/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace AuditManager { namespace Model { /** *

A keyword that relates to the control data source.

For manual * evidence, this keyword indicates if the manual evidence is a file or text.

*

For automated evidence, this keyword identifies a specific CloudTrail event, * Config rule, Security Hub control, or Amazon Web Services API name.

To * learn more about the supported keywords that you can use when mapping a control * data source, see the following pages in the Audit Manager User Guide:

*

See Also:

* AWS * API Reference

*/ class SourceKeyword { public: AWS_AUDITMANAGER_API SourceKeyword(); AWS_AUDITMANAGER_API SourceKeyword(Aws::Utils::Json::JsonView jsonValue); AWS_AUDITMANAGER_API SourceKeyword& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_AUDITMANAGER_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline const KeywordInputType& GetKeywordInputType() const{ return m_keywordInputType; } /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline bool KeywordInputTypeHasBeenSet() const { return m_keywordInputTypeHasBeenSet; } /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline void SetKeywordInputType(const KeywordInputType& value) { m_keywordInputTypeHasBeenSet = true; m_keywordInputType = value; } /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline void SetKeywordInputType(KeywordInputType&& value) { m_keywordInputTypeHasBeenSet = true; m_keywordInputType = std::move(value); } /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline SourceKeyword& WithKeywordInputType(const KeywordInputType& value) { SetKeywordInputType(value); return *this;} /** *

The input method for the keyword.

  • * SELECT_FROM_LIST is used when mapping a data source for automated * evidence.

    • When keywordInputType is * SELECT_FROM_LIST, a keyword must be selected to collect automated * evidence. For example, this keyword can be a CloudTrail event name, a rule name * for Config, a Security Hub control, or the name of an Amazon Web Services API * call.

  • UPLOAD_FILE and * INPUT_TEXT are only used when mapping a data source for manual * evidence.

    • When keywordInputType is * UPLOAD_FILE, a file must be uploaded as manual evidence.

      • *

    • When keywordInputType is INPUT_TEXT, text must * be entered as manual evidence.

*/ inline SourceKeyword& WithKeywordInputType(KeywordInputType&& value) { SetKeywordInputType(std::move(value)); return *this;} /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline const Aws::String& GetKeywordValue() const{ return m_keywordValue; } /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline bool KeywordValueHasBeenSet() const { return m_keywordValueHasBeenSet; } /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline void SetKeywordValue(const Aws::String& value) { m_keywordValueHasBeenSet = true; m_keywordValue = value; } /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline void SetKeywordValue(Aws::String&& value) { m_keywordValueHasBeenSet = true; m_keywordValue = std::move(value); } /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline void SetKeywordValue(const char* value) { m_keywordValueHasBeenSet = true; m_keywordValue.assign(value); } /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline SourceKeyword& WithKeywordValue(const Aws::String& value) { SetKeywordValue(value); return *this;} /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline SourceKeyword& WithKeywordValue(Aws::String&& value) { SetKeywordValue(std::move(value)); return *this;} /** *

The value of the keyword that's used when mapping a control data source. For * example, this can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call.

If you’re * mapping a data source to a rule in Config, the keywordValue that * you specify depends on the type of rule:

  • For managed * rules, you can use the rule identifier as the keywordValue. You * can find the rule identifier from the list * of Config managed rules. For some rules, the rule identifier is different * from the rule name. For example, the rule name restricted-ssh has * the following rule identifier: INCOMING_SSH_DISABLED. Make sure to * use the rule identifier, not the rule name.

    Keyword example for managed * rules:

  • For custom * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. This prefix distinguishes the * custom rule from a managed rule.

    Keyword example for custom rules:

    *

    • Custom rule name: my-custom-config-rule

      * keywordValue: Custom_my-custom-config-rule

      • *

  • For service-linked * rules, you form the keywordValue by adding the * Custom_ prefix to the rule name. In addition, you remove the suffix * ID that appears at the end of the rule name.

    Keyword examples for * service-linked rules:

    • Service-linked rule name: * CustomRuleForAccount-conformance-pack-szsm1uv0w

      * keywordValue: * Custom_CustomRuleForAccount-conformance-pack

    • *

      Service-linked rule name: * OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba

      * keywordValue: * Custom_OrgConfigRule-s3-bucket-versioning-enabled

    *

The keywordValue is case sensitive. If * you enter a value incorrectly, Audit Manager might not recognize the data source * mapping. As a result, you might not successfully collect evidence from that data * source as intended.

Keep in mind the following requirements, depending * on the data source type that you're using.

  1. For Config:

    *

    • For managed rules, make sure that the keywordValue is * the rule identifier in ALL_CAPS_WITH_UNDERSCORES. For example, * CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, we recommend that you * reference the list of supported * Config managed rules.

    • For custom rules, make sure that the * keywordValue has the Custom_ prefix followed by the * custom rule name. The format of the custom rule name itself may vary. For * accuracy, we recommend that you visit the Config console to verify your * custom rule name.

  2. For Security Hub: The format * varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls.

  3. For Amazon Web Services API calls: * Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. * For accuracy, we recommend that you reference the list of supported * API calls.

  4. For CloudTrail: Make sure that the * keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend * that you review the Amazon Web Service prefix and action names in the Service * Authorization Reference.

*/ inline SourceKeyword& WithKeywordValue(const char* value) { SetKeywordValue(value); return *this;} private: KeywordInputType m_keywordInputType; bool m_keywordInputTypeHasBeenSet = false; Aws::String m_keywordValue; bool m_keywordValueHasBeenSet = false; }; } // namespace Model } // namespace AuditManager } // namespace Aws