assessments
Creates, updates, deletes or gets an assessment resource or lists assessments in a region
Overview
| Name | assessments |
| Type | Resource |
| Description | An entity that defines the scope of audit evidence collected by AWS Audit Manager. |
| Id | awscc.auditmanager.assessments |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
framework_id | string | The identifier for the specified framework. |
assessment_id | string | |
aws_account | object | The AWS account associated with the assessment. |
arn | string | The Amazon Resource Name (ARN) of the assessment. |
tags | array | The tags associated with the assessment. |
delegations | array | The list of delegations. |
roles | array | The list of roles for the specified assessment. |
scope | object | The wrapper that contains the AWS accounts and AWS services in scope for the assessment. |
assessment_reports_destination | object | The destination in which evidence reports are stored for the specified assessment. |
status | string | The status of the specified assessment. |
creation_time | number | The sequence of characters that identifies when the event occurred. |
name | string | The name of the related assessment. |
description | string | The description of the specified assessment. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
assessment_id | string | |
region | string | AWS region. |
For more information, see AWS::AuditManager::Assessment.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | assessments | INSERT | , region |
delete_resource | assessments | DELETE | Identifier, region |
update_resource | assessments | UPDATE | Identifier, PatchDocument, region |
list_resources | assessments_list_only | SELECT | region |
get_resource | assessments | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual assessment.
SELECT
region,
framework_id,
assessment_id,
aws_account,
arn,
tags,
delegations,
roles,
scope,
assessment_reports_destination,
status,
creation_time,
name,
description
FROM awscc.auditmanager.assessments
WHERE
region = 'us-east-1' AND
Identifier = '{{ assessment_id }}';
Lists all assessments in a region.
SELECT
region,
assessment_id
FROM awscc.auditmanager.assessments_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new assessment resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.auditmanager.assessments (
,
region
)
SELECT
'{{ }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.auditmanager.assessments (
FrameworkId,
AwsAccount,
Tags,
Delegations,
Roles,
Scope,
AssessmentReportsDestination,
Status,
Name,
Description,
region
)
SELECT
'{{ framework_id }}',
'{{ aws_account }}',
'{{ tags }}',
'{{ delegations }}',
'{{ roles }}',
'{{ scope }}',
'{{ assessment_reports_destination }}',
'{{ status }}',
'{{ name }}',
'{{ description }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: assessment
props:
- name: framework_id
value: '{{ framework_id }}'
- name: aws_account
value:
id: '{{ id }}'
email_address: '{{ email_address }}'
name: '{{ name }}'
- name: tags
value:
- key: '{{ key }}'
value: '{{ value }}'
- name: delegations
value:
- last_updated: null
control_set_id: '{{ control_set_id }}'
creation_time: null
created_by: '{{ created_by }}'
role_arn: '{{ role_arn }}'
assessment_name: '{{ assessment_name }}'
comment: '{{ comment }}'
id: '{{ id }}'
role_type: '{{ role_type }}'
assessment_id: null
status: '{{ status }}'
- name: roles
value:
- role_arn: null
role_type: null
- name: scope
value:
aws_accounts:
- null
aws_services:
- service_name: '{{ service_name }}'
- name: assessment_reports_destination
value:
destination: '{{ destination }}'
destination_type: '{{ destination_type }}'
- name: status
value: '{{ status }}'
- name: name
value: null
- name: description
value: '{{ description }}'
UPDATE example
Use the following StackQL query and manifest file to update a assessment resource, using stack-deploy.
/*+ update */
UPDATE awscc.auditmanager.assessments
SET PatchDocument = string('{{ {
"Tags": tags,
"Delegations": delegations,
"Roles": roles,
"Scope": scope,
"AssessmentReportsDestination": assessment_reports_destination,
"Status": status,
"Name": name,
"Description": description
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ assessment_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.auditmanager.assessments
WHERE
Identifier = '{{ assessment_id }}' AND
region = 'us-east-1';
Permissions
To operate on the assessments resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
auditmanager:CreateAssessment,
auditmanager:TagResource,
auditmanager:ListTagsForResource,
auditmanager:BatchCreateDelegationByAssessment,
iam:PassRole
auditmanager:GetAssessment
auditmanager:UpdateAssessment,
auditmanager:UpdateAssessmentStatus,
auditmanager:BatchCreateDelegationByAssessment,
auditmanager:BatchDeleteDelegationByAssessment
auditmanager:DeleteAssessment,
auditmanager:UntagResource
auditmanager:ListAssessments,
auditmanager:ListTagsForResource