Skip to content

Resource: awsAuditmanagerControl

Terraform resource for managing an AWS Audit Manager Control.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.auditmanagerControl.AuditmanagerControl(this, "example", {
  controlMappingSources: [
    {
      sourceName: "example",
      sourceSetUpOption: "Procedural_Controls_Mapping",
      sourceType: "MANUAL",
    },
  ],
  name: "example",
});

Argument Reference

The following arguments are required:

  • name - (Required) Name of the control.
  • controlMappingSources - (Required) Data mapping sources. See controlMappingSources below.

The following arguments are optional:

  • actionPlanInstructions - (Optional) Recommended actions to carry out if the control isn't fulfilled.
  • actionPlanTitle - (Optional) Title of the action plan for remediating the control.
  • description - (Optional) Description of the control.
  • tags - (Optional) A map of tags to assign to the control. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
  • testingInformation - (Optional) Steps to follow to determine if the control is satisfied.

controlMappingSources

The following arguments are required:

  • sourceName - (Required) Name of the source.
  • sourceSetUpOption - (Required) The setup option for the data source. This option reflects if the evidence collection is automated or manual. Valid values are systemControlsMapping (automated) and proceduralControlsMapping (manual).
  • sourceType - (Required) Type of data source for evidence collection. If sourceSetUpOption is manual, the only valid value is manual. If sourceSetUpOption is automated, valid values are awsCloudtrail, awsConfig, awsSecurityHub, or awsApiCall.

The following arguments are optional:

  • sourceDescription - (Optional) Description of the source.
  • sourceFrequency - (Optional) Frequency of evidence collection. Valid values are daily, weekly, or monthly.
  • sourceKeyword - (Optional) The keyword to search for in CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names. See sourceKeyword below.
  • troubleshootingText - (Optional) Instructions for troubleshooting the control.

sourceKeyword

The following arguments are required:

  • keywordInputType - (Required) Input method for the keyword. Valid values are SELECT_FROM_LIST.
  • keywordValue - (Required) The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. See the Audit Manager supported control data sources documentation for more information.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the control.
  • controlMappingSources.*SourceId - Unique identifier for the source.
  • id - Unique identifier for the control.
  • type - Type of control, such as a custom control or a standard control.

Import

An Audit Manager Control can be imported using the id, e.g.,

$ terraform import aws_auditmanager_control.example abc123-de45