Lalit's Cloud & DevOps notes

Audit Manager

3 min read

AWS Audit Manager — A service that helps you continuously audit your AWS usage to simplify how you manage risk and compliance.

Overview

Audit Manager automates evidence collection and compliance assessments, making it easier to prove your compliance with frameworks like SOC 2, PCI DSS, HIPAA, and more.

Key Insight: Audit Manager automates the tedious work of compliance — collecting evidence, mapping controls, and generating audit reports — saving hundreds of hours during audits.

Core Audit Manager Concepts

ConceptDescriptionKey Point
FrameworkCompliance standard (SOC 2, PCI DSS, etc.)Pre-built or custom
ControlSpecific compliance requirementMapped to AWS Config rules
EvidenceProof of complianceAuto-collected from AWS services
AssessmentOngoing compliance evaluationTracks compliance over time
Control SetCollection of controlsGrouped by framework

How Audit Manager Works

flowchart TD
    F["Select Framework<br/>SOC 2 / PCI DSS / HIPAA / Custom"]
    A["Create Assessment in AWS Audit Manager"]
    M["Map Controls to Data Sources<br/>AWS Config, CloudTrail, Security Hub"]
    E["Automated Evidence Collection"]
    R["Control Review and Compliance Evaluation"]
    G["Generate Audit-Ready Reports"]
    S["Evidence Store<br/>(S3 encrypted)"]

    F --> A --> M --> E --> R --> G
    E --> S
    R -. Ongoing updates .-> E

Pre-Built Frameworks

FrameworkDescription
SOC 2Service Organization Control 2
PCI DSSPayment Card Industry Data Security Standard
HIPAAHealth Insurance Portability and Accountability Act
AWS Control TowerAWS multi-account best practices
CIS AWS FoundationsCenter for Internet Security benchmarks
ISO 27001Information security management

Key Features

FeatureDescription
Pre-Built FrameworksReady-to-use compliance frameworks
Custom FrameworksBuild your own compliance requirements
Automated Evidence CollectionGathers evidence from Config, CloudTrail, etc.
Continuous MonitoringReal-time compliance status
Workflow IntegrationDelegation, evidence request, review
Report GenerationExport audit-ready PDF reports

Control Mapping

Controls are mapped to AWS Config rules for automated evidence collection.

ControlConfig RuleEvidence Collected
”S3 buckets encrypted”s3-bucket-server-side-encryption-enabledConfiguration of S3 encryption
”EC2 instances in VPC”ec2-instance-in-vpcVPC configuration
”IAM password policy”iam-password-policyIAM password policy settings

Use Cases

Use CaseDescription
Compliance AuditsStreamline SOC 2, PCI DSS, HIPAA audits
Risk ManagementContinuously assess compliance posture
Evidence CollectionAutomate tedious evidence gathering
Internal ControlsEnforce internal security policies
Multi-Account ComplianceAggregate evidence across organization

Pricing

ComponentPriceFree Tier
Audit ManagerAvailable through AWS Support plansVaries
Data StorageStandard S3 pricing for evidence storageS3 free tier applies

⚠️ Pricing Disclaimer: AWS pricing is subject to change. Check with AWS Support for specific pricing details.

Audit Manager vs Other Compliance Tools

ToolFocusComplementarity
Audit ManagerYour compliance evidenceProves YOU are compliant
AWS ArtifactAWS compliance documentsProves AWS is compliant
ConfigConfiguration trackingProvides raw data to Audit Manager
Security HubSecurity findingsFeeds into Audit Manager controls

TL;DR

  • AWS Audit Manager = Automated compliance evidence collection and reporting
  • Frameworks = Pre-built (SOC 2, PCI DSS, HIPAA) or custom
  • Controls = Mapped to AWS Config rules for automated evidence
  • Evidence = Auto-collected from Config, CloudTrail, Security Hub
  • Benefits = Streamline audits, continuous compliance, automated reports
  • Pricing = Available through AWS Support plans
  • Complementary = Use with Artifact (Audit Manager = You; Artifact = AWS)

Resources

AWS Audit Manager Documentation Complete Audit Manager user guide.

Audit Manager Frameworks | List of pre-built frameworks.

Getting Started with Audit Manager Setup and configuration guide.

Graph View

Backlinks