1. Packages
  2. AWS
  3. API Docs
  4. auditmanager
  5. Assessment
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.auditmanager.Assessment

Explore with Pulumi AI

Resource for managing an AWS Audit Manager Assessment.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.auditmanager.Assessment("test", {
    name: "example",
    assessmentReportsDestination: {
        destination: `s3://${testAwsS3Bucket.id}`,
        destinationType: "S3",
    },
    frameworkId: testAwsAuditmanagerFramework.id,
    roles: [{
        roleArn: testAwsIamRole.arn,
        roleType: "PROCESS_OWNER",
    }],
    scope: {
        awsAccounts: [{
            id: current.accountId,
        }],
        awsServices: [{
            serviceName: "S3",
        }],
    },
});
Copy
import pulumi
import pulumi_aws as aws

test = aws.auditmanager.Assessment("test",
    name="example",
    assessment_reports_destination={
        "destination": f"s3://{test_aws_s3_bucket['id']}",
        "destination_type": "S3",
    },
    framework_id=test_aws_auditmanager_framework["id"],
    roles=[{
        "role_arn": test_aws_iam_role["arn"],
        "role_type": "PROCESS_OWNER",
    }],
    scope={
        "aws_accounts": [{
            "id": current["accountId"],
        }],
        "aws_services": [{
            "service_name": "S3",
        }],
    })
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auditmanager.NewAssessment(ctx, "test", &auditmanager.AssessmentArgs{
			Name: pulumi.String("example"),
			AssessmentReportsDestination: &auditmanager.AssessmentAssessmentReportsDestinationArgs{
				Destination:     pulumi.Sprintf("s3://%v", testAwsS3Bucket.Id),
				DestinationType: pulumi.String("S3"),
			},
			FrameworkId: pulumi.Any(testAwsAuditmanagerFramework.Id),
			Roles: auditmanager.AssessmentRoleArray{
				&auditmanager.AssessmentRoleArgs{
					RoleArn:  pulumi.Any(testAwsIamRole.Arn),
					RoleType: pulumi.String("PROCESS_OWNER"),
				},
			},
			Scope: &auditmanager.AssessmentScopeArgs{
				AwsAccounts: auditmanager.AssessmentScopeAwsAccountArray{
					&auditmanager.AssessmentScopeAwsAccountArgs{
						Id: pulumi.Any(current.AccountId),
					},
				},
				AwsServices: auditmanager.AssessmentScopeAwsServiceArray{
					&auditmanager.AssessmentScopeAwsServiceArgs{
						ServiceName: pulumi.String("S3"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = new Aws.Auditmanager.Assessment("test", new()
    {
        Name = "example",
        AssessmentReportsDestination = new Aws.Auditmanager.Inputs.AssessmentAssessmentReportsDestinationArgs
        {
            Destination = $"s3://{testAwsS3Bucket.Id}",
            DestinationType = "S3",
        },
        FrameworkId = testAwsAuditmanagerFramework.Id,
        Roles = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentRoleArgs
            {
                RoleArn = testAwsIamRole.Arn,
                RoleType = "PROCESS_OWNER",
            },
        },
        Scope = new Aws.Auditmanager.Inputs.AssessmentScopeArgs
        {
            AwsAccounts = new[]
            {
                new Aws.Auditmanager.Inputs.AssessmentScopeAwsAccountArgs
                {
                    Id = current.AccountId,
                },
            },
            AwsServices = new[]
            {
                new Aws.Auditmanager.Inputs.AssessmentScopeAwsServiceArgs
                {
                    ServiceName = "S3",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.auditmanager.Assessment;
import com.pulumi.aws.auditmanager.AssessmentArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentAssessmentReportsDestinationArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentRoleArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new Assessment("test", AssessmentArgs.builder()
            .name("example")
            .assessmentReportsDestination(AssessmentAssessmentReportsDestinationArgs.builder()
                .destination(String.format("s3://%s", testAwsS3Bucket.id()))
                .destinationType("S3")
                .build())
            .frameworkId(testAwsAuditmanagerFramework.id())
            .roles(AssessmentRoleArgs.builder()
                .roleArn(testAwsIamRole.arn())
                .roleType("PROCESS_OWNER")
                .build())
            .scope(AssessmentScopeArgs.builder()
                .awsAccounts(AssessmentScopeAwsAccountArgs.builder()
                    .id(current.accountId())
                    .build())
                .awsServices(AssessmentScopeAwsServiceArgs.builder()
                    .serviceName("S3")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  test:
    type: aws:auditmanager:Assessment
    properties:
      name: example
      assessmentReportsDestination:
        destination: s3://${testAwsS3Bucket.id}
        destinationType: S3
      frameworkId: ${testAwsAuditmanagerFramework.id}
      roles:
        - roleArn: ${testAwsIamRole.arn}
          roleType: PROCESS_OWNER
      scope:
        awsAccounts:
          - id: ${current.accountId}
        awsServices:
          - serviceName: S3
Copy

Create Assessment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Assessment(name: string, args: AssessmentArgs, opts?: CustomResourceOptions);
@overload
def Assessment(resource_name: str,
               args: AssessmentArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def Assessment(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               framework_id: Optional[str] = None,
               roles: Optional[Sequence[AssessmentRoleArgs]] = None,
               assessment_reports_destination: Optional[AssessmentAssessmentReportsDestinationArgs] = None,
               description: Optional[str] = None,
               name: Optional[str] = None,
               scope: Optional[AssessmentScopeArgs] = None,
               tags: Optional[Mapping[str, str]] = None)
func NewAssessment(ctx *Context, name string, args AssessmentArgs, opts ...ResourceOption) (*Assessment, error)
public Assessment(string name, AssessmentArgs args, CustomResourceOptions? opts = null)
public Assessment(String name, AssessmentArgs args)
public Assessment(String name, AssessmentArgs args, CustomResourceOptions options)
type: aws:auditmanager:Assessment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. AssessmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. AssessmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. AssessmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. AssessmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. AssessmentArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var assessmentResource = new Aws.Auditmanager.Assessment("assessmentResource", new()
{
    FrameworkId = "string",
    Roles = new[]
    {
        new Aws.Auditmanager.Inputs.AssessmentRoleArgs
        {
            RoleArn = "string",
            RoleType = "string",
        },
    },
    AssessmentReportsDestination = new Aws.Auditmanager.Inputs.AssessmentAssessmentReportsDestinationArgs
    {
        Destination = "string",
        DestinationType = "string",
    },
    Description = "string",
    Name = "string",
    Scope = new Aws.Auditmanager.Inputs.AssessmentScopeArgs
    {
        AwsAccounts = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentScopeAwsAccountArgs
            {
                Id = "string",
            },
        },
        AwsServices = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentScopeAwsServiceArgs
            {
                ServiceName = "string",
            },
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := auditmanager.NewAssessment(ctx, "assessmentResource", &auditmanager.AssessmentArgs{
	FrameworkId: pulumi.String("string"),
	Roles: auditmanager.AssessmentRoleArray{
		&auditmanager.AssessmentRoleArgs{
			RoleArn:  pulumi.String("string"),
			RoleType: pulumi.String("string"),
		},
	},
	AssessmentReportsDestination: &auditmanager.AssessmentAssessmentReportsDestinationArgs{
		Destination:     pulumi.String("string"),
		DestinationType: pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	Scope: &auditmanager.AssessmentScopeArgs{
		AwsAccounts: auditmanager.AssessmentScopeAwsAccountArray{
			&auditmanager.AssessmentScopeAwsAccountArgs{
				Id: pulumi.String("string"),
			},
		},
		AwsServices: auditmanager.AssessmentScopeAwsServiceArray{
			&auditmanager.AssessmentScopeAwsServiceArgs{
				ServiceName: pulumi.String("string"),
			},
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var assessmentResource = new Assessment("assessmentResource", AssessmentArgs.builder()
    .frameworkId("string")
    .roles(AssessmentRoleArgs.builder()
        .roleArn("string")
        .roleType("string")
        .build())
    .assessmentReportsDestination(AssessmentAssessmentReportsDestinationArgs.builder()
        .destination("string")
        .destinationType("string")
        .build())
    .description("string")
    .name("string")
    .scope(AssessmentScopeArgs.builder()
        .awsAccounts(AssessmentScopeAwsAccountArgs.builder()
            .id("string")
            .build())
        .awsServices(AssessmentScopeAwsServiceArgs.builder()
            .serviceName("string")
            .build())
        .build())
    .tags(Map.of("string", "string"))
    .build());
Copy
assessment_resource = aws.auditmanager.Assessment("assessmentResource",
    framework_id="string",
    roles=[{
        "role_arn": "string",
        "role_type": "string",
    }],
    assessment_reports_destination={
        "destination": "string",
        "destination_type": "string",
    },
    description="string",
    name="string",
    scope={
        "aws_accounts": [{
            "id": "string",
        }],
        "aws_services": [{
            "service_name": "string",
        }],
    },
    tags={
        "string": "string",
    })
Copy
const assessmentResource = new aws.auditmanager.Assessment("assessmentResource", {
    frameworkId: "string",
    roles: [{
        roleArn: "string",
        roleType: "string",
    }],
    assessmentReportsDestination: {
        destination: "string",
        destinationType: "string",
    },
    description: "string",
    name: "string",
    scope: {
        awsAccounts: [{
            id: "string",
        }],
        awsServices: [{
            serviceName: "string",
        }],
    },
    tags: {
        string: "string",
    },
});
Copy
type: aws:auditmanager:Assessment
properties:
    assessmentReportsDestination:
        destination: string
        destinationType: string
    description: string
    frameworkId: string
    name: string
    roles:
        - roleArn: string
          roleType: string
    scope:
        awsAccounts:
            - id: string
        awsServices:
            - serviceName: string
    tags:
        string: string
Copy

Assessment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Assessment resource accepts the following input properties:

FrameworkId This property is required. string
Unique identifier of the framework the assessment will be created from.
Roles This property is required. List<AssessmentRole>
List of roles for the assessment. See roles below.
AssessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
Description string
Description of the assessment.
Name string
Name of the assessment.
Scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Tags Dictionary<string, string>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
FrameworkId This property is required. string
Unique identifier of the framework the assessment will be created from.
Roles This property is required. []AssessmentRoleArgs
List of roles for the assessment. See roles below.
AssessmentReportsDestination AssessmentAssessmentReportsDestinationArgs
Assessment report storage destination configuration. See assessment_reports_destination below.
Description string
Description of the assessment.
Name string
Name of the assessment.
Scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Tags map[string]string
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
frameworkId This property is required. String
Unique identifier of the framework the assessment will be created from.
roles This property is required. List<AssessmentRole>
List of roles for the assessment. See roles below.
assessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
description String
Description of the assessment.
name String
Name of the assessment.
scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Map<String,String>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
frameworkId This property is required. string
Unique identifier of the framework the assessment will be created from.
roles This property is required. AssessmentRole[]
List of roles for the assessment. See roles below.
assessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
description string
Description of the assessment.
name string
Name of the assessment.
scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags {[key: string]: string}
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
framework_id This property is required. str
Unique identifier of the framework the assessment will be created from.
roles This property is required. Sequence[AssessmentRoleArgs]
List of roles for the assessment. See roles below.
assessment_reports_destination AssessmentAssessmentReportsDestinationArgs
Assessment report storage destination configuration. See assessment_reports_destination below.
description str
Description of the assessment.
name str
Name of the assessment.
scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Mapping[str, str]
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
frameworkId This property is required. String
Unique identifier of the framework the assessment will be created from.
roles This property is required. List<Property Map>
List of roles for the assessment. See roles below.
assessmentReportsDestination Property Map
Assessment report storage destination configuration. See assessment_reports_destination below.
description String
Description of the assessment.
name String
Name of the assessment.
scope Property Map

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Map<String>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Assessment resource produces the following output properties:

Arn string
Amazon Resource Name (ARN) of the assessment.
Id string
The provider-assigned unique ID for this managed resource.
RolesAlls List<AssessmentRolesAll>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
TagsAll Dictionary<string, string>

Deprecated: Please use tags instead.

Arn string
Amazon Resource Name (ARN) of the assessment.
Id string
The provider-assigned unique ID for this managed resource.
RolesAlls []AssessmentRolesAll
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
TagsAll map[string]string

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the assessment.
id String
The provider-assigned unique ID for this managed resource.
rolesAlls List<AssessmentRolesAll>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status String
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll Map<String,String>

Deprecated: Please use tags instead.

arn string
Amazon Resource Name (ARN) of the assessment.
id string
The provider-assigned unique ID for this managed resource.
rolesAlls AssessmentRolesAll[]
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll {[key: string]: string}

Deprecated: Please use tags instead.

arn str
Amazon Resource Name (ARN) of the assessment.
id str
The provider-assigned unique ID for this managed resource.
roles_alls Sequence[AssessmentRolesAll]
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status str
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags_all Mapping[str, str]

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the assessment.
id String
The provider-assigned unique ID for this managed resource.
rolesAlls List<Property Map>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status String
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll Map<String>

Deprecated: Please use tags instead.

Look up Existing Assessment Resource

Get an existing Assessment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AssessmentState, opts?: CustomResourceOptions): Assessment
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        assessment_reports_destination: Optional[AssessmentAssessmentReportsDestinationArgs] = None,
        description: Optional[str] = None,
        framework_id: Optional[str] = None,
        name: Optional[str] = None,
        roles: Optional[Sequence[AssessmentRoleArgs]] = None,
        roles_alls: Optional[Sequence[AssessmentRolesAllArgs]] = None,
        scope: Optional[AssessmentScopeArgs] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Assessment
func GetAssessment(ctx *Context, name string, id IDInput, state *AssessmentState, opts ...ResourceOption) (*Assessment, error)
public static Assessment Get(string name, Input<string> id, AssessmentState? state, CustomResourceOptions? opts = null)
public static Assessment get(String name, Output<String> id, AssessmentState state, CustomResourceOptions options)
resources:  _:    type: aws:auditmanager:Assessment    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string
Amazon Resource Name (ARN) of the assessment.
AssessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
Description string
Description of the assessment.
FrameworkId string
Unique identifier of the framework the assessment will be created from.
Name string
Name of the assessment.
Roles List<AssessmentRole>
List of roles for the assessment. See roles below.
RolesAlls List<AssessmentRolesAll>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
Tags Dictionary<string, string>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>

Deprecated: Please use tags instead.

Arn string
Amazon Resource Name (ARN) of the assessment.
AssessmentReportsDestination AssessmentAssessmentReportsDestinationArgs
Assessment report storage destination configuration. See assessment_reports_destination below.
Description string
Description of the assessment.
FrameworkId string
Unique identifier of the framework the assessment will be created from.
Name string
Name of the assessment.
Roles []AssessmentRoleArgs
List of roles for the assessment. See roles below.
RolesAlls []AssessmentRolesAllArgs
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
Tags map[string]string
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the assessment.
assessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
description String
Description of the assessment.
frameworkId String
Unique identifier of the framework the assessment will be created from.
name String
Name of the assessment.
roles List<AssessmentRole>
List of roles for the assessment. See roles below.
rolesAlls List<AssessmentRolesAll>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status String
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags Map<String,String>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>

Deprecated: Please use tags instead.

arn string
Amazon Resource Name (ARN) of the assessment.
assessmentReportsDestination AssessmentAssessmentReportsDestination
Assessment report storage destination configuration. See assessment_reports_destination below.
description string
Description of the assessment.
frameworkId string
Unique identifier of the framework the assessment will be created from.
name string
Name of the assessment.
roles AssessmentRole[]
List of roles for the assessment. See roles below.
rolesAlls AssessmentRolesAll[]
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status string
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags {[key: string]: string}
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}

Deprecated: Please use tags instead.

arn str
Amazon Resource Name (ARN) of the assessment.
assessment_reports_destination AssessmentAssessmentReportsDestinationArgs
Assessment report storage destination configuration. See assessment_reports_destination below.
description str
Description of the assessment.
framework_id str
Unique identifier of the framework the assessment will be created from.
name str
Name of the assessment.
roles Sequence[AssessmentRoleArgs]
List of roles for the assessment. See roles below.
roles_alls Sequence[AssessmentRolesAllArgs]
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status str
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags Mapping[str, str]
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the assessment.
assessmentReportsDestination Property Map
Assessment report storage destination configuration. See assessment_reports_destination below.
description String
Description of the assessment.
frameworkId String
Unique identifier of the framework the assessment will be created from.
name String
Name of the assessment.
roles List<Property Map>
List of roles for the assessment. See roles below.
rolesAlls List<Property Map>
Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
scope Property Map

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status String
Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags Map<String>
A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>

Deprecated: Please use tags instead.

Supporting Types

AssessmentAssessmentReportsDestination
, AssessmentAssessmentReportsDestinationArgs

Destination This property is required. string
Destination of the assessment report. This value be in the form s3://{bucket_name}.
DestinationType This property is required. string
Destination type. Currently, S3 is the only valid value.
Destination This property is required. string
Destination of the assessment report. This value be in the form s3://{bucket_name}.
DestinationType This property is required. string
Destination type. Currently, S3 is the only valid value.
destination This property is required. String
Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType This property is required. String
Destination type. Currently, S3 is the only valid value.
destination This property is required. string
Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType This property is required. string
Destination type. Currently, S3 is the only valid value.
destination This property is required. str
Destination of the assessment report. This value be in the form s3://{bucket_name}.
destination_type This property is required. str
Destination type. Currently, S3 is the only valid value.
destination This property is required. String
Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType This property is required. String
Destination type. Currently, S3 is the only valid value.

AssessmentRole
, AssessmentRoleArgs

RoleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
RoleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
RoleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
RoleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. String
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. String
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
role_arn This property is required. str
Amazon Resource Name (ARN) of the IAM role.
role_type This property is required. str
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. String
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. String
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

AssessmentRolesAll
, AssessmentRolesAllArgs

RoleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
RoleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
RoleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
RoleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. String
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. String
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. string
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. string
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
role_arn This property is required. str
Amazon Resource Name (ARN) of the IAM role.
role_type This property is required. str
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.
roleArn This property is required. String
Amazon Resource Name (ARN) of the IAM role.
roleType This property is required. String
Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

AssessmentScope
, AssessmentScopeArgs

AwsAccounts List<AssessmentScopeAwsAccount>
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
AwsServices List<AssessmentScopeAwsService>
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.
AwsAccounts []AssessmentScopeAwsAccount
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
AwsServices []AssessmentScopeAwsService
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.
awsAccounts List<AssessmentScopeAwsAccount>
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices List<AssessmentScopeAwsService>
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.
awsAccounts AssessmentScopeAwsAccount[]
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices AssessmentScopeAwsService[]
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.
aws_accounts Sequence[AssessmentScopeAwsAccount]
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
aws_services Sequence[AssessmentScopeAwsService]
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.
awsAccounts List<Property Map>
Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices List<Property Map>
Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

AssessmentScopeAwsAccount
, AssessmentScopeAwsAccountArgs

Id This property is required. string
Identifier for the Amazon Web Services account.
Id This property is required. string
Identifier for the Amazon Web Services account.
id This property is required. String
Identifier for the Amazon Web Services account.
id This property is required. string
Identifier for the Amazon Web Services account.
id This property is required. str
Identifier for the Amazon Web Services account.
id This property is required. String
Identifier for the Amazon Web Services account.

AssessmentScopeAwsService
, AssessmentScopeAwsServiceArgs

ServiceName This property is required. string
Name of the Amazon Web Service.
ServiceName This property is required. string
Name of the Amazon Web Service.
serviceName This property is required. String
Name of the Amazon Web Service.
serviceName This property is required. string
Name of the Amazon Web Service.
service_name This property is required. str
Name of the Amazon Web Service.
serviceName This property is required. String
Name of the Amazon Web Service.

Import

Using pulumi import, import Audit Manager Assessments using the assessment id. For example:

$ pulumi import aws:auditmanager/assessment:Assessment example abc123-de45
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.