AWS Audit Manager

Home » AWS Cheat Sheets » AWS Audit Manager

AWS Audit Manager

Last updated on June 23, 2023

AWS Audit Manager Cheat Sheet

  • A service that will help you audit your AWS usage on a regular basis in order to simplify risk management and compliance with regulations and industry standards.

  • Automates evidence collection for policies, procedures, and activities, as well as the creation of audit reports.

Tutorials dojo strip

Features

  • Centrally manage and upload evidence from on-premises or multi-cloud environments. 

  • View analytics data for active assessments on the Audit Manager dashboard and quickly identify non-compliant evidence that needs to be remedied.

  • Creation of frameworks with standard or custom controls based on your specific internal audit requirements. 

  • Custom frameworks can also be shared with another AWS account or replicated into another AWS Region under your own account. 

  • Supports control set delegation to team members to assist you in reviewing related evidence, adding comments, and updating the status of each control. 

Concepts

  • Assessments

    • An assessment is based on a framework, which is a collection of controls.

    • When you create an assessment, continuous collection of evidence begins.

    • For audit, you or a delegate can review this evidence and add it to an assessment report.

    • An assessment has two states: 

      • Active – currently collecting evidence.

      • Inactive – stops collecting evidence.

  • Assessment reports

    • Summarizes the evidence that was gathered from an assessment.

    • It also includes links to evidence PDF files.

    • Assessment reports are placed in an S3 bucket.

  • Delegations

    • Allows you to delegate a control set to a subject matter expert for review and validation of evidence. 

    • In different AWS Regions, an account can be:

      • Audit owner

      • Delegate

    • Delegates are asked by audit owners to review the evidence associated with a control set.

  • Framework library

    • Defines the controls and data source mappings for a given compliance standard or regulation

      • Standard Frameworks – prebuilt AWS frameworks

      • Custom Frameworks – frameworks that you own.

    • By creating a share request, a recipient can use your custom framework to create assessments. 

  • Control library

    • Standard Controls

      • AWS predefined controls.

      • Editing or deleting standard controls is not allowed.

      • You can customize any standard control to meet your specific requirements.

    • Custom Controls

      • Customized controls that you own.

      • Allows you to define which data sources you want to collect evidence from.

    • The data source types for automated evidence:

      • AWS API calls

      • AWS Config

      • AWS Security Hub

      • AWS CloudTrail

AWS Audit Manager Monitoring

  • You can capture snapshots of your resource security posture by reporting:

  • Collects log data from AWS CloudTrail and converts processed logs into evidence of user activity.

  • Audit Manager includes a License Manager framework to help you prepare for audits. 

  • You can use the following services to help you prepare for your audit:

    • AWS License Manager framework

    • AWS Control Tower Guardrails framework

  • Using Amazon SNS, you can send a notification to a user when one of the following events occurs:

    • The audit owner delegates a control set for review.

    • The audit owner has finished reviewing a control set.

    • The delegate submits a control set that has been reviewed to the audit owner.

AWS Audit Manager Security

  • Uses AWS IAM service-linked roles to connect to data sources.

  • Data is encrypted using the AWS KMS key.

AWS Audit Manager Pricing

  • You are charged based on the number of resource assessments performed.

  • You are charged for assessment reports stored in Amazon S3.

AWS Audit Manager Cheat Sheet References:

https://aws.amazon.com/audit-manager/
https://docs.aws.amazon.com/audit-manager/latest/userguide/what-is.html

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

FREE AI and AWS Digital Courses

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Join Data Engineering Pilipinas – Connect, Learn, and Grow!

Data-Engineering-PH

K8SUG

Follow Us On Linkedin

Recent Posts

Written by: Admin User-1

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?