Request Body

"createDelegationRequests": [ {

"comment": "string", "controlSetId": "string", "roleArn": "string", "roleType": "string"

} ] }

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 9)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

The request accepts the following data in JSON format.

createDelegationRequests (p. 9)

The API request to batch create delegations in AWS Audit Manager.

Type: Array of CreateDelegationRequest (p. 228) objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: Yes

Response Syntax

HTTP/1.1 200

Content-type: application/json { "delegations": [

API Version 2017-07-25 9

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

delegations (p. 9)

The delegations that are associated with the assessment.

Type: Array of Delegation (p. 230) objects errors (p. 9)

A list of errors that the BatchCreateDelegationByAssessment API returned.

Type: Array of BatchCreateDelegationByAssessmentError (p. 205) objects

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500

ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

Request Syntax

PUT /assessments/assessmentId/delegations HTTP/1.1 Content-type: application/json

{

"delegationIds": [ "string" ] }

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 12)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

delegationIds (p. 12)

The identiﬁers for the delegations.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Response Syntax

HTTP/1.1 200

Content-type: application/json { "errors": [

{

"delegationId": "string",

"errorCode": "string", "errorMessage": "string"

} ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

errors (p. 12)

A list of errors that the BatchDeleteDelegationByAssessment API returned.

Type: Array of BatchDeleteDelegationByAssessmentError (p. 206) objects

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

BatchDisassociateAssessmentReportEvidence

Disassociates a list of evidence from an assessment report in AWS Audit Manager.

Request Syntax

PUT /assessments/assessmentId/batchDisassociateFromAssessmentReport HTTP/1.1 Content-type: application/json

{

"evidenceFolderId": "string", "evidenceIds": [ "string" ] }

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 15)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

evidenceFolderId (p. 15)

The identiﬁer for the folder that the evidence is stored in.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes evidenceIds (p. 15)

The list of evidence identiﬁers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

API Version 2017-07-25 15

Response Syntax

HTTP/1.1 200

Content-type: application/json {

"errors": [ {

"errorCode": "string", "errorMessage": "string", "evidenceId": "string"

} ],

"evidenceIds": [ "string" ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

errors (p. 16)

A list of errors that the BatchDisassociateAssessmentReportEvidence API returned.

Type: Array of AssessmentReportEvidenceError (p. 199) objects evidenceIds (p. 16)

The identiﬁer for the evidence.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

Request Syntax

POST /assessments/assessmentId/controlSets/controlSetId/controls/controlId/evidence HTTP/1.1

Content-type: application/json {

"manualEvidence": [ {

"s3ResourcePath": "string"

} ] }

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 18)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes controlId (p. 18)

The identiﬁer for the control.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes controlSetId (p. 18)

The identiﬁer for the control set.

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[\w\W\s\S]*$

Required: Yes

Request Body

The request accepts the following data in JSON format.

manualEvidence (p. 18)

The list of manual evidence objects.

Type: Array of ManualEvidence (p. 249) objects

Array Members: Minimum number of 1 item. Maximum number of 50 items.

Required: Yes

Response Syntax

HTTP/1.1 200

Content-type: application/json { "errors": [

{

"errorCode": "string", "errorMessage": "string", "manualEvidence": {

"s3ResourcePath": "string"

} } ]}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

errors (p. 19)

A list of errors that the BatchImportEvidenceToAssessmentControl API returned.

Type: Array of BatchImportEvidenceToAssessmentControlError (p. 207) objects

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404

API Version 2017-07-25 19

CreateAssessment

Creates an assessment in AWS Audit Manager.

Request Syntax

POST /assessments HTTP/1.1 Content-type: application/json { "assessmentReportsDestination": { "destination": "string",

"destinationType": "string"

"description": "string", "frameworkId": "string", "name": "string",

"roles": [

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

assessmentReportsDestination (p. 21)

The assessment report storage destination for the assessment that's being created.

Type: AssessmentReportsDestination (p. 202) object Required: Yes

API Version 2017-07-25 21

Request Body

description (p. 21)

The optional description of the assessment to be created.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No frameworkId (p. 21)

The identiﬁer for the framework that the assessment will be created from.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes name (p. 21)

The name of the assessment to be created.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[^\\]*$

Required: Yes roles (p. 21)

The list of roles for the assessment.

Type: Array of Role (p. 253) objects Required: Yes

scope (p. 21)

The wrapper that contains the AWS accounts and services that are in scope for the assessment.

Type: Scope (p. 254) object Required: Yes

tags (p. 21)

The tags that are associated with the assessment.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Response Syntax

} }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

assessment (p. 23)

An entity that deﬁnes the scope of audit evidence collected by AWS Audit Manager. An AWS Audit Manager assessment is an implementation of an AWS Audit Manager framework.

Type: Assessment (p. 176) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

CreateAssessmentFramework

Creates a custom framework in AWS Audit Manager.

Request Syntax

POST /assessmentFrameworks HTTP/1.1 Content-type: application/json { "complianceType": "string", "controlSets": [

{

"controls": [ {

"id": "string"

} ],

"name": "string"

} ],

"description": "string", "name": "string",

"tags": {

"string" : "string"

}}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

complianceType (p. 27)

The compliance type that the new custom framework supports, such as CIS or HIPAA.

Type: String

Length Constraints: Maximum length of 100.

Pattern: ^[\w\W\s\S]*$

Required: No controlSets (p. 27)

The control sets that are associated with the framework.

Type: Array of CreateAssessmentFrameworkControlSet (p. 225) objects Array Members: Minimum number of 1 item.

Required: Yes

API Version 2017-07-25 27

Response Syntax

description (p. 27)

An optional description for the new custom framework.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No name (p. 27)

The name of the new custom framework.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[^\\]*$

Required: Yes tags (p. 27)

The tags that are associated with the framework.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Value Pattern: .{0,255}

"complianceType": "string", "controlSets": [

"sourceId": "string",

"controlSources": "string", "createdAt": number, "createdBy": "string", "description": "string", "id": "string",

"lastUpdatedAt": number, "lastUpdatedBy": "string", "logo": "string",

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

framework (p. 28)

The name of the new framework that the CreateAssessmentFramework API returned.

Type: Framework (p. 240) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

API Version 2017-07-25 29

CreateAssessmentReport

Creates an assessment report for the speciﬁed assessment.

Request Syntax

POST /assessments/assessmentId/reports HTTP/1.1 Content-type: application/json

{ "description": "string", "name": "string"

}

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 31)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Request Body

The request accepts the following data in JSON format.

description (p. 31)

The description of the assessment report.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No name (p. 31)

The name of the new assessment report.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[a-zA-Z0-9-_\.]+$

Required: Yes

API Version 2017-07-25 31

Response Syntax

HTTP/1.1 200

Content-type: application/json {

"assessmentReport": { "assessmentId": "string", "assessmentName": "string", "author": "string",

"awsAccountId": "string", "creationTime": number, "description": "string", "id": "string",

"name": "string", "status": "string"

}}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

assessmentReport (p. 32)

The new assessment report that the CreateAssessmentReport API returned.

Type: AssessmentReport (p. 197) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

Request Syntax

POST /controls HTTP/1.1

Content-type: application/json {

"actionPlanInstructions": "string", "actionPlanTitle": "string",

"controlMappingSources": [ {

"troubleshootingText": "string"

} ],

"description": "string", "name": "string",

"tags": {

"string" : "string"

"testingInformation": "string"

}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

actionPlanInstructions (p. 34)

The recommended actions to carry out if the control isn't fulﬁlled.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No actionPlanTitle (p. 34)

The title of the action plan for remediating the control.

Type: String

Length Constraints: Maximum length of 300.

Pattern: ^[\w\W\s\S]*$

Required: No

controlMappingSources (p. 34)

The data mapping sources for the control.

Type: Array of CreateControlMappingSource (p. 226) objects Array Members: Minimum number of 1 item.

Required: Yes description (p. 34)

The description of the control.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

Required: No name (p. 34)

The name of the control.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 300.

Pattern: ^[^\\]*$

Required: Yes tags (p. 34)

The tags that are associated with the control.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Key Pattern: ^(?!aws:)[a-zA-Z+-=._:/]+$

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Value Pattern: .{0,255}

Required: No

testingInformation (p. 34)

The steps to follow to determine if the control is satisﬁed.

Type: String

Length Constraints: Maximum length of 1000.

Pattern: ^[\w\W\s\S]*$

API Version 2017-07-25 35

Response Syntax

"actionPlanInstructions": "string", "actionPlanTitle": "string", "arn": "string",

"controlSources": "string", "createdAt": number, "createdBy": "string", "description": "string", "id": "string",

"lastUpdatedAt": number, "lastUpdatedBy": "string", "name": "string",

"tags": {

"string" : "string"

"testingInformation": "string", "type": "string"

}}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

control (p. 36)

The new control that the CreateControl API returned.

Type: Control (p. 210) object

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

Request Syntax

DELETE /assessments/assessmentId HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

assessmentId (p. 38)

The identiﬁer for the assessment.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

HTTP Status Code: 403 InternalServerException

An internal service error occurred during the processing of your request. Try again later.

HTTP Status Code: 500 ResourceNotFoundException

The resource that's speciﬁed in the request can't be found.

HTTP Status Code: 404 ValidationException

The request has invalid or missing parameters.

HTTP Status Code: 400

Request Syntax

DELETE /assessmentFrameworks/frameworkId HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

frameworkId (p. 40)

The identiﬁer for the custom framework.

Length Constraints: Fixed length of 36.

Pattern: ^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors (p. 265).

AccessDeniedException

Your account isn't registered with AWS Audit Manager. Check the delegated administrator setup on the AWS Audit Manager settings page, and try again.

在文檔中 AWS Audit Manager (頁 23-140)

Request Body

URI Request Parameters

Request Body

Response Syntax

Errors

See Also

BatchDeleteDelegationByAssessment

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors

See Also

BatchDisassociateAssessmentReportEvidence

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors

See Also

BatchImportEvidenceToAssessmentControl

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors

See Also

CreateAssessment

Request Syntax

Request Body

Response Elements

Errors

See Also

CreateAssessmentFramework

Request Syntax

URI Request Parameters

Request Body

Errors

See Also

CreateAssessmentReport

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors

See Also

CreateControl

Request Syntax

URI Request Parameters

Request Body

Response Elements

Errors

See Also

DeleteAssessment

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors

See Also

DeleteAssessmentFramework

Request Syntax

URI Request Parameters

Request Body

Response Syntax

Response Elements

Errors