AWS AUDIT

MANAGER
A SERVICE TO HELP CONTINUOUSLY AUDIT AWS USAGE.
INTRODUCTION TO AWS AUDIT MANAGER

• AWS Audit Manager (AMS SSPS) is a service to help continuously audit AWS
usage.
• Its goal is to streamline the assessment of risk and ensure compliance with
various regulations and industry standards.
• Key function: Automates evidence collection, reducing manual efforts in audit
preparation.
WELCOME TO AWS AUDIT MANAGER

• A continuous auditing tool to manage risk and ensure compliance with varied
standards.
• Reduces manual effort by automating evidence collection.
• Helps in building audit-ready reports more efficiently.
CORE FEATURES OF AUDIT MANAGER

• Automated Evidence Collection: Makes it simpler to verify the effectiveness of

policies, procedures, and activities.
• Audit-Ready Reports: Assists in creating comprehensive reports without
extensive manual intervention.
• Stakeholder Reviews Management: Facilitates the review of controls by
stakeholders during audits.
USING AUDIT MANAGER WITH ORGANIZATIONS

• If integrating Audit Manager into a multi-account landing zone with AWS

Organizations, there are additional prerequisites.
• One must specify the intention to use a delegated administrator account during
the Audit Manager Setup.
• Necessary details include:
• KMS CMK ARN (initial setup)
• Delegated administrator account ID (can be a MALZ application account)
PREBUILT FRAMEWORKS & CUSTOMIZATION

• Frameworks: Predefined structures to automate assessments for specific

compliance standards or regulations.
• Controls: These frameworks contain controls with descriptions and testing
procedures, grouped per the needs of the compliance standard.
• Customization: Users can modify these frameworks and controls to meet unique
internal audit requirements.
CREATING ASSESSMENTS & EVIDENCE
COLLECTION
• Assessments can be derived from any framework.
• On creating an assessment, Audit Manager begins resource assessments automatically.
• Data collected from AWS accounts and defined services is transformed into audit-friendly
evidence.
• This evidence is linked to the relevant controls, showcasing compliance in various areas
such as security and change management.
• Evidence collection is continuous but can be stopped by setting the assessment status to
inactive.
SUMMARY & KEY TAKEAWAYS

• AWS Audit Manager is a powerful tool for streamlining the auditing process.
• It offers both prebuilt frameworks and the flexibility for customization.
• Automates the collection and management of evidence, making the auditing
process more efficient and less error-prone.
AWS AUDIT MANAGER PRICING

-AWS Audit Manager offers a free tier for first-time customers. The free tier will expire in two calendar months after the first
subscription. The free tier offers 35,000 AWS Audit Manager resource assessments per month for two calendar months.

-You pay normal Amazon S3 storage charges to store objects in your bucket, such as getting and putting the assessment
report data in S3. The charges appear in the Amazon S3 portion of your AWS statement. Except as otherwise noted, our
prices are exclusive of applicable taxes and duties, including VAT and applicable sales tax.