AWS Audit Manager

Name: AWS Audit Manager API
Brand: AWS Audit Manager
Availability: InStock

✓ Official Vendor SpecSecurityComplianceapiKey61 EndpointsREST

For Agents

Use the AWS Audit Manager API to automate compliance evidence collection across AWS workloads on AWS, with 61 operations covering the full control-plane lifecycle.

Quickstart

Get started with AWS Audit Manager in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"automate evidence collection for a compliance audit"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with AWS Audit Manager API.

Create assessments scoped to a framework, accounts, and AWS service set

Build custom frameworks and controls when prebuilt ones do not match internal policy

Continuously gather evidence from CloudTrail, AWS Config, Security Hub, and other sources

Delegate control sets to subject-matter experts for review and approval

GET STARTED

Start building with AWS Audit Manager API

Explore with Jentic

View OpenAPI Spec

Use Cases

Patterns agents use AWS Audit Manager API for, with concrete tasks.

★ Continuous SOC 2 evidence collection

Run a continuous SOC 2 Type II assessment by selecting the prebuilt SOC 2 framework, scoping it to the relevant AWS accounts, and letting Audit Manager gather evidence from CloudTrail, AWS Config, and Security Hub against each control. Assessment reports compile the evidence on demand for an external auditor. Initial scoping typically takes one to three days; ongoing collection is automatic.

Create an assessment named 'soc2-prod-2026' from the AWS-prebuilt SOC 2 framework scoped to accounts 111111111111 and 222222222222, owned by the security team.

Custom internal-policy framework

Codify an internal security policy as a custom Audit Manager framework with controls mapped to specific AWS Config rules and CloudTrail event names. Once defined, the framework can be used for repeat assessments quarter after quarter, and Audit Manager replays evidence collection automatically against new accounts joining the scope.

Create a custom framework called 'internal-baseline-v3' containing a control set 'access-controls' with three controls mapped to specific AWS Config rule data sources.

Auditor handover with packaged reports

Generate an assessment report at the end of a compliance period to hand to an external auditor. Audit Manager packages all collected evidence with metadata about each control's data source so the auditor can trace every claim back to its origin event in CloudTrail or AWS Config. Report generation is on demand, typically minutes per assessment.

Generate an assessment report for assessment id 'a-1234' with the description 'Q2 2026 auditor handover'.

AI agent driving compliance reviews through Jentic

A compliance agent can run Audit Manager assessments end-to-end by calling its operations through Jentic. It searches for the evidence-collection intents, loads the schemas for CreateAssessment, BatchImportEvidence, and CreateAssessmentReport, and executes them with scoped credentials, so audit-admin keys never enter its context. The agent compresses periodic compliance work to a single intent.

Search Jentic for 'automate evidence collection for a compliance audit', load the CreateAssessment and CreateAssessmentReport schemas, and execute them for the SOC 2 framework on the production accounts.

Key Endpoints

61 endpoints — aws audit manager automates the collection of evidence for compliance audits across aws workloads.

METHOD

PATH

DESCRIPTION

POST

/assessments

Create an assessment from a framework

POST

/assessmentFrameworks

Create a custom assessment framework

POST

/controls

Create a custom control

POST

/assessments/{assessmentId}/reports

Generate an assessment report

POST

/assessments/{assessmentId}/controlSets/{controlSetId}/controls/{controlId}/evidence

Import evidence for a control

POST

/assessments/{assessmentId}/delegations

Delegate a control set for review

POST

/assessments

Create an assessment from a framework

POST

/assessmentFrameworks

Create a custom assessment framework

POST

/controls

Create a custom control

POST

/assessments/{assessmentId}/reports

Generate an assessment report

POST

/assessments/{assessmentId}/controlSets/{controlSetId}/controls/{controlId}/evidence

Import evidence for a control

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

AWS IAM access keys for AWS Audit Manager are stored encrypted in the Jentic vault. Jentic signs each request with AWS SigV4 at execution time and returns only the API response — raw access keys never enter the agent's context.

Intent-based discovery

Agents express intents like 'automate evidence collection for a compliance audit' and Jentic returns matching AWS Audit Manager operations along with their input schemas, so the agent picks the right call without browsing the AWS service reference.

Time to first call

Direct AWS Audit Manager integration: 2-5 days for IAM scoping, SigV4 wiring, retry logic, and pagination handling. Through Jentic: under 1 hour — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Security Hub findings

Security Hub aggregates findings that Audit Manager treats as evidence for several controls

Use Security Hub alongside Audit Manager when controls require security-finding evidence rather than configuration history.

Complementary

CloudTrail event history

CloudTrail supplies API event evidence that Audit Manager attaches to controls

Use CloudTrail alongside Audit Manager when control evidence depends on AWS API activity history.

Alternative

Threat detection

GuardDuty surfaces threat findings rather than compiling compliance evidence

Choose GuardDuty for active threat detection; choose Audit Manager when the goal is structured compliance assessment.

FAQs

Specific to using AWS Audit Manager API through Jentic.

What authentication does the AWS Audit Manager API use?

The AWS Audit Manager API uses AWS Signature Version 4 (HMAC) request signing with IAM-issued credentials, the same scheme as every AWS service API. Jentic's MAXsystem stores those AWS credentials encrypted in the vault, generates short-lived signed requests at execution time, and never passes raw access keys into the agent's context.

Can I create a soc 2 assessment for my production accounts with the AWS Audit Manager API?

Yes — the AWS Audit Manager API exposes 61 operations including the actions needed for that scenario. Use the operations listed in the key endpoints section as the starting point, then chain calls as needed for your workflow.

What are the rate limits for the AWS Audit Manager API?

AWS applies per-account, per-region request rate limits to the AWS Audit Manager control plane. Specific limits are not encoded in the OpenAPI spec; consult the AWS service quotas console for the AWS Audit Manager entry, and design retries with exponential backoff to absorb throttling responses.

How do I automate evidence collection for a compliance audit through Jentic?

Run pip install jentic, then call client.search('automate evidence collection for a compliance audit') to discover the AWS Audit Manager operations that match. Load the schema for the chosen operation with client.load(...) and execute it with client.execute(...). Jentic handles AWS request signing automatically against the credentials stored in your Jentic vault.

Is the AWS Audit Manager API free to call?

AWS does not charge for control-plane API calls themselves on most AWS Audit Manager operations, but the underlying resources you create or operate (fleets, queries, deployments, and so on) incur usage charges according to the AWS Audit Manager pricing page. Refer to the AWS pricing page for the service to estimate cost.

Which operations should an agent call first when working with the AWS Audit Manager API?

For most workflows, agents should start by listing existing resources to understand the current state, then call the create or update operation that matches the intent. The endpoints listed under Key Endpoints in the catalog give a ranked starting set.