v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
504Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_auditmanager_evidence_folder - Query AWS Audit Manager Evidence Folders using SQL

The AWS Audit Manager Evidence Folders are used to organize and store evidence collected for assessments. This evidence can be automatically collected by AWS Audit Manager or manually uploaded by users. The evidence folders help in managing compliance audits and providing detailed proof of how the data is being handled within the AWS environment.

Table Usage Guide

The aws_auditmanager_evidence_folder table in Steampipe provides you with information about evidence folders within AWS Audit Manager. This table allows you, as a DevOps engineer, to query evidence folder-specific details, including the ID, ARN, name, date created, and associated metadata. You can utilize this table to gather insights on evidence folders, such as the total count of evidence in the folder, the status of the evidence, verification of evidence source, and more. The schema outlines the various attributes of the evidence folder for you, including the evidence folder ID, ARN, creation date, and associated tags.

Examples

Basic info

Explore which evidence folders exist within your AWS Audit Manager to better manage and assess your compliance controls and evidence. This can help you identify areas where you might need to gather additional evidence or focus your auditing efforts.

select
  name,
  id,
  arn,
  assessment_id,
  control_set_id,
  control_id,
  total_evidence
from
  aws_auditmanager_evidence_folder;
select
  name,
  id,
  arn,
  assessment_id,
  control_set_id,
  control_id,
  total_evidence
from
  aws_auditmanager_evidence_folder;

Count the number of evidence folders by assessment ID

Explore how many evidence folders are associated with each assessment in your AWS Audit Manager. This is useful for understanding the volume of evidence collected for each audit, aiding in audit management and review processes.

select
  assessment_id,
  count(id) as evidence_folder_count
from
  aws_auditmanager_evidence_folder
group by
  assessment_id;
select
  assessment_id,
  count(id) as evidence_folder_count
from
  aws_auditmanager_evidence_folder
group by
  assessment_id;

Schema for aws_auditmanager_evidence_folder

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the evidence folder.
assessment_idtext=The identifier for the specified assessment.
assessment_report_selection_countbigintThe total count of evidence included in the assessment report.
authortextThe name of the user who created the evidence folder.
control_idtextThe unique identifier for the specified control.
control_nametextThe name of the control.
control_set_idtext=The identifier for the control set.
data_sourcetextThe AWS service from which the evidence was collected.
datetimestamp with time zoneThe date when the first evidence was added to the evidence folder.
evidence_aws_service_source_countbigintThe total number of AWS resources assessed to generate the evidence.
evidence_by_type_compliance_check_countbigintThe number of evidence that falls under the compliance check category.
evidence_by_type_compliance_check_issues_countbigintThe total number of issues that were reported directly from AWS Security Hub, AWS Config, or both.
evidence_by_type_configuration_data_countbigintThe number of evidence that falls under the configuration data category.
evidence_by_type_manual_countbigintThe number of evidence that falls under the manual category.
evidence_by_type_user_activity_countbigintThe number of evidence that falls under the user activity category.
evidence_resources_included_countbigintThe amount of evidence included in the evidence folder.
idtext=The identifier for the folder in which evidence is stored.
nametextThe name of the specified evidence folder.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
total_evidencebigintThe total amount of evidence in the evidence folder.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_auditmanager_evidence_folder