AWS v6.78.0, Apr 24 25

AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

aws.auditmanager.Assessment

Explore with Pulumi AI

AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.auditmanager.Assessment("test", {
    name: "example",
    assessmentReportsDestination: {
        destination: `s3://${testAwsS3Bucket.id}`,
        destinationType: "S3",
    },
    frameworkId: testAwsAuditmanagerFramework.id,
    roles: [{
        roleArn: testAwsIamRole.arn,
        roleType: "PROCESS_OWNER",
    }],
    scope: {
        awsAccounts: [{
            id: current.accountId,
        }],
        awsServices: [{
            serviceName: "S3",
        }],
    },
});

import pulumi
import pulumi_aws as aws

test = aws.auditmanager.Assessment("test",
    name="example",
    assessment_reports_destination={
        "destination": f"s3://{test_aws_s3_bucket['id']}",
        "destination_type": "S3",
    },
    framework_id=test_aws_auditmanager_framework["id"],
    roles=[{
        "role_arn": test_aws_iam_role["arn"],
        "role_type": "PROCESS_OWNER",
    }],
    scope={
        "aws_accounts": [{
            "id": current["accountId"],
        }],
        "aws_services": [{
            "service_name": "S3",
        }],
    })

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/auditmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auditmanager.NewAssessment(ctx, "test", &auditmanager.AssessmentArgs{
			Name: pulumi.String("example"),
			AssessmentReportsDestination: &auditmanager.AssessmentAssessmentReportsDestinationArgs{
				Destination:     pulumi.Sprintf("s3://%v", testAwsS3Bucket.Id),
				DestinationType: pulumi.String("S3"),
			},
			FrameworkId: pulumi.Any(testAwsAuditmanagerFramework.Id),
			Roles: auditmanager.AssessmentRoleArray{
				&auditmanager.AssessmentRoleArgs{
					RoleArn:  pulumi.Any(testAwsIamRole.Arn),
					RoleType: pulumi.String("PROCESS_OWNER"),
				},
			},
			Scope: &auditmanager.AssessmentScopeArgs{
				AwsAccounts: auditmanager.AssessmentScopeAwsAccountArray{
					&auditmanager.AssessmentScopeAwsAccountArgs{
						Id: pulumi.Any(current.AccountId),
					},
				},
				AwsServices: auditmanager.AssessmentScopeAwsServiceArray{
					&auditmanager.AssessmentScopeAwsServiceArgs{
						ServiceName: pulumi.String("S3"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = new Aws.Auditmanager.Assessment("test", new()
    {
        Name = "example",
        AssessmentReportsDestination = new Aws.Auditmanager.Inputs.AssessmentAssessmentReportsDestinationArgs
        {
            Destination = $"s3://{testAwsS3Bucket.Id}",
            DestinationType = "S3",
        },
        FrameworkId = testAwsAuditmanagerFramework.Id,
        Roles = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentRoleArgs
            {
                RoleArn = testAwsIamRole.Arn,
                RoleType = "PROCESS_OWNER",
            },
        },
        Scope = new Aws.Auditmanager.Inputs.AssessmentScopeArgs
        {
            AwsAccounts = new[]
            {
                new Aws.Auditmanager.Inputs.AssessmentScopeAwsAccountArgs
                {
                    Id = current.AccountId,
                },
            },
            AwsServices = new[]
            {
                new Aws.Auditmanager.Inputs.AssessmentScopeAwsServiceArgs
                {
                    ServiceName = "S3",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.auditmanager.Assessment;
import com.pulumi.aws.auditmanager.AssessmentArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentAssessmentReportsDestinationArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentRoleArgs;
import com.pulumi.aws.auditmanager.inputs.AssessmentScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new Assessment("test", AssessmentArgs.builder()
            .name("example")
            .assessmentReportsDestination(AssessmentAssessmentReportsDestinationArgs.builder()
                .destination(String.format("s3://%s", testAwsS3Bucket.id()))
                .destinationType("S3")
                .build())
            .frameworkId(testAwsAuditmanagerFramework.id())
            .roles(AssessmentRoleArgs.builder()
                .roleArn(testAwsIamRole.arn())
                .roleType("PROCESS_OWNER")
                .build())
            .scope(AssessmentScopeArgs.builder()
                .awsAccounts(AssessmentScopeAwsAccountArgs.builder()
                    .id(current.accountId())
                    .build())
                .awsServices(AssessmentScopeAwsServiceArgs.builder()
                    .serviceName("S3")
                    .build())
                .build())
            .build());

    }
}

resources:
  test:
    type: aws:auditmanager:Assessment
    properties:
      name: example
      assessmentReportsDestination:
        destination: s3://${testAwsS3Bucket.id}
        destinationType: S3
      frameworkId: ${testAwsAuditmanagerFramework.id}
      roles:
        - roleArn: ${testAwsIamRole.arn}
          roleType: PROCESS_OWNER
      scope:
        awsAccounts:
          - id: ${current.accountId}
        awsServices:
          - serviceName: S3

Create Assessment Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Assessment(name: string, args: AssessmentArgs, opts?: CustomResourceOptions);

@overload
def Assessment(resource_name: str,
               args: AssessmentArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def Assessment(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               framework_id: Optional[str] = None,
               roles: Optional[Sequence[AssessmentRoleArgs]] = None,
               assessment_reports_destination: Optional[AssessmentAssessmentReportsDestinationArgs] = None,
               description: Optional[str] = None,
               name: Optional[str] = None,
               scope: Optional[AssessmentScopeArgs] = None,
               tags: Optional[Mapping[str, str]] = None)

func NewAssessment(ctx *Context, name string, args AssessmentArgs, opts ...ResourceOption) (*Assessment, error)

public Assessment(string name, AssessmentArgs args, CustomResourceOptions? opts = null)

public Assessment(String name, AssessmentArgs args)
public Assessment(String name, AssessmentArgs args, CustomResourceOptions options)

type: aws:auditmanager:Assessment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AssessmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AssessmentArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AssessmentArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AssessmentArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AssessmentArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var assessmentResource = new Aws.Auditmanager.Assessment("assessmentResource", new()
{
    FrameworkId = "string",
    Roles = new[]
    {
        new Aws.Auditmanager.Inputs.AssessmentRoleArgs
        {
            RoleArn = "string",
            RoleType = "string",
        },
    },
    AssessmentReportsDestination = new Aws.Auditmanager.Inputs.AssessmentAssessmentReportsDestinationArgs
    {
        Destination = "string",
        DestinationType = "string",
    },
    Description = "string",
    Name = "string",
    Scope = new Aws.Auditmanager.Inputs.AssessmentScopeArgs
    {
        AwsAccounts = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentScopeAwsAccountArgs
            {
                Id = "string",
            },
        },
        AwsServices = new[]
        {
            new Aws.Auditmanager.Inputs.AssessmentScopeAwsServiceArgs
            {
                ServiceName = "string",
            },
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := auditmanager.NewAssessment(ctx, "assessmentResource", &auditmanager.AssessmentArgs{
	FrameworkId: pulumi.String("string"),
	Roles: auditmanager.AssessmentRoleArray{
		&auditmanager.AssessmentRoleArgs{
			RoleArn:  pulumi.String("string"),
			RoleType: pulumi.String("string"),
		},
	},
	AssessmentReportsDestination: &auditmanager.AssessmentAssessmentReportsDestinationArgs{
		Destination:     pulumi.String("string"),
		DestinationType: pulumi.String("string"),
	},
	Description: pulumi.String("string"),
	Name:        pulumi.String("string"),
	Scope: &auditmanager.AssessmentScopeArgs{
		AwsAccounts: auditmanager.AssessmentScopeAwsAccountArray{
			&auditmanager.AssessmentScopeAwsAccountArgs{
				Id: pulumi.String("string"),
			},
		},
		AwsServices: auditmanager.AssessmentScopeAwsServiceArray{
			&auditmanager.AssessmentScopeAwsServiceArgs{
				ServiceName: pulumi.String("string"),
			},
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var assessmentResource = new Assessment("assessmentResource", AssessmentArgs.builder()
    .frameworkId("string")
    .roles(AssessmentRoleArgs.builder()
        .roleArn("string")
        .roleType("string")
        .build())
    .assessmentReportsDestination(AssessmentAssessmentReportsDestinationArgs.builder()
        .destination("string")
        .destinationType("string")
        .build())
    .description("string")
    .name("string")
    .scope(AssessmentScopeArgs.builder()
        .awsAccounts(AssessmentScopeAwsAccountArgs.builder()
            .id("string")
            .build())
        .awsServices(AssessmentScopeAwsServiceArgs.builder()
            .serviceName("string")
            .build())
        .build())
    .tags(Map.of("string", "string"))
    .build());

assessment_resource = aws.auditmanager.Assessment("assessmentResource",
    framework_id="string",
    roles=[{
        "role_arn": "string",
        "role_type": "string",
    }],
    assessment_reports_destination={
        "destination": "string",
        "destination_type": "string",
    },
    description="string",
    name="string",
    scope={
        "aws_accounts": [{
            "id": "string",
        }],
        "aws_services": [{
            "service_name": "string",
        }],
    },
    tags={
        "string": "string",
    })

const assessmentResource = new aws.auditmanager.Assessment("assessmentResource", {
    frameworkId: "string",
    roles: [{
        roleArn: "string",
        roleType: "string",
    }],
    assessmentReportsDestination: {
        destination: "string",
        destinationType: "string",
    },
    description: "string",
    name: "string",
    scope: {
        awsAccounts: [{
            id: "string",
        }],
        awsServices: [{
            serviceName: "string",
        }],
    },
    tags: {
        string: "string",
    },
});

type: aws:auditmanager:Assessment
properties:
    assessmentReportsDestination:
        destination: string
        destinationType: string
    description: string
    frameworkId: string
    name: string
    roles:
        - roleArn: string
          roleType: string
    scope:
        awsAccounts:
            - id: string
        awsServices:
            - serviceName: string
    tags:
        string: string

Assessment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Assessment resource accepts the following input properties:

FrameworkId string

Unique identifier of the framework the assessment will be created from.

Roles List<AssessmentRole>

List of roles for the assessment. See roles below.

AssessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

Description string

Description of the assessment.

Name string

Name of the assessment.

Scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Tags Dictionary<string, string>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

FrameworkId string

Unique identifier of the framework the assessment will be created from.

Roles []AssessmentRoleArgs

List of roles for the assessment. See roles below.

AssessmentReportsDestination AssessmentAssessmentReportsDestinationArgs

Assessment report storage destination configuration. See assessment_reports_destination below.

Description string

Description of the assessment.

Name string

Name of the assessment.

Scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Tags map[string]string

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

frameworkId String

Unique identifier of the framework the assessment will be created from.

roles List<AssessmentRole>

List of roles for the assessment. See roles below.

assessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

description String

Description of the assessment.

name String

Name of the assessment.

scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Map<String,String>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

frameworkId string

Unique identifier of the framework the assessment will be created from.

roles AssessmentRole[]

List of roles for the assessment. See roles below.

assessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

description string

Description of the assessment.

name string

Name of the assessment.

scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags {[key: string]: string}

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

framework_id str

Unique identifier of the framework the assessment will be created from.

roles Sequence[AssessmentRoleArgs]

List of roles for the assessment. See roles below.

assessment_reports_destination AssessmentAssessmentReportsDestinationArgs

Assessment report storage destination configuration. See assessment_reports_destination below.

description str

Description of the assessment.

name str

Name of the assessment.

scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Mapping[str, str]

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

frameworkId String

Unique identifier of the framework the assessment will be created from.

roles List<Property Map>

List of roles for the assessment. See roles below.

assessmentReportsDestination Property Map

Assessment report storage destination configuration. See assessment_reports_destination below.

description String

Description of the assessment.

name String

Name of the assessment.

scope Property Map

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

tags Map<String>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Assessment resource produces the following output properties:

Arn string: Amazon Resource Name (ARN) of the assessment.
Id string: The provider-assigned unique ID for this managed resource.
RolesAlls List<AssessmentRolesAll>: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Status string: Status of the assessment. Valid values are ACTIVE and INACTIVE.
TagsAll Dictionary<string, string>: Deprecated: Please use tags instead.

Arn string: Amazon Resource Name (ARN) of the assessment.
Id string: The provider-assigned unique ID for this managed resource.
RolesAlls []AssessmentRolesAll: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
Status string: Status of the assessment. Valid values are ACTIVE and INACTIVE.
TagsAll map[string]string: Deprecated: Please use tags instead.

arn String: Amazon Resource Name (ARN) of the assessment.
id String: The provider-assigned unique ID for this managed resource.
rolesAlls List<AssessmentRolesAll>: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status String: Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll Map<String,String>: Deprecated: Please use tags instead.

arn string: Amazon Resource Name (ARN) of the assessment.
id string: The provider-assigned unique ID for this managed resource.
rolesAlls AssessmentRolesAll[]: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status string: Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll {[key: string]: string}: Deprecated: Please use tags instead.

arn str: Amazon Resource Name (ARN) of the assessment.
id str: The provider-assigned unique ID for this managed resource.
roles_alls Sequence[AssessmentRolesAll]: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status str: Status of the assessment. Valid values are ACTIVE and INACTIVE.
tags_all Mapping[str, str]: Deprecated: Please use tags instead.

arn String: Amazon Resource Name (ARN) of the assessment.
id String: The provider-assigned unique ID for this managed resource.
rolesAlls List<Property Map>: Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.
status String: Status of the assessment. Valid values are ACTIVE and INACTIVE.
tagsAll Map<String>: Deprecated: Please use tags instead.

Look up Existing Assessment Resource

Get an existing Assessment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AssessmentState, opts?: CustomResourceOptions): Assessment

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        assessment_reports_destination: Optional[AssessmentAssessmentReportsDestinationArgs] = None,
        description: Optional[str] = None,
        framework_id: Optional[str] = None,
        name: Optional[str] = None,
        roles: Optional[Sequence[AssessmentRoleArgs]] = None,
        roles_alls: Optional[Sequence[AssessmentRolesAllArgs]] = None,
        scope: Optional[AssessmentScopeArgs] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Assessment

func GetAssessment(ctx *Context, name string, id IDInput, state *AssessmentState, opts ...ResourceOption) (*Assessment, error)

public static Assessment Get(string name, Input<string> id, AssessmentState? state, CustomResourceOptions? opts = null)

public static Assessment get(String name, Output<String> id, AssessmentState state, CustomResourceOptions options)

resources:  _:    type: aws:auditmanager:Assessment    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

Amazon Resource Name (ARN) of the assessment.

AssessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

Description string

Description of the assessment.

FrameworkId string

Unique identifier of the framework the assessment will be created from.

Name string

Name of the assessment.

Roles List<AssessmentRole>

List of roles for the assessment. See roles below.

RolesAlls List<AssessmentRolesAll>

Complete list of all roles with access to the assessment. This includes both roles explicitly configured via the roles block, and any roles which have access to all Audit Manager assessments by default.

Scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Status string

Status of the assessment. Valid values are ACTIVE and INACTIVE.

Tags Dictionary<string, string>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Deprecated: Please use tags instead.

Arn string

Amazon Resource Name (ARN) of the assessment.

AssessmentReportsDestination AssessmentAssessmentReportsDestinationArgs

Assessment report storage destination configuration. See assessment_reports_destination below.

Description string

Description of the assessment.

FrameworkId string

Unique identifier of the framework the assessment will be created from.

Name string

Name of the assessment.

Roles []AssessmentRoleArgs

List of roles for the assessment. See roles below.

RolesAlls []AssessmentRolesAllArgs

Scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

Status string

Status of the assessment. Valid values are ACTIVE and INACTIVE.

Tags map[string]string

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Deprecated: Please use tags instead.

arn String

Amazon Resource Name (ARN) of the assessment.

assessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

description String

Description of the assessment.

frameworkId String

Unique identifier of the framework the assessment will be created from.

name String

Name of the assessment.

roles List<AssessmentRole>

List of roles for the assessment. See roles below.

rolesAlls List<AssessmentRolesAll>

scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status String

Status of the assessment. Valid values are ACTIVE and INACTIVE.

tags Map<String,String>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Deprecated: Please use tags instead.

arn string

Amazon Resource Name (ARN) of the assessment.

assessmentReportsDestination AssessmentAssessmentReportsDestination

Assessment report storage destination configuration. See assessment_reports_destination below.

description string

Description of the assessment.

frameworkId string

Unique identifier of the framework the assessment will be created from.

name string

Name of the assessment.

roles AssessmentRole[]

List of roles for the assessment. See roles below.

rolesAlls AssessmentRolesAll[]

scope AssessmentScope

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status string

Status of the assessment. Valid values are ACTIVE and INACTIVE.

tags {[key: string]: string}

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Deprecated: Please use tags instead.

arn str

Amazon Resource Name (ARN) of the assessment.

assessment_reports_destination AssessmentAssessmentReportsDestinationArgs

Assessment report storage destination configuration. See assessment_reports_destination below.

description str

Description of the assessment.

framework_id str

Unique identifier of the framework the assessment will be created from.

name str

Name of the assessment.

roles Sequence[AssessmentRoleArgs]

List of roles for the assessment. See roles below.

roles_alls Sequence[AssessmentRolesAllArgs]

scope AssessmentScopeArgs

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status str

Status of the assessment. Valid values are ACTIVE and INACTIVE.

tags Mapping[str, str]

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Deprecated: Please use tags instead.

arn String

Amazon Resource Name (ARN) of the assessment.

assessmentReportsDestination Property Map

Assessment report storage destination configuration. See assessment_reports_destination below.

description String

Description of the assessment.

frameworkId String

Unique identifier of the framework the assessment will be created from.

name String

Name of the assessment.

roles List<Property Map>

List of roles for the assessment. See roles below.

rolesAlls List<Property Map>

scope Property Map

Amazon Web Services accounts and services that are in scope for the assessment. See scope below.

The following arguments are optional:

status String

Status of the assessment. Valid values are ACTIVE and INACTIVE.

tags Map<String>

A map of tags to assign to the assessment. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Deprecated: Please use tags instead.

Supporting Types

AssessmentAssessmentReportsDestination, AssessmentAssessmentReportsDestinationArgs

Destination string: Destination of the assessment report. This value be in the form s3://{bucket_name}.
DestinationType string: Destination type. Currently, S3 is the only valid value.

Destination string: Destination of the assessment report. This value be in the form s3://{bucket_name}.
DestinationType string: Destination type. Currently, S3 is the only valid value.

destination String: Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType String: Destination type. Currently, S3 is the only valid value.

destination string: Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType string: Destination type. Currently, S3 is the only valid value.

destination str: Destination of the assessment report. This value be in the form s3://{bucket_name}.
destination_type str: Destination type. Currently, S3 is the only valid value.

destination String: Destination of the assessment report. This value be in the form s3://{bucket_name}.
destinationType String: Destination type. Currently, S3 is the only valid value.

AssessmentRole, AssessmentRoleArgs

RoleArn string: Amazon Resource Name (ARN) of the IAM role.
RoleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

RoleArn string: Amazon Resource Name (ARN) of the IAM role.
RoleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn String: Amazon Resource Name (ARN) of the IAM role.
roleType String: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn string: Amazon Resource Name (ARN) of the IAM role.
roleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

role_arn str: Amazon Resource Name (ARN) of the IAM role.
role_type str: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn String: Amazon Resource Name (ARN) of the IAM role.
roleType String: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

AssessmentRolesAll, AssessmentRolesAllArgs

RoleArn string: Amazon Resource Name (ARN) of the IAM role.
RoleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

RoleArn string: Amazon Resource Name (ARN) of the IAM role.
RoleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn String: Amazon Resource Name (ARN) of the IAM role.
roleType String: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn string: Amazon Resource Name (ARN) of the IAM role.
roleType string: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

role_arn str: Amazon Resource Name (ARN) of the IAM role.
role_type str: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

roleArn String: Amazon Resource Name (ARN) of the IAM role.
roleType String: Type of customer persona. For assessment creation, type must always be PROCESS_OWNER.

AssessmentScope, AssessmentScopeArgs

AwsAccounts List<AssessmentScopeAwsAccount>: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
AwsServices List<AssessmentScopeAwsService>: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

AwsAccounts []AssessmentScopeAwsAccount: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
AwsServices []AssessmentScopeAwsService: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

awsAccounts List<AssessmentScopeAwsAccount>: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices List<AssessmentScopeAwsService>: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

awsAccounts AssessmentScopeAwsAccount[]: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices AssessmentScopeAwsService[]: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

aws_accounts Sequence[AssessmentScopeAwsAccount]: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
aws_services Sequence[AssessmentScopeAwsService]: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

awsAccounts List<Property Map>: Amazon Web Services accounts that are in scope for the assessment. See aws_accounts below.
awsServices List<Property Map>: Amazon Web Services services that are included in the scope of the assessment. See aws_services below.

AssessmentScopeAwsAccount, AssessmentScopeAwsAccountArgs

Id string: Identifier for the Amazon Web Services account.

Id string: Identifier for the Amazon Web Services account.

id String: Identifier for the Amazon Web Services account.

id string: Identifier for the Amazon Web Services account.

id str: Identifier for the Amazon Web Services account.

id String: Identifier for the Amazon Web Services account.

AssessmentScopeAwsService, AssessmentScopeAwsServiceArgs

ServiceName string: Name of the Amazon Web Service.

ServiceName string: Name of the Amazon Web Service.

serviceName String: Name of the Amazon Web Service.

serviceName string: Name of the Amazon Web Service.

service_name str: Name of the Amazon Web Service.

serviceName String: Name of the Amazon Web Service.

Import

Using pulumi import, import Audit Manager Assessments using the assessment id. For example:

$ pulumi import aws:auditmanager/assessment:Assessment example abc123-de45

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.78.0 published on Thursday, Apr 24, 2025 by Pulumi

pulumi/pulumi-aws

aws.auditmanager.Assessment

On this page

On this page

Example Usage

Basic Usage

Create Assessment Resource

Constructor syntax

Parameters

Constructor example

Assessment Resource Properties

Inputs

Outputs

Look up Existing Assessment Resource

Supporting Types

AssessmentAssessmentReportsDestination, AssessmentAssessmentReportsDestinationArgs

AssessmentRole, AssessmentRoleArgs

AssessmentRolesAll, AssessmentRolesAllArgs

AssessmentScope, AssessmentScopeArgs

AssessmentScopeAwsAccount, AssessmentScopeAwsAccountArgs

AssessmentScopeAwsService, AssessmentScopeAwsServiceArgs

Import

Package Details

On this page

On this page