Shows how to use the AWS SDK for Python (Boto3) with AWS Audit Manager to do the following:

• Create an assessment report that consists of evidence from one specific date.
• Create custom controls and a custom framework based on the managed rules in an AWS Config conformance pack.
• Create a custom framework with all standard controls using AWS Security Hub as their data source.

AWS Audit Manager helps you continually audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards.

• Create an assessment report that consists of evidence from one specific date
• Create custom controls and a custom framework based on the managed rules in an AWS Config conformance pack
• Create a custom framework with all standard controls using AWS Security Hub as their data source

• As an AWS best practice, grant this code least privilege, or only the permissions required to perform a task. For more information, see Grant Least Privilege in the AWS Identity and Access Management User Guide.
• This code has not been tested in all AWS Regions. Some AWS services are available only in specific Regions. For more information, see the AWS Region Table on the AWS website.
• Running this code might result in charges to your AWS account.

• You must have an AWS account, and have your default credentials and AWS Region configured as described in the AWS Tools and SDKs Shared Configuration and Credentials Reference Guide.
• You should be familiar with Audit Manager terminology and functionality. For a general overview, see What is AWS Audit Manager? and AWS Audit Manager concepts and terminology.
• You must have completed all the prerequisites that are described in Setting up AWS Audit Manager.
• Your IAM identity must have the appropriate permissions to create resources in Audit Manager. Two suggested policies that grant these permissions are Example 2: Allow full administrator access and Example 3: Allow management access.
• To create custom controls that use AWS Security Hub as a data source, you must first enable AWS Security Hub, then enable all security standards.
• To create custom controls and frameworks from an AWS Config conformance pack, you must first enable AWS Config, then deploy the conformance pack that you want to use.
• Python 3.8 or later
• Boto3 1.19.32 or later
• PyTest 6.0.2 or later (to run unit tests)

Each example can be at a command prompt with a command similar to the following.

python create_assessment_report.py

The unit tests in this module use the botocore Stubber. This captures requests before they are sent to AWS, and returns a mocked response. To run all of the tests, run the following in your [GitHub root]/python/example_code/auditmanager folder.

python -m pytest

• Boto3 AWS Audit Manager service reference
• AWS Audit Manager documentation

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0