Welcome!

Like many who work with AWS services, I keep a close eye on the announcements before, during and after re:Invent. One of the announcements that caught my attention from re:Invent 2020 was AWS Audit Manager, announced on December 8th:

AWS Audit Manager helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards.

A little over a week later, CloudFormation support became available for creating Audit Manager Assessments. Here is the announcements list if you are curious:

So, what was I doing?

Just before Christmas 2020, I built a small proof-of-concept to try and learn what Audit Manager was all about. This turned out to be surprisingly difficult; with incomplete support and bugs plaguing me. Finally, I got it all working and started writing about my experiences…and then promptly forgot all about it once New Year came around.

Rather than rehashing all the bad, I blew the dust off and gave this post another try (hence the redux in Managed Audit Manager Assessments (MAMA) - Redux).

The Prerequisites

Audit Manager needs to be configured through the AWS Console before you can use it for the first time. I was lucky here, as I documented these steps back before Christmas. Below are the steps for quickly configuring Audit Manager in my sandbox account.

I only deviated away from the default settings to disable encryption. I do not keep Audit Manager running for long and wanted to minimise any potential issues due to incorrect encryption settings. If configuring for production I would fully review each setting before deploying.

  1. Navigate to the Audit Manager console and click Set up AWS Audit Manager. Audit Manager Console showing setup button  
  2. Uncheck Customize encryption settings (advanced) as mentioned above. Audit Manager Settings  
  3. Keep the default settings and click Complete setup. Audit Manager Settings  
  4. Setup is completed successfully: Audit Managed success message

Unleash the Assessment

I have a GitHub project, called MAMA-Demo, if you would like to try out Audit Manager. It contains a CloudFormation template for deploying a demo Assessment and a few supporting resources. The repository contains detailed deployment instructions, with the deployed demo Assessment looking like this:

Demo Assessment

Once the stack is deployed, follow these instructions to generate an Assessment Report.

Contemplation

Wrapping up this post, I am left with mixed emotions around how useful Audit Manager is. I have never been involved in gathering evidence towards demonstrating compliance, so I expected something more ‘grandiose’. The generated Assessment reports are a collection of PDF documents with rudimentary formatting and large blobs of JSON content. The JSON blobs are the reason why I haven’t included screenshots as I’m worried (paranoid even) about leaking sensitive details like my AWS Account Id.

I contrast the above however with how easy (once you know what you are doing 😁) deploying the template is and how much evidence can be collected automatically. With the stereotype of audits being multi-week time sinks, this would ease the collection burden substantially.

As with all things AWS, the services only ever improve over time and so I will be keeping close tabs on how Audit Manager improves.