Documentation ¶
Index ¶
- type AWSAccount
- type AWSService
- type AccessDeniedException
- type AccountStatus
- type ActionEnum
- type Assessment
- type AssessmentControl
- type AssessmentControlSet
- type AssessmentEvidenceFolder
- type AssessmentFramework
- type AssessmentFrameworkMetadata
- type AssessmentFrameworkShareRequest
- type AssessmentMetadata
- type AssessmentMetadataItem
- type AssessmentReport
- type AssessmentReportDestinationType
- type AssessmentReportEvidenceError
- type AssessmentReportMetadata
- type AssessmentReportStatus
- type AssessmentReportsDestination
- type AssessmentStatus
- type BatchCreateDelegationByAssessmentError
- type BatchDeleteDelegationByAssessmentError
- type BatchImportEvidenceToAssessmentControlError
- type ChangeLog
- type Control
- type ControlComment
- type ControlDomainInsights
- type ControlInsightsMetadataByAssessmentItem
- type ControlInsightsMetadataItem
- type ControlMappingSource
- type ControlMetadata
- type ControlResponse
- type ControlSet
- type ControlSetStatus
- type ControlState
- type ControlStatus
- type ControlType
- type CreateAssessmentFrameworkControl
- type CreateAssessmentFrameworkControlSet
- type CreateControlMappingSource
- type CreateDelegationRequest
- type DataSourceType
- type DefaultExportDestination
- type Delegation
- type DelegationMetadata
- type DelegationStatus
- type DeleteResources
- type DeregistrationPolicy
- type Evidence
- type EvidenceFinderBackfillStatus
- type EvidenceFinderEnablement
- type EvidenceFinderEnablementStatus
- type EvidenceInsights
- type ExportDestinationType
- type Framework
- type FrameworkMetadata
- type FrameworkType
- type Insights
- type InsightsByAssessment
- type InternalServerException
- type KeywordInputType
- type ManualEvidence
- type Notification
- type ObjectTypeEnum
- type Resource
- type ResourceNotFoundException
- type Role
- type RoleType
- type Scope
- type ServiceMetadata
- type ServiceQuotaExceededException
- type SettingAttribute
- type Settings
- type ShareRequestAction
- type ShareRequestStatus
- type ShareRequestType
- type SourceFrequency
- type SourceKeyword
- type SourceSetUpOption
- type SourceType
- type ThrottlingException
- type URL
- type UpdateAssessmentFrameworkControlSet
- type ValidationException
- type ValidationExceptionField
- type ValidationExceptionReason
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWSAccount ¶
type AWSAccount struct { // The email address that's associated with the Amazon Web Services account. EmailAddress *string // The identifier for the Amazon Web Services account. Id *string // The name of the Amazon Web Services account. Name *string // contains filtered or unexported fields }
The wrapper of Amazon Web Services account details, such as account ID or
email address.
type AWSService ¶
type AWSService struct { // The name of the Amazon Web Service. ServiceName *string // contains filtered or unexported fields }
An Amazon Web Service such as Amazon S3 or CloudTrail.
For an example of how to find an Amazon Web Service name and how to define it in your assessment scope, see the following:
Finding an Amazon Web Service name to use in your assessment scope
Defining an Amazon Web Service name in your assessment scope
type AccessDeniedException ¶
type AccessDeniedException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
Your account isn't registered with Audit Manager. Check the delegated
administrator setup on the Audit Manager settings page, and try again.
func (*AccessDeniedException) Error ¶
func (e *AccessDeniedException) Error() string
func (*AccessDeniedException) ErrorCode ¶
func (e *AccessDeniedException) ErrorCode() string
func (*AccessDeniedException) ErrorFault ¶
func (e *AccessDeniedException) ErrorFault() smithy.ErrorFault
func (*AccessDeniedException) ErrorMessage ¶
func (e *AccessDeniedException) ErrorMessage() string
type AccountStatus ¶
type AccountStatus string
const ( AccountStatusActive AccountStatus = "ACTIVE" AccountStatusInactive AccountStatus = "INACTIVE" AccountStatusPendingActivation AccountStatus = "PENDING_ACTIVATION" )
Enum values for AccountStatus
func (AccountStatus) Values ¶
func (AccountStatus) Values() []AccountStatus
Values returns all known values for AccountStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ActionEnum ¶
type ActionEnum string
const ( ActionEnumCreate ActionEnum = "CREATE" ActionEnumUpdateMetadata ActionEnum = "UPDATE_METADATA" ActionEnumActive ActionEnum = "ACTIVE" ActionEnumInactive ActionEnum = "INACTIVE" ActionEnumDelete ActionEnum = "DELETE" ActionEnumUnderReview ActionEnum = "UNDER_REVIEW" ActionEnumReviewed ActionEnum = "REVIEWED" ActionEnumImportEvidence ActionEnum = "IMPORT_EVIDENCE" )
Enum values for ActionEnum
func (ActionEnum) Values ¶
func (ActionEnum) Values() []ActionEnum
Values returns all known values for ActionEnum. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Assessment ¶
type Assessment struct { // The Amazon Resource Name (ARN) of the assessment. Arn *string // The Amazon Web Services account that's associated with the assessment. AwsAccount *AWSAccount // The framework that the assessment was created from. Framework *AssessmentFramework // The metadata for the assessment. Metadata *AssessmentMetadata // The tags that are associated with the assessment. Tags map[string]string // contains filtered or unexported fields }
An entity that defines the scope of audit evidence collected by Audit Manager.
An Audit Manager assessment is an implementation of an Audit Manager framework.
type AssessmentControl ¶
type AssessmentControl struct { // The amount of evidence in the assessment report. AssessmentReportEvidenceCount int32 // The list of comments that's attached to the control. Comments []ControlComment // The description of the control. Description *string // The amount of evidence that's collected for the control. EvidenceCount int32 // The list of data sources for the evidence. EvidenceSources []string // The identifier for the control. Id *string // The name of the control. Name *string // The response of the control. Response ControlResponse // The status of the control. Status ControlStatus // contains filtered or unexported fields }
The control entity that represents a standard control or a custom control in
an Audit Manager assessment.
type AssessmentControlSet ¶
type AssessmentControlSet struct { // The list of controls that's contained with the control set. Controls []AssessmentControl // The delegations that are associated with the control set. Delegations []Delegation // The description for the control set. Description *string // The identifier of the control set in the assessment. This is the control set // name in a plain string format. Id *string // The total number of evidence objects that are uploaded manually to the control // set. ManualEvidenceCount int32 // The roles that are associated with the control set. Roles []Role // The current status of the control set. Status ControlSetStatus // The total number of evidence objects that are retrieved automatically for the // control set. SystemEvidenceCount int32 // contains filtered or unexported fields }
Represents a set of controls in an Audit Manager assessment.
type AssessmentEvidenceFolder ¶
type AssessmentEvidenceFolder struct { // The identifier for the assessment. AssessmentId *string // The total count of evidence that's included in the assessment report. AssessmentReportSelectionCount int32 // The name of the user who created the evidence folder. Author *string // The unique identifier for the control. ControlId *string // The name of the control. ControlName *string // The identifier for the control set. ControlSetId *string // The Amazon Web Service that the evidence was collected from. DataSource *string // The date when the first evidence was added to the evidence folder. Date *time.Time // The total number of Amazon Web Services resources that were assessed to // generate the evidence. EvidenceAwsServiceSourceCount int32 // The number of evidence that falls under the compliance check category. This // evidence is collected from Config or Security Hub. EvidenceByTypeComplianceCheckCount int32 // The total number of issues that were reported directly from Security Hub, // Config, or both. EvidenceByTypeComplianceCheckIssuesCount int32 // The number of evidence that falls under the configuration data category. This // evidence is collected from configuration snapshots of other Amazon Web Services // such as Amazon EC2, Amazon S3, or IAM. EvidenceByTypeConfigurationDataCount int32 // The number of evidence that falls under the manual category. This evidence is // imported manually. EvidenceByTypeManualCount int32 // The number of evidence that falls under the user activity category. This // evidence is collected from CloudTrail logs. EvidenceByTypeUserActivityCount int32 // The amount of evidence that's included in the evidence folder. EvidenceResourcesIncludedCount int32 // The identifier for the folder that the evidence is stored in. Id *string // The name of the evidence folder. Name *string // The total amount of evidence in the evidence folder. TotalEvidence int32 // contains filtered or unexported fields }
The folder where Audit Manager stores evidence for an assessment.
type AssessmentFramework ¶
type AssessmentFramework struct { // The Amazon Resource Name (ARN) of the framework. Arn *string // The control sets that are associated with the framework. ControlSets []AssessmentControlSet // The unique identifier for the framework. Id *string // The metadata of a framework, such as the name, ID, or description. Metadata *FrameworkMetadata // contains filtered or unexported fields }
The file used to structure and automate Audit Manager assessments for a given
compliance standard.
type AssessmentFrameworkMetadata ¶
type AssessmentFrameworkMetadata struct { // The Amazon Resource Name (ARN) of the framework. Arn *string // The compliance type that the new custom framework supports, such as CIS or // HIPAA. ComplianceType *string // The number of control sets that are associated with the framework. ControlSetsCount int32 // The number of controls that are associated with the framework. ControlsCount int32 // The time when the framework was created. CreatedAt *time.Time // The description of the framework. Description *string // The unique identifier for the framework. Id *string // The time when the framework was most recently updated. LastUpdatedAt *time.Time // The logo that's associated with the framework. Logo *string // The name of the framework. Name *string // The framework type, such as a standard framework or a custom framework. Type FrameworkType // contains filtered or unexported fields }
The metadata that's associated with a standard framework or a custom
framework.
type AssessmentFrameworkShareRequest ¶ added in v1.11.0
type AssessmentFrameworkShareRequest struct { string // HIPAA. ComplianceType *string CreationTime *time.Time CustomControlsCount *int32 DestinationAccount *string DestinationRegion *string ExpirationTime *time.Time FrameworkDescription *string FrameworkId *string FrameworkName *string Id *string LastUpdated *time.Time SourceAccount *string StandardControlsCount *int32 Status ShareRequestStatus // contains filtered or unexported fields }Comment *
Represents a share request for a custom framework in Audit Manager.
type AssessmentMetadata ¶
type AssessmentMetadata struct { // The destination that evidence reports are stored in for the assessment. AssessmentReportsDestination *AssessmentReportsDestination // The name of the compliance standard that's related to the assessment, such as // PCI-DSS. ComplianceType *string // Specifies when the assessment was created. CreationTime *time.Time // The delegations that are associated with the assessment. Delegations []Delegation // The description of the assessment. Description *string // The unique identifier for the assessment. Id *string // The time of the most recent update. LastUpdated *time.Time // The name of the assessment. Name *string // The roles that are associated with the assessment. Roles []Role // The wrapper of Amazon Web Services accounts and services that are in scope for // the assessment. Scope *Scope // The overall status of the assessment. Status AssessmentStatus // contains filtered or unexported fields }
The metadata that's associated with the specified assessment.
type AssessmentMetadataItem ¶
type AssessmentMetadataItem struct { // The name of the compliance standard that's related to the assessment, such as // PCI-DSS. ComplianceType *string // Specifies when the assessment was created. CreationTime *time.Time // The delegations that are associated with the assessment. Delegations []Delegation // The unique identifier for the assessment. Id *string // The time of the most recent update. LastUpdated *time.Time // The name of the assessment. Name *string // The roles that are associated with the assessment. Roles []Role // The current status of the assessment. Status AssessmentStatus // contains filtered or unexported fields }
A metadata object that's associated with an assessment in Audit Manager.
type AssessmentReport ¶
type AssessmentReport struct { // The identifier for the specified assessment. AssessmentId *string // The name of the associated assessment. AssessmentName *string // The name of the user who created the assessment report. Author *string // The identifier for the specified Amazon Web Services account. AwsAccountId *string // Specifies when the assessment report was created. CreationTime *time.Time // The description of the specified assessment report. Description *string // The unique identifier for the assessment report. Id *string // The name that's given to the assessment report. Name *string // The current status of the specified assessment report. Status AssessmentReportStatus // contains filtered or unexported fields }
A finalized document that's generated from an Audit Manager assessment. These
reports summarize the relevant evidence that was collected for your audit, and link to the relevant evidence folders. These evidence folders are named and organized according to the controls that are specified in your assessment.
type AssessmentReportDestinationType ¶
type AssessmentReportDestinationType string
const (
AssessmentReportDestinationTypeS3 AssessmentReportDestinationType = "S3"
)
Enum values for AssessmentReportDestinationType
func (AssessmentReportDestinationType) Values ¶
func (AssessmentReportDestinationType) Values() []AssessmentReportDestinationType
Values returns all known values for AssessmentReportDestinationType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AssessmentReportEvidenceError ¶
type AssessmentReportEvidenceError struct { // The error code that was returned. ErrorCode *string // The error message that was returned. ErrorMessage *string // The identifier for the evidence. EvidenceId *string // contains filtered or unexported fields }
An error entity for assessment report evidence errors. This is used to provide
more meaningful errors than a simple string message.
type AssessmentReportMetadata ¶
type AssessmentReportMetadata struct { // The unique identifier for the associated assessment. AssessmentId *string // The name of the associated assessment. AssessmentName *string // The name of the user who created the assessment report. Author *string // Specifies when the assessment report was created. CreationTime *time.Time // The description of the assessment report. Description *string // The unique identifier for the assessment report. Id *string // The name of the assessment report. Name *string // The current status of the assessment report. Status AssessmentReportStatus // contains filtered or unexported fields }
The metadata objects that are associated with the specified assessment report.
type AssessmentReportStatus ¶
type AssessmentReportStatus string
const ( AssessmentReportStatusComplete AssessmentReportStatus = "COMPLETE" AssessmentReportStatusInProgress AssessmentReportStatus = "IN_PROGRESS" AssessmentReportStatusFailed AssessmentReportStatus = "FAILED" )
Enum values for AssessmentReportStatus
func (AssessmentReportStatus) Values ¶
func (AssessmentReportStatus) Values() []AssessmentReportStatus
Values returns all known values for AssessmentReportStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type AssessmentReportsDestination ¶
type AssessmentReportsDestination struct { // The destination bucket where Audit Manager stores assessment reports. Destination *string // The destination type, such as Amazon S3. DestinationType AssessmentReportDestinationType // contains filtered or unexported fields }
The location where Audit Manager saves assessment reports for the given
assessment.
type AssessmentStatus ¶
type AssessmentStatus string
const ( AssessmentStatusActive AssessmentStatus = "ACTIVE" AssessmentStatusInactive AssessmentStatus = "INACTIVE" )
Enum values for AssessmentStatus
func (AssessmentStatus) Values ¶
func (AssessmentStatus) Values() []AssessmentStatus
Values returns all known values for AssessmentStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type BatchCreateDelegationByAssessmentError ¶
type BatchCreateDelegationByAssessmentError struct { // The API request to batch create delegations in Audit Manager. CreateDelegationRequest *CreateDelegationRequest // The error code that the BatchCreateDelegationByAssessment API returned. ErrorCode *string // The error message that the BatchCreateDelegationByAssessment API returned. ErrorMessage *string // contains filtered or unexported fields }
An error entity for the BatchCreateDelegationByAssessment API. This is used to
provide more meaningful errors than a simple string message.
type BatchDeleteDelegationByAssessmentError ¶
type BatchDeleteDelegationByAssessmentError struct { // The identifier for the delegation. DelegationId *string // The error code that the BatchDeleteDelegationByAssessment API returned. ErrorCode *string // The error message that the BatchDeleteDelegationByAssessment API returned. ErrorMessage *string // contains filtered or unexported fields }
An error entity for the BatchDeleteDelegationByAssessment API. This is used to
provide more meaningful errors than a simple string message.
type BatchImportEvidenceToAssessmentControlError ¶
type BatchImportEvidenceToAssessmentControlError struct { // The error code that the BatchImportEvidenceToAssessmentControl API returned. ErrorCode *string // The error message that the BatchImportEvidenceToAssessmentControl API // returned. ErrorMessage *string // Manual evidence that can't be collected automatically by Audit Manager. ManualEvidence *ManualEvidence // contains filtered or unexported fields }
An error entity for the BatchImportEvidenceToAssessmentControl API. This is
used to provide more meaningful errors than a simple string message.
type ChangeLog ¶
type ChangeLog struct { // The action that was performed. Action ActionEnum // The time when the action was performed and the changelog record was created. CreatedAt *time.Time // The user or role that performed the action. CreatedBy *string // The name of the object that changed. This could be the name of an assessment, // control, or control set. ObjectName *string // The object that was changed, such as an assessment, control, or control set. ObjectType ObjectTypeEnum // contains filtered or unexported fields }
The record of a change within Audit Manager. For example, this could be the
status change of an assessment or the delegation of a control set.
type Control ¶
type Control struct { // The recommended actions to carry out if the control isn't fulfilled. ActionPlanInstructions *string // The title of the action plan for remediating the control. ActionPlanTitle *string // The Amazon Resource Name (ARN) of the control. Arn *string // The data mapping sources for the control. ControlMappingSources []ControlMappingSource // The data source types that determine where Audit Manager collects evidence // from for the control. ControlSources *string // The time when the control was created. CreatedAt *time.Time // The user or role that created the control. CreatedBy *string // The description of the control. Description *string // The unique identifier for the control. Id *string // The time when the control was most recently updated. LastUpdatedAt *time.Time // The user or role that most recently updated the control. LastUpdatedBy *string // The name of the control. Name *string // The state of the control. The END_OF_SUPPORT state is applicable to standard // controls only. This state indicates that the standard control can still be used // to collect evidence, but Audit Manager is no longer updating or maintaining that // control. State ControlState // The tags associated with the control. Tags map[string]string // The steps that you should follow to determine if the control has been // satisfied. TestingInformation *string // Specifies whether the control is a standard control or a custom control. Type ControlType // contains filtered or unexported fields }
A control in Audit Manager.
type ControlComment ¶
type ControlComment struct { // The name of the user who authored the comment. AuthorName *string // The body text of a control comment. CommentBody *string // The time when the comment was posted. PostedDate *time.Time // contains filtered or unexported fields }
A comment that's posted by a user on a control. This includes the author's
name, the comment text, and a timestamp.
type ControlDomainInsights ¶ added in v1.12.0
type ControlDomainInsights struct { // The number of controls in the control domain that collected non-compliant // evidence on the lastUpdated date. ControlsCountByNoncompliantEvidence *int32 // A breakdown of the compliance check status for the evidence that’s associated // with the control domain. EvidenceInsights *EvidenceInsights // The unique identifier for the control domain. Audit Manager supports the // control domains that are provided by Amazon Web Services Control Catalog. For // information about how to find a list of available control domains, see [ListDomains] // ListDomains in the Amazon Web Services Control Catalog API Reference. // // [ListDomains]: https://docs.aws.amazon.com/controlcatalog/latest/APIReference/API_ListDomains.html Id *string // The time when the control domain insights were last updated. LastUpdated *time.Time // The name of the control domain. Name *string // The total number of controls in the control domain. TotalControlsCount *int32 // contains filtered or unexported fields }
A summary of the latest analytics data for a specific control domain.
Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
type ControlInsightsMetadataByAssessmentItem ¶ added in v1.12.0
type ControlInsightsMetadataByAssessmentItem struct { // The name of the control set that the assessment control belongs to. ControlSetName *string // A breakdown of the compliance check status for the evidence that’s associated // with the assessment control. EvidenceInsights *EvidenceInsights // The unique identifier for the assessment control. Id *string // The time when the assessment control insights were last updated. LastUpdated *time.Time // The name of the assessment control. Name *string // contains filtered or unexported fields }
A summary of the latest analytics data for a specific control in a specific active assessment.
Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
type ControlInsightsMetadataItem ¶ added in v1.12.0
type ControlInsightsMetadataItem struct { // A breakdown of the compliance check status for the evidence that’s associated // with the control. EvidenceInsights *EvidenceInsights // The unique identifier for the control. Id *string // The time when the control insights were last updated. LastUpdated *time.Time // The name of the control. Name *string // contains filtered or unexported fields }
A summary of the latest analytics data for a specific control.
This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.
type ControlMappingSource ¶
type ControlMappingSource struct { // The description of the source. SourceDescription *string // Specifies how often evidence is collected from the control mapping source. SourceFrequency SourceFrequency // The unique identifier for the source. SourceId *string // A keyword that relates to the control data source. // // For manual evidence, this keyword indicates if the manual evidence is a file or // text. // // For automated evidence, this keyword identifies a specific CloudTrail event, // Config rule, Security Hub control, or Amazon Web Services API name. // // To learn more about the supported keywords that you can use when mapping a // control data source, see the following pages in the Audit Manager User Guide: // // [Config rules supported by Audit Manager] // // [Security Hub controls supported by Audit Manager] // // [API calls supported by Audit Manager] // // [CloudTrail event names supported by Audit Manager] // // [Config rules supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html // [CloudTrail event names supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html // [Security Hub controls supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html // [API calls supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html SourceKeyword *SourceKeyword // The name of the source. SourceName *string // The setup option for the data source. This option reflects if the evidence // collection method is automated or manual. If you don’t provide a value for // sourceSetUpOption , Audit Manager automatically infers and populates the correct // value based on the sourceType that you specify. SourceSetUpOption SourceSetUpOption // Specifies which type of data source is used to collect evidence. // // - The source can be an individual data source type, such as AWS_Cloudtrail , // AWS_Config , AWS_Security_Hub , AWS_API_Call , or MANUAL . // // - The source can also be a managed grouping of data sources, such as a // Core_Control or a Common_Control . SourceType SourceType // The instructions for troubleshooting the control. TroubleshootingText *string // contains filtered or unexported fields }
The data source that determines where Audit Manager collects evidence from for
the control.
type ControlMetadata ¶
type ControlMetadata struct { // The Amazon Resource Name (ARN) of the control. Arn *string // The data source that determines where Audit Manager collects evidence from for // the control. ControlSources *string // The time when the control was created. CreatedAt *time.Time // The unique identifier for the control. Id *string // The time when the control was most recently updated. LastUpdatedAt *time.Time // The name of the control. Name *string // contains filtered or unexported fields }
The metadata that's associated with the standard control or custom control.
type ControlResponse ¶
type ControlResponse string
const ( ControlResponseManual ControlResponse = "MANUAL" ControlResponseAutomate ControlResponse = "AUTOMATE" ControlResponseDefer ControlResponse = "DEFER" ControlResponseIgnore ControlResponse = "IGNORE" )
Enum values for ControlResponse
func (ControlResponse) Values ¶
func (ControlResponse) Values() []ControlResponse
Values returns all known values for ControlResponse. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ControlSet ¶
type ControlSet struct { // The list of controls within the control set. Controls []Control // The identifier of the control set in the assessment. This is the control set // name in a plain string format. Id *string // The name of the control set. Name *string // contains filtered or unexported fields }
A set of controls in Audit Manager.
type ControlSetStatus ¶
type ControlSetStatus string
const ( ControlSetStatusActive ControlSetStatus = "ACTIVE" ControlSetStatusUnderReview ControlSetStatus = "UNDER_REVIEW" ControlSetStatusReviewed ControlSetStatus = "REVIEWED" )
Enum values for ControlSetStatus
func (ControlSetStatus) Values ¶
func (ControlSetStatus) Values() []ControlSetStatus
Values returns all known values for ControlSetStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ControlState ¶ added in v1.33.0
type ControlState string
const ( ControlStateActive ControlState = "ACTIVE" ControlStateEndOfSupport ControlState = "END_OF_SUPPORT" )
Enum values for ControlState
func (ControlState) Values ¶ added in v1.33.0
func (ControlState) Values() []ControlState
Values returns all known values for ControlState. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ControlStatus ¶
type ControlStatus string
const ( ControlStatusUnderReview ControlStatus = "UNDER_REVIEW" ControlStatusReviewed ControlStatus = "REVIEWED" ControlStatusInactive ControlStatus = "INACTIVE" )
Enum values for ControlStatus
func (ControlStatus) Values ¶
func (ControlStatus) Values() []ControlStatus
Values returns all known values for ControlStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ControlType ¶
type ControlType string
const ( ControlTypeStandard ControlType = "Standard" ControlTypeCustom ControlType = "Custom" ControlTypeCore ControlType = "Core" )
Enum values for ControlType
func (ControlType) Values ¶
func (ControlType) Values() []ControlType
Values returns all known values for ControlType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type CreateAssessmentFrameworkControl ¶
type CreateAssessmentFrameworkControl struct { // The unique identifier of the control. // // This member is required. Id *string // contains filtered or unexported fields }
The control entity attributes that uniquely identify an existing control to be
added to a framework in Audit Manager.
type CreateAssessmentFrameworkControlSet ¶
type CreateAssessmentFrameworkControlSet struct { // The name of the control set. // // This member is required. Name *string // The list of controls within the control set. This doesn't contain the control // set ID. Controls []CreateAssessmentFrameworkControl // contains filtered or unexported fields }
A controlSet entity that represents a collection of controls in Audit Manager.
This doesn't contain the control set ID.
type CreateControlMappingSource ¶
type CreateControlMappingSource struct { // The description of the data source that determines where Audit Manager // collects evidence from for the control. SourceDescription *string // Specifies how often evidence is collected from the control mapping source. SourceFrequency SourceFrequency // A keyword that relates to the control data source. // // For manual evidence, this keyword indicates if the manual evidence is a file or // text. // // For automated evidence, this keyword identifies a specific CloudTrail event, // Config rule, Security Hub control, or Amazon Web Services API name. // // To learn more about the supported keywords that you can use when mapping a // control data source, see the following pages in the Audit Manager User Guide: // // [Config rules supported by Audit Manager] // // [Security Hub controls supported by Audit Manager] // // [API calls supported by Audit Manager] // // [CloudTrail event names supported by Audit Manager] // // [Config rules supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html // [CloudTrail event names supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html // [Security Hub controls supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html // [API calls supported by Audit Manager]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html SourceKeyword *SourceKeyword // The name of the control mapping data source. SourceName *string // The setup option for the data source. This option reflects if the evidence // collection method is automated or manual. If you don’t provide a value for // sourceSetUpOption , Audit Manager automatically infers and populates the correct // value based on the sourceType that you specify. SourceSetUpOption SourceSetUpOption // Specifies which type of data source is used to collect evidence. // // - The source can be an individual data source type, such as AWS_Cloudtrail , // AWS_Config , AWS_Security_Hub , AWS_API_Call , or MANUAL . // // - The source can also be a managed grouping of data sources, such as a // Core_Control or a Common_Control . SourceType SourceType // The instructions for troubleshooting the control. TroubleshootingText *string // contains filtered or unexported fields }
The mapping attributes that determine the evidence source for a given control, along with related parameters and metadata. This doesn't contain mappingID .
type CreateDelegationRequest ¶
type CreateDelegationRequest struct { // A comment that's related to the delegation request. Comment *string // The unique identifier for the control set. ControlSetId *string // The Amazon Resource Name (ARN) of the IAM role. RoleArn *string // The type of customer persona. // // In CreateAssessment , roleType can only be PROCESS_OWNER . // // In UpdateSettings , roleType can only be PROCESS_OWNER . // // In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER . RoleType RoleType // contains filtered or unexported fields }
A collection of attributes that's used to create a delegation for an
assessment in Audit Manager.
type DataSourceType ¶ added in v1.33.0
type DataSourceType string
const ( DataSourceTypeAwsCloudtrail DataSourceType = "AWS_Cloudtrail" DataSourceTypeAwsConfig DataSourceType = "AWS_Config" DataSourceTypeAwsSecurityHub DataSourceType = "AWS_Security_Hub" DataSourceTypeAwsApiCall DataSourceType = "AWS_API_Call" DataSourceTypeManual DataSourceType = "MANUAL" )
Enum values for DataSourceType
func (DataSourceType) Values ¶ added in v1.33.0
func (DataSourceType) Values() []DataSourceType
Values returns all known values for DataSourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DefaultExportDestination ¶ added in v1.25.0
type DefaultExportDestination struct { // The destination bucket where Audit Manager stores exported files. Destination *string // The destination type, such as Amazon S3. DestinationType ExportDestinationType // contains filtered or unexported fields }
The default s3 bucket where Audit Manager saves the files that you export from evidence finder.
type Delegation ¶
type Delegation struct { // The identifier for the assessment that's associated with the delegation. AssessmentId *string // The name of the assessment that's associated with the delegation. AssessmentName *string // The comment that's related to the delegation. Comment *string // The identifier for the control set that's associated with the delegation. ControlSetId *string // The user or role that created the delegation. CreatedBy *string // Specifies when the delegation was created. CreationTime *time.Time // The unique identifier for the delegation. Id *string // Specifies when the delegation was last updated. LastUpdated *time.Time // The Amazon Resource Name (ARN) of the IAM role. RoleArn *string // The type of customer persona. // // In CreateAssessment , roleType can only be PROCESS_OWNER . // // In UpdateSettings , roleType can only be PROCESS_OWNER . // // In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER . RoleType RoleType // The status of the delegation. Status DelegationStatus // contains filtered or unexported fields }
The assignment of a control set to a delegate for review.
type DelegationMetadata ¶
type DelegationMetadata struct { // The unique identifier for the assessment. AssessmentId *string // The name of the associated assessment. AssessmentName *string // Specifies the name of the control set that was delegated for review. ControlSetName *string // Specifies when the delegation was created. CreationTime *time.Time // The unique identifier for the delegation. Id *string // The Amazon Resource Name (ARN) of the IAM role. RoleArn *string // The current status of the delegation. Status DelegationStatus // contains filtered or unexported fields }
The metadata that's associated with the delegation.
type DelegationStatus ¶
type DelegationStatus string
const ( DelegationStatusInProgress DelegationStatus = "IN_PROGRESS" DelegationStatusUnderReview DelegationStatus = "UNDER_REVIEW" DelegationStatusComplete DelegationStatus = "COMPLETE" )
Enum values for DelegationStatus
func (DelegationStatus) Values ¶
func (DelegationStatus) Values() []DelegationStatus
Values returns all known values for DelegationStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DeleteResources ¶ added in v1.23.0
type DeleteResources string
const ( DeleteResourcesAll DeleteResources = "ALL" DeleteResourcesDefault DeleteResources = "DEFAULT" )
Enum values for DeleteResources
func (DeleteResources) Values ¶ added in v1.23.0
func (DeleteResources) Values() []DeleteResources
Values returns all known values for DeleteResources. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type DeregistrationPolicy ¶ added in v1.23.0
type DeregistrationPolicy struct { // Specifies which Audit Manager data will be deleted when you deregister Audit // Manager. // // - If you set the value to ALL , all of your data is deleted within seven days // of deregistration. // // - If you set the value to DEFAULT , none of your data is deleted at the time // of deregistration. However, keep in mind that the Audit Manager data retention // policy still applies. As a result, any evidence data will be deleted two years // after its creation date. Your other Audit Manager resources will continue to // exist indefinitely. DeleteResources DeleteResources // contains filtered or unexported fields }
The deregistration policy for the data that's stored in Audit Manager. You can use this attribute to determine how your data is handled when you deregister Audit Manager.
By default, Audit Manager retains evidence data for two years from the time of its creation. Other Audit Manager resources (including assessments, custom controls, and custom frameworks) remain in Audit Manager indefinitely, and are available if you re-register Audit Managerin the future. For more information about data retention, see Data Protection in the Audit Manager User Guide.
If you choose to delete all data, this action permanently deletes all evidence data in your account within seven days. It also deletes all of the Audit Manager resources that you created, including assessments, custom controls, and custom frameworks. Your data will not be available if you re-register Audit Manager in the future.
type Evidence ¶
type Evidence struct { // Specifies whether the evidence is included in the assessment report. AssessmentReportSelection *string // The names and values that are used by the evidence event. This includes an // attribute name (such as allowUsersToChangePassword ) and value (such as true or // false ). Attributes map[string]string // The identifier for the Amazon Web Services account. AwsAccountId *string // The Amazon Web Services account that the evidence is collected from, and its // organization path. AwsOrganization *string // The evaluation status for automated evidence that falls under the compliance // check category. // // - Audit Manager classes evidence as non-compliant if Security Hub reports a // Fail result, or if Config reports a Non-compliant result. // // - Audit Manager classes evidence as compliant if Security Hub reports a Pass // result, or if Config reports a Compliant result. // // - If a compliance check isn't available or applicable, then no compliance // evaluation can be made for that evidence. This is the case if the evidence uses // Config or Security Hub as the underlying data source type, but those services // aren't enabled. This is also the case if the evidence uses an underlying data // source type that doesn't support compliance checks (such as manual evidence, // Amazon Web Services API calls, or CloudTrail). ComplianceCheck *string // The data source where the evidence was collected from. DataSource *string // The name of the evidence event. EventName *string // The Amazon Web Service that the evidence is collected from. EventSource *string // The identifier for the Amazon Web Services account. EvidenceAwsAccountId *string // The type of automated evidence. EvidenceByType *string // The identifier for the folder that the evidence is stored in. EvidenceFolderId *string // The unique identifier for the user or role that's associated with the // evidence. IamId *string // The identifier for the evidence. Id *string // The list of resources that are assessed to generate the evidence. ResourcesIncluded []Resource // The timestamp that represents when the evidence was collected. Time *time.Time // contains filtered or unexported fields }
A record that contains the information needed to demonstrate compliance with
the requirements specified by a control. Examples of evidence include change activity invoked by a user, or a system configuration snapshot.
type EvidenceFinderBackfillStatus ¶ added in v1.21.0
type EvidenceFinderBackfillStatus string
const ( EvidenceFinderBackfillStatusNotStarted EvidenceFinderBackfillStatus = "NOT_STARTED" EvidenceFinderBackfillStatusInProgress EvidenceFinderBackfillStatus = "IN_PROGRESS" EvidenceFinderBackfillStatusCompleted EvidenceFinderBackfillStatus = "COMPLETED" )
Enum values for EvidenceFinderBackfillStatus
func (EvidenceFinderBackfillStatus) Values ¶ added in v1.21.0
func (EvidenceFinderBackfillStatus) Values() []EvidenceFinderBackfillStatus
Values returns all known values for EvidenceFinderBackfillStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type EvidenceFinderEnablement ¶ added in v1.21.0
type EvidenceFinderEnablement struct { // The current status of the evidence data backfill process. // // The backfill starts after you enable evidence finder. During this task, Audit // Manager populates an event data store with your past two years’ worth of // evidence data so that your evidence can be queried. // // - NOT_STARTED means that the backfill hasn’t started yet. // // - IN_PROGRESS means that the backfill is in progress. This can take up to 7 // days to complete, depending on the amount of evidence data. // // - COMPLETED means that the backfill is complete. All of your past evidence is // now queryable. BackfillStatus EvidenceFinderBackfillStatus // The current status of the evidence finder feature and the related event data // store. // // - ENABLE_IN_PROGRESS means that you requested to enable evidence finder. An // event data store is currently being created to support evidence finder queries. // // - ENABLED means that an event data store was successfully created and evidence // finder is enabled. We recommend that you wait 7 days until the event data store // is backfilled with your past two years’ worth of evidence data. You can use // evidence finder in the meantime, but not all data might be available until the // backfill is complete. // // - DISABLE_IN_PROGRESS means that you requested to disable evidence finder, and // your request is pending the deletion of the event data store. // // - DISABLED means that you have permanently disabled evidence finder and the // event data store has been deleted. You can't re-enable evidence finder after // this point. EnablementStatus EvidenceFinderEnablementStatus // Represents any errors that occurred when enabling or disabling evidence finder. Error *string // The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s // used by evidence finder. The event data store is the lake of evidence data that // evidence finder runs queries against. EventDataStoreArn *string // contains filtered or unexported fields }
The settings object that specifies whether evidence finder is enabled. This object also describes the related event data store, and the backfill status for populating the event data store with evidence data.
type EvidenceFinderEnablementStatus ¶ added in v1.21.0
type EvidenceFinderEnablementStatus string
const ( EvidenceFinderEnablementStatusEnabled EvidenceFinderEnablementStatus = "ENABLED" EvidenceFinderEnablementStatusDisabled EvidenceFinderEnablementStatus = "DISABLED" EvidenceFinderEnablementStatusEnableInProgress EvidenceFinderEnablementStatus = "ENABLE_IN_PROGRESS" EvidenceFinderEnablementStatusDisableInProgress EvidenceFinderEnablementStatus = "DISABLE_IN_PROGRESS" )
Enum values for EvidenceFinderEnablementStatus
func (EvidenceFinderEnablementStatus) Values ¶ added in v1.21.0
func (EvidenceFinderEnablementStatus) Values() []EvidenceFinderEnablementStatus
Values returns all known values for EvidenceFinderEnablementStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type EvidenceInsights ¶ added in v1.12.0
type EvidenceInsights struct { // The number of compliance check evidence that Audit Manager classified as // compliant. This includes evidence that was collected from Security Hub with a // Pass ruling, or collected from Config with a Compliant ruling. CompliantEvidenceCount *int32 // The number of evidence that a compliance check ruling isn't available for. // Evidence is inconclusive when the associated control uses Security Hub or Config // as a data source but you didn't enable those services. This is also the case // when a control uses a data source that doesn’t support compliance checks (for // example, manual evidence, API calls, or CloudTrail). // // If evidence has a compliance check status of not applicable in the console, // it's classified as inconclusive in EvidenceInsights data. InconclusiveEvidenceCount *int32 // The number of compliance check evidence that Audit Manager classified as // non-compliant. This includes evidence that was collected from Security Hub with // a Fail ruling, or collected from Config with a Non-compliant ruling. NoncompliantEvidenceCount *int32 // contains filtered or unexported fields }
A breakdown of the latest compliance check status for the evidence in your Audit Manager assessments.
type ExportDestinationType ¶ added in v1.25.0
type ExportDestinationType string
const (
ExportDestinationTypeS3 ExportDestinationType = "S3"
)
Enum values for ExportDestinationType
func (ExportDestinationType) Values ¶ added in v1.25.0
func (ExportDestinationType) Values() []ExportDestinationType
Values returns all known values for ExportDestinationType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Framework ¶
type Framework struct { // The Amazon Resource Name (ARN) of the framework. Arn *string // The compliance type that the framework supports, such as CIS or HIPAA. ComplianceType *string // The control sets that are associated with the framework. ControlSets []ControlSet // The control data sources where Audit Manager collects evidence from. ControlSources *string // The time when the framework was created. CreatedAt *time.Time // The user or role that created the framework. CreatedBy *string // The description of the framework. Description *string // The unique identifier for the framework. Id *string // The time when the framework was most recently updated. LastUpdatedAt *time.Time // The user or role that most recently updated the framework. LastUpdatedBy *string // The logo that's associated with the framework. Logo *string // The name of the framework. Name *string // The tags that are associated with the framework. Tags map[string]string // Specifies whether the framework is a standard framework or a custom framework. Type FrameworkType // contains filtered or unexported fields }
The file that's used to structure and automate Audit Manager assessments for a
given compliance standard.
type FrameworkMetadata ¶
type FrameworkMetadata struct { // The compliance standard that's associated with the framework. For example, // this could be PCI DSS or HIPAA. ComplianceType *string // The description of the framework. Description *string // The logo that's associated with the framework. Logo *string // The name of the framework. Name *string // contains filtered or unexported fields }
The metadata of a framework, such as the name, ID, or description.
type FrameworkType ¶
type FrameworkType string
const ( FrameworkTypeStandard FrameworkType = "Standard" FrameworkTypeCustom FrameworkType = "Custom" )
Enum values for FrameworkType
func (FrameworkType) Values ¶
func (FrameworkType) Values() []FrameworkType
Values returns all known values for FrameworkType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Insights ¶ added in v1.12.0
type Insights struct { // The number of active assessments in Audit Manager. ActiveAssessmentsCount *int32 // The number of assessment controls that collected non-compliant evidence on the // lastUpdated date. AssessmentControlsCountByNoncompliantEvidence *int32 // The number of compliance check evidence that Audit Manager classified as // compliant on the lastUpdated date. This includes evidence that was collected // from Security Hub with a Pass ruling, or collected from Config with a Compliant // ruling. CompliantEvidenceCount *int32 // The number of evidence without a compliance check ruling. Evidence is // inconclusive when the associated control uses Security Hub or Config as a data // source but you didn't enable those services. This is also the case when a // control uses a data source that doesn’t support compliance checks (for example: // manual evidence, API calls, or CloudTrail). // // If evidence has a compliance check status of not applicable, it's classed as // inconclusive in Insights data. InconclusiveEvidenceCount *int32 // The time when the cross-assessment insights were last updated. LastUpdated *time.Time // The number of compliance check evidence that Audit Manager classified as // non-compliant on the lastUpdated date. This includes evidence that was // collected from Security Hub with a Fail ruling, or collected from Config with a // Non-compliant ruling. NoncompliantEvidenceCount *int32 // The total number of controls across all active assessments. TotalAssessmentControlsCount *int32 // contains filtered or unexported fields }
A summary of the latest analytics data for all your active assessments.
This summary is a snapshot of the data that your active assessments collected on the lastUpdated date. It’s important to understand that the following totals are daily counts based on this date — they aren’t a total sum to date.
The Insights data is eventually consistent. This means that, when you read data from Insights , the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response should return the latest data.
If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.
Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the InsightsByAssessment counts for that day.
Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the InsightsByAssessment counts for that day.
type InsightsByAssessment ¶ added in v1.12.0
type InsightsByAssessment struct { // The number of assessment controls that collected non-compliant evidence on the // lastUpdated date. AssessmentControlsCountByNoncompliantEvidence *int32 // The number of compliance check evidence that Audit Manager classified as // compliant. This includes evidence that was collected from Security Hub with a // Pass ruling, or collected from Config with a Compliant ruling. CompliantEvidenceCount *int32 // The amount of evidence without a compliance check ruling. Evidence is // inconclusive if the associated control uses Security Hub or Config as a data // source and you didn't enable those services. This is also the case if a control // uses a data source that doesn’t support compliance checks (for example, manual // evidence, API calls, or CloudTrail). // // If evidence has a compliance check status of not applicable, it's classified as // inconclusive in InsightsByAssessment data. InconclusiveEvidenceCount *int32 // The time when the assessment insights were last updated. LastUpdated *time.Time // The number of compliance check evidence that Audit Manager classified as // non-compliant. This includes evidence that was collected from Security Hub with // a Fail ruling, or collected from Config with a Non-compliant ruling. NoncompliantEvidenceCount *int32 // The total number of controls in the assessment. TotalAssessmentControlsCount *int32 // contains filtered or unexported fields }
A summary of the latest analytics data for a specific active assessment.
This summary is a snapshot of the data that was collected on the lastUpdated date. It’s important to understand that the totals in InsightsByAssessment are daily counts based on this date — they aren’t a total sum to date.
The InsightsByAssessment data is eventually consistent. This means that when you read data from InsightsByAssessment , the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response returns the latest data.
If you delete an assessment or change its status to inactive, InsightsByAssessment includes data for that assessment as follows.
Inactive assessments - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the InsightsByAssessment counts for that day.
Deleted assessments - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the InsightsByAssessment counts for that day.
type InternalServerException ¶
type InternalServerException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
An internal service error occurred during the processing of your request. Try
again later.
func (*InternalServerException) Error ¶
func (e *InternalServerException) Error() string
func (*InternalServerException) ErrorCode ¶
func (e *InternalServerException) ErrorCode() string
func (*InternalServerException) ErrorFault ¶
func (e *InternalServerException) ErrorFault() smithy.ErrorFault
func (*InternalServerException) ErrorMessage ¶
func (e *InternalServerException) ErrorMessage() string
type KeywordInputType ¶
type KeywordInputType string
const ( KeywordInputTypeSelectFromList KeywordInputType = "SELECT_FROM_LIST" KeywordInputTypeUploadFile KeywordInputType = "UPLOAD_FILE" KeywordInputTypeInputText KeywordInputType = "INPUT_TEXT" )
Enum values for KeywordInputType
func (KeywordInputType) Values ¶
func (KeywordInputType) Values() []KeywordInputType
Values returns all known values for KeywordInputType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ManualEvidence ¶
type ManualEvidence struct { // The name of the file that's uploaded as manual evidence. This name is populated // using the evidenceFileName value from the [GetEvidenceFileUploadUrl]GetEvidenceFileUploadUrl API response. // // [GetEvidenceFileUploadUrl]: https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html EvidenceFileName *string // The S3 URL of the object that's imported as manual evidence. S3ResourcePath *string // The plain text response that's entered and saved as manual evidence. TextResponse *string // contains filtered or unexported fields }
Evidence that's manually added to a control in Audit Manager. manualEvidence
can be one of the following: evidenceFileName , s3ResourcePath , or textResponse .
type Notification ¶
type Notification struct { // The identifier for the assessment. AssessmentId *string // The name of the related assessment. AssessmentName *string // The identifier for the control set. ControlSetId *string // Specifies the name of the control set that the notification is about. ControlSetName *string // The description of the notification. Description *string // The time when the notification was sent. EventTime *time.Time // The unique identifier for the notification. Id *string // The sender of the notification. Source *string // contains filtered or unexported fields }
The notification that informs a user of an update in Audit Manager. For
example, this includes the notification that's sent when a control set is delegated for review.
type ObjectTypeEnum ¶
type ObjectTypeEnum string
const ( ObjectTypeEnumAssessment ObjectTypeEnum = "ASSESSMENT" ObjectTypeEnumControlSet ObjectTypeEnum = "CONTROL_SET" ObjectTypeEnumControl ObjectTypeEnum = "CONTROL" ObjectTypeEnumDelegation ObjectTypeEnum = "DELEGATION" ObjectTypeEnumAssessmentReport ObjectTypeEnum = "ASSESSMENT_REPORT" )
Enum values for ObjectTypeEnum
func (ObjectTypeEnum) Values ¶
func (ObjectTypeEnum) Values() []ObjectTypeEnum
Values returns all known values for ObjectTypeEnum. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Resource ¶
type Resource struct { // The Amazon Resource Name (ARN) for the resource. Arn *string // The evaluation status for a resource that was assessed when collecting // compliance check evidence. // // - Audit Manager classes the resource as non-compliant if Security Hub reports // a Fail result, or if Config reports a Non-compliant result. // // - Audit Manager classes the resource as compliant if Security Hub reports a // Pass result, or if Config reports a Compliant result. // // - If a compliance check isn't available or applicable, then no compliance // evaluation can be made for that resource. This is the case if a resource // assessment uses Config or Security Hub as the underlying data source type, but // those services aren't enabled. This is also the case if the resource assessment // uses an underlying data source type that doesn't support compliance checks (such // as manual evidence, Amazon Web Services API calls, or CloudTrail). ComplianceCheck *string // The value of the resource. Value *string // contains filtered or unexported fields }
A system asset that's evaluated in an Audit Manager assessment.
type ResourceNotFoundException ¶
type ResourceNotFoundException struct { Message *string ErrorCodeOverride *string ResourceId *string ResourceType *string // contains filtered or unexported fields }
The resource that's specified in the request can't be found.
func (*ResourceNotFoundException) Error ¶
func (e *ResourceNotFoundException) Error() string
func (*ResourceNotFoundException) ErrorCode ¶
func (e *ResourceNotFoundException) ErrorCode() string
func (*ResourceNotFoundException) ErrorFault ¶
func (e *ResourceNotFoundException) ErrorFault() smithy.ErrorFault
func (*ResourceNotFoundException) ErrorMessage ¶
func (e *ResourceNotFoundException) ErrorMessage() string
type Role ¶
type Role struct { // The Amazon Resource Name (ARN) of the IAM role. // // This member is required. RoleArn *string // The type of customer persona. // // In CreateAssessment , roleType can only be PROCESS_OWNER . // // In UpdateSettings , roleType can only be PROCESS_OWNER . // // In BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER . // // This member is required. RoleType RoleType // contains filtered or unexported fields }
The wrapper that contains the Audit Manager role information of the current
user. This includes the role type and IAM Amazon Resource Name (ARN).
type RoleType ¶
type RoleType string
type Scope ¶
type Scope struct { // The Amazon Web Services accounts that are included in the scope of the // assessment. AwsAccounts []AWSAccount // The Amazon Web Services services that are included in the scope of the // assessment. // // This API parameter is no longer supported. If you use this parameter to specify // one or more Amazon Web Services, Audit Manager ignores this input. Instead, the // value for awsServices will show as empty. // // Deprecated: You can't specify services in scope when creating/updating an // assessment. If you use the parameter to specify one or more AWS services, Audit // Manager ignores the input. Instead the value of the parameter will show as empty // indicating that the services are defined and managed by Audit Manager. AwsServices []AWSService // contains filtered or unexported fields }
The wrapper that contains the Amazon Web Services accounts that are in scope
for the assessment.
You no longer need to specify which Amazon Web Services are in scope when you create or update an assessment. Audit Manager infers the services in scope by examining your assessment controls and their data sources, and then mapping this information to the relevant Amazon Web Services.
If an underlying data source changes for your assessment, we automatically update the services scope as needed to reflect the correct Amazon Web Services. This ensures that your assessment collects accurate and comprehensive evidence about all of the relevant services in your AWS environment.
type ServiceMetadata ¶
type ServiceMetadata struct { // The category that the Amazon Web Service belongs to, such as compute, storage, // or database. Category *string // The description of the Amazon Web Service. Description *string // The display name of the Amazon Web Service. DisplayName *string // The name of the Amazon Web Service. Name *string // contains filtered or unexported fields }
The metadata that's associated with the Amazon Web Service.
type ServiceQuotaExceededException ¶ added in v1.20.0
type ServiceQuotaExceededException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
You've reached your account quota for this resource type. To perform the requested action, delete some existing resources or request a quota increasefrom the Service Quotas console. For a list of Audit Manager service quotas, see Quotas and restrictions for Audit Manager.
func (*ServiceQuotaExceededException) Error ¶ added in v1.20.0
func (e *ServiceQuotaExceededException) Error() string
func (*ServiceQuotaExceededException) ErrorCode ¶ added in v1.20.0
func (e *ServiceQuotaExceededException) ErrorCode() string
func (*ServiceQuotaExceededException) ErrorFault ¶ added in v1.20.0
func (e *ServiceQuotaExceededException) ErrorFault() smithy.ErrorFault
func (*ServiceQuotaExceededException) ErrorMessage ¶ added in v1.20.0
func (e *ServiceQuotaExceededException) ErrorMessage() string
type SettingAttribute ¶
type SettingAttribute string
const ( SettingAttributeAll SettingAttribute = "ALL" SettingAttributeIsAwsOrgEnabled SettingAttribute = "IS_AWS_ORG_ENABLED" SettingAttributeSnsTopic SettingAttribute = "SNS_TOPIC" SettingAttributeDefaultAssessmentReportsDestination SettingAttribute = "DEFAULT_ASSESSMENT_REPORTS_DESTINATION" SettingAttributeDefaultProcessOwners SettingAttribute = "DEFAULT_PROCESS_OWNERS" SettingAttributeEvidenceFinderEnablement SettingAttribute = "EVIDENCE_FINDER_ENABLEMENT" SettingAttributeDeregistrationPolicy SettingAttribute = "DEREGISTRATION_POLICY" SettingAttributeDefaultExportDestination SettingAttribute = "DEFAULT_EXPORT_DESTINATION" )
Enum values for SettingAttribute
func (SettingAttribute) Values ¶
func (SettingAttribute) Values() []SettingAttribute
Values returns all known values for SettingAttribute. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type Settings ¶
type Settings struct { // The default S3 destination bucket for storing assessment reports. DefaultAssessmentReportsDestination *AssessmentReportsDestination // The default S3 destination bucket for storing evidence finder exports. DefaultExportDestination *DefaultExportDestination // The designated default audit owners. DefaultProcessOwners []Role // The deregistration policy for your Audit Manager data. You can use this // attribute to determine how your data is handled when you deregister Audit // Manager. DeregistrationPolicy *DeregistrationPolicy // The current evidence finder status and event data store details. EvidenceFinderEnablement *EvidenceFinderEnablement // Specifies whether Organizations is enabled. IsAwsOrgEnabled *bool // The KMS key details. KmsKey *string // The designated Amazon Simple Notification Service (Amazon SNS) topic. SnsTopic *string // contains filtered or unexported fields }
The settings object that holds all supported Audit Manager settings.
type ShareRequestAction ¶ added in v1.11.0
type ShareRequestAction string
const ()
Enum values for ShareRequestAction
func (ShareRequestAction) Values ¶ added in v1.11.0
func (ShareRequestAction) Values() []ShareRequestAction
Values returns all known values for ShareRequestAction. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ShareRequestStatus ¶ added in v1.11.0
type ShareRequestStatus string
const ()
Enum values for ShareRequestStatus
func (ShareRequestStatus) Values ¶ added in v1.11.0
func (ShareRequestStatus) Values() []ShareRequestStatus
Values returns all known values for ShareRequestStatus. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ShareRequestType ¶ added in v1.11.0
type ShareRequestType string
const ()
Enum values for ShareRequestType
func (ShareRequestType) Values ¶ added in v1.11.0
func (ShareRequestType) Values() []ShareRequestType
Values returns all known values for ShareRequestType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SourceFrequency ¶
type SourceFrequency string
const ( SourceFrequencyDaily SourceFrequency = "DAILY" SourceFrequencyWeekly SourceFrequency = "WEEKLY" SourceFrequencyMonthly SourceFrequency = "MONTHLY" )
Enum values for SourceFrequency
func (SourceFrequency) Values ¶
func (SourceFrequency) Values() []SourceFrequency
Values returns all known values for SourceFrequency. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SourceKeyword ¶
type SourceKeyword struct { // The input method for the keyword. // // - SELECT_FROM_LIST is used when mapping a data source for automated evidence. // // - When keywordInputType is SELECT_FROM_LIST , a keyword must be selected to // collect automated evidence. For example, this keyword can be a CloudTrail event // name, a rule name for Config, a Security Hub control, or the name of an Amazon // Web Services API call. // // - UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for // manual evidence. // // - When keywordInputType is UPLOAD_FILE , a file must be uploaded as manual // evidence. // // - When keywordInputType is INPUT_TEXT , text must be entered as manual // evidence. KeywordInputType KeywordInputType // The value of the keyword that's used when mapping a control data source. For // example, this can be a CloudTrail event name, a rule name for Config, a Security // Hub control, or the name of an Amazon Web Services API call. // // If you’re mapping a data source to a rule in Config, the keywordValue that you // specify depends on the type of rule: // // - For [managed rules], you can use the rule identifier as the keywordValue . You can find the // rule identifier from the [list of Config managed rules]. For some rules, the rule identifier is different // from the rule name. For example, the rule name restricted-ssh has the // following rule identifier: INCOMING_SSH_DISABLED . Make sure to use the rule // identifier, not the rule name. // // Keyword example for managed rules: // // - Managed rule name: [s3-bucket-acl-prohibited] // // keywordValue : S3_BUCKET_ACL_PROHIBITED // // - For [custom rules], you form the keywordValue by adding the Custom_ prefix to the rule // name. This prefix distinguishes the custom rule from a managed rule. // // Keyword example for custom rules: // // - Custom rule name: my-custom-config-rule // // keywordValue : Custom_my-custom-config-rule // // - For [service-linked rules], you form the keywordValue by adding the Custom_ prefix to the rule // name. In addition, you remove the suffix ID that appears at the end of the rule // name. // // Keyword examples for service-linked rules: // // - Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w // // keywordValue : Custom_CustomRuleForAccount-conformance-pack // // - Service-linked rule name: // OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba // // keywordValue : Custom_OrgConfigRule-s3-bucket-versioning-enabled // // The keywordValue is case sensitive. If you enter a value incorrectly, Audit // Manager might not recognize the data source mapping. As a result, you might not // successfully collect evidence from that data source as intended. // // Keep in mind the following requirements, depending on the data source type that // you're using. // // - For Config: // // - For managed rules, make sure that the keywordValue is the rule identifier in // ALL_CAPS_WITH_UNDERSCORES . For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED . For // accuracy, we recommend that you reference the list of [supported Config managed rules]. // // - For custom rules, make sure that the keywordValue has the Custom_ prefix // followed by the custom rule name. The format of the custom rule name itself may // vary. For accuracy, we recommend that you visit the [Config console]to verify your custom // rule name. // // - For Security Hub: The format varies for Security Hub control names. For // accuracy, we recommend that you reference the list of [supported Security Hub controls]. // // - For Amazon Web Services API calls: Make sure that the keywordValue is // written as serviceprefix_ActionName . For example, iam_ListGroups . For // accuracy, we recommend that you reference the list of [supported API calls]. // // - For CloudTrail: Make sure that the keywordValue is written as // serviceprefix_ActionName . For example, cloudtrail_StartLogging . For // accuracy, we recommend that you review the Amazon Web Service prefix and action // names in the [Service Authorization Reference]. // // [custom rules]: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html // [service-linked rules]: https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html // [supported API calls]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html // [Service Authorization Reference]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html // [list of Config managed rules]: https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html // [s3-bucket-acl-prohibited]: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html // [Config console]: https://console.aws.amazon.com/config/ // [managed rules]: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html // [supported Config managed rules]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html // [supported Security Hub controls]: https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html KeywordValue *string // contains filtered or unexported fields }
A keyword that relates to the control data source.
For manual evidence, this keyword indicates if the manual evidence is a file or text.
For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.
To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the Audit Manager User Guide:
Config rules supported by Audit Manager
Security Hub controls supported by Audit Manager
type SourceSetUpOption ¶
type SourceSetUpOption string
const ( SourceSetUpOptionSystemControlsMapping SourceSetUpOption = "System_Controls_Mapping" SourceSetUpOptionProceduralControlsMapping SourceSetUpOption = "Procedural_Controls_Mapping" )
Enum values for SourceSetUpOption
func (SourceSetUpOption) Values ¶
func (SourceSetUpOption) Values() []SourceSetUpOption
Values returns all known values for SourceSetUpOption. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type SourceType ¶
type SourceType string
const ( SourceTypeAwsCloudtrail SourceType = "AWS_Cloudtrail" SourceTypeAwsConfig SourceType = "AWS_Config" SourceTypeAwsSecurityHub SourceType = "AWS_Security_Hub" SourceTypeAwsApiCall SourceType = "AWS_API_Call" SourceTypeManual SourceType = "MANUAL" SourceTypeCommonControl SourceType = "Common_Control" SourceTypeCoreControl SourceType = "Core_Control" )
Enum values for SourceType
func (SourceType) Values ¶
func (SourceType) Values() []SourceType
Values returns all known values for SourceType. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.
type ThrottlingException ¶ added in v1.19.0
type ThrottlingException struct { Message *string ErrorCodeOverride *string // contains filtered or unexported fields }
The request was denied due to request throttling.
func (*ThrottlingException) Error ¶ added in v1.19.0
func (e *ThrottlingException) Error() string
func (*ThrottlingException) ErrorCode ¶ added in v1.19.0
func (e *ThrottlingException) ErrorCode() string
func (*ThrottlingException) ErrorFault ¶ added in v1.19.0
func (e *ThrottlingException) ErrorFault() smithy.ErrorFault
func (*ThrottlingException) ErrorMessage ¶ added in v1.19.0
func (e *ThrottlingException) ErrorMessage() string
type URL ¶
type URL struct { // The name or word that's used as a hyperlink to the URL. HyperlinkName *string // The unique identifier for the internet resource. Link *string // contains filtered or unexported fields }
Short for uniform resource locator. A URL is used as a unique identifier to
locate a resource on the internet.
type UpdateAssessmentFrameworkControlSet ¶
type UpdateAssessmentFrameworkControlSet struct { // The list of controls that are contained within the control set. // // This member is required. Controls []CreateAssessmentFrameworkControl // The name of the control set. // // This member is required. Name *string // The unique identifier for the control set. Id *string // contains filtered or unexported fields }
A controlSet entity that represents a collection of controls in Audit Manager.
This doesn't contain the control set ID.
type ValidationException ¶
type ValidationException struct { Message *string ErrorCodeOverride *string Reason ValidationExceptionReason Fields []ValidationExceptionField // contains filtered or unexported fields }
The request has invalid or missing parameters.
func (*ValidationException) Error ¶
func (e *ValidationException) Error() string
func (*ValidationException) ErrorCode ¶
func (e *ValidationException) ErrorCode() string
func (*ValidationException) ErrorFault ¶
func (e *ValidationException) ErrorFault() smithy.ErrorFault
func (*ValidationException) ErrorMessage ¶
func (e *ValidationException) ErrorMessage() string
type ValidationExceptionField ¶
type ValidationExceptionField struct { // The body of the error message. // // This member is required. Message *string // The name of the validation error. // // This member is required. Name *string // contains filtered or unexported fields }
Indicates that the request has invalid or missing parameters for the field.
type ValidationExceptionReason ¶
type ValidationExceptionReason string
const ( ValidationExceptionReasonUnknownOperation ValidationExceptionReason = "unknownOperation" ValidationExceptionReasonCannotParse ValidationExceptionReason = "cannotParse" ValidationExceptionReasonFieldValidationFailed ValidationExceptionReason = "fieldValidationFailed" ValidationExceptionReasonOther ValidationExceptionReason = "other" )
Enum values for ValidationExceptionReason
func (ValidationExceptionReason) Values ¶
func (ValidationExceptionReason) Values() []ValidationExceptionReason
Values returns all known values for ValidationExceptionReason. Note that this can be expanded in the future, and so it is only as up to date as the client.
The ordering of this slice is not guaranteed to be stable across updates.