Skip to content
Alchemy
GitHubXDiscord

Assessment

The Assessment resource lets you manage AWS AuditManager Assessments to help you evaluate the compliance of your AWS resources against your organization’s standards and regulations.

Minimal Example

Section titled “Minimal Example”

Create a basic assessment with required properties and a common optional property.

import AWS from "alchemy/aws/control";


const basicAssessment = await AWS.AuditManager.Assessment("basicAssessment", {
  Name: "Quarterly Compliance Assessment",
  Description: "Assessment to evaluate compliance for Q1",
  FrameworkId: "framework-12345",
  Status: "ACTIVE"
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure an assessment with additional properties such as delegations and tags.

const advancedAssessment = await AWS.AuditManager.Assessment("advancedAssessment", {
  Name: "Annual Security Assessment",
  Description: "Comprehensive assessment for annual security audit",
  FrameworkId: "framework-67890",
  Status: "ACTIVE",
  Delegations: [
    {
      Role: "ComplianceOfficer",
      Assignee: "john.doe@example.com"
    }
  ],
  Tags: [
    {
      Key: "Department",
      Value: "Compliance"
    },
    {
      Key: "Project",
      Value: "Audit2023"
    }
  ]
});

Assessment with Reports Destination

Section titled “Assessment with Reports Destination”

Create an assessment that specifies a destination for the assessment reports.

const reportDestinationAssessment = await AWS.AuditManager.Assessment("reportDestinationAssessment", {
  Name: "Monthly Risk Assessment",
  Description: "Monthly assessment to identify risks",
  FrameworkId: "framework-54321",
  Status: "ACTIVE",
  AssessmentReportsDestination: {
    S3Bucket: "audit-reports-bucket",
    S3KeyPrefix: "monthly-risk-reports/"
  }
});

Assessment Scope Configuration

Section titled “Assessment Scope Configuration”

Define the scope of the assessment to focus on specific AWS resources.

const scopedAssessment = await AWS.AuditManager.Assessment("scopedAssessment", {
  Name: "Cloud Security Assessment",
  Description: "Assessment focused on cloud security aspects",
  FrameworkId: "framework-98765",
  Status: "ACTIVE",
  Scope: {
    ComplianceResourceTypes: [
      "AWS::EC2::Instance",
      "AWS::S3::Bucket"
    ]
  }
});