Class: Aws::AuditManager::Types::SourceKeyword
- Inherits:
-
Struct
- Object
- Struct
- Aws::AuditManager::Types::SourceKeyword
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-auditmanager/types.rb
Overview
A keyword that relates to the control data source.
For manual evidence, this keyword indicates if the manual evidence is a file or text.
For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or Amazon Web Services API name.
To learn more about the supported keywords that you can use when mapping a control data source, see the following pages in the *Audit Manager User Guide*:
- Config rules supported by Audit Manager][1
- Security Hub controls supported by Audit Manager][2
- API calls supported by Audit Manager][3
- CloudTrail event names supported by Audit Manager][4
[1]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html [2]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html [3]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html [4]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#keyword_input_type ⇒ String
The input method for the keyword.
-
#keyword_value ⇒ String
The value of the keyword that’s used when mapping a control data source.
Instance Attribute Details
#keyword_input_type ⇒ String
The input method for the keyword.
-
‘SELECT_FROM_LIST` is used when mapping a data source for automated evidence.
-
When ‘keywordInputType` is `SELECT_FROM_LIST`, a keyword must be selected to collect automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
^
-
-
‘UPLOAD_FILE` and `INPUT_TEXT` are only used when mapping a data source for manual evidence.
-
When ‘keywordInputType` is `UPLOAD_FILE`, a file must be uploaded as manual evidence.
-
When ‘keywordInputType` is `INPUT_TEXT`, text must be entered as manual evidence.
-
4376 4377 4378 4379 4380 4381 |
# File 'lib/aws-sdk-auditmanager/types.rb', line 4376 class SourceKeyword < Struct.new( :keyword_input_type, :keyword_value) SENSITIVE = [] include Aws::Structure end |
#keyword_value ⇒ String
The value of the keyword that’s used when mapping a control data source. For example, this can be a CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
If you’re mapping a data source to a rule in Config, the ‘keywordValue` that you specify depends on the type of rule:
-
For [managed rules], you can use the rule identifier as the ‘keywordValue`. You can find the rule identifier from the [list of Config managed rules]. For some rules, the rule identifier is different from the rule name. For example, the rule name `restricted-ssh` has the following rule identifier: `INCOMING_SSH_DISABLED`. Make sure to use the rule identifier, not the rule name.
Keyword example for managed rules:
-
Managed rule name: [s3-bucket-acl-prohibited]
‘keywordValue`: `S3_BUCKET_ACL_PROHIBITED`
-
-
For [custom rules], you form the ‘keywordValue` by adding the `Custom_` prefix to the rule name. This prefix distinguishes the custom rule from a managed rule.
Keyword example for custom rules:
-
Custom rule name: my-custom-config-rule
‘keywordValue`: `Custom_my-custom-config-rule`
-
-
For [service-linked rules], you form the ‘keywordValue` by adding the `Custom_` prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.
Keyword examples for service-linked rules:
-
Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
‘keywordValue`: `Custom_CustomRuleForAccount-conformance-pack`
-
Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
‘keywordValue`: `Custom_OrgConfigRule-s3-bucket-versioning-enabled`
-
The ‘keywordValue` is case sensitive. If you enter a value incorrectly, Audit Manager might not recognize the data source mapping. As a result, you might not successfully collect evidence from that data source as intended.
Keep in mind the following requirements, depending on the data
source type that you’re using.
1. For Config:
* For managed rules, make sure that the `keywordValue` is the
rule identifier in `ALL_CAPS_WITH_UNDERSCORES`. For example,
`CLOUDWATCH_LOG_GROUP_ENCRYPTED`. For accuracy, we recommend
that you reference the list of [supported Config managed
rules][6].
* For custom rules, make sure that the `keywordValue` has the
`Custom_` prefix followed by the custom rule name. The format
of the custom rule name itself may vary. For accuracy, we
recommend that you visit the [Config console][7] to verify
your custom rule name.
-
For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference the list of [supported Security Hub controls].
-
For Amazon Web Services API calls: Make sure that the ‘keywordValue` is written as `serviceprefix_ActionName`. For example, `iam_ListGroups`. For accuracy, we recommend that you reference the list of [supported API calls].
-
For CloudTrail: Make sure that the ‘keywordValue` is written as `serviceprefix_ActionName`. For example, `cloudtrail_StartLogging`. For accuracy, we recommend that you review the Amazon Web Service prefix and action names in the [Service Authorization Reference].
[1]: docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html [2]: docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html [3]: docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html [4]: docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html [5]: docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html [6]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html [7]: console.aws.amazon.com/config/ [8]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html [9]: docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html [10]: docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
4376 4377 4378 4379 4380 4381 |
# File 'lib/aws-sdk-auditmanager/types.rb', line 4376 class SourceKeyword < Struct.new( :keyword_input_type, :keyword_value) SENSITIVE = [] include Aws::Structure end |