AWS Audit Manager Cheat Sheet

• A service that will help you audit your AWS usage on a regular basis in order to simplify risk management and compliance with regulations and industry standards.

• Automates evidence collection for policies, procedures, and activities, as well as the creation of audit reports.

Features

• Centrally manage and upload evidence from on-premises or multi-cloud environments. 

• View analytics data for active assessments on the Audit Manager dashboard and quickly identify non-compliant evidence that needs to be remedied.

• Creation of frameworks with standard or custom controls based on your specific internal audit requirements. 

• Custom frameworks can also be shared with another AWS account or replicated into another AWS Region under your own account. 

• Supports control set delegation to team members to assist you in reviewing related evidence, adding comments, and updating the status of each control. 

Concepts

• Assessments

  • An assessment is based on a framework, which is a collection of controls.

  • When you create an assessment, continuous collection of evidence begins.

  • For audit, you or a delegate can review this evidence and add it to an assessment report.

  • An assessment has two states: 

    • Active – currently collecting evidence.

    • Inactive – stops collecting evidence.

• Assessment reports

  • Summarizes the evidence that was gathered from an assessment.

  • It also includes links to evidence PDF files.

  • Assessment reports are placed in an S3 bucket.

• Delegations

  • Allows you to delegate a control set to a subject matter expert for review and validation of evidence. 

  • In different AWS Regions, an account can be:

    • Audit owner

    • Delegate

  • Delegates are asked by audit owners to review the evidence associated with a control set.

• Framework library

  • Defines the controls and data source mappings for a given compliance standard or regulation

    • Standard Frameworks – prebuilt AWS frameworks

    • Custom Frameworks – frameworks that you own.

  • By creating a share request, a recipient can use your custom framework to create assessments. 

• Control library

  • Standard Controls

    • AWS predefined controls.

    • Editing or deleting standard controls is not allowed.

    • You can customize any standard control to meet your specific requirements.

  • Custom Controls

    • Customized controls that you own.

    • Allows you to define which data sources you want to collect evidence from.

  • The data source types for automated evidence:

    • AWS API calls

    • AWS Config

    • AWS Security Hub

    • AWS CloudTrail

AWS Audit Manager Monitoring

• You can capture snapshots of your resource security posture by reporting:

  • Results of security checks directly from AWS Security Hub.

  • Findings to AWS Config.

• Collects log data from AWS CloudTrail and converts processed logs into evidence of user activity.

• Audit Manager includes a License Manager framework to help you prepare for audits. 

• You can use the following services to help you prepare for your audit:

  • AWS License Manager framework

  • AWS Control Tower Guardrails framework

• Using Amazon SNS, you can send a notification to a user when one of the following events occurs:

  • The audit owner delegates a control set for review.

  • The audit owner has finished reviewing a control set.

  • The delegate submits a control set that has been reviewed to the audit owner.

AWS Audit Manager Security

• Uses AWS IAM service-linked roles to connect to data sources.

• Data is encrypted using the AWS KMS key.

AWS Audit Manager Pricing

• You are charged based on the number of resource assessments performed.

• You are charged for assessment reports stored in Amazon S3.

AWS Audit Manager Cheat Sheet References:

https://aws.amazon.com/audit-manager/
https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html