Audit Manager code examples for the SDK for Python

Overview

Shows how to use the AWS SDK for Python (Boto3) to work with AWS Audit Manager.

Audit Manager helps you continuously audit your AWS usage to simplify how you manage risk and compliance with regulations and industry standards.

⚠ Important

• Running this code might result in charges to your AWS account. For more details, see AWS Pricing and Free Tier.
• Running the tests might result in charges to your AWS account.
• We recommend that you grant your code least privilege. At most, grant only the minimum permissions required to perform the task. For more information, see Grant least privilege.
• This code is not tested in every AWS Region. For more information, see AWS Regional Services.

Code examples

Prerequisites

For prerequisites, see the README in the python folder.

Install the packages required by these examples by running the following in a virtual environment:

python -m pip install -r requirements.txt

For more information, see the following resources:

• Familiarize yourself with Audit Manager terminology and functionality. For a general overview, see What is AWS Audit Manager? and AWS Audit Manager concepts and terminology.
• Complete all the prerequisites that are described in Setting up AWS Audit Manager.
• Configure your AWS Identity and Access Management (IAM) identity to have the appropriate permissions to create resources in Audit Manager. Two suggested policies that grant these permissions are Example 2: Allow full administrator access and Example 3: Allow management access.
• To create custom controls that use AWS Security Hub as a data source, you must first enable AWS Security Hub, then enable all security standards.
• To create custom controls and frameworks from an AWS Config conformance pack, you must first enable AWS Config, then deploy the conformance pack that you want to use.

Scenarios

Code examples that show you how to accomplish a specific task by calling multiple functions within the same service.

• Create a custom framework from an AWS Config conformance pack
• Create a custom framework that contains Security Hub controls
• Create an assessment report

Run the examples

Instructions

Create a custom framework from an AWS Config conformance pack

This example shows you how to do the following:

• Get a list of AWS Config conformance packs.
• Create an Audit Manager custom control for each managed rule in a conformance pack.
• Create an Audit Manager custom framework that contains the controls.

Start the example by running the following at a command prompt:

python framework_from_conformance_pack.py

Create a custom framework that contains Security Hub controls

This example shows you how to do the following:

• Get a list of all standard controls that have Security Hub as their data source.
• Create an Audit Manager custom framework that contains the controls.

Start the example by running the following at a command prompt:

python security_hub_custom_framework.py

Create an assessment report

This example shows you how to create an Audit Manager assessment report that contains one day of evidence.

Start the example by running the following at a command prompt:

python create_assessment_report.py

Tests

⚠ Running tests might result in charges to your AWS account.

To find instructions for running these tests, see the README in the python folder.

Additional resources

• Audit Manager User Guide
• Audit Manager API Reference
• SDK for Python Audit Manager reference

Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0