AWS Security & Identity Services

AWS Audit Manager

4 min read
Updated June 23, 2025
4,474 characters

How AWS Audit Manager Works: The Audit Workflow

Audit Manager follows a structured process to take you from a compliance requirement to an audit-ready report.

  1. Select a Framework: You begin by choosing a framework, which is a collection of controls that maps to a specific regulation or standard. Audit Manager provides a library of standard, pre-built frameworks (e.g., for PCI DSS, SOC 2, HIPAA, GDPR) and also allows you to build your own custom frameworks for internal audits.

  2. Create an Assessment: An assessment is a live implementation of a framework. When you create an assessment, you define its scope (which AWS accounts to include) and this officially starts the automated evidence collection process.

  3. Automated Evidence Collection: Once an assessment is active, Audit Manager continuously and automatically collects data from various AWS services and converts it into evidence. Key data sources include:

    • AWS Config: Resource configuration compliance checks.

    • AWS Security Hub: Findings from security checks.

    • AWS CloudTrail: Logs of all user and API activity.

    • AWS License Manager: Data on license usage.

  4. Review and Delegate: Evidence is automatically mapped to the relevant controls within your assessment. You can review this evidence directly in the Audit Manager dashboard. For collaboration, you can delegate a control set (a group of related controls) to a subject matter expert on your team to review, add comments, and approve the evidence.

  5. Generate Audit-Ready Reports: Once the review is complete, Audit Manager generates a final assessment report. This report is a summarized, tamper-evident document that includes links to the detailed evidence files, which are securely stored in an Amazon S3 bucket. This report can be shared directly with your auditors.

Key Concepts & Components

  • Framework: A blueprint for an audit, containing a structured collection of controls. Frameworks can be standard (provided by AWS) or custom (created by you).

  • Control: A specific requirement of a regulation or standard (e.g., "Encrypt sensitive data at rest"). Audit Manager provides a library of standard controls and allows you to create custom controls linked to specific data sources.

  • Assessment: The process of using a framework to actively collect evidence for a defined scope of AWS resources.

  • Evidence: The records that prove a control is implemented correctly. This can be a resource snapshot, a log file, a compliance check result, or manual documentation.

  • Delegation: A workflow feature that allows you to assign a control set to another IAM user for their expert review and sign-off.

  • Assessment Report: The final output of an assessment, which consolidates your findings and evidence into a professional format suitable for auditors.

Core Features & Benefits

  • Automates Evidence Collection: Radically reduces the time and manual effort spent gathering proof for audits.

  • Continuous Audit-Readiness: Shifts compliance from a periodic, stressful event to an ongoing, automated process.

  • Pre-built and Custom Frameworks: Offers the flexibility to meet common industry standards out-of-the-box or to tailor audits to specific internal requirements.

  • Improved Team Collaboration: The delegation workflow ensures that the right experts can review and validate evidence efficiently.

  • Secure & Immutable Evidence: Evidence is collected and stored securely, with mechanisms to ensure its integrity cannot be compromised.

  • Centralized Dashboard: Provides a single place to view the status of active assessments and quickly identify non-compliant controls.

Integrations & Security

  • Data Sources: Integrates seamlessly with AWS Config, Security Hub, CloudTrail, and License Manager.

  • Notifications: Uses Amazon SNS to send notifications for key events, such as when a control set is delegated.

  • Security: Leverages AWS IAM for access control and AWS KMS to encrypt all collected evidence and report data.

Pricing

  • Audit Manager is priced based on the number of resource assessments performed per AWS account, per region. A resource assessment is the evaluation of one resource against one control.

  • There are additional standard charges for the storage of assessment reports in Amazon S3.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All