximum number of results per page, or per API request call.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • notifications — (Array<map>)

        The returned list of notifications.

        • id — (String)

          The unique identifier for the notification.

        • assessmentId — (String)

          The identifier for the specified assessment.

        • assessmentName — (String)

          The name of the related assessment.

        • controlSetId — (String)

          The identifier for the specified control set.

        • controlSetName — (String)

          Specifies the name of the control set that the notification is about.

        • description — (String)

          The description of the notification.

        • eventTime — (Date)

          The time when the notification was sent.

        • source — (String)

          The sender of the notification.

      • nextToken — (String)

        The pagination token used to fetch the next set of results.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

listTagsForResource(params = {}, callback) ⇒ AWS.Request

Returns a list of tags for the specified resource in AWS Audit Manager.

Service Reference:

Examples:

Calling the listTagsForResource operation

var params = {
  resourceArn: 'STRING_VALUE' /* required */
};
auditmanager.listTagsForResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) of the specified resource.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • tags — (map<String>)

        The list of tags returned by the ListTagsForResource API.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

registerAccount(params = {}, callback) ⇒ AWS.Request

Enables AWS Audit Manager for the specified AWS account.

Service Reference:

Examples:

Calling the registerAccount operation

var params = {
  delegatedAdminAccount: 'STRING_VALUE',
  kmsKey: 'STRING_VALUE'
};
auditmanager.registerAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • kmsKey — (String)

      The AWS KMS key details.

    • delegatedAdminAccount — (String)

      The delegated administrator account for AWS Audit Manager.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • status — (String)

        The status of the account registration request.

        Possible values include:
        • "ACTIVE"
        • "INACTIVE"
        • "PENDING_ACTIVATION"

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

registerOrganizationAdminAccount(params = {}, callback) ⇒ AWS.Request

Enables an AWS account within the organization as the delegated administrator for AWS Audit Manager.

Examples:

Calling the registerOrganizationAdminAccount operation

var params = {
  adminAccountId: 'STRING_VALUE' /* required */
};
auditmanager.registerOrganizationAdminAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • adminAccountId — (String)

      The identifier for the specified delegated administrator account.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • adminAccountId — (String)

        The identifier for the specified delegated administrator account.

      • organizationId — (String)

        The identifier for the specified AWS organization.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

tagResource(params = {}, callback) ⇒ AWS.Request

Tags the specified resource in AWS Audit Manager.

Service Reference:

Examples:

Calling the tagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tags: { /* required */
    '<TagKey>': 'STRING_VALUE',
    /* '<TagKey>': ... */
  }
};
auditmanager.tagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) of the specified resource.

    • tags — (map<String>)

      The tags to be associated with the resource.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

untagResource(params = {}, callback) ⇒ AWS.Request

Removes a tag from a resource in AWS Audit Manager.

Service Reference:

Examples:

Calling the untagResource operation

var params = {
  resourceArn: 'STRING_VALUE', /* required */
  tagKeys: [ /* required */
    'STRING_VALUE',
    /* more items */
  ]
};
auditmanager.untagResource(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • resourceArn — (String)

      The Amazon Resource Name (ARN) of the specified resource.

    • tagKeys — (Array<String>)

      The name or key of the tag.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAssessment(params = {}, callback) ⇒ AWS.Request

Edits an AWS Audit Manager assessment.

Service Reference:

Examples:

Calling the updateAssessment operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  scope: { /* required */
    awsAccounts: [
      {
        emailAddress: 'STRING_VALUE',
        id: 'STRING_VALUE',
        name: 'STRING_VALUE'
      },
      /* more items */
    ],
    awsServices: [
      {
        serviceName: 'STRING_VALUE'
      },
      /* more items */
    ]
  },
  assessmentDescription: 'STRING_VALUE',
  assessmentName: 'STRING_VALUE',
  assessmentReportsDestination: {
    destination: 'STRING_VALUE',
    destinationType: S3
  },
  roles: [
    {
      roleArn: 'STRING_VALUE',
      roleType: PROCESS_OWNER | RESOURCE_OWNER
    },
    /* more items */
  ]
};
auditmanager.updateAssessment(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • assessmentName — (String)

      The name of the specified assessment to be updated.

    • assessmentDescription — (String)

      The description of the specified assessment.

    • scope — (map)

      The scope of the specified assessment.

      • awsAccounts — (Array<map>)

        The AWS accounts included in the scope of the assessment.

        • id — (String)

          The identifier for the specified AWS account.

        • emailAddress — (String)

          The email address associated with the specified AWS account.

        • name — (String)

          The name of the specified AWS account.

      • awsServices — (Array<map>)

        The AWS services included in the scope of the assessment.

        • serviceName — (String)

          The name of the AWS service.

    • assessmentReportsDestination — (map)

      The assessment report storage destination for the specified assessment that is being updated.

      • destinationType — (String)

        The destination type, such as Amazon S3.

        Possible values include:
        • "S3"
      • destination — (String)

        The destination of the assessment report.

    • roles — (Array<map>)

      The list of roles for the specified assessment.

      • roleType — (String)

        The type of customer persona.

        Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
        Possible values include:
        • "PROCESS_OWNER"
        • "RESOURCE_OWNER"
      • roleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessment — (map)

        The response object (name of the updated assessment) for the UpdateAssessmentRequest API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the assessment.

        • awsAccount — (map)

          The AWS account associated with the assessment.

          • id — (String)

            The identifier for the specified AWS account.

          • emailAddress — (String)

            The email address associated with the specified AWS account.

          • name — (String)

            The name of the specified AWS account.

        • metadata — (map)

          The metadata for the specified assessment.

          • name — (String)

            The name of the assessment.

          • id — (String)

            The unique identifier for the assessment.

          • description — (String)

            The description of the assessment.

          • complianceType — (String)

            The name of a compliance standard related to the assessment, such as PCI-DSS.

          • status — (String)

            The overall status of the assessment.

            Possible values include:
            • "ACTIVE"
            • "INACTIVE"
          • assessmentReportsDestination — (map)

            The destination in which evidence reports are stored for the specified assessment.

            • destinationType — (String)

              The destination type, such as Amazon S3.

              Possible values include:
              • "S3"
            • destination — (String)

              The destination of the assessment report.

          • scope — (map)

            The wrapper of AWS accounts and services in scope for the assessment.

            • awsAccounts — (Array<map>)

              The AWS accounts included in the scope of the assessment.

              • id — (String)

                The identifier for the specified AWS account.

              • emailAddress — (String)

                The email address associated with the specified AWS account.

              • name — (String)

                The name of the specified AWS account.

            • awsServices — (Array<map>)

              The AWS services included in the scope of the assessment.

              • serviceName — (String)

                The name of the AWS service.

          • roles — (Array<map>)

            The roles associated with the assessment.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

          • delegations — (Array<map>)

            The delegations associated with the assessment.

            • id — (String)

              The unique identifier for the delegation.

            • assessmentName — (String)

              The name of the associated assessment.

            • assessmentId — (String)

              The identifier for the associated assessment.

            • status — (String)

              The status of the delegation.

              Possible values include:
              • "IN_PROGRESS"
              • "UNDER_REVIEW"
              • "COMPLETE"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • creationTime — (Date)

              Specifies when the delegation was created.

            • lastUpdated — (Date)

              Specifies when the delegation was last updated.

            • controlSetId — (String)

              The identifier for the associated control set.

            • comment — (String)

              The comment related to the delegation.

            • createdBy — (String)

              The IAM user or role that created the delegation.

          • creationTime — (Date)

            Specifies when the assessment was created.

          • lastUpdated — (Date)

            The time of the most recent update.

        • framework — (map)

          The framework from which the assessment was created.

          • id — (String)

            The unique identifier for the framework.

          • arn — (String)

            The Amazon Resource Name (ARN) of the specified framework.

          • metadata — (map)

            The metadata of a framework, such as the name, ID, description, and so on.

            • name — (String)

              The name of the framework.

            • description — (String)

              The description of the framework.

            • logo — (String)

              The logo associated with the framework.

            • complianceType — (String)

              The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

          • controlSets — (Array<map>)

            The control sets associated with the framework.

            • id — (String)

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description — (String)

              The description for the control set.

            • status — (String)

              Specifies the current status of the control set.

              Possible values include:
              • "ACTIVE"
              • "UNDER_REVIEW"
              • "REVIEWED"
            • roles — (Array<map>)

              The roles associated with the control set.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

            • controls — (Array<map>)

              The list of controls contained with the control set.

              • id — (String)

                The identifier for the specified control.

              • name — (String)

                The name of the specified control.

              • description — (String)

                The description of the specified control.

              • status — (String)

                The status of the specified control.

                Possible values include:
                • "UNDER_REVIEW"
                • "REVIEWED"
                • "INACTIVE"
              • response — (String)

                The response of the specified control.

                Possible values include:
                • "MANUAL"
                • "AUTOMATE"
                • "DEFER"
                • "IGNORE"
              • comments — (Array<map>)

                The list of comments attached to the specified control.

                • authorName — (String)

                  The name of the user who authored the comment.

                • commentBody — (String)

                  The body text of a control comment.

                • postedDate — (Date)

                  The time when the comment was posted.

              • evidenceSources — (Array<String>)

                The list of data sources for the specified evidence.

              • evidenceCount — (Integer)

                The amount of evidence generated for the control.

              • assessmentReportEvidenceCount — (Integer)

                The amount of evidence in the assessment report.

            • delegations — (Array<map>)

              The delegations associated with the control set.

              • id — (String)

                The unique identifier for the delegation.

              • assessmentName — (String)

                The name of the associated assessment.

              • assessmentId — (String)

                The identifier for the associated assessment.

              • status — (String)

                The status of the delegation.

                Possible values include:
                • "IN_PROGRESS"
                • "UNDER_REVIEW"
                • "COMPLETE"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • creationTime — (Date)

                Specifies when the delegation was created.

              • lastUpdated — (Date)

                Specifies when the delegation was last updated.

              • controlSetId — (String)

                The identifier for the associated control set.

              • comment — (String)

                The comment related to the delegation.

              • createdBy — (String)

                The IAM user or role that created the delegation.

            • systemEvidenceCount — (Integer)

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount — (Integer)

              The total number of evidence objects uploaded manually to the control set.

        • tags — (map<String>)

          The tags associated with the assessment.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAssessmentControl(params = {}, callback) ⇒ AWS.Request

Updates a control within an assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the updateAssessmentControl operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  controlId: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  commentBody: 'STRING_VALUE',
  controlStatus: UNDER_REVIEW | REVIEWED | INACTIVE
};
auditmanager.updateAssessmentControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • controlId — (String)

      The identifier for the specified control.

    • controlStatus — (String)

      The status of the specified control.

      Possible values include:
      • "UNDER_REVIEW"
      • "REVIEWED"
      • "INACTIVE"
    • commentBody — (String)

      The comment body text for the specified control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • control — (map)

        The name of the updated control set returned by the UpdateAssessmentControl API.

        • id — (String)

          The identifier for the specified control.

        • name — (String)

          The name of the specified control.

        • description — (String)

          The description of the specified control.

        • status — (String)

          The status of the specified control.

          Possible values include:
          • "UNDER_REVIEW"
          • "REVIEWED"
          • "INACTIVE"
        • response — (String)

          The response of the specified control.

          Possible values include:
          • "MANUAL"
          • "AUTOMATE"
          • "DEFER"
          • "IGNORE"
        • comments — (Array<map>)

          The list of comments attached to the specified control.

          • authorName — (String)

            The name of the user who authored the comment.

          • commentBody — (String)

            The body text of a control comment.

          • postedDate — (Date)

            The time when the comment was posted.

        • evidenceSources — (Array<String>)

          The list of data sources for the specified evidence.

        • evidenceCount — (Integer)

          The amount of evidence generated for the control.

        • assessmentReportEvidenceCount — (Integer)

          The amount of evidence in the assessment report.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAssessmentControlSetStatus(params = {}, callback) ⇒ AWS.Request

Updates the status of a control set in an AWS Audit Manager assessment.

Examples:

Calling the updateAssessmentControlSetStatus operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  comment: 'STRING_VALUE', /* required */
  controlSetId: 'STRING_VALUE', /* required */
  status: ACTIVE | UNDER_REVIEW | REVIEWED /* required */
};
auditmanager.updateAssessmentControlSetStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • controlSetId — (String)

      The identifier for the specified control set.

    • status — (String)

      The status of the control set that is being updated.

      Possible values include:
      • "ACTIVE"
      • "UNDER_REVIEW"
      • "REVIEWED"
    • comment — (String)

      The comment related to the status update.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • controlSet — (map)

        The name of the updated control set returned by the UpdateAssessmentControlSetStatus API.

        • id — (String)

          The identifier of the control set in the assessment. This is the control set name in a plain string format.

        • description — (String)

          The description for the control set.

        • status — (String)

          Specifies the current status of the control set.

          Possible values include:
          • "ACTIVE"
          • "UNDER_REVIEW"
          • "REVIEWED"
        • roles — (Array<map>)

          The roles associated with the control set.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

        • controls — (Array<map>)

          The list of controls contained with the control set.

          • id — (String)

            The identifier for the specified control.

          • name — (String)

            The name of the specified control.

          • description — (String)

            The description of the specified control.

          • status — (String)

            The status of the specified control.

            Possible values include:
            • "UNDER_REVIEW"
            • "REVIEWED"
            • "INACTIVE"
          • response — (String)

            The response of the specified control.

            Possible values include:
            • "MANUAL"
            • "AUTOMATE"
            • "DEFER"
            • "IGNORE"
          • comments — (Array<map>)

            The list of comments attached to the specified control.

            • authorName — (String)

              The name of the user who authored the comment.

            • commentBody — (String)

              The body text of a control comment.

            • postedDate — (Date)

              The time when the comment was posted.

          • evidenceSources — (Array<String>)

            The list of data sources for the specified evidence.

          • evidenceCount — (Integer)

            The amount of evidence generated for the control.

          • assessmentReportEvidenceCount — (Integer)

            The amount of evidence in the assessment report.

        • delegations — (Array<map>)

          The delegations associated with the control set.

          • id — (String)

            The unique identifier for the delegation.

          • assessmentName — (String)

            The name of the associated assessment.

          • assessmentId — (String)

            The identifier for the associated assessment.

          • status — (String)

            The status of the delegation.

            Possible values include:
            • "IN_PROGRESS"
            • "UNDER_REVIEW"
            • "COMPLETE"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • creationTime — (Date)

            Specifies when the delegation was created.

          • lastUpdated — (Date)

            Specifies when the delegation was last updated.

          • controlSetId — (String)

            The identifier for the associated control set.

          • comment — (String)

            The comment related to the delegation.

          • createdBy — (String)

            The IAM user or role that created the delegation.

        • systemEvidenceCount — (Integer)

          The total number of evidence objects retrieved automatically for the control set.

        • manualEvidenceCount — (Integer)

          The total number of evidence objects uploaded manually to the control set.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAssessmentFramework(params = {}, callback) ⇒ AWS.Request

Updates a custom framework in AWS Audit Manager.

Service Reference:

Examples:

Calling the updateAssessmentFramework operation

var params = {
  controlSets: [ /* required */
    {
      controls: [
        {
          id: 'STRING_VALUE'
        },
        /* more items */
      ],
      id: 'STRING_VALUE',
      name: 'STRING_VALUE'
    },
    /* more items */
  ],
  frameworkId: 'STRING_VALUE', /* required */
  name: 'STRING_VALUE', /* required */
  complianceType: 'STRING_VALUE',
  description: 'STRING_VALUE'
};
auditmanager.updateAssessmentFramework(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • frameworkId — (String)

      The identifier for the specified framework.

    • name — (String)

      The name of the framework to be updated.

    • description — (String)

      The description of the framework that is to be updated.

    • complianceType — (String)

      The compliance type that the new custom framework supports, such as CIS or HIPAA.

    • controlSets — (Array<map>)

      The control sets associated with the framework.

      • id — (String)

        The unique identifier for the control set.

      • name — (String)

        The name of the control set.

      • controls — (Array<map>)

        The list of controls contained within the control set.

        • id — (String)

          The unique identifier of the control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • framework — (map)

        The name of the specified framework.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified framework.

        • id — (String)

          The unique identifier for the specified framework.

        • name — (String)

          The name of the specified framework.

        • type — (String)

          The framework type, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • complianceType — (String)

          The compliance type that the new custom framework supports, such as CIS or HIPAA.

        • description — (String)

          The description of the specified framework.

        • logo — (String)

          The logo associated with the framework.

        • controlSources — (String)

          The sources from which AWS Audit Manager collects evidence for the control.

        • controlSets — (Array<map>)

          The control sets associated with the framework.

          • id — (String)

            The identifier of the control set in the assessment. This is the control set name in a plain string format.

          • name — (String)

            The name of the control set.

          • controls — (Array<map>)

            The list of controls within the control set.

            • arn — (String)

              The Amazon Resource Name (ARN) of the specified control.

            • id — (String)

              The unique identifier for the control.

            • type — (String)

              The type of control, such as custom or standard.

              Possible values include:
              • "Standard"
              • "Custom"
            • name — (String)

              The name of the specified control.

            • description — (String)

              The description of the specified control.

            • testingInformation — (String)

              The steps to follow to determine if the control has been satisfied.

            • actionPlanTitle — (String)

              The title of the action plan for remediating the control.

            • actionPlanInstructions — (String)

              The recommended actions to carry out if the control is not fulfilled.

            • controlSources — (String)

              The data source that determines from where AWS Audit Manager collects evidence for the control.

            • controlMappingSources — (Array<map>)

              The data mapping sources for the specified control.

              • sourceId — (String)

                The unique identifier for the specified source.

              • sourceName — (String)

                The name of the specified source.

              • sourceDescription — (String)

                The description of the specified source.

              • sourceSetUpOption — (String)

                The setup option for the data source, which reflects if the evidence collection is automated or manual.

                Possible values include:
                • "System_Controls_Mapping"
                • "Procedural_Controls_Mapping"
              • sourceType — (String)

                Specifies one of the five types of data sources for evidence collection.

                Possible values include:
                • "AWS_Cloudtrail"
                • "AWS_Config"
                • "AWS_Security_Hub"
                • "AWS_API_Call"
                • "MANUAL"
              • sourceKeyword — (map)

                The keyword to search for in AWS CloudTrail logs.

                • keywordInputType — (String)

                  The method of input for the specified keyword.

                  Possible values include:
                  • "SELECT_FROM_LIST"
                • keywordValue — (String)

                  The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

              • sourceFrequency — (String)

                The frequency of evidence collection for the specified control mapping source.

                Possible values include:
                • "DAILY"
                • "WEEKLY"
                • "MONTHLY"
              • troubleshootingText — (String)

                The instructions for troubleshooting the specified control.

            • createdAt — (Date)

              Specifies when the control was created.

            • lastUpdatedAt — (Date)

              Specifies when the control was most recently updated.

            • createdBy — (String)

              The IAM user or role that created the control.

            • lastUpdatedBy — (String)

              The IAM user or role that most recently updated the control.

            • tags — (map<String>)

              The tags associated with the control.

        • createdAt — (Date)

          Specifies when the framework was created.

        • lastUpdatedAt — (Date)

          Specifies when the framework was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the framework.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the framework.

        • tags — (map<String>)

          The tags associated with the framework.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateAssessmentStatus(params = {}, callback) ⇒ AWS.Request

Updates the status of an assessment in AWS Audit Manager.

Service Reference:

Examples:

Calling the updateAssessmentStatus operation

var params = {
  assessmentId: 'STRING_VALUE', /* required */
  status: ACTIVE | INACTIVE /* required */
};
auditmanager.updateAssessmentStatus(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • assessmentId — (String)

      The identifier for the specified assessment.

    • status — (String)

      The current status of the specified assessment.

      Possible values include:
      • "ACTIVE"
      • "INACTIVE"

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • assessment — (map)

        The name of the updated assessment returned by the UpdateAssessmentStatus API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the assessment.

        • awsAccount — (map)

          The AWS account associated with the assessment.

          • id — (String)

            The identifier for the specified AWS account.

          • emailAddress — (String)

            The email address associated with the specified AWS account.

          • name — (String)

            The name of the specified AWS account.

        • metadata — (map)

          The metadata for the specified assessment.

          • name — (String)

            The name of the assessment.

          • id — (String)

            The unique identifier for the assessment.

          • description — (String)

            The description of the assessment.

          • complianceType — (String)

            The name of a compliance standard related to the assessment, such as PCI-DSS.

          • status — (String)

            The overall status of the assessment.

            Possible values include:
            • "ACTIVE"
            • "INACTIVE"
          • assessmentReportsDestination — (map)

            The destination in which evidence reports are stored for the specified assessment.

            • destinationType — (String)

              The destination type, such as Amazon S3.

              Possible values include:
              • "S3"
            • destination — (String)

              The destination of the assessment report.

          • scope — (map)

            The wrapper of AWS accounts and services in scope for the assessment.

            • awsAccounts — (Array<map>)

              The AWS accounts included in the scope of the assessment.

              • id — (String)

                The identifier for the specified AWS account.

              • emailAddress — (String)

                The email address associated with the specified AWS account.

              • name — (String)

                The name of the specified AWS account.

            • awsServices — (Array<map>)

              The AWS services included in the scope of the assessment.

              • serviceName — (String)

                The name of the AWS service.

          • roles — (Array<map>)

            The roles associated with the assessment.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

          • delegations — (Array<map>)

            The delegations associated with the assessment.

            • id — (String)

              The unique identifier for the delegation.

            • assessmentName — (String)

              The name of the associated assessment.

            • assessmentId — (String)

              The identifier for the associated assessment.

            • status — (String)

              The status of the delegation.

              Possible values include:
              • "IN_PROGRESS"
              • "UNDER_REVIEW"
              • "COMPLETE"
            • roleArn — (String)

              The Amazon Resource Name (ARN) of the IAM role.

            • roleType — (String)

              The type of customer persona.

              Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
              Possible values include:
              • "PROCESS_OWNER"
              • "RESOURCE_OWNER"
            • creationTime — (Date)

              Specifies when the delegation was created.

            • lastUpdated — (Date)

              Specifies when the delegation was last updated.

            • controlSetId — (String)

              The identifier for the associated control set.

            • comment — (String)

              The comment related to the delegation.

            • createdBy — (String)

              The IAM user or role that created the delegation.

          • creationTime — (Date)

            Specifies when the assessment was created.

          • lastUpdated — (Date)

            The time of the most recent update.

        • framework — (map)

          The framework from which the assessment was created.

          • id — (String)

            The unique identifier for the framework.

          • arn — (String)

            The Amazon Resource Name (ARN) of the specified framework.

          • metadata — (map)

            The metadata of a framework, such as the name, ID, description, and so on.

            • name — (String)

              The name of the framework.

            • description — (String)

              The description of the framework.

            • logo — (String)

              The logo associated with the framework.

            • complianceType — (String)

              The compliance standard associated with the framework, such as PCI-DSS or HIPAA.

          • controlSets — (Array<map>)

            The control sets associated with the framework.

            • id — (String)

              The identifier of the control set in the assessment. This is the control set name in a plain string format.

            • description — (String)

              The description for the control set.

            • status — (String)

              Specifies the current status of the control set.

              Possible values include:
              • "ACTIVE"
              • "UNDER_REVIEW"
              • "REVIEWED"
            • roles — (Array<map>)

              The roles associated with the control set.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

            • controls — (Array<map>)

              The list of controls contained with the control set.

              • id — (String)

                The identifier for the specified control.

              • name — (String)

                The name of the specified control.

              • description — (String)

                The description of the specified control.

              • status — (String)

                The status of the specified control.

                Possible values include:
                • "UNDER_REVIEW"
                • "REVIEWED"
                • "INACTIVE"
              • response — (String)

                The response of the specified control.

                Possible values include:
                • "MANUAL"
                • "AUTOMATE"
                • "DEFER"
                • "IGNORE"
              • comments — (Array<map>)

                The list of comments attached to the specified control.

                • authorName — (String)

                  The name of the user who authored the comment.

                • commentBody — (String)

                  The body text of a control comment.

                • postedDate — (Date)

                  The time when the comment was posted.

              • evidenceSources — (Array<String>)

                The list of data sources for the specified evidence.

              • evidenceCount — (Integer)

                The amount of evidence generated for the control.

              • assessmentReportEvidenceCount — (Integer)

                The amount of evidence in the assessment report.

            • delegations — (Array<map>)

              The delegations associated with the control set.

              • id — (String)

                The unique identifier for the delegation.

              • assessmentName — (String)

                The name of the associated assessment.

              • assessmentId — (String)

                The identifier for the associated assessment.

              • status — (String)

                The status of the delegation.

                Possible values include:
                • "IN_PROGRESS"
                • "UNDER_REVIEW"
                • "COMPLETE"
              • roleArn — (String)

                The Amazon Resource Name (ARN) of the IAM role.

              • roleType — (String)

                The type of customer persona.

                Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
                Possible values include:
                • "PROCESS_OWNER"
                • "RESOURCE_OWNER"
              • creationTime — (Date)

                Specifies when the delegation was created.

              • lastUpdated — (Date)

                Specifies when the delegation was last updated.

              • controlSetId — (String)

                The identifier for the associated control set.

              • comment — (String)

                The comment related to the delegation.

              • createdBy — (String)

                The IAM user or role that created the delegation.

            • systemEvidenceCount — (Integer)

              The total number of evidence objects retrieved automatically for the control set.

            • manualEvidenceCount — (Integer)

              The total number of evidence objects uploaded manually to the control set.

        • tags — (map<String>)

          The tags associated with the assessment.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateControl(params = {}, callback) ⇒ AWS.Request

Updates a custom control in AWS Audit Manager.

Service Reference:

Examples:

Calling the updateControl operation

var params = {
  controlId: 'STRING_VALUE', /* required */
  controlMappingSources: [ /* required */
    {
      sourceDescription: 'STRING_VALUE',
      sourceFrequency: DAILY | WEEKLY | MONTHLY,
      sourceId: 'STRING_VALUE',
      sourceKeyword: {
        keywordInputType: SELECT_FROM_LIST,
        keywordValue: 'STRING_VALUE'
      },
      sourceName: 'STRING_VALUE',
      sourceSetUpOption: System_Controls_Mapping | Procedural_Controls_Mapping,
      sourceType: AWS_Cloudtrail | AWS_Config | AWS_Security_Hub | AWS_API_Call | MANUAL,
      troubleshootingText: 'STRING_VALUE'
    },
    /* more items */
  ],
  name: 'STRING_VALUE', /* required */
  actionPlanInstructions: 'STRING_VALUE',
  actionPlanTitle: 'STRING_VALUE',
  description: 'STRING_VALUE',
  testingInformation: 'STRING_VALUE'
};
auditmanager.updateControl(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • controlId — (String)

      The identifier for the specified control.

    • name — (String)

      The name of the control to be updated.

    • description — (String)

      The optional description of the control.

    • testingInformation — (String)

      The steps that to follow to determine if the control has been satisfied.

    • actionPlanTitle — (String)

      The title of the action plan for remediating the control.

    • actionPlanInstructions — (String)

      The recommended actions to carry out if the control is not fulfilled.

    • controlMappingSources — (Array<map>)

      The data mapping sources for the specified control.

      • sourceId — (String)

        The unique identifier for the specified source.

      • sourceName — (String)

        The name of the specified source.

      • sourceDescription — (String)

        The description of the specified source.

      • sourceSetUpOption — (String)

        The setup option for the data source, which reflects if the evidence collection is automated or manual.

        Possible values include:
        • "System_Controls_Mapping"
        • "Procedural_Controls_Mapping"
      • sourceType — (String)

        Specifies one of the five types of data sources for evidence collection.

        Possible values include:
        • "AWS_Cloudtrail"
        • "AWS_Config"
        • "AWS_Security_Hub"
        • "AWS_API_Call"
        • "MANUAL"
      • sourceKeyword — (map)

        The keyword to search for in AWS CloudTrail logs.

        • keywordInputType — (String)

          The method of input for the specified keyword.

          Possible values include:
          • "SELECT_FROM_LIST"
        • keywordValue — (String)

          The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

      • sourceFrequency — (String)

        The frequency of evidence collection for the specified control mapping source.

        Possible values include:
        • "DAILY"
        • "WEEKLY"
        • "MONTHLY"
      • troubleshootingText — (String)

        The instructions for troubleshooting the specified control.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • control — (map)

        The name of the updated control set returned by the UpdateControl API.

        • arn — (String)

          The Amazon Resource Name (ARN) of the specified control.

        • id — (String)

          The unique identifier for the control.

        • type — (String)

          The type of control, such as custom or standard.

          Possible values include:
          • "Standard"
          • "Custom"
        • name — (String)

          The name of the specified control.

        • description — (String)

          The description of the specified control.

        • testingInformation — (String)

          The steps to follow to determine if the control has been satisfied.

        • actionPlanTitle — (String)

          The title of the action plan for remediating the control.

        • actionPlanInstructions — (String)

          The recommended actions to carry out if the control is not fulfilled.

        • controlSources — (String)

          The data source that determines from where AWS Audit Manager collects evidence for the control.

        • controlMappingSources — (Array<map>)

          The data mapping sources for the specified control.

          • sourceId — (String)

            The unique identifier for the specified source.

          • sourceName — (String)

            The name of the specified source.

          • sourceDescription — (String)

            The description of the specified source.

          • sourceSetUpOption — (String)

            The setup option for the data source, which reflects if the evidence collection is automated or manual.

            Possible values include:
            • "System_Controls_Mapping"
            • "Procedural_Controls_Mapping"
          • sourceType — (String)

            Specifies one of the five types of data sources for evidence collection.

            Possible values include:
            • "AWS_Cloudtrail"
            • "AWS_Config"
            • "AWS_Security_Hub"
            • "AWS_API_Call"
            • "MANUAL"
          • sourceKeyword — (map)

            The keyword to search for in AWS CloudTrail logs.

            • keywordInputType — (String)

              The method of input for the specified keyword.

              Possible values include:
              • "SELECT_FROM_LIST"
            • keywordValue — (String)

              The value of the keyword used to search AWS CloudTrail logs when mapping a control data source.

          • sourceFrequency — (String)

            The frequency of evidence collection for the specified control mapping source.

            Possible values include:
            • "DAILY"
            • "WEEKLY"
            • "MONTHLY"
          • troubleshootingText — (String)

            The instructions for troubleshooting the specified control.

        • createdAt — (Date)

          Specifies when the control was created.

        • lastUpdatedAt — (Date)

          Specifies when the control was most recently updated.

        • createdBy — (String)

          The IAM user or role that created the control.

        • lastUpdatedBy — (String)

          The IAM user or role that most recently updated the control.

        • tags — (map<String>)

          The tags associated with the control.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

updateSettings(params = {}, callback) ⇒ AWS.Request

Updates AWS Audit Manager settings for the current user account.

Service Reference:

Examples:

Calling the updateSettings operation

var params = {
  defaultAssessmentReportsDestination: {
    destination: 'STRING_VALUE',
    destinationType: S3
  },
  defaultProcessOwners: [
    {
      roleArn: 'STRING_VALUE',
      roleType: PROCESS_OWNER | RESOURCE_OWNER
    },
    /* more items */
  ],
  kmsKey: 'STRING_VALUE',
  snsTopic: 'STRING_VALUE'
};
auditmanager.updateSettings(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • snsTopic — (String)

      The Amazon Simple Notification Service (Amazon SNS) topic to which AWS Audit Manager sends notifications.

    • defaultAssessmentReportsDestination — (map)

      The default storage destination for assessment reports.

      • destinationType — (String)

        The destination type, such as Amazon S3.

        Possible values include:
        • "S3"
      • destination — (String)

        The destination of the assessment report.

    • defaultProcessOwners — (Array<map>)

      A list of the default audit owners.

      • roleType — (String)

        The type of customer persona.

        Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
        Possible values include:
        • "PROCESS_OWNER"
        • "RESOURCE_OWNER"
      • roleArn — (String)

        The Amazon Resource Name (ARN) of the IAM role.

    • kmsKey — (String)

      The AWS KMS key details.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • settings — (map)

        The current list of settings.

        • isAwsOrgEnabled — (Boolean)

          Specifies whether AWS Organizations is enabled.

        • snsTopic — (String)

          The designated Amazon Simple Notification Service (Amazon SNS) topic.

        • defaultAssessmentReportsDestination — (map)

          The default storage destination for assessment reports.

          • destinationType — (String)

            The destination type, such as Amazon S3.

            Possible values include:
            • "S3"
          • destination — (String)

            The destination of the assessment report.

        • defaultProcessOwners — (Array<map>)

          The designated default audit owners.

          • roleType — (String)

            The type of customer persona.

            Note: In CreateAssessment, roleType can only be PROCESS_OWNER. In UpdateSettings, roleType can only be PROCESS_OWNER. In BatchCreateDelegationByAssessment, roleType can only be RESOURCE_OWNER.
            Possible values include:
            • "PROCESS_OWNER"
            • "RESOURCE_OWNER"
          • roleArn — (String)

            The Amazon Resource Name (ARN) of the IAM role.

        • kmsKey — (String)

          The AWS KMS key details.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.

validateAssessmentReportIntegrity(params = {}, callback) ⇒ AWS.Request

Validates the integrity of an assessment report in AWS Audit Manager.

Examples:

Calling the validateAssessmentReportIntegrity operation

var params = {
  s3RelativePath: 'STRING_VALUE' /* required */
};
auditmanager.validateAssessmentReportIntegrity(params, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

Parameters:

  • params (Object) (defaults to: {})
    • s3RelativePath — (String)

      The relative path of the specified Amazon S3 bucket in which the assessment report is stored.

Callback (callback):

  • function(err, data) { ... }

    Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.

    Context (this):

    • (AWS.Response)

      the response object containing error, data properties, and the original request object.

    Parameters:

    • err (Error)

      the error object returned from the request. Set to null if the request is successful.

    • data (Object)

      the de-serialized data returned from the request. Set to null if a request error occurs. The data object has the following properties:

      • signatureValid — (Boolean)

        Specifies whether the signature key is valid.

      • signatureAlgorithm — (String)

        The signature algorithm used to code sign the assessment report file.

      • signatureDateTime — (String)

        The date and time signature that specifies when the assessment report was created.

      • signatureKeyId — (String)

        The unique identifier for the validation signature key.

      • validationErrors — (Array<String>)

        Represents any errors that occurred when validating the assessment report.

Returns:

  • (AWS.Request)

    a handle to the operation request for subsequent event callback registration.