# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 # Provisions custom AWS Audit Manager assessment based on an AWS Config Conformance Pack # Pre-req: AWS Lambda that creates a custom AWS Audit Manager control set and custom AWS Audit Manager # framework # kmmahaj AWSTemplateFormatVersion: 2010-09-09 Description: >- AWS CloudFormation template to create custom Audit Manager assessments. You will be billed for the AWS resources used if you create a stack from this template. Parameters: AssessmentDestination: Description: S3 Bucket and folder that stores the Custom Audit Manager Assessment Destination Type: String Default: 's3://s3-customauditmanagerframework--/evidences/' MinLength: '1' MaxLength: '255' AuditOwnerArn: Description: ARN for IAM Audit Owner in your account. Type: String Default: 'arn:aws:iam:::user/AuditManagerAdmin' MinLength: '1' MaxLength: '255' Resources: #--------------------------------------------------------------------------------------------------- # 1- Provision Custom Audit Manager Assessment # - Use SSM Parameter Store to retrieve the Framework ID created by the custom backed Lambda # -------------------------------------------------------------------------------------------------- CustomAuditManagerAssessment: Type: AWS::AuditManager::Assessment Properties: AssessmentReportsDestination: Destination: !Ref AssessmentDestination DestinationType: 'S3' Description: 'Custom Config Conformance Pack Assessment' FrameworkId: '{{resolve:ssm:CustomConfigConformancePackFrameworkID:1}}' Name: 'CustomConfigConfPackAssessment' Roles: - 'RoleArn': !Ref AuditOwnerArn 'RoleType': 'PROCESS_OWNER' Scope: AwsAccounts: - 'Id': !Ref 'AWS::AccountId' AwsServices: - 'ServiceName': 's3' - 'ServiceName': 'iam' - 'ServiceName': 'cloudtrail' - 'ServiceName': 'lambda' - 'ServiceName': 'ec2' - 'ServiceName': 'rds'