// Code generated by smithy-go-codegen DO NOT EDIT.

package types

import (
	smithydocument "github.com/aws/smithy-go/document"
	"time"
)

// An entity that defines the scope of audit evidence collected by Audit Manager.
// An Audit Manager assessment is an implementation of an Audit Manager framework.
type Assessment struct {

	// The Amazon Resource Name (ARN) of the assessment.
	Arn *string

	// The Amazon Web Services account that's associated with the assessment.
	AwsAccount *AWSAccount

	// The framework that the assessment was created from.
	Framework *AssessmentFramework

	// The metadata for the assessment.
	Metadata *AssessmentMetadata

	// The tags that are associated with the assessment.
	Tags map[string]string

	noSmithyDocumentSerde
}

// The control entity that represents a standard control or a custom control in an
// Audit Manager assessment.
type AssessmentControl struct {

	// The amount of evidence in the assessment report.
	AssessmentReportEvidenceCount int32

	// The list of comments that's attached to the control.
	Comments []ControlComment

	// The description of the control.
	Description *string

	// The amount of evidence that's collected for the control.
	EvidenceCount int32

	// The list of data sources for the evidence.
	EvidenceSources []string

	// The identifier for the control.
	Id *string

	// The name of the control.
	Name *string

	// The response of the control.
	Response ControlResponse

	// The status of the control.
	Status ControlStatus

	noSmithyDocumentSerde
}

// Represents a set of controls in an Audit Manager assessment.
type AssessmentControlSet struct {

	// The list of controls that's contained with the control set.
	Controls []AssessmentControl

	// The delegations that are associated with the control set.
	Delegations []Delegation

	// The description for the control set.
	Description *string

	// The identifier of the control set in the assessment. This is the control set
	// name in a plain string format.
	Id *string

	// The total number of evidence objects that are uploaded manually to the control
	// set.
	ManualEvidenceCount int32

	// The roles that are associated with the control set.
	Roles []Role

	// The current status of the control set.
	Status ControlSetStatus

	// The total number of evidence objects that are retrieved automatically for the
	// control set.
	SystemEvidenceCount int32

	noSmithyDocumentSerde
}

// The folder where Audit Manager stores evidence for an assessment.
type AssessmentEvidenceFolder struct {

	// The identifier for the assessment.
	AssessmentId *string

	// The total count of evidence that's included in the assessment report.
	AssessmentReportSelectionCount int32

	// The name of the user who created the evidence folder.
	Author *string

	// The unique identifier for the control.
	ControlId *string

	// The name of the control.
	ControlName *string

	// The identifier for the control set.
	ControlSetId *string

	// The Amazon Web Service that the evidence was collected from.
	DataSource *string

	// The date when the first evidence was added to the evidence folder.
	Date *time.Time

	// The total number of Amazon Web Services resources that were assessed to
	// generate the evidence.
	EvidenceAwsServiceSourceCount int32

	// The number of evidence that falls under the compliance check category. This
	// evidence is collected from Config or Security Hub.
	EvidenceByTypeComplianceCheckCount int32

	// The total number of issues that were reported directly from Security Hub,
	// Config, or both.
	EvidenceByTypeComplianceCheckIssuesCount int32

	// The number of evidence that falls under the configuration data category. This
	// evidence is collected from configuration snapshots of other Amazon Web Services
	// such as Amazon EC2, Amazon S3, or IAM.
	EvidenceByTypeConfigurationDataCount int32

	// The number of evidence that falls under the manual category. This evidence is
	// imported manually.
	EvidenceByTypeManualCount int32

	// The number of evidence that falls under the user activity category. This
	// evidence is collected from CloudTrail logs.
	EvidenceByTypeUserActivityCount int32

	// The amount of evidence that's included in the evidence folder.
	EvidenceResourcesIncludedCount int32

	// The identifier for the folder that the evidence is stored in.
	Id *string

	// The name of the evidence folder.
	Name *string

	// The total amount of evidence in the evidence folder.
	TotalEvidence int32

	noSmithyDocumentSerde
}

// The file used to structure and automate Audit Manager assessments for a given
// compliance standard.
type AssessmentFramework struct {

	// The Amazon Resource Name (ARN) of the framework.
	Arn *string

	// The control sets that are associated with the framework.
	ControlSets []AssessmentControlSet

	// The unique identifier for the framework.
	Id *string

	// The metadata of a framework, such as the name, ID, or description.
	Metadata *FrameworkMetadata

	noSmithyDocumentSerde
}

// The metadata that's associated with a standard framework or a custom framework.
type AssessmentFrameworkMetadata struct {

	// The Amazon Resource Name (ARN) of the framework.
	Arn *string

	// The compliance type that the new custom framework supports, such as CIS or
	// HIPAA.
	ComplianceType *string

	// The number of control sets that are associated with the framework.
	ControlSetsCount int32

	// The number of controls that are associated with the framework.
	ControlsCount int32

	// The time when the framework was created.
	CreatedAt *time.Time

	// The description of the framework.
	Description *string

	// The unique identifier for the framework.
	Id *string

	// The time when the framework was most recently updated.
	LastUpdatedAt *time.Time

	// The logo that's associated with the framework.
	Logo *string

	// The name of the framework.
	Name *string

	// The framework type, such as a standard framework or a custom framework.
	Type FrameworkType

	noSmithyDocumentSerde
}

// Represents a share request for a custom framework in Audit Manager.
type AssessmentFrameworkShareRequest struct {

	// An optional comment from the sender about the share request.
	Comment *string

	// The compliance type that the shared custom framework supports, such as CIS or
	// HIPAA.
	ComplianceType *string

	// The time when the share request was created.
	CreationTime *time.Time

	// The number of custom controls that are part of the shared custom framework.
	CustomControlsCount *int32

	// The Amazon Web Services account of the recipient.
	DestinationAccount *string

	// The Amazon Web Services Region of the recipient.
	DestinationRegion *string

	// The time when the share request expires.
	ExpirationTime *time.Time

	// The description of the shared custom framework.
	FrameworkDescription *string

	// The unique identifier for the shared custom framework.
	FrameworkId *string

	// The name of the custom framework that the share request is for.
	FrameworkName *string

	// The unique identifier for the share request.
	Id *string

	// Specifies when the share request was last updated.
	LastUpdated *time.Time

	// The Amazon Web Services account of the sender.
	SourceAccount *string

	// The number of standard controls that are part of the shared custom framework.
	StandardControlsCount *int32

	// The status of the share request.
	Status ShareRequestStatus

	noSmithyDocumentSerde
}

// The metadata that's associated with the specified assessment.
type AssessmentMetadata struct {

	// The destination that evidence reports are stored in for the assessment.
	AssessmentReportsDestination *AssessmentReportsDestination

	// The name of the compliance standard that's related to the assessment, such as
	// PCI-DSS.
	ComplianceType *string

	// Specifies when the assessment was created.
	CreationTime *time.Time

	// The delegations that are associated with the assessment.
	Delegations []Delegation

	// The description of the assessment.
	Description *string

	// The unique identifier for the assessment.
	Id *string

	// The time of the most recent update.
	LastUpdated *time.Time

	// The name of the assessment.
	Name *string

	// The roles that are associated with the assessment.
	Roles []Role

	// The wrapper of Amazon Web Services accounts and services that are in scope for
	// the assessment.
	Scope *Scope

	// The overall status of the assessment.
	Status AssessmentStatus

	noSmithyDocumentSerde
}

// A metadata object that's associated with an assessment in Audit Manager.
type AssessmentMetadataItem struct {

	// The name of the compliance standard that's related to the assessment, such as
	// PCI-DSS.
	ComplianceType *string

	// Specifies when the assessment was created.
	CreationTime *time.Time

	// The delegations that are associated with the assessment.
	Delegations []Delegation

	// The unique identifier for the assessment.
	Id *string

	// The time of the most recent update.
	LastUpdated *time.Time

	// The name of the assessment.
	Name *string

	// The roles that are associated with the assessment.
	Roles []Role

	// The current status of the assessment.
	Status AssessmentStatus

	noSmithyDocumentSerde
}

// A finalized document that's generated from an Audit Manager assessment. These
// reports summarize the relevant evidence that was collected for your audit, and
// link to the relevant evidence folders. These evidence folders are named and
// organized according to the controls that are specified in your assessment.
type AssessmentReport struct {

	// The identifier for the specified assessment.
	AssessmentId *string

	// The name of the associated assessment.
	AssessmentName *string

	// The name of the user who created the assessment report.
	Author *string

	// The identifier for the specified Amazon Web Services account.
	AwsAccountId *string

	// Specifies when the assessment report was created.
	CreationTime *time.Time

	// The description of the specified assessment report.
	Description *string

	// The unique identifier for the assessment report.
	Id *string

	// The name that's given to the assessment report.
	Name *string

	// The current status of the specified assessment report.
	Status AssessmentReportStatus

	noSmithyDocumentSerde
}

// An error entity for assessment report evidence errors. This is used to provide
// more meaningful errors than a simple string message.
type AssessmentReportEvidenceError struct {

	// The error code that was returned.
	ErrorCode *string

	// The error message that was returned.
	ErrorMessage *string

	// The identifier for the evidence.
	EvidenceId *string

	noSmithyDocumentSerde
}

// The metadata objects that are associated with the specified assessment report.
type AssessmentReportMetadata struct {

	// The unique identifier for the associated assessment.
	AssessmentId *string

	// The name of the associated assessment.
	AssessmentName *string

	// The name of the user who created the assessment report.
	Author *string

	// Specifies when the assessment report was created.
	CreationTime *time.Time

	// The description of the assessment report.
	Description *string

	// The unique identifier for the assessment report.
	Id *string

	// The name of the assessment report.
	Name *string

	// The current status of the assessment report.
	Status AssessmentReportStatus

	noSmithyDocumentSerde
}

// The location where Audit Manager saves assessment reports for the given
// assessment.
type AssessmentReportsDestination struct {

	// The destination bucket where Audit Manager stores assessment reports.
	Destination *string

	// The destination type, such as Amazon S3.
	DestinationType AssessmentReportDestinationType

	noSmithyDocumentSerde
}

// The wrapper of Amazon Web Services account details, such as account ID or email
// address.
type AWSAccount struct {

	// The email address that's associated with the Amazon Web Services account.
	EmailAddress *string

	// The identifier for the Amazon Web Services account.
	Id *string

	// The name of the Amazon Web Services account.
	Name *string

	noSmithyDocumentSerde
}

// An Amazon Web Service such as Amazon S3 or CloudTrail. For an example of how to
// find an Amazon Web Service name and how to define it in your assessment scope,
// see the following:
//   - Finding an Amazon Web Service name to use in your assessment scope (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetServicesInScope.html#API_GetServicesInScope_Example_2)
//   - Defining an Amazon Web Service name in your assessment scope (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetServicesInScope.html#API_GetServicesInScope_Example_3)
type AWSService struct {

	// The name of the Amazon Web Service.
	ServiceName *string

	noSmithyDocumentSerde
}

// An error entity for the BatchCreateDelegationByAssessment API. This is used to
// provide more meaningful errors than a simple string message.
type BatchCreateDelegationByAssessmentError struct {

	// The API request to batch create delegations in Audit Manager.
	CreateDelegationRequest *CreateDelegationRequest

	// The error code that the BatchCreateDelegationByAssessment API returned.
	ErrorCode *string

	// The error message that the BatchCreateDelegationByAssessment API returned.
	ErrorMessage *string

	noSmithyDocumentSerde
}

// An error entity for the BatchDeleteDelegationByAssessment API. This is used to
// provide more meaningful errors than a simple string message.
type BatchDeleteDelegationByAssessmentError struct {

	// The identifier for the delegation.
	DelegationId *string

	// The error code that the BatchDeleteDelegationByAssessment API returned.
	ErrorCode *string

	// The error message that the BatchDeleteDelegationByAssessment API returned.
	ErrorMessage *string

	noSmithyDocumentSerde
}

// An error entity for the BatchImportEvidenceToAssessmentControl API. This is
// used to provide more meaningful errors than a simple string message.
type BatchImportEvidenceToAssessmentControlError struct {

	// The error code that the BatchImportEvidenceToAssessmentControl API returned.
	ErrorCode *string

	// The error message that the BatchImportEvidenceToAssessmentControl API returned.
	ErrorMessage *string

	// Manual evidence that can't be collected automatically by Audit Manager.
	ManualEvidence *ManualEvidence

	noSmithyDocumentSerde
}

// The record of a change within Audit Manager. For example, this could be the
// status change of an assessment or the delegation of a control set.
type ChangeLog struct {

	// The action that was performed.
	Action ActionEnum

	// The time when the action was performed and the changelog record was created.
	CreatedAt *time.Time

	// The user or role that performed the action.
	CreatedBy *string

	// The name of the object that changed. This could be the name of an assessment,
	// control, or control set.
	ObjectName *string

	// The object that was changed, such as an assessment, control, or control set.
	ObjectType ObjectTypeEnum

	noSmithyDocumentSerde
}

// A control in Audit Manager.
type Control struct {

	// The recommended actions to carry out if the control isn't fulfilled.
	ActionPlanInstructions *string

	// The title of the action plan for remediating the control.
	ActionPlanTitle *string

	// The Amazon Resource Name (ARN) of the control.
	Arn *string

	// The data mapping sources for the control.
	ControlMappingSources []ControlMappingSource

	// The data source types that determine where Audit Manager collects evidence from
	// for the control.
	ControlSources *string

	// The time when the control was created.
	CreatedAt *time.Time

	// The user or role that created the control.
	CreatedBy *string

	// The description of the control.
	Description *string

	// The unique identifier for the control.
	Id *string

	// The time when the control was most recently updated.
	LastUpdatedAt *time.Time

	// The user or role that most recently updated the control.
	LastUpdatedBy *string

	// The name of the control.
	Name *string

	// The tags associated with the control.
	Tags map[string]string

	// The steps that you should follow to determine if the control has been satisfied.
	TestingInformation *string

	// Specifies whether the control is a standard control or a custom control.
	Type ControlType

	noSmithyDocumentSerde
}

// A comment that's posted by a user on a control. This includes the author's
// name, the comment text, and a timestamp.
type ControlComment struct {

	// The name of the user who authored the comment.
	AuthorName *string

	// The body text of a control comment.
	CommentBody *string

	// The time when the comment was posted.
	PostedDate *time.Time

	noSmithyDocumentSerde
}

// A summary of the latest analytics data for a specific control domain. Control
// domain insights are grouped by control domain, and ranked by the highest total
// count of non-compliant evidence.
type ControlDomainInsights struct {

	// The number of controls in the control domain that collected non-compliant
	// evidence on the lastUpdated date.
	ControlsCountByNoncompliantEvidence *int32

	// A breakdown of the compliance check status for the evidence that’s associated
	// with the control domain.
	EvidenceInsights *EvidenceInsights

	// The unique identifier for the control domain.
	Id *string

	// The time when the control domain insights were last updated.
	LastUpdated *time.Time

	// The name of the control domain.
	Name *string

	// The total number of controls in the control domain.
	TotalControlsCount *int32

	noSmithyDocumentSerde
}

// A summary of the latest analytics data for a specific control in a specific
// active assessment. Control insights are grouped by control domain, and ranked by
// the highest total count of non-compliant evidence.
type ControlInsightsMetadataByAssessmentItem struct {

	// The name of the control set that the assessment control belongs to.
	ControlSetName *string

	// A breakdown of the compliance check status for the evidence that’s associated
	// with the assessment control.
	EvidenceInsights *EvidenceInsights

	// The unique identifier for the assessment control.
	Id *string

	// The time when the assessment control insights were last updated.
	LastUpdated *time.Time

	// The name of the assessment control.
	Name *string

	noSmithyDocumentSerde
}

// A summary of the latest analytics data for a specific control. This data
// reflects the total counts for the specified control across all active
// assessments. Control insights are grouped by control domain, and ranked by the
// highest total count of non-compliant evidence.
type ControlInsightsMetadataItem struct {

	// A breakdown of the compliance check status for the evidence that’s associated
	// with the control.
	EvidenceInsights *EvidenceInsights

	// The unique identifier for the control.
	Id *string

	// The time when the control insights were last updated.
	LastUpdated *time.Time

	// The name of the control.
	Name *string

	noSmithyDocumentSerde
}

// The data source that determines where Audit Manager collects evidence from for
// the control.
type ControlMappingSource struct {

	// The description of the source.
	SourceDescription *string

	// Specifies how often evidence is collected from the control mapping source.
	SourceFrequency SourceFrequency

	// The unique identifier for the source.
	SourceId *string

	// A keyword that relates to the control data source. For manual evidence, this
	// keyword indicates if the manual evidence is a file or text. For automated
	// evidence, this keyword identifies a specific CloudTrail event, Config rule,
	// Security Hub control, or Amazon Web Services API name. To learn more about the
	// supported keywords that you can use when mapping a control data source, see the
	// following pages in the Audit Manager User Guide:
	//   - Config rules supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html)
	//   - Security Hub controls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html)
	//   - API calls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html)
	//   - CloudTrail event names supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html)
	SourceKeyword *SourceKeyword

	// The name of the source.
	SourceName *string

	// The setup option for the data source. This option reflects if the evidence
	// collection is automated or manual.
	SourceSetUpOption SourceSetUpOption

	// Specifies one of the five data source types for evidence collection.
	SourceType SourceType

	// The instructions for troubleshooting the control.
	TroubleshootingText *string

	noSmithyDocumentSerde
}

// The metadata that's associated with the standard control or custom control.
type ControlMetadata struct {

	// The Amazon Resource Name (ARN) of the control.
	Arn *string

	// The data source that determines where Audit Manager collects evidence from for
	// the control.
	ControlSources *string

	// The time when the control was created.
	CreatedAt *time.Time

	// The unique identifier for the control.
	Id *string

	// The time when the control was most recently updated.
	LastUpdatedAt *time.Time

	// The name of the control.
	Name *string

	noSmithyDocumentSerde
}

// A set of controls in Audit Manager.
type ControlSet struct {

	// The list of controls within the control set.
	Controls []Control

	// The identifier of the control set in the assessment. This is the control set
	// name in a plain string format.
	Id *string

	// The name of the control set.
	Name *string

	noSmithyDocumentSerde
}

// The control entity attributes that uniquely identify an existing control to be
// added to a framework in Audit Manager.
type CreateAssessmentFrameworkControl struct {

	// The unique identifier of the control.
	//
	// This member is required.
	Id *string

	noSmithyDocumentSerde
}

// A controlSet entity that represents a collection of controls in Audit Manager.
// This doesn't contain the control set ID.
type CreateAssessmentFrameworkControlSet struct {

	// The name of the control set.
	//
	// This member is required.
	Name *string

	// The list of controls within the control set. This doesn't contain the control
	// set ID.
	Controls []CreateAssessmentFrameworkControl

	noSmithyDocumentSerde
}

// The control mapping fields that represent the source for evidence collection,
// along with related parameters and metadata. This doesn't contain mappingID .
type CreateControlMappingSource struct {

	// The description of the data source that determines where Audit Manager collects
	// evidence from for the control.
	SourceDescription *string

	// Specifies how often evidence is collected from the control mapping source.
	SourceFrequency SourceFrequency

	// A keyword that relates to the control data source. For manual evidence, this
	// keyword indicates if the manual evidence is a file or text. For automated
	// evidence, this keyword identifies a specific CloudTrail event, Config rule,
	// Security Hub control, or Amazon Web Services API name. To learn more about the
	// supported keywords that you can use when mapping a control data source, see the
	// following pages in the Audit Manager User Guide:
	//   - Config rules supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html)
	//   - Security Hub controls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html)
	//   - API calls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html)
	//   - CloudTrail event names supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html)
	SourceKeyword *SourceKeyword

	// The name of the control mapping data source.
	SourceName *string

	// The setup option for the data source, which reflects if the evidence collection
	// is automated or manual.
	SourceSetUpOption SourceSetUpOption

	// Specifies one of the five types of data sources for evidence collection.
	SourceType SourceType

	// The instructions for troubleshooting the control.
	TroubleshootingText *string

	noSmithyDocumentSerde
}

// A collection of attributes that's used to create a delegation for an assessment
// in Audit Manager.
type CreateDelegationRequest struct {

	// A comment that's related to the delegation request.
	Comment *string

	// The unique identifier for the control set.
	ControlSetId *string

	// The Amazon Resource Name (ARN) of the IAM role.
	RoleArn *string

	// The type of customer persona. In CreateAssessment , roleType can only be
	// PROCESS_OWNER . In UpdateSettings , roleType can only be PROCESS_OWNER . In
	// BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
	RoleType RoleType

	noSmithyDocumentSerde
}

// The default s3 bucket where Audit Manager saves the files that you export from
// evidence finder.
type DefaultExportDestination struct {

	// The destination bucket where Audit Manager stores exported files.
	Destination *string

	// The destination type, such as Amazon S3.
	DestinationType ExportDestinationType

	noSmithyDocumentSerde
}

// The assignment of a control set to a delegate for review.
type Delegation struct {

	// The identifier for the assessment that's associated with the delegation.
	AssessmentId *string

	// The name of the assessment that's associated with the delegation.
	AssessmentName *string

	// The comment that's related to the delegation.
	Comment *string

	// The identifier for the control set that's associated with the delegation.
	ControlSetId *string

	// The user or role that created the delegation.
	CreatedBy *string

	// Specifies when the delegation was created.
	CreationTime *time.Time

	// The unique identifier for the delegation.
	Id *string

	// Specifies when the delegation was last updated.
	LastUpdated *time.Time

	// The Amazon Resource Name (ARN) of the IAM role.
	RoleArn *string

	// The type of customer persona. In CreateAssessment , roleType can only be
	// PROCESS_OWNER . In UpdateSettings , roleType can only be PROCESS_OWNER . In
	// BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
	RoleType RoleType

	// The status of the delegation.
	Status DelegationStatus

	noSmithyDocumentSerde
}

// The metadata that's associated with the delegation.
type DelegationMetadata struct {

	// The unique identifier for the assessment.
	AssessmentId *string

	// The name of the associated assessment.
	AssessmentName *string

	// Specifies the name of the control set that was delegated for review.
	ControlSetName *string

	// Specifies when the delegation was created.
	CreationTime *time.Time

	// The unique identifier for the delegation.
	Id *string

	// The Amazon Resource Name (ARN) of the IAM role.
	RoleArn *string

	// The current status of the delegation.
	Status DelegationStatus

	noSmithyDocumentSerde
}

// The deregistration policy for the data that's stored in Audit Manager. You can
// use this attribute to determine how your data is handled when you deregister
// Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_DeregisterAccount.html)
// . By default, Audit Manager retains evidence data for two years from the time of
// its creation. Other Audit Manager resources (including assessments, custom
// controls, and custom frameworks) remain in Audit Manager indefinitely, and are
// available if you re-register Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_RegisterAccount.html)
// in the future. For more information about data retention, see Data Protection (https://docs.aws.amazon.com/audit-manager/latest/userguide/data-protection.html)
// in the Audit Manager User Guide. If you choose to delete all data, this action
// permanently deletes all evidence data in your account within seven days. It also
// deletes all of the Audit Manager resources that you created, including
// assessments, custom controls, and custom frameworks. Your data will not be
// available if you re-register Audit Manager in the future.
type DeregistrationPolicy struct {

	// Specifies which Audit Manager data will be deleted when you deregister Audit
	// Manager.
	//   - If you set the value to ALL , all of your data is deleted within seven days
	//   of deregistration.
	//   - If you set the value to DEFAULT , none of your data is deleted at the time
	//   of deregistration. However, keep in mind that the Audit Manager data retention
	//   policy still applies. As a result, any evidence data will be deleted two years
	//   after its creation date. Your other Audit Manager resources will continue to
	//   exist indefinitely.
	DeleteResources DeleteResources

	noSmithyDocumentSerde
}

// A record that contains the information needed to demonstrate compliance with
// the requirements specified by a control. Examples of evidence include change
// activity invoked by a user, or a system configuration snapshot.
type Evidence struct {

	// Specifies whether the evidence is included in the assessment report.
	AssessmentReportSelection *string

	// The names and values that are used by the evidence event. This includes an
	// attribute name (such as allowUsersToChangePassword ) and value (such as true or
	// false ).
	Attributes map[string]string

	// The identifier for the Amazon Web Services account.
	AwsAccountId *string

	// The Amazon Web Services account that the evidence is collected from, and its
	// organization path.
	AwsOrganization *string

	// The evaluation status for automated evidence that falls under the compliance
	// check category.
	//   - Audit Manager classes evidence as non-compliant if Security Hub reports a
	//   Fail result, or if Config reports a Non-compliant result.
	//   - Audit Manager classes evidence as compliant if Security Hub reports a Pass
	//   result, or if Config reports a Compliant result.
	//   - If a compliance check isn't available or applicable, then no compliance
	//   evaluation can be made for that evidence. This is the case if the evidence uses
	//   Config or Security Hub as the underlying data source type, but those services
	//   aren't enabled. This is also the case if the evidence uses an underlying data
	//   source type that doesn't support compliance checks (such as manual evidence,
	//   Amazon Web Services API calls, or CloudTrail).
	ComplianceCheck *string

	// The data source where the evidence was collected from.
	DataSource *string

	// The name of the evidence event.
	EventName *string

	// The Amazon Web Service that the evidence is collected from.
	EventSource *string

	// The identifier for the Amazon Web Services account.
	EvidenceAwsAccountId *string

	// The type of automated evidence.
	EvidenceByType *string

	// The identifier for the folder that the evidence is stored in.
	EvidenceFolderId *string

	// The unique identifier for the user or role that's associated with the evidence.
	IamId *string

	// The identifier for the evidence.
	Id *string

	// The list of resources that are assessed to generate the evidence.
	ResourcesIncluded []Resource

	// The timestamp that represents when the evidence was collected.
	Time *time.Time

	noSmithyDocumentSerde
}

// The settings object that specifies whether evidence finder is enabled. This
// object also describes the related event data store, and the backfill status for
// populating the event data store with evidence data.
type EvidenceFinderEnablement struct {

	// The current status of the evidence data backfill process. The backfill starts
	// after you enable evidence finder. During this task, Audit Manager populates an
	// event data store with your past two years’ worth of evidence data so that your
	// evidence can be queried.
	//   - NOT_STARTED means that the backfill hasn’t started yet.
	//   - IN_PROGRESS means that the backfill is in progress. This can take up to 7
	//   days to complete, depending on the amount of evidence data.
	//   - COMPLETED means that the backfill is complete. All of your past evidence is
	//   now queryable.
	BackfillStatus EvidenceFinderBackfillStatus

	// The current status of the evidence finder feature and the related event data
	// store.
	//   - ENABLE_IN_PROGRESS means that you requested to enable evidence finder. An
	//   event data store is currently being created to support evidence finder queries.
	//   - ENABLED means that an event data store was successfully created and evidence
	//   finder is enabled. We recommend that you wait 7 days until the event data store
	//   is backfilled with your past two years’ worth of evidence data. You can use
	//   evidence finder in the meantime, but not all data might be available until the
	//   backfill is complete.
	//   - DISABLE_IN_PROGRESS means that you requested to disable evidence finder, and
	//   your request is pending the deletion of the event data store.
	//   - DISABLED means that you have permanently disabled evidence finder and the
	//   event data store has been deleted. You can't re-enable evidence finder after
	//   this point.
	EnablementStatus EvidenceFinderEnablementStatus

	// Represents any errors that occurred when enabling or disabling evidence finder.
	Error *string

	// The Amazon Resource Name (ARN) of the CloudTrail Lake event data store that’s
	// used by evidence finder. The event data store is the lake of evidence data that
	// evidence finder runs queries against.
	EventDataStoreArn *string

	noSmithyDocumentSerde
}

// A breakdown of the latest compliance check status for the evidence in your
// Audit Manager assessments.
type EvidenceInsights struct {

	// The number of compliance check evidence that Audit Manager classified as
	// compliant. This includes evidence that was collected from Security Hub with a
	// Pass ruling, or collected from Config with a Compliant ruling.
	CompliantEvidenceCount *int32

	// The number of evidence that a compliance check ruling isn't available for.
	// Evidence is inconclusive when the associated control uses Security Hub or Config
	// as a data source but you didn't enable those services. This is also the case
	// when a control uses a data source that doesn’t support compliance checks (for
	// example, manual evidence, API calls, or CloudTrail). If evidence has a
	// compliance check status of not applicable in the console, it's classified as
	// inconclusive in EvidenceInsights data.
	InconclusiveEvidenceCount *int32

	// The number of compliance check evidence that Audit Manager classified as
	// non-compliant. This includes evidence that was collected from Security Hub with
	// a Fail ruling, or collected from Config with a Non-compliant ruling.
	NoncompliantEvidenceCount *int32

	noSmithyDocumentSerde
}

// The file that's used to structure and automate Audit Manager assessments for a
// given compliance standard.
type Framework struct {

	// The Amazon Resource Name (ARN) of the framework.
	Arn *string

	// The compliance type that the framework supports, such as CIS or HIPAA.
	ComplianceType *string

	// The control sets that are associated with the framework.
	ControlSets []ControlSet

	// The control data sources where Audit Manager collects evidence from.
	ControlSources *string

	// The time when the framework was created.
	CreatedAt *time.Time

	// The user or role that created the framework.
	CreatedBy *string

	// The description of the framework.
	Description *string

	// The unique identifier for the framework.
	Id *string

	// The time when the framework was most recently updated.
	LastUpdatedAt *time.Time

	// The user or role that most recently updated the framework.
	LastUpdatedBy *string

	// The logo that's associated with the framework.
	Logo *string

	// The name of the framework.
	Name *string

	// The tags that are associated with the framework.
	Tags map[string]string

	// Specifies whether the framework is a standard framework or a custom framework.
	Type FrameworkType

	noSmithyDocumentSerde
}

// The metadata of a framework, such as the name, ID, or description.
type FrameworkMetadata struct {

	// The compliance standard that's associated with the framework. For example, this
	// could be PCI DSS or HIPAA.
	ComplianceType *string

	// The description of the framework.
	Description *string

	// The logo that's associated with the framework.
	Logo *string

	// The name of the framework.
	Name *string

	noSmithyDocumentSerde
}

// A summary of the latest analytics data for all your active assessments. This
// summary is a snapshot of the data that your active assessments collected on the
// lastUpdated date. It’s important to understand that the following totals are
// daily counts based on this date — they aren’t a total sum to date. The Insights
// data is eventually consistent. This means that, when you read data from Insights
// , the response might not instantly reflect the results of a recently completed
// write or update operation. If you repeat your read request after a few hours,
// the response should return the latest data. If you delete an assessment or
// change its status to inactive, InsightsByAssessment includes data for that
// assessment as follows.
//   - Inactive assessments - If Audit Manager collected evidence for your
//     assessment before you changed it inactive, that evidence is included in the
//     InsightsByAssessment counts for that day.
//   - Deleted assessments - If Audit Manager collected evidence for your
//     assessment before you deleted it, that evidence isn't included in the
//     InsightsByAssessment counts for that day.
type Insights struct {

	// The number of active assessments in Audit Manager.
	ActiveAssessmentsCount *int32

	// The number of assessment controls that collected non-compliant evidence on the
	// lastUpdated date.
	AssessmentControlsCountByNoncompliantEvidence *int32

	// The number of compliance check evidence that Audit Manager classified as
	// compliant on the lastUpdated date. This includes evidence that was collected
	// from Security Hub with a Pass ruling, or collected from Config with a Compliant
	// ruling.
	CompliantEvidenceCount *int32

	// The number of evidence without a compliance check ruling. Evidence is
	// inconclusive when the associated control uses Security Hub or Config as a data
	// source but you didn't enable those services. This is also the case when a
	// control uses a data source that doesn’t support compliance checks (for example:
	// manual evidence, API calls, or CloudTrail). If evidence has a compliance check
	// status of not applicable, it's classed as inconclusive in Insights data.
	InconclusiveEvidenceCount *int32

	// The time when the cross-assessment insights were last updated.
	LastUpdated *time.Time

	// The number of compliance check evidence that Audit Manager classified as
	// non-compliant on the lastUpdated date. This includes evidence that was
	// collected from Security Hub with a Fail ruling, or collected from Config with a
	// Non-compliant ruling.
	NoncompliantEvidenceCount *int32

	// The total number of controls across all active assessments.
	TotalAssessmentControlsCount *int32

	noSmithyDocumentSerde
}

// A summary of the latest analytics data for a specific active assessment. This
// summary is a snapshot of the data that was collected on the lastUpdated date.
// It’s important to understand that the totals in InsightsByAssessment are daily
// counts based on this date — they aren’t a total sum to date. The
// InsightsByAssessment data is eventually consistent. This means that when you
// read data from InsightsByAssessment , the response might not instantly reflect
// the results of a recently completed write or update operation. If you repeat
// your read request after a few hours, the response returns the latest data. If
// you delete an assessment or change its status to inactive, InsightsByAssessment
// includes data for that assessment as follows.
//   - Inactive assessments - If Audit Manager collected evidence for your
//     assessment before you changed it inactive, that evidence is included in the
//     InsightsByAssessment counts for that day.
//   - Deleted assessments - If Audit Manager collected evidence for your
//     assessment before you deleted it, that evidence isn't included in the
//     InsightsByAssessment counts for that day.
type InsightsByAssessment struct {

	// The number of assessment controls that collected non-compliant evidence on the
	// lastUpdated date.
	AssessmentControlsCountByNoncompliantEvidence *int32

	// The number of compliance check evidence that Audit Manager classified as
	// compliant. This includes evidence that was collected from Security Hub with a
	// Pass ruling, or collected from Config with a Compliant ruling.
	CompliantEvidenceCount *int32

	// The amount of evidence without a compliance check ruling. Evidence is
	// inconclusive if the associated control uses Security Hub or Config as a data
	// source and you didn't enable those services. This is also the case if a control
	// uses a data source that doesn’t support compliance checks (for example, manual
	// evidence, API calls, or CloudTrail). If evidence has a compliance check status
	// of not applicable, it's classified as inconclusive in InsightsByAssessment data.
	InconclusiveEvidenceCount *int32

	// The time when the assessment insights were last updated.
	LastUpdated *time.Time

	// The number of compliance check evidence that Audit Manager classified as
	// non-compliant. This includes evidence that was collected from Security Hub with
	// a Fail ruling, or collected from Config with a Non-compliant ruling.
	NoncompliantEvidenceCount *int32

	// The total number of controls in the assessment.
	TotalAssessmentControlsCount *int32

	noSmithyDocumentSerde
}

// Evidence that's manually added to a control in Audit Manager. manualEvidence
// can be one of the following: evidenceFileName , s3ResourcePath , or textResponse
// .
type ManualEvidence struct {

	// The name of the file that's uploaded as manual evidence. This name is populated
	// using the evidenceFileName value from the GetEvidenceFileUploadUrl (https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html)
	// API response.
	EvidenceFileName *string

	// The S3 URL of the object that's imported as manual evidence.
	S3ResourcePath *string

	// The plain text response that's entered and saved as manual evidence.
	TextResponse *string

	noSmithyDocumentSerde
}

// The notification that informs a user of an update in Audit Manager. For
// example, this includes the notification that's sent when a control set is
// delegated for review.
type Notification struct {

	// The identifier for the assessment.
	AssessmentId *string

	// The name of the related assessment.
	AssessmentName *string

	// The identifier for the control set.
	ControlSetId *string

	// Specifies the name of the control set that the notification is about.
	ControlSetName *string

	// The description of the notification.
	Description *string

	// The time when the notification was sent.
	EventTime *time.Time

	// The unique identifier for the notification.
	Id *string

	// The sender of the notification.
	Source *string

	noSmithyDocumentSerde
}

// A system asset that's evaluated in an Audit Manager assessment.
type Resource struct {

	// The Amazon Resource Name (ARN) for the resource.
	Arn *string

	// The evaluation status for a resource that was assessed when collecting
	// compliance check evidence.
	//   - Audit Manager classes the resource as non-compliant if Security Hub reports
	//   a Fail result, or if Config reports a Non-compliant result.
	//   - Audit Manager classes the resource as compliant if Security Hub reports a
	//   Pass result, or if Config reports a Compliant result.
	//   - If a compliance check isn't available or applicable, then no compliance
	//   evaluation can be made for that resource. This is the case if a resource
	//   assessment uses Config or Security Hub as the underlying data source type, but
	//   those services aren't enabled. This is also the case if the resource assessment
	//   uses an underlying data source type that doesn't support compliance checks (such
	//   as manual evidence, Amazon Web Services API calls, or CloudTrail).
	ComplianceCheck *string

	// The value of the resource.
	Value *string

	noSmithyDocumentSerde
}

// The wrapper that contains the Audit Manager role information of the current
// user. This includes the role type and IAM Amazon Resource Name (ARN).
type Role struct {

	// The Amazon Resource Name (ARN) of the IAM role.
	//
	// This member is required.
	RoleArn *string

	// The type of customer persona. In CreateAssessment , roleType can only be
	// PROCESS_OWNER . In UpdateSettings , roleType can only be PROCESS_OWNER . In
	// BatchCreateDelegationByAssessment , roleType can only be RESOURCE_OWNER .
	//
	// This member is required.
	RoleType RoleType

	noSmithyDocumentSerde
}

// The wrapper that contains the Amazon Web Services accounts and services that
// are in scope for the assessment.
type Scope struct {

	// The Amazon Web Services accounts that are included in the scope of the
	// assessment.
	AwsAccounts []AWSAccount

	// The Amazon Web Services services that are included in the scope of the
	// assessment.
	AwsServices []AWSService

	noSmithyDocumentSerde
}

// The metadata that's associated with the Amazon Web Service.
type ServiceMetadata struct {

	// The category that the Amazon Web Service belongs to, such as compute, storage,
	// or database.
	Category *string

	// The description of the Amazon Web Service.
	Description *string

	// The display name of the Amazon Web Service.
	DisplayName *string

	// The name of the Amazon Web Service.
	Name *string

	noSmithyDocumentSerde
}

// The settings object that holds all supported Audit Manager settings.
type Settings struct {

	// The default S3 destination bucket for storing assessment reports.
	DefaultAssessmentReportsDestination *AssessmentReportsDestination

	// The default S3 destination bucket for storing evidence finder exports.
	DefaultExportDestination *DefaultExportDestination

	// The designated default audit owners.
	DefaultProcessOwners []Role

	// The deregistration policy for your Audit Manager data. You can use this
	// attribute to determine how your data is handled when you deregister Audit
	// Manager.
	DeregistrationPolicy *DeregistrationPolicy

	// The current evidence finder status and event data store details.
	EvidenceFinderEnablement *EvidenceFinderEnablement

	// Specifies whether Organizations is enabled.
	IsAwsOrgEnabled *bool

	// The KMS key details.
	KmsKey *string

	// The designated Amazon Simple Notification Service (Amazon SNS) topic.
	SnsTopic *string

	noSmithyDocumentSerde
}

// A keyword that relates to the control data source. For manual evidence, this
// keyword indicates if the manual evidence is a file or text. For automated
// evidence, this keyword identifies a specific CloudTrail event, Config rule,
// Security Hub control, or Amazon Web Services API name. To learn more about the
// supported keywords that you can use when mapping a control data source, see the
// following pages in the Audit Manager User Guide:
//   - Config rules supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html)
//   - Security Hub controls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html)
//   - API calls supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html)
//   - CloudTrail event names supported by Audit Manager (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-cloudtrail.html)
type SourceKeyword struct {

	// The input method for the keyword.
	//   - SELECT_FROM_LIST is used when mapping a data source for automated evidence.
	//   - When keywordInputType is SELECT_FROM_LIST , a keyword must be selected to
	//   collect automated evidence. For example, this keyword can be a CloudTrail event
	//   name, a rule name for Config, a Security Hub control, or the name of an Amazon
	//   Web Services API call.
	//   - UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for
	//   manual evidence.
	//   - When keywordInputType is UPLOAD_FILE , a file must be uploaded as manual
	//   evidence.
	//   - When keywordInputType is INPUT_TEXT , text must be entered as manual
	//   evidence.
	KeywordInputType KeywordInputType

	// The value of the keyword that's used when mapping a control data source. For
	// example, this can be a CloudTrail event name, a rule name for Config, a Security
	// Hub control, or the name of an Amazon Web Services API call. If you’re mapping a
	// data source to a rule in Config, the keywordValue that you specify depends on
	// the type of rule:
	//   - For managed rules (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html)
	//   , you can use the rule identifier as the keywordValue . You can find the rule
	//   identifier from the list of Config managed rules (https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html)
	//   . For some rules, the rule identifier is different from the rule name. For
	//   example, the rule name restricted-ssh has the following rule identifier:
	//   INCOMING_SSH_DISABLED . Make sure to use the rule identifier, not the rule
	//   name. Keyword example for managed rules:
	//   - Managed rule name: s3-bucket-acl-prohibited (https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html)
	//   keywordValue : S3_BUCKET_ACL_PROHIBITED
	//   - For custom rules (https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html)
	//   , you form the keywordValue by adding the Custom_ prefix to the rule name.
	//   This prefix distinguishes the custom rule from a managed rule. Keyword example
	//   for custom rules:
	//   - Custom rule name: my-custom-config-rule keywordValue :
	//   Custom_my-custom-config-rule
	//   - For service-linked rules (https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html)
	//   , you form the keywordValue by adding the Custom_ prefix to the rule name. In
	//   addition, you remove the suffix ID that appears at the end of the rule name.
	//   Keyword examples for service-linked rules:
	//   - Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
	//   keywordValue : Custom_CustomRuleForAccount-conformance-pack
	//   - Service-linked rule name:
	//   OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba keywordValue :
	//   Custom_OrgConfigRule-s3-bucket-versioning-enabled
	// The keywordValue is case sensitive. If you enter a value incorrectly, Audit
	// Manager might not recognize the data source mapping. As a result, you might not
	// successfully collect evidence from that data source as intended. Keep in mind
	// the following requirements, depending on the data source type that you're using.
	//
	//   - For Config:
	//   - For managed rules, make sure that the keywordValue is the rule identifier in
	//   ALL_CAPS_WITH_UNDERSCORES . For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED . For
	//   accuracy, we recommend that you reference the list of supported Config
	//   managed rules (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-config.html)
	//   .
	//   - For custom rules, make sure that the keywordValue has the Custom_ prefix
	//   followed by the custom rule name. The format of the custom rule name itself may
	//   vary. For accuracy, we recommend that you visit the Config console (https://console.aws.amazon.com/config/)
	//   to verify your custom rule name.
	//   - For Security Hub: The format varies for Security Hub control names. For
	//   accuracy, we recommend that you reference the list of supported Security Hub
	//   controls (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-ash.html)
	//   .
	//   - For Amazon Web Services API calls: Make sure that the keywordValue is
	//   written as serviceprefix_ActionName . For example, iam_ListGroups . For
	//   accuracy, we recommend that you reference the list of supported API calls (https://docs.aws.amazon.com/audit-manager/latest/userguide/control-data-sources-api.html)
	//   .
	//   - For CloudTrail: Make sure that the keywordValue is written as
	//   serviceprefix_ActionName . For example, cloudtrail_StartLogging . For
	//   accuracy, we recommend that you review the Amazon Web Service prefix and action
	//   names in the Service Authorization Reference (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html)
	//   .
	KeywordValue *string

	noSmithyDocumentSerde
}

// A controlSet entity that represents a collection of controls in Audit Manager.
// This doesn't contain the control set ID.
type UpdateAssessmentFrameworkControlSet struct {

	// The list of controls that are contained within the control set.
	//
	// This member is required.
	Controls []CreateAssessmentFrameworkControl

	// The name of the control set.
	//
	// This member is required.
	Name *string

	// The unique identifier for the control set.
	Id *string

	noSmithyDocumentSerde
}

// Short for uniform resource locator. A URL is used as a unique identifier to
// locate a resource on the internet.
type URL struct {

	// The name or word that's used as a hyperlink to the URL.
	HyperlinkName *string

	// The unique identifier for the internet resource.
	Link *string

	noSmithyDocumentSerde
}

// Indicates that the request has invalid or missing parameters for the field.
type ValidationExceptionField struct {

	// The body of the error message.
	//
	// This member is required.
	Message *string

	// The name of the validation error.
	//
	// This member is required.
	Name *string

	noSmithyDocumentSerde
}

type noSmithyDocumentSerde = smithydocument.NoSerde