steampipe plugin install aws

Table: aws_auditmanager_assessment - Query AWS Audit Manager Assessments using SQL

The AWS Audit Manager Assessment is a feature of AWS Audit Manager that helps you continuously audit your AWS usage to simplify your risk management and compliance. It automates evidence collection to enable you to scale your audit capability as your AWS usage grows. This tool facilitates assessment of the effectiveness of your controls and helps you maintain continuous compliance by managing audits throughout their lifecycle.

Table Usage Guide

The aws_auditmanager_assessment table in Steampipe provides you with information about assessments within AWS Audit Manager. This table allows you, as a DevOps engineer, to query assessment-specific details, including the assessment status, scope, roles, and associated metadata. You can utilize this table to gather insights on assessments, such as assessment status, scope of the assessments, roles associated with the assessments, and more. The schema outlines the various attributes of the AWS Audit Manager assessment for you, including the assessment ID, name, description, status, and associated tags.

Examples

Basic info

Explore which AWS Audit Manager assessments are currently active and what their compliance types are. This can be useful for keeping track of your organization's compliance status and ensuring all assessments are functioning as expected.

select
name,
arn,
status,
compliance_type
from
aws_auditmanager_assessment;
select
name,
arn,
status,
compliance_type
from
aws_auditmanager_assessment;

List assessments with public audit bucket

This query is useful for identifying assessments that are associated with a public audit bucket. This can help in enhancing the security measures by pinpointing potential areas of vulnerability, as public audit buckets can be accessed by anyone.

select
a.name,
a.arn,
a.assessment_report_destination,
a.assessment_report_destination_type,
b.bucket_policy_is_public as is_public_bucket
from
aws_auditmanager_assessment as a
join aws_s3_bucket as b on a.assessment_report_destination = 's3://' || b.Name
and b.bucket_policy_is_public;
select
a.name,
a.arn,
a.assessment_report_destination,
a.assessment_report_destination_type,
b.bucket_policy_is_public as is_public_bucket
from
aws_auditmanager_assessment as a
join aws_s3_bucket as b on a.assessment_report_destination = 's3://' || b.Name
and b.bucket_policy_is_public;

List inactive assessments

Determine the areas in which assessments are not currently active, enabling you to focus resources on those that require attention or action.

select
name,
arn,
status
from
aws_auditmanager_assessment
where
status <> 'ACTIVE';
select
name,
arn,
status
from
aws_auditmanager_assessment
where
status != 'ACTIVE';

Schema for aws_auditmanager_assessment

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) of the assessment.
assessment_report_destinationtextThe destination of the assessment report.
assessment_report_destination_typetextThe destination type, such as Amazon S3.
aws_accountjsonbThe AWS account associated with the assessment.
compliance_typetextThe name of the compliance standard related to the assessment.
creation_timetimestamp with time zoneSpecifies when the assessment was created.
delegationsjsonbThe delegations associated with the assessment.
descriptiontextThe description of the assessment.
frameworkjsonbThe framework from which the assessment was created.
idtext=An unique identifier for the assessment.
last_updatedtimestamp with time zoneThe time of the most recent update.
nametextThe name of the assessment.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
rolesjsonbThe roles associated with the assessment.
scopejsonbThe wrapper of AWS accounts and services in scope for the assessment.
statustextThe current status of the assessment.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_auditmanager_assessment