Skip to content

Resource: awsAuditmanagerAssessment

Terraform resource for managing an AWS Audit Manager Assessment.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.auditmanagerAssessment.AuditmanagerAssessment(this, "test", {
  assessmentReportsDestination: [
    {
      destination: "s3://${aws_s3_bucket.test.id}",
      destinationType: "S3",
    },
  ],
  frameworkId: "${aws_auditmanager_framework.test.id}",
  name: "example",
  roles: [
    {
      roleArn: "${aws_iam_role.test.arn}",
      roleType: "PROCESS_OWNER",
    },
  ],
  scope: [
    {
      awsAccounts: [
        {
          id: "${data.aws_caller_identity.current.account_id}",
        },
      ],
      awsServices: [
        {
          serviceName: "S3",
        },
      ],
    },
  ],
});

Argument Reference

The following arguments are required:

  • name - (Required) Name of the assessment.
  • assessmentReportsDestination - (Required) Assessment report storage destination configuration. See assessmentReportsDestination below.
  • frameworkId - (Required) Unique identifier of the framework the assessment will be created from.
  • roles - (Required) List of roles for the assessment. See roles below.
  • scope - (Required) Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

  • description - (Optional) Description of the assessment.
  • tags - (Optional) A map of tags to assign to the assessment. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

assessmentReportsDestination

  • destination - (Required) Destination of the assessment report. This value be in the form s3://{bucketName}.
  • destinationType - (Required) Destination type. Currently, s3 is the only valid value.

roles

  • roleArn - (Required) Amazon Resource Name (ARN) of the IAM role.
  • roleType - (Required) Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

scope

  • awsAccounts - Amazon Web Services accounts that are in scope for the assessment. See awsAccounts below.
  • awsServices - Amazon Web Services services that are included in the scope of the assessment. See awsServices below.

awsAccounts

  • id - (Required) Identifier for the Amazon Web Services account.

awsServices

  • serviceName - (Required) Name of the Amazon Web Service.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the assessment.
  • id - Unique identifier for the assessment.
  • rolesAll - Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
  • status - Status of the assessment. Valid values are active and inactive.

Import

Audit Manager Assessments can be imported using the assessment id, e.g.,

$ terraform import aws_auditmanager_assessment.example abc123-de45