assessments
Creates, updates, deletes or gets an assessment resource or lists assessments in a region
Overview
| Name | assessments |
| Type | Resource |
| Description | An entity that defines the scope of audit evidence collected by AWS Audit Manager. |
| Id | aws.auditmanager.assessments |
Fields
| Name | Datatype | Description |
|---|---|---|
framework_id | string | The identifier for the specified framework. |
assessment_id | string | |
aws_account | object | The AWS account associated with the assessment. |
arn | string | The Amazon Resource Name (ARN) of the assessment. |
tags | array | The tags associated with the assessment. |
delegations | array | The list of delegations. |
roles | array | The list of roles for the specified assessment. |
scope | object | The wrapper that contains the AWS accounts and AWS services in scope for the assessment. |
assessment_reports_destination | object | The destination in which evidence reports are stored for the specified assessment. |
status | string | The status of the specified assessment. |
creation_time | number | The sequence of characters that identifies when the event occurred. |
name | string | The name of the related assessment. |
description | string | The description of the specified assessment. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | , region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resource | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
List all assessments in a region.
SELECT
region,
assessment_id
FROM aws.auditmanager.assessments
WHERE region = 'us-east-1';
Gets all properties from an assessment.
SELECT
region,
framework_id,
assessment_id,
aws_account,
arn,
tags,
delegations,
roles,
scope,
assessment_reports_destination,
status,
creation_time,
name,
description
FROM aws.auditmanager.assessments
WHERE region = 'us-east-1' AND data__Identifier = '<AssessmentId>';
INSERT example
Use the following StackQL query and manifest file to create a new assessment resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.auditmanager.assessments (
,
region
)
SELECT
'{{ }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.auditmanager.assessments (
FrameworkId,
AwsAccount,
Tags,
Delegations,
Roles,
Scope,
AssessmentReportsDestination,
Status,
Name,
Description,
region
)
SELECT
'{{ FrameworkId }}',
'{{ AwsAccount }}',
'{{ Tags }}',
'{{ Delegations }}',
'{{ Roles }}',
'{{ Scope }}',
'{{ AssessmentReportsDestination }}',
'{{ Status }}',
'{{ Name }}',
'{{ Description }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: assessment
props:
- name: FrameworkId
value: '{{ FrameworkId }}'
- name: AwsAccount
value:
Id: '{{ Id }}'
EmailAddress: '{{ EmailAddress }}'
Name: '{{ Name }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: Delegations
value:
- LastUpdated: null
ControlSetId: '{{ ControlSetId }}'
CreationTime: null
CreatedBy: '{{ CreatedBy }}'
RoleArn: '{{ RoleArn }}'
AssessmentName: '{{ AssessmentName }}'
Comment: '{{ Comment }}'
Id: '{{ Id }}'
RoleType: '{{ RoleType }}'
AssessmentId: null
Status: '{{ Status }}'
- name: Roles
value:
- RoleArn: null
RoleType: null
- name: Scope
value:
AwsAccounts:
- null
AwsServices:
- ServiceName: '{{ ServiceName }}'
- name: AssessmentReportsDestination
value:
Destination: '{{ Destination }}'
DestinationType: '{{ DestinationType }}'
- name: Status
value: '{{ Status }}'
- name: Name
value: null
- name: Description
value: '{{ Description }}'
DELETE example
/*+ delete */
DELETE FROM aws.auditmanager.assessments
WHERE data__Identifier = '<AssessmentId>'
AND region = 'us-east-1';
Permissions
To operate on the assessments resource, the following permissions are required:
Create
auditmanager:CreateAssessment,
auditmanager:TagResource,
auditmanager:ListTagsForResource,
auditmanager:BatchCreateDelegationByAssessment,
iam:PassRole
Read
auditmanager:GetAssessment
Update
auditmanager:UpdateAssessment,
auditmanager:UpdateAssessmentStatus,
auditmanager:BatchCreateDelegationByAssessment,
auditmanager:BatchDeleteDelegationByAssessment
Delete
auditmanager:DeleteAssessment
List
auditmanager:ListAssessments