steampipe plugin install aws

Table: aws_auditmanager_evidence - Query AWS Audit Manager Evidence using SQL

The AWS Audit Manager Evidence is a component of AWS Audit Manager service that automates the collection and organization of evidence for audits. It simplifies the process of gathering necessary documents to demonstrate to auditors that your controls are operating effectively. This resource assists in continuously auditing your AWS usage to simplify risk assessment and compliance with regulations and industry standards.

Table Usage Guide

The aws_auditmanager_evidence table in Steampipe provides you with information about evidence resources within AWS Audit Manager. This table allows you, as a DevOps engineer, to query evidence-specific details, including the source, collection method, and associated metadata. You can utilize this table to gather insights on evidence, such as the evidence state, evidence by type, and the AWS resource from which the evidence was collected. The schema outlines the various attributes of the evidence for you, including the evidence id, assessment id, control set id, evidence folder id, and associated tags.

Examples

Basic info

Explore the various pieces of evidence collected in AWS Audit Manager to understand their association with different control sets and IAM identities. This can help in assessing the compliance status of your AWS resources and identifying areas that may need attention.

select
id,
arn,
evidence_folder_id,
evidence_by_type,
iam_id,
control_set_id
from
aws_auditmanager_evidence;
select
id,
arn,
evidence_folder_id,
evidence_by_type,
iam_id,
control_set_id
from
aws_auditmanager_evidence;

Get evidence count by evidence folder

Analyze the distribution of evidence across different folders in AWS Audit Manager to understand the workload and prioritize accordingly. This can help in efficiently managing and reviewing the collected evidence.

select
evidence_folder_id,
count(id) as evidence_count
from
aws_auditmanager_evidence
group by
evidence_folder_id;
select
evidence_folder_id,
count(id) as evidence_count
from
aws_auditmanager_evidence
group by
evidence_folder_id;

Schema for aws_auditmanager_evidence

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the evidence.
assessment_idtext=An unique identifier for the assessment.
assessment_report_selectiontextSpecifies whether the evidence is included in the assessment report.
attributesjsonbThe names and values used by the evidence event
aws_account_idtextThe identifier for the specified AWS account.
aws_organizationtextThe AWS account from which the evidence is collected, and its AWS organization path.
compliance_checktextThe evaluation status for evidence that falls under the compliance check category.
control_set_idtext=The identifier for the control set.
data_sourcetextThe data source from which the specified evidence was collected.
event_nametextThe name of the specified evidence event.
event_sourcetextThe AWS service from which the evidence is collected.
evidence_aws_account_idtextThe identifier for the specified AWS account.
evidence_by_typetextThe type of automated evidence.
evidence_folder_idtext=The identifier for the folder in which the evidence is stored.
iam_idtextThe unique identifier for the IAM user or role associated with the evidence.
idtext=The identifier for the evidence.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
resources_includedjsonbThe list of resources assessed to generate the evidence.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
timetimestamp with time zoneThe timestamp that represents when the evidence was collected.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_auditmanager_evidence