Last updated on June 23, 2023
AWS Audit Manager Cheat Sheet
-
A service that will help you audit your AWS usage on a regular basis in order to simplify risk management and compliance with regulations and industry standards.
-
Automates evidence collection for policies, procedures, and activities, as well as the creation of audit reports.
Features
-
Centrally manage and upload evidence from on-premises or multi-cloud environments.
-
View analytics data for active assessments on the Audit Manager dashboard and quickly identify non-compliant evidence that needs to be remedied.
-
Creation of frameworks with standard or custom controls based on your specific internal audit requirements.
-
Custom frameworks can also be shared with another AWS account or replicated into another AWS Region under your own account.
-
Supports control set delegation to team members to assist you in reviewing related evidence, adding comments, and updating the status of each control.
Concepts
-
Assessments
-
An assessment is based on a framework, which is a collection of controls.
-
When you create an assessment, continuous collection of evidence begins.
-
For audit, you or a delegate can review this evidence and add it to an assessment report.
-
An assessment has two states:
-
Active – currently collecting evidence.
-
Inactive – stops collecting evidence.
-
-
-
Assessment reports
-
Summarizes the evidence that was gathered from an assessment.
-
It also includes links to evidence PDF files.
-
Assessment reports are placed in an S3 bucket.
-
-
Delegations
-
Allows you to delegate a control set to a subject matter expert for review and validation of evidence.
-
In different AWS Regions, an account can be:
-
Audit owner
-
Delegate
-
-
Delegates are asked by audit owners to review the evidence associated with a control set.
-
-
Framework library
-
Defines the controls and data source mappings for a given compliance standard or regulation
-
Standard Frameworks – prebuilt AWS frameworks
-
Custom Frameworks – frameworks that you own.
-
-
By creating a share request, a recipient can use your custom framework to create assessments.
-
-
Control library
-
Standard Controls
-
AWS predefined controls.
-
Editing or deleting standard controls is not allowed.
-
You can customize any standard control to meet your specific requirements.
-
-
Custom Controls
-
Customized controls that you own.
-
Allows you to define which data sources you want to collect evidence from.
-
-
The data source types for automated evidence:
-
AWS API calls
-
AWS Config
-
AWS Security Hub
-
AWS CloudTrail
-
-
AWS Audit Manager Monitoring
-
You can capture snapshots of your resource security posture by reporting:
-
Results of security checks directly from AWS Security Hub.
-
Findings to AWS Config.
-
-
Collects log data from AWS CloudTrail and converts processed logs into evidence of user activity.
-
Audit Manager includes a License Manager framework to help you prepare for audits.
-
You can use the following services to help you prepare for your audit:
-
AWS License Manager framework
-
AWS Control Tower Guardrails framework
-
-
Using Amazon SNS, you can send a notification to a user when one of the following events occurs:
-
The audit owner delegates a control set for review.
-
The audit owner has finished reviewing a control set.
-
The delegate submits a control set that has been reviewed to the audit owner.
-
AWS Audit Manager Security
-
Uses AWS IAM service-linked roles to connect to data sources.
-
Data is encrypted using the AWS KMS key.
AWS Audit Manager Pricing
-
You are charged based on the number of resource assessments performed.
-
You are charged for assessment reports stored in Amazon S3.
AWS Audit Manager Cheat Sheet References:
https://aws.amazon.com/audit-manager/
https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html