Add AWS Audit Manager support

[YakDriver]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. Audit Manager automates evidence collection to reduce the “all hands on deck” manual effort that often happens for audits and enable you to scale your audit capability in the cloud as your business grows. With Audit Manager, it is easy to assess if your policies, procedures, and activities – also known as controls – are operating effectively. When it is time for an audit, AWS Audit Manager helps you manage stakeholder reviews of your controls and enables you to build audit-ready reports with much less manual effort.

AWS Audit Manager’s prebuilt frameworks help translate evidence from cloud services into auditor-friendly reports by mapping your AWS resources to the requirements in industry standards or regulations, such as CIS AWS Foundations Benchmark, the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS). You can also fully customize a framework and its controls for your unique business requirements. Based on the framework you select, Audit Manager launches an assessment that continuously collects and organizes relevant evidence from your AWS accounts and resources, such as resource configuration snapshots, user activity, and compliance check results.

You can get started quickly in the AWS Management Console. Just select a prebuilt framework to launch an assessment and begin automatically collecting and organizing evidence.

New or Affected Resource(s)

May require several new resources and data sources.

Definition of Done for This Issue

• Add Audit Manager service client New Service Client: Audit Manager #18071 auditmanager: Use v2 AWS SDK #27818
• Add Audit Manager resources
  • aws_auditmanager_control New Resource: aws_auditmanager_control #27857
  • aws_auditmanager_framework New Resource: aws_auditmanager_framework #28257
  • aws_auditmanager_framework_share New Resource: aws_auditmanager_framework_share #29049
  • aws_auditmanager_assessment New Resource aws_auditmanager_assessment #28643
  • aws_auditmanager_assessment_report New Resource aws_auditmanager_assessment_report #28663
  • aws_auditmanager_assessment_delegation New Resource: aws_auditmanager_assessment_delegation #29099
  • aws_auditmanager_account_registration New Resource: aws_auditmanager_account_registration #28314
  • aws_auditmanager_organization_admin_account_registration New Resource: aws_auditmanager_organization_admin_account_registration #29018
• Add Audit Manager data sources
  • aws_auditmanager_control New Data Source: aws_auditmanager_control #28967
  • aws_auditmanager_framework New Data Source: aws_auditmanager_framework #28989

References

• https://aws.amazon.com/audit-manager/
• https://docs.aws.amazon.com/sdk-for-go/api/service/auditmanager/

[drarnold]

Heyo @YakDriver & @breathingdust
I was going to work on a Pull Request to handle Add Initial Audit Manager Resource portion of this issue. I won't promise that I'll get something out, but I am going to give it my best effort. I'll reach out if I can't get it done.

Thanks!

[michal-kosinski]

Hello @drarnold any updates on this one? Thank you!

[drarnold]

Hey @michal-kosinski
I was re-allocated to different projects and won't be able to contribute to this issue in the foreseeable future. Maybe someone else could take an attempt at getting this implemented, that would be awesome.

Thanks

[adv4000]

2nd June 2022, still not update :(

[adv4000]

Some workaround to enable Audit Manager and Delegate Admin to another account:

# Enable Audit Manager on ROOT/Management account
resource "null_resource" "enable_on_mgmt" {
  provisioner "local-exec" {
    command = "aws auditmanager register-account"
  }
}

# Delegate Audit Manager Admin to account 77777777777
resource "null_resource" "delegata_to_admin" {
  provisioner "local-exec" {
    command = "aws auditmanager register-organization-admin-account --admin-account-id 77777777777"
  }
  depends_on = [null_resource.enable_on_mgmt]
}

[jar-b]

All planned resources and data sources have now been implemented.

Please open a new issue for any feature requests, bugs, or additional resources/data sources as new API's become available.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.