awscc.auditmanager_assessment

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - auditmanager:DeleteAssessment

update

Parent base class for filters and actions.

definitions:
  AWSAccount:
    additionalProperties: false
    description: The AWS account associated with the assessment.
    properties:
      EmailAddress:
        description: The unique identifier for the email account.
        maxLength: 320
        minLength: 1
        pattern: ^.*@.*$
        type: string
      Id:
        description: The identifier for the specified AWS account.
        maxLength: 12
        minLength: 12
        pattern: ^[0-9]{12}$
        type: string
      Name:
        description: The name of the specified AWS account.
        maxLength: 50
        minLength: 1
        pattern: ^[\u0020-\u007E]+$
        type: string
    type: object
  AWSService:
    additionalProperties: false
    description: An AWS service such as Amazon S3, AWS CloudTrail, and so on.
    properties:
      ServiceName:
        description: The name of the AWS service.
        type: string
    type: object
  AWSServiceName:
    description: The name of the AWS service.
    type: string
  AccountId:
    description: The identifier for the specified AWS account.
    maxLength: 12
    minLength: 12
    pattern: ^[0-9]{12}$
    type: string
  AccountName:
    description: The name of the specified AWS account.
    maxLength: 50
    minLength: 1
    pattern: ^[\u0020-\u007E]+$
    type: string
  AssessmentArn:
    description: The Amazon Resource Name (ARN) of the assessment.
    maxLength: 2048
    minLength: 20
    pattern: ^arn:.*:auditmanager:.*
    type: string
  AssessmentDescription:
    description: The description of the specified assessment.
    type: string
  AssessmentName:
    description: The name of the related assessment.
    maxLength: 127
    minLength: 1
    pattern: ^[a-zA-Z0-9-_\.]+$
    type: string
  AssessmentReportDestinationType:
    description: The destination type, such as Amazon S3.
    enum:
    - S3
    type: string
  AssessmentReportsDestination:
    additionalProperties: false
    description: The destination in which evidence reports are stored for the specified
      assessment.
    properties:
      Destination:
        description: The URL of the specified Amazon S3 bucket.
        type: string
      DestinationType:
        description: The destination type, such as Amazon S3.
        enum:
        - S3
        type: string
    type: object
  AssessmentStatus:
    description: 'The status of the specified assessment. '
    enum:
    - ACTIVE
    - INACTIVE
    type: string
  ControlSetId:
    description: The identifier for the specified control set.
    maxLength: 300
    minLength: 1
    pattern: ^[\w\W\s\S]*$
    type: string
  CreatedBy:
    description: The IAM user or role that performed the action.
    maxLength: 100
    minLength: 1
    pattern: ^[a-zA-Z0-9-_()\[\]\s]+$
    type: string
  Delegation:
    additionalProperties: false
    description: The assignment of a control set to a delegate for review.
    properties:
      AssessmentId:
        maxLength: 36
        minLength: 36
        pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$
        type: string
      AssessmentName:
        description: The name of the related assessment.
        maxLength: 127
        minLength: 1
        pattern: ^[a-zA-Z0-9-_\.]+$
        type: string
      Comment:
        description: The comment related to the delegation.
        maxLength: 350
        pattern: ^[\w\W\s\S]*$
        type: string
      ControlSetId:
        description: The identifier for the specified control set.
        maxLength: 300
        minLength: 1
        pattern: ^[\w\W\s\S]*$
        type: string
      CreatedBy:
        description: The IAM user or role that performed the action.
        maxLength: 100
        minLength: 1
        pattern: ^[a-zA-Z0-9-_()\[\]\s]+$
        type: string
      CreationTime:
        description: The sequence of characters that identifies when the event occurred.
        type: number
      Id:
        maxLength: 36
        minLength: 36
        pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$
        type: string
      LastUpdated:
        description: The sequence of characters that identifies when the event occurred.
        type: number
      RoleArn:
        description: The Amazon Resource Name (ARN) of the IAM user or role.
        maxLength: 2048
        minLength: 20
        pattern: ^arn:.*:iam:.*
        type: string
      RoleType:
        description: ' The IAM role type.'
        enum:
        - PROCESS_OWNER
        - RESOURCE_OWNER
        type: string
      Status:
        description: The status of the delegation.
        enum:
        - IN_PROGRESS
        - UNDER_REVIEW
        - COMPLETE
        type: string
    type: object
  DelegationComment:
    description: The comment related to the delegation.
    maxLength: 350
    pattern: ^[\w\W\s\S]*$
    type: string
  DelegationStatus:
    description: The status of the delegation.
    enum:
    - IN_PROGRESS
    - UNDER_REVIEW
    - COMPLETE
    type: string
  EmailAddress:
    description: The unique identifier for the email account.
    maxLength: 320
    minLength: 1
    pattern: ^.*@.*$
    type: string
  FrameworkId:
    description: The identifier for the specified framework.
    maxLength: 36
    minLength: 32
    pattern: ^([a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|.*\S.*)$
    type: string
  IamArn:
    description: The Amazon Resource Name (ARN) of the IAM user or role.
    maxLength: 2048
    minLength: 20
    pattern: ^arn:.*:iam:.*
    type: string
  Role:
    additionalProperties: false
    description: The wrapper that contains AWS Audit Manager role information, such
      as the role type and IAM ARN.
    properties:
      RoleArn:
        description: The Amazon Resource Name (ARN) of the IAM user or role.
        maxLength: 2048
        minLength: 20
        pattern: ^arn:.*:iam:.*
        type: string
      RoleType:
        description: ' The IAM role type.'
        enum:
        - PROCESS_OWNER
        - RESOURCE_OWNER
        type: string
    type: object
  RoleType:
    description: ' The IAM role type.'
    enum:
    - PROCESS_OWNER
    - RESOURCE_OWNER
    type: string
  S3Url:
    description: The URL of the specified Amazon S3 bucket.
    type: string
  Scope:
    additionalProperties: false
    description: The wrapper that contains the AWS accounts and AWS services in scope
      for the assessment.
    properties:
      AwsAccounts:
        description: The AWS accounts included in scope.
        items:
          additionalProperties: false
          description: The AWS account associated with the assessment.
          properties:
            EmailAddress:
              description: The unique identifier for the email account.
              maxLength: 320
              minLength: 1
              pattern: ^.*@.*$
              type: string
            Id:
              description: The identifier for the specified AWS account.
              maxLength: 12
              minLength: 12
              pattern: ^[0-9]{12}$
              type: string
            Name:
              description: The name of the specified AWS account.
              maxLength: 50
              minLength: 1
              pattern: ^[\u0020-\u007E]+$
              type: string
          type: object
        type: array
      AwsServices:
        description: The AWS services included in scope.
        items:
          additionalProperties: false
          description: An AWS service such as Amazon S3, AWS CloudTrail, and so on.
          properties:
            ServiceName:
              description: The name of the AWS service.
              type: string
          type: object
        type: array
    type: object
  Tag:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      Key:
        description: 'The key name of the tag. You can specify a value that is 1 to
          127 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -. '
        maxLength: 128
        minLength: 1
        type: string
      Value:
        description: 'The value for the tag. You can specify a value that is 1 to
          255 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -. '
        maxLength: 256
        minLength: 0
        type: string
    required:
    - Key
    - Value
    type: object
  Timestamp:
    description: The sequence of characters that identifies when the event occurred.
    type: number
  UUID:
    maxLength: 36
    minLength: 36
    pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$
    type: string
properties:
  AssessmentReportsDestination:
    additionalProperties: false
    description: The destination in which evidence reports are stored for the specified
      assessment.
    properties:
      Destination:
        description: The URL of the specified Amazon S3 bucket.
        type: string
      DestinationType:
        description: The destination type, such as Amazon S3.
        enum:
        - S3
        type: string
    type: object
  Description:
    description: The description of the specified assessment.
    type: string
  Name:
    description: The name of the related assessment.
    maxLength: 127
    minLength: 1
    pattern: ^[a-zA-Z0-9-_\.]+$
    type: string
  Roles:
    description: The list of roles for the specified assessment.
    items:
      additionalProperties: false
      description: The wrapper that contains AWS Audit Manager role information, such
        as the role type and IAM ARN.
      properties:
        RoleArn:
          description: The Amazon Resource Name (ARN) of the IAM user or role.
          maxLength: 2048
          minLength: 20
          pattern: ^arn:.*:iam:.*
          type: string
        RoleType:
          description: ' The IAM role type.'
          enum:
          - PROCESS_OWNER
          - RESOURCE_OWNER
          type: string
      type: object
    type: array
  Scope:
    additionalProperties: false
    description: The wrapper that contains the AWS accounts and AWS services in scope
      for the assessment.
    properties:
      AwsAccounts:
        description: The AWS accounts included in scope.
        items:
          additionalProperties: false
          description: The AWS account associated with the assessment.
          properties:
            EmailAddress:
              description: The unique identifier for the email account.
              maxLength: 320
              minLength: 1
              pattern: ^.*@.*$
              type: string
            Id:
              description: The identifier for the specified AWS account.
              maxLength: 12
              minLength: 12
              pattern: ^[0-9]{12}$
              type: string
            Name:
              description: The name of the specified AWS account.
              maxLength: 50
              minLength: 1
              pattern: ^[\u0020-\u007E]+$
              type: string
          type: object
        type: array
      AwsServices:
        description: The AWS services included in scope.
        items:
          additionalProperties: false
          description: An AWS service such as Amazon S3, AWS CloudTrail, and so on.
          properties:
            ServiceName:
              description: The name of the AWS service.
              type: string
          type: object
        type: array
    type: object
  Status:
    description: 'The status of the specified assessment. '
    enum:
    - ACTIVE
    - INACTIVE
    type: string
  Tags:
    description: The tags associated with the assessment.
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        Key:
          description: 'The key name of the tag. You can specify a value that is 1
            to 127 Unicode characters in length and cannot be prefixed with aws:.
            You can use any of the following characters: the set of Unicode letters,
            digits, whitespace, _, ., /, =, +, and -. '
          maxLength: 128
          minLength: 1
          type: string
        Value:
          description: 'The value for the tag. You can specify a value that is 1 to
            255 Unicode characters in length and cannot be prefixed with aws:. You
            can use any of the following characters: the set of Unicode letters, digits,
            whitespace, _, ., /, =, +, and -. '
          maxLength: 256
          minLength: 0
          type: string
      required:
      - Key
      - Value
      type: object
    type: array
  type:
    enum:
    - update

Permissions - auditmanager:UpdateAssessment, auditmanager:UpdateAssessmentStatus