AUDITMANAGER
AssociateAssessmentReportEvidenceFolder
valid {
input.Body.evidenceFolderId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchAssociateAssessmentReportEvidence
valid {
input.Body.evidenceFolderId == STRING
input.Body.evidenceIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchCreateDelegationByAssessment
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.createDelegationRequests[_].comment == STRING
input.Body.createDelegationRequests[_].controlSetId == STRING
input.Body.createDelegationRequests[_].roleArn == STRING
input.Body.createDelegationRequests[_].roleType == enum_RoleType[_]
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchDeleteDelegationByAssessment
valid {
input.Body.delegationIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchDisassociateAssessmentReportEvidence
valid {
input.Body.evidenceFolderId == STRING
input.Body.evidenceIds[_] == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchImportEvidenceToAssessmentControl
valid {
input.Body.manualEvidence[_].s3ResourcePath == STRING
input.Body.manualEvidence[_].textResponse == STRING
input.Body.manualEvidence[_].evidenceFileName == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAssessment
enum_AssessmentReportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.assessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.assessmentReportsDestination.destination == STRING
input.Body.scope.awsAccounts[_].id == STRING
input.Body.scope.awsAccounts[_].emailAddress == STRING
input.Body.scope.awsAccounts[_].name == STRING
input.Body.scope.awsServices[_].serviceName == STRING
input.Body.roles[_].roleType == enum_RoleType[_]
input.Body.roles[_].roleArn == STRING
input.Body.frameworkId == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAssessmentFramework
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.complianceType == STRING
input.Body.controlSets[_].name == STRING
input.Body.controlSets[_].controls[_].id == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateAssessmentReport
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.queryStatement == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateControl
enum_KeywordInputType := [ "SELECT_FROM_LIST", "UPLOAD_FILE", "INPUT_TEXT" ]
enum_SourceFrequency := [ "DAILY", "WEEKLY", "MONTHLY" ]
enum_SourceSetUpOption := [ "System_Controls_Mapping", "Procedural_Controls_Mapping" ]
enum_SourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL", "Common_Control", "Core_Control" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.testingInformation == STRING
input.Body.actionPlanTitle == STRING
input.Body.actionPlanInstructions == STRING
input.Body.controlMappingSources[_].sourceName == STRING
input.Body.controlMappingSources[_].sourceDescription == STRING
input.Body.controlMappingSources[_].sourceSetUpOption == enum_SourceSetUpOption[_]
input.Body.controlMappingSources[_].sourceType == enum_SourceType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordInputType == enum_KeywordInputType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordValue == STRING
input.Body.controlMappingSources[_].sourceFrequency == enum_SourceFrequency[_]
input.Body.controlMappingSources[_].troubleshootingText == STRING
input.Body.tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAssessmentFramework
valid {
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAssessmentFrameworkShare
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.ReqMap.requestId == STRING
input.Qs.requestType == enum_ShareRequestType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAssessmentReport
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.assessmentReportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteControl
valid {
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeregisterAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeregisterOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateAssessmentReportEvidenceFolder
valid {
input.Body.evidenceFolderId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAccountStatus
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAssessmentFramework
valid {
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAssessmentReportUrl
valid {
input.ReqMap.assessmentReportId == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetChangeLogs
valid {
input.ReqMap.assessmentId == STRING
input.Qs.controlSetId == STRING
input.Qs.controlId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetControl
valid {
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDelegations
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidence
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.ReqMap.evidenceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidenceByEvidenceFolder
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidenceFileUploadUrl
valid {
input.Qs.fileName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidenceFolder
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.evidenceFolderId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidenceFoldersByAssessment
valid {
input.ReqMap.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetEvidenceFoldersByAssessmentControl
valid {
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInsights
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetInsightsByAssessment
valid {
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetOrganizationAdminAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetServicesInScope
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSettings
enum_SettingAttribute := [ "ALL", "IS_AWS_ORG_ENABLED", "SNS_TOPIC", "DEFAULT_ASSESSMENT_REPORTS_DESTINATION", "DEFAULT_PROCESS_OWNERS", "EVIDENCE_FINDER_ENABLEMENT", "DEREGISTRATION_POLICY", "DEFAULT_EXPORT_DESTINATION" ]
valid {
input.ReqMap.attribute == enum_SettingAttribute[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAssessmentControlInsightsByControlDomain
valid {
input.Qs.controlDomainId == STRING
input.Qs.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAssessmentFrameworkShareRequests
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.Qs.requestType == enum_ShareRequestType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAssessmentFrameworks
enum_FrameworkType := [ "Standard", "Custom" ]
valid {
input.Qs.frameworkType == enum_FrameworkType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAssessmentReports
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAssessments
enum_AssessmentStatus := [ "ACTIVE", "INACTIVE" ]
valid {
input.Qs.status == enum_AssessmentStatus[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListControlDomainInsights
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListControlDomainInsightsByAssessment
valid {
input.Qs.assessmentId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListControlInsightsByControlDomain
valid {
input.Qs.controlDomainId == STRING
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListControls
enum_ControlType := [ "Standard", "Custom", "Core" ]
valid {
input.Qs.controlType == enum_ControlType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.Qs.controlCatalogId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListKeywordsForDataSource
enum_DataSourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL" ]
valid {
input.Qs.source == enum_DataSourceType[_]
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListNotifications
valid {
input.Qs.nextToken == STRING
input.Qs.maxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RegisterAccount
valid {
input.Body.kmsKey == STRING
input.Body.delegatedAdminAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RegisterOrganizationAdminAccount
valid {
input.Body.adminAccountId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartAssessmentFrameworkShare
valid {
input.Body.destinationAccount == STRING
input.Body.destinationRegion == STRING
input.Body.comment == STRING
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.tags.STRING == STRING
input.ReqMap.resourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.ReqMap.resourceArn == STRING
input.Qs.tagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessment
enum_AssessmentReportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.assessmentName == STRING
input.Body.assessmentDescription == STRING
input.Body.scope.awsAccounts[_].id == STRING
input.Body.scope.awsAccounts[_].emailAddress == STRING
input.Body.scope.awsAccounts[_].name == STRING
input.Body.scope.awsServices[_].serviceName == STRING
input.Body.assessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.assessmentReportsDestination.destination == STRING
input.Body.roles[_].roleType == enum_RoleType[_]
input.Body.roles[_].roleArn == STRING
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessmentControl
enum_ControlStatus := [ "UNDER_REVIEW", "REVIEWED", "INACTIVE" ]
valid {
input.Body.controlStatus == enum_ControlStatus[_]
input.Body.commentBody == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessmentControlSetStatus
enum_ControlSetStatus := [ "ACTIVE", "UNDER_REVIEW", "REVIEWED" ]
valid {
input.Body.status == enum_ControlSetStatus[_]
input.Body.comment == STRING
input.ReqMap.assessmentId == STRING
input.ReqMap.controlSetId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessmentFramework
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.complianceType == STRING
input.Body.controlSets[_].id == STRING
input.Body.controlSets[_].name == STRING
input.Body.controlSets[_].controls[_].id == STRING
input.ReqMap.frameworkId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessmentFrameworkShare
enum_ShareRequestAction := [ "ACCEPT", "DECLINE", "REVOKE" ]
enum_ShareRequestType := [ "SENT", "RECEIVED" ]
valid {
input.Body.requestType == enum_ShareRequestType[_]
input.Body.action == enum_ShareRequestAction[_]
input.ReqMap.requestId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAssessmentStatus
enum_AssessmentStatus := [ "ACTIVE", "INACTIVE" ]
valid {
input.Body.status == enum_AssessmentStatus[_]
input.ReqMap.assessmentId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateControl
enum_KeywordInputType := [ "SELECT_FROM_LIST", "UPLOAD_FILE", "INPUT_TEXT" ]
enum_SourceFrequency := [ "DAILY", "WEEKLY", "MONTHLY" ]
enum_SourceSetUpOption := [ "System_Controls_Mapping", "Procedural_Controls_Mapping" ]
enum_SourceType := [ "AWS_Cloudtrail", "AWS_Config", "AWS_Security_Hub", "AWS_API_Call", "MANUAL", "Common_Control", "Core_Control" ]
valid {
input.Body.name == STRING
input.Body.description == STRING
input.Body.testingInformation == STRING
input.Body.actionPlanTitle == STRING
input.Body.actionPlanInstructions == STRING
input.Body.controlMappingSources[_].sourceId == STRING
input.Body.controlMappingSources[_].sourceName == STRING
input.Body.controlMappingSources[_].sourceDescription == STRING
input.Body.controlMappingSources[_].sourceSetUpOption == enum_SourceSetUpOption[_]
input.Body.controlMappingSources[_].sourceType == enum_SourceType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordInputType == enum_KeywordInputType[_]
input.Body.controlMappingSources[_].sourceKeyword.keywordValue == STRING
input.Body.controlMappingSources[_].sourceFrequency == enum_SourceFrequency[_]
input.Body.controlMappingSources[_].troubleshootingText == STRING
input.ReqMap.controlId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSettings
enum_AssessmentReportDestinationType := [ "S3" ]
enum_DeleteResources := [ "ALL", "DEFAULT" ]
enum_ExportDestinationType := [ "S3" ]
enum_RoleType := [ "PROCESS_OWNER", "RESOURCE_OWNER" ]
valid {
input.Body.snsTopic == STRING
input.Body.defaultAssessmentReportsDestination.destinationType == enum_AssessmentReportDestinationType[_]
input.Body.defaultAssessmentReportsDestination.destination == STRING
input.Body.defaultProcessOwners[_].roleType == enum_RoleType[_]
input.Body.defaultProcessOwners[_].roleArn == STRING
input.Body.kmsKey == STRING
input.Body.evidenceFinderEnabled == BOOLEAN
input.Body.deregistrationPolicy.deleteResources == enum_DeleteResources[_]
input.Body.defaultExportDestination.destinationType == enum_ExportDestinationType[_]
input.Body.defaultExportDestination.destination == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ValidateAssessmentReportIntegrity
valid {
input.Body.s3RelativePath == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago