06 compliance demo

AWS Audit Manager

In this example, you will create an AWS Audit Manager assessment from the AWS Management Console and by launching a CloudFormation Stack.

Create an Assessment with the Console

1. From your Cloud9 terminal and type: aws s3 mb s3://csoa-6-$(aws sts get-caller-identity --output text --query 'Account').
2. Go to the AWS Audit Manager console.
3. Click the Launch AWS Audit Manager button.
4. Click the Create assessment button.
5. Enter a name in the Assessment name field (e.g. csoa-6-console).
6. Select the csoa-6-ACCOUNTID S3 bucket you created in a previous step.
7. In the Framework section, enter AWS Audit Manager Sample Framework.
8. Click the Next button.
9. From the AWS accounts pane, choose your current AWS account and click Next.
10. From the AWS services pane, select the top checkbox that chooses all AWS services and click Next.
11. From the Audit owners pane, select your user and click Next.
12. From the Review and create pane, review your selections and click the Create assessment button.

The Audit Manager assessment begins. You will need to wait up to 24 hours to view collected evidence.

1. Review the various components in the AWS Audit Manager console.

Provision AWS Audit Manager with CloudFormation

• Audit Manager Assessment

Create an empty JSON file:

mkdir ~/environment/csoa-6
cd ~/environment/csoa-6
touch audit-manager-policy.json

1. If you did not already create an S3 bucket in the previous section, run the following from the command line: aws s3 mb s3://csoa-6-$(aws sts get-caller-identity --output text --query 'Account').
2. Copy the contents from audit-manager-policy.json to your local audit-manager-policy.json file in Cloud9 and save it.
3. Run the following command to create an IAM Role.

aws iam create-role --role-name csoa-6-audit-role --assume-role-policy-document file://audit-manager-policy.json

Create an empty YAML file.

cd ~/environment/csoa-6
touch audit.yml

1. Copy the contents from audit.yml to your local audit.yml file in Cloud9 and save it.
2. Run the command below to launch a CloudFormation stack that generates an Audit Manager assessment.

aws cloudformation create-stack --stack-name csoa-6-auditmanager --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND --disable-rollback --template-body file://audit.yml --region us-east-1

It takes less than 1 minute to launch the stack and the Audit Manager assessment begins. You will need to wait up to 24 hours to view collected evidence. You can visit the Audit Manager console to see the assessment configuration.

View the Source Files

• In your Cloud9 environment, go to the csoa-6 directory and review the audit.yml and audit-manager-policy.json files.

Delete all Resources

Run the command below to delete the resources provisioned in this demo.

aws s3api list-buckets --query 'Buckets[?starts_with(Name, `csoa-6-`) == `true`].[Name]' --output text | xargs -I {} aws s3 rb s3://{} --force

aws iam delete-role --role-name csoa-6-audit-role
aws iam list-instance-profiles-for-role --role-name csoa-cloud9-instance-role
aws iam remove-role-from-instance-profile --instance-profile-name instance-profile-name --role-name csoa-cloud9-instance-role
aws iam delete-role --role-name csoa-cloud9-instance-role
aws auditmanager list-assessments
aws auditmanager delete-assessment --assessment-id ASSESSMENT-ID
aws cloudformation delete-stack --stack-name csoa-6-auditmanager --region us-east-1

1. Go to the Cloud9 console and select the environment you created in Lesson 1 (e.g. #csoa- yourinitials).
2. Click the Delete button.
3. Type Delete in the text box and click the Delete button. Your environment will be terminated.

Resources

• AWS Audit Manager Simplifies Audit Preparation
• Standardized Architecture for PCI DSS Compliance on AWS
• DevSecOps for auto healing PCI DSS 3.2.1 violations in AWS using custom AWS Config conformance packs, AWS Systems Manager and AWS CodePipeline
• Automate FedRAMP controls in your AWS environment using AWS Config conformance packs