AUDITMANAGER
AssociateAssessmentReportEvidenceFolder
valid {
input.Body.evidenceFolderId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}BatchAssociateAssessmentReportEvidence
valid {
input.Body.evidenceFolderId == STRING
input.Body.evidenceIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}BatchCreateDelegationByAssessment
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.createDelegationRequests[_].comment == STRING
input.Body.createDelegationRequests[_].controlSetId == STRING
input.Body.createDelegationRequests[_].roleArn == STRING
input.Body.createDelegationRequests[_].roleType == enum_RoleType[_]
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}BatchDeleteDelegationByAssessment
valid {
input.Body.delegationIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}BatchDisassociateAssessmentReportEvidence
valid {
input.Body.evidenceFolderId == STRING
input.Body.evidenceIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}BatchImportEvidenceToAssessmentControl
valid {
input.Body.manualEvidence[_].s3ResourcePath == STRING
input.Body.manualEvidence[_].textResponse == STRING
input.Body.manualEvidence[_].evidenceFileName == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateAssessment
enum_AssessmentReportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.assessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.assessmentReportsDestination.destination == STRING
input.Body.scope.awsAccounts[_].id == STRING
input.Body.scope.awsAccounts[_].emailAddress == STRING
input.Body.scope.awsAccounts[_].name == STRING
input.Body.scope.awsServices[_].serviceName == STRING
input.Body.roles[_].roleType == enum_RoleType[_]
input.Body.roles[_].roleArn == STRING
input.Body.frameworkId == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateAssessmentFramework
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.complianceType == STRING
input.Body.controlSets[_].name == STRING
input.Body.controlSets[_].controls[_].id == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateAssessmentReport
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.queryStatement == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateControl
enum_KeywordInputType := [ "SELECT_FROM_LIST", "UPLOAD_FILE", "INPUT_TEXT" ]
enum_SourceFrequency := [ "DAILY", "WEEKLY", "MONTHLY" ]
enum_SourceSetUpOption := [ "System_Controls_Mapping", "Procedural_Controls_Mapping" ]
enum_SourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL", "Common_Control", "Core_Control" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.testingInformation == STRING
input.Body.actionPlanTitle == STRING
input.Body.actionPlanInstructions == STRING
input.Body.controlMappingSources[_].sourceName == STRING
input.Body.controlMappingSources[_].sourceDescription == STRING
input.Body.controlMappingSources[_].sourceSetUpOption == enum_SourceSetUpOption[_]
input.Body.controlMappingSources[_].sourceType == enum_SourceType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordInputType == enum_KeywordInputType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordValue == STRING
input.Body.controlMappingSources[_].sourceFrequency == enum_SourceFrequency[_]
input.Body.controlMappingSources[_].troubleshootingText == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAssessmentFramework
valid {
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAssessmentFrameworkShare
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.ReqMap.requestId == STRING
input.Qs.requestType == enum_ShareRequestType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAssessmentReport
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.assessmentReportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteControl
valid {
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeregisterAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeregisterOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateAssessmentReportEvidenceFolder
valid {
input.Body.evidenceFolderId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetAccountStatus
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetAssessmentFramework
valid {
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetAssessmentReportUrl
valid {
input.ReqMap.assessmentReportId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetChangeLogs
valid {
input.ReqMap.assessmentId == STRING
input.Qs.controlSetId == STRING
input.Qs.controlId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetControl
valid {
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDelegations
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidence
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.ReqMap.evidenceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidenceByEvidenceFolder
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidenceFileUploadUrl
valid {
input.Qs.fileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidenceFolder
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidenceFoldersByAssessment
valid {
input.ReqMap.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetEvidenceFoldersByAssessmentControl
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetInsights
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetInsightsByAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetOrganizationAdminAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetServicesInScope
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetSettings
enum_SettingAttribute := [ "ALL", "IS_AWS_ORG_ENABLED", "SNS_TOPIC", "DEFAULT_ASSESSMENT_REPORTS_DESTINATION", "DEFAULT_PROCESS_OWNERS", "EVIDENCE_FINDER_ENABLEMENT", "DEREGISTRATION_POLICY", "DEFAULT_EXPORT_DESTINATION" ]
valid {
input.ReqMap.attribute == enum_SettingAttribute[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAssessmentControlInsightsByControlDomain
valid {
input.Qs.controlDomainId == STRING
input.Qs.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAssessmentFrameworkShareRequests
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.Qs.requestType == enum_ShareRequestType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAssessmentFrameworks
enum_FrameworkType := [ "Standard", "Custom" ]
valid {
input.Qs.frameworkType == enum_FrameworkType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAssessmentReports
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAssessments
enum_AssessmentStatus := [ "ACTIVE", "INACTIVE" ]
valid {
input.Qs.status == enum_AssessmentStatus[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListControlDomainInsights
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListControlDomainInsightsByAssessment
valid {
input.Qs.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListControlInsightsByControlDomain
valid {
input.Qs.controlDomainId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListControls
enum_ControlType := [ "Standard", "Custom", "Core" ]
valid {
input.Qs.controlType == enum_ControlType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.Qs.controlCatalogId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListKeywordsForDataSource
enum_DataSourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL" ]
valid {
input.Qs.source == enum_DataSourceType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListNotifications
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RegisterAccount
valid {
input.Body.kmsKey == STRING
input.Body.delegatedAdminAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RegisterOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartAssessmentFrameworkShare
valid {
input.Body.destinationAccount == STRING
input.Body.destinationRegion == STRING
input.Body.comment == STRING
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessment
enum_AssessmentReportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.assessmentName == STRING
input.Body.assessmentDescription == STRING
input.Body.scope.awsAccounts[_].id == STRING
input.Body.scope.awsAccounts[_].emailAddress == STRING
input.Body.scope.awsAccounts[_].name == STRING
input.Body.scope.awsServices[_].serviceName == STRING
input.Body.assessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.assessmentReportsDestination.destination == STRING
input.Body.roles[_].roleType == enum_RoleType[_]
input.Body.roles[_].roleArn == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessmentControl
enum_ControlStatus := [ "UNDER_REVIEW", "REVIEWED", "INACTIVE" ]
valid {
input.Body.controlStatus == enum_ControlStatus[_]
input.Body.commentBody == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessmentControlSetStatus
enum_ControlSetStatus := [ "ACTIVE", "UNDER_REVIEW", "REVIEWED" ]
valid {
input.Body.status == enum_ControlSetStatus[_]
input.Body.comment == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessmentFramework
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.complianceType == STRING
input.Body.controlSets[_].id == STRING
input.Body.controlSets[_].name == STRING
input.Body.controlSets[_].controls[_].id == STRING
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessmentFrameworkShare
enum_ShareRequestAction := [ "ACCEPT", "DECLINE", "REVOKE" ]
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.Body.requestType == enum_ShareRequestType[_]
input.Body.action == enum_ShareRequestAction[_]
input.ReqMap.requestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAssessmentStatus
enum_AssessmentStatus := [ "ACTIVE", "INACTIVE" ]
valid {
input.Body.status == enum_AssessmentStatus[_]
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateControl
enum_KeywordInputType := [ "SELECT_FROM_LIST", "UPLOAD_FILE", "INPUT_TEXT" ]
enum_SourceFrequency := [ "DAILY", "WEEKLY", "MONTHLY" ]
enum_SourceSetUpOption := [ "System_Controls_Mapping", "Procedural_Controls_Mapping" ]
enum_SourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL", "Common_Control", "Core_Control" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.testingInformation == STRING
input.Body.actionPlanTitle == STRING
input.Body.actionPlanInstructions == STRING
input.Body.controlMappingSources[_].sourceId == STRING
input.Body.controlMappingSources[_].sourceName == STRING
input.Body.controlMappingSources[_].sourceDescription == STRING
input.Body.controlMappingSources[_].sourceSetUpOption == enum_SourceSetUpOption[_]
input.Body.controlMappingSources[_].sourceType == enum_SourceType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordInputType == enum_KeywordInputType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordValue == STRING
input.Body.controlMappingSources[_].sourceFrequency == enum_SourceFrequency[_]
input.Body.controlMappingSources[_].troubleshootingText == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateSettings
enum_AssessmentReportDestinationType := [ "S3" ]
enum_DeleteResources := [ "ALL", "DEFAULT" ]
enum_ExportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.snsTopic == STRING
input.Body.defaultAssessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.defaultAssessmentReportsDestination.destination == STRING
input.Body.defaultProcessOwners[_].roleType == enum_RoleType[_]
input.Body.defaultProcessOwners[_].roleArn == STRING
input.Body.kmsKey == STRING
input.Body.evidenceFinderEnabled == BOOLEAN
input.Body.deregistrationPolicy.deleteResources == enum_DeleteResources[_]
input.Body.defaultExportDestination.destinationType == enum_ExportDestinationType[_]
input.Body.defaultExportDestination.destination == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ValidateAssessmentReportIntegrity
valid {
input.Body.s3RelativePath == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 2 days ago