AWS Audit Manager will no longer be open to new customers starting April 30, 2026. If you would like to use Audit Manager, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS Audit Manager availability change](https://docs.aws.amazon.com/audit-manager/latest/userguide/audit-manager-availability-change.html). 

# Adding manual evidence in AWS Audit Manager
<a name="upload-evidence"></a>



Audit Manager can automatically collect evidence for many controls. However, some controls might require evidence that can't be collected automatically. In such cases, you can manually add your own evidence.

Consider the following examples:
+ Some controls relate to the provision of physical records (such as signatures), or events that aren’t generated in the cloud (such as observations and interviews). In these cases, you can manually add files as evidence. For instance, if a control requires information about your organizational structure, you can upload a copy of your company’s org chart as manual evidence.
+ Some controls represent a vendor risk assessment question. A risk assessment question might require documentation as evidence (such as an org chart). Or, it might only need a simple text response (such as a list of job titles). For the latter, you can respond to the question and save your response as manual evidence.

You can also use the manual upload feature to manage evidence from multiple environments. If your company uses a hybrid cloud model or multicloud model, you can upload evidence from your on-premises environment, an environment hosted in the cloud, or your SaaS applications. This enables you to organize your evidence (regardless of where it came from) by storing it within the structure of an Audit Manager assessment, where each piece of evidence is mapped to a specific control.

## Key points
<a name="upload-evidence-key-points"></a>

When it comes to adding manual evidence to your assessments in Audit Manager, you have three methods to choose from. 

1. **Importing a file from Amazon S3 - **This method is ideal when you have evidence files stored in an S3 bucket, such as documentation, reports, or other artifacts that can't be automatically collected by Audit Manager. By importing these files directly from S3, you can seamlessly integrate this manual evidence with the automatically collected evidence.

1. **Uploading a file from your browser** - If you have evidence files locally stored on your computer or network, you can manually upload them to Audit Manager using this method. This approach is particularly useful when you need to include physical records, such as scanned documents or images, that aren't available in digital format within your AWS environment.

1. **Adding free-form text as evidence** - In some cases, the evidence you need to provide is not in the form of a file but rather a text response or explanation. This method allows you to enter free-form text directly into Audit Manager. This can be especially helpful when responding to vendor risk assessment questions.

## Additional resources
<a name="upload-evidence-additional-resources"></a>
+ For instructions on how to add manual evidence to an assessment control, see the following resources. Keep in mind you can only use one method at a time.
  + [Importing manual evidence files from Amazon S3](import-from-s3.md)
  + [Uploading manual evidence files from your browser](upload-from-computer.md)
  + [Entering free-form text responses as manual evidence](enter-text-response.md)
+ To learn which file formats you can use, see [Supported file formats for manual evidence](supported-manual-evidence-files.md).
+ To learn more about the different types of evidence in Audit Manager, see [](concepts.md#evidence) in the *Concepts and terminology* section of this guide. 
+ For troubleshooting assistance, see [I can’t upload manual evidence to a control](control-issues.md#cannot-upload-manual-evidence).

# Importing manual evidence files from Amazon S3
<a name="import-from-s3"></a>



You can manually import evidence files from an Amazon S3 bucket into your assessment. This enables you to supplement the automatically collected evidence with additional supporting materials.

## Prerequisites
<a name="import-from-s3-prerequisites"></a>
+ The maximum supported size for a single manual evidence file is 100 MB.
+ You must use one of the [Supported file formats for manual evidence](supported-manual-evidence-files.md).
+ Each AWS account can manually upload up to 100 evidence files to a control each day. Exceeding this daily quota causes any additional manual uploads to fail for that control. If you need to upload a large amount of manual evidence to a single control, upload your evidence in batches across several days.
+ When a control is *inactive*, you can't add manual evidence to that control. To add manual evidence, you must first [change the control status](https://docs.aws.amazon.com/audit-manager/latest/userguide/change-assessment-control-status.html) to either *under review* or *reviewed*.
+ Make sure your IAM identity has appropriate permissions to manage an assessment in AWS Audit Manager. Two suggested policies that grant these permissions are [AWSAuditManagerAdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSAuditManagerAdministratorAccess.html) and [Allow users management access to AWS Audit Manager](security_iam_id-based-policy-examples.md#management-access).

## Procedure
<a name="import-from-s3-procedure"></a>

You can import a file using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

------
#### [ AWS console ]

**Important**  
We strongly recommend that you never import any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To import a file from S3 on the Audit Manager console**

1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).

1. In the left navigation pane, choose **Assessments** and then choose an assessment.

1. Choose the **Controls** tab, scroll down to **Control sets** and then choose a control.

1. On the **Evidence folders** tab, choose **Add manual evidence**, and then choose **Import file from S3**.

1. On the next page, enter the S3 URI of the evidence. You can find the S3 URI by navigating to the object in the [Amazon S3 console](https://console.aws.amazon.com/s3/) and choosing **Copy S3 URI**. 

1. Choose **Upload**.

------
#### [ AWS CLI ]

**Important**  
We strongly recommend that you never import any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

In the following procedure, replace the *placeholder text* with your own information.

**To import a file from S3 in the AWS CLI**

1. Run the `[list-assessments](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/list-assessments.html)` command to see a list of your assessments. 

   ```
   aws auditmanager list-assessments
   ```

   In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Run the `[get-assessment](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/get-assessment.html)` command and specify the assessment ID from step one.

   ```
   aws auditmanager get-assessment --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p
   ```

   In the response, find the control set and the control that you want to upload evidence to, and take note of their IDs.

1. Run the `[batch-import-evidence-to-assessment-control](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/batch-import-evidence-to-assessment-control.html)` command with the following parameters:
   + `--assessment-id` – Use the assessment ID from step one.
   + `--control-set-id` – Use the control set ID from step two.
   + `--control-id` – Use the control ID from step two.
   + `--manual-evidence` – Use `s3ResourcePath` as the manual evidence type and specify the S3 URI of the evidence. You can find the S3 URI by navigating to the object in the [Amazon S3 console](https://console.aws.amazon.com/s3/) and choosing **Copy S3 URI**.

   ```
   aws auditmanager batch-import-evidence-to-assessment-control --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p --control-set-id ControlSet --control-id a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6 --manual-evidence s3ResourcePath=s3://amzn-s3-demo-bucket/EXAMPLE-FILE.extension
   ```

------
#### [ Audit Manager API ]

**Important**  
We strongly recommend that you never import any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To import a file from S3 using the API**

1. Call the `[ListAssessments](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_ListAssessments.html)` operation to see a list of your assessments. In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Call the `[GetAssessment](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetAssessment.html)` operation and specify the assessment ID from step one. In the response, find the control set and the control that you want to upload evidence to, and take note of their IDs.

1. Call the `[BatchImportEvidenceToAssessmentControl](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html)` operation with the following parameters:
   + `[assessmentId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-assessmentId)` – Use the assessment ID from step one.
   + `[controlSetId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlSetId)` – Use the control set ID from step two.
   + `[controlId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlId)` – Use the control ID from step two.
   + `[manualEvidence](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-manualEvidence)` – Use `s3ResourcePath` as the manual evidence type and specify the S3 URI of the evidence. You can find the S3 URI by navigating to the object in the [Amazon S3 console](https://console.aws.amazon.com/s3/) and choosing **Copy S3 URI**.

For more information, choose any of the links in the previous procedure to read more in the *AWS Audit Manager API Reference*. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

------

## Next steps
<a name="import-from-s3-next-steps"></a>

After you've added and reviewed the evidence for your assessment, you can generate an assessment report. For more information, see [Preparing an assessment report in AWS Audit Manager](generate-assessment-report.md).

## Additional resources
<a name="import-from-s3-additional-resources"></a>

To learn which file formats you can use, see [Supported file formats for manual evidence](supported-manual-evidence-files.md).

# Uploading manual evidence files from your browser
<a name="upload-from-computer"></a>



You can manually upload evidence files from your browser into your Audit Manager assessment. This enables you to supplement the automatically collected evidence with additional supporting materials.

## Prerequisites
<a name="upload-from-computer-prerequisites"></a>
+ The maximum supported size for a single manual evidence file is 100 MB.
+ You must use one of the [Supported file formats for manual evidence](supported-manual-evidence-files.md).
+ Each AWS account can manually upload up to 100 evidence files to a control each day. Exceeding this daily quota causes any additional manual uploads to fail for that control. If you need to upload a large amount of manual evidence to a single control, upload your evidence in batches across several days.
+ When a control is *inactive*, you can't add manual evidence to that control. To add manual evidence, you must first [change the control status](https://docs.aws.amazon.com/audit-manager/latest/userguide/change-assessment-control-status.html) to either *under review* or *reviewed*.
+ Make sure your IAM identity has appropriate permissions to manage an assessment in AWS Audit Manager. Two suggested policies that grant these permissions are [AWSAuditManagerAdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSAuditManagerAdministratorAccess.html) and [Allow users management access to AWS Audit Manager](security_iam_id-based-policy-examples.md#management-access).

## Procedure
<a name="upload-from-computer-procedure"></a>

You can upload a file using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

------
#### [ AWS console ]

**Important**  
We strongly recommend that you never upload any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To upload a file from your browser on the Audit Manager console**

1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).

1. In the left navigation pane, choose **Assessments** and then choose an assessment.

1. On the **Controls** tab, scroll down to **Control sets** and then choose a control. 

1. From the **Evidence folders** tab, choose **Add manual evidence**. 

1. Choose **Upload file from browser**. 

1. Choose the file that you want to upload.

1. Choose **Upload**.

------
#### [ AWS CLI ]

**Important**  
We strongly recommend that you never upload any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

In the following procedure, replace the *placeholder text* with your own information.

**To upload a file from your browser in the AWS CLI**

1. Run the `[list-assessments](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/list-assessments.html)` command to see a list of your assessments. 

   ```
   aws auditmanager list-assessments
   ```

   In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Run the `[get-assessment](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/get-assessment.html)` command and specify the assessment ID from step one. 

   ```
   aws auditmanager get-assessment --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p
   ```

   In the response, find the control set and the control that you want to upload evidence to, and take note of their IDs.

1. Run the `[get-evidence-file-upload-url](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/get-evidence-file-upload-url.html)` command and specify the file that you want to upload. 

   ```
   aws auditmanager get-evidence-file-upload-url --file-name fileName.extension
   ```

   In the response, take note of the presigned URL and the `evidenceFileName`.

1. Use the presigned URL from step three to upload the file from your browser. This action uploads your file to Amazon S3, where it's saved as an object that can be attached to an assessment control. In the following step, you'll reference the newly-created object by using the `evidenceFileName` parameter.
**Note**  
When you upload a file using a presigned URL, Audit Manager protects and stores your data by using server side encryption with AWS Key Management Service. To support this, you must use the `x-amz-server-side-encryption` header in your request when you use the presigned URL to upload your file.  
If you're using a customer managed AWS KMS key in your Audit Manager [Configuring your data encryption settings](settings-KMS.md) settings, make sure that you also include the `x-amz-server-side-encryption-aws-kms-key-id` header in your request. If the `x-amz-server-side-encryption-aws-kms-key-id` header isn't present in the request, Amazon S3 assumes that you want to use the AWS managed key.   
For more information, see [Protecting data using server-side encryption with AWS Key Management Service keys (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon Simple Storage Service User Guide*.

1. Run the `[batch-import-evidence-to-assessment-control](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/batch-import-evidence-to-assessment-control.html)` command with the following parameters:
   + `--assessment-id` – Use the assessment ID from step one.
   + `--control-set-id` – Use the control set ID from step two.
   + `--control-id` – Use the control ID from step two.
   + `--manual-evidence` – Use `evidenceFileName` as the manual evidence type and specify the evidence file name from step three.

   ```
   aws auditmanager batch-import-evidence-to-assessment-control --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p --control-set-id ControlSet --control-id a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6 --manual-evidence evidenceFileName=fileName.extension
   ```

------
#### [ Audit Manager API ]

**Important**  
We strongly recommend that you never upload any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To upload a file from your browser using the API**

1. Call the `[ListAssessments](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_ListAssessments.html)` operation. In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Call the `[GetAssessment](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetAssessment.html)` operation and specify the `assessmentId` from step one. In the response, find the control set and the control that you want to upload evidence to, and take note of their IDs.

1. Call the `[GetEvidenceFileUploadUrl](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetEvidenceFileUploadUrl.html)` operation and specify the `fileName` that you want to upload. In the response, take note of the presigned URL and the `evidenceFileName`.

1. Use the presigned URL from step three to upload the file from your browser. This action uploads your file to Amazon S3, where it's saved as an object that can be attached to an assessment control. In the following step, you'll reference the newly-created object by using the `evidenceFileName` parameter.
**Note**  
When you upload a file using a presigned URL, Audit Manager protects and stores your data by using server side encryption with AWS Key Management Service. To support this, you must use the `x-amz-server-side-encryption` header in your request when you use the presigned URL to upload your file.  
If you're using a customer managed AWS KMS key in your Audit Manager [Configuring your data encryption settings](settings-KMS.md) settings, make sure that you also include the `x-amz-server-side-encryption-aws-kms-key-id` header in your request. If the `x-amz-server-side-encryption-aws-kms-key-id` header isn't present in the request, Amazon S3 assumes that you want to use the AWS managed key.   
For more information, see [Protecting data using server-side encryption with AWS Key Management Service keys (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html) in the *Amazon Simple Storage Service User Guide*.

1. Call the `[BatchImportEvidenceToAssessmentControl](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html)` operation with the following parameters:
   + `[assessmentId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-assessmentId)` – Use the assessment ID from step one.
   + `[controlSetId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlSetId)` – Use the control set ID from step two.
   + `[controlId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlId)` – Use the control ID from step two.
   + `[manualEvidence](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-manualEvidence)` – Use `evidenceFileName` as the manual evidence type and specify the evidence file name from step three.

For more information, choose any of the links in the previous procedure to read more in the *AWS Audit Manager API Reference*. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

------

## Next steps
<a name="upload-from-computer-next-steps"></a>

After you've collected and reviewed the evidence for your assessment, you can generate an assessment report. For more information, see [Preparing an assessment report in AWS Audit Manager](generate-assessment-report.md).

## Additional resources
<a name="upload-from-computer-additional-resources"></a>

To learn which file formats you can use, see [Supported file formats for manual evidence](supported-manual-evidence-files.md).

# Entering free-form text responses as manual evidence
<a name="enter-text-response"></a>



You can provide additional context and supporting information for an assessment control by entering free-form text and saving that text as evidence. This allows you to manually document details that aren’t captured through automatic evidence collection. 

For example, you can use Audit Manager to create custom controls that represent questions in a vendor risk assessment questionnaire. In this case, the name of each control is a specific question that asks for information about your organization’s security and compliance posture. To record your response to a given vendor risk assessment question, you can enter a text response and save it as manual evidence for the control.

## Prerequisites
<a name="enter-text-response-prerequisites"></a>
+ When a control is *inactive*, you can't add manual evidence to that control. To add manual evidence, you must first [change the control status](https://docs.aws.amazon.com/audit-manager/latest/userguide/change-assessment-control-status.html) to either *under review* or *reviewed*.
+ Make sure your IAM identity has appropriate permissions to manage an assessment in AWS Audit Manager. Two suggested policies that grant these permissions are [AWSAuditManagerAdministratorAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSAuditManagerAdministratorAccess.html) and [Allow users management access to AWS Audit Manager](security_iam_id-based-policy-examples.md#management-access).

## Procedure
<a name="enter-text-response-procedure"></a>

You can enter text responses using the Audit Manager console, the Audit Manager API, or the AWS Command Line Interface (AWS CLI).

------
#### [ AWS console ]

**Important**  
We strongly recommend that you never enter any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To enter a text response on the Audit Manager console**

1. Open the AWS Audit Manager console at [https://console.aws.amazon.com/auditmanager/home](https://console.aws.amazon.com/auditmanager/home).

1. In the left navigation pane, choose **Assessments** and then choose an assessment.

1. Choose the **Controls** tab, scroll down to **Control sets** and then choose a control. 

1. From the **Evidence folders** tab, choose **Add manual evidence**.

1. Choose **Enter text response**.

1. In the pop-up window that appears, enter your response in plain text format.

1. Choose **Confirm**.

------
#### [ AWS CLI ]

**Important**  
We strongly recommend that you never enter any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

In the following procedure, replace the *placeholder text* with your own information.

**To enter a text response in the AWS CLI**

1. Run the `[list-assessments](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/list-assessments.html)` command. 

   ```
   aws auditmanager list-assessments
   ```

   In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Run the `[get-assessment](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/get-assessment.html)` command and specify the assessment ID from step one. 

   ```
   aws auditmanager get-assessment --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p
   ```

   In the response, find the control set and control that you want to upload evidence to, and take note of their IDs.

1. Run the `[batch-import-evidence-to-assessment-control](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/auditmanager/batch-import-evidence-to-assessment-control.html)` command with the following parameters:
   + `--assessment-id` – Use the assessment ID from step one.
   + `--control-set-id` – Use the control set ID from step two.
   + `--control-id` – Use the control ID from step two.
   + `--manual-evidence` – Use `textResponse` as the manual evidence type and enter the text that you want to save as manual evidence.

   ```
   aws auditmanager batch-import-evidence-to-assessment-control --assessment-id 1a2b3c4d-5e6f-7g8h-9i0j-0k1l2m3n4o5p --control-set-id ControlSet --control-id a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6 --manual-evidence textResponse="enter text here"
   ```

------
#### [ Audit Manager API ]

**Important**  
We strongly recommend that you never enter any sensitive or personally identifiable information (PII) as manual evidence. This includes, but is not limited to, Social Security numbers, addresses, phone numbers, or any other information that could be used to identify an individual. 

**To enter a text response using the API**

1. Call the `[ListAssessments](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_ListAssessments.html)` operation. In the response, find the assessment that you want to upload evidence to and take note of the assessment ID.

1. Call the `[GetAssessment](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_GetAssessment.html)` operation and specify the `assessmentId` from step one. In the response, find the control set and control that you want to upload evidence to, and take note of their IDs.

1. Call the `[BatchImportEvidenceToAssessmentControl](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html)` operation with the following parameters:
   + `[assessmentId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-assessmentId)` – Use the assessment ID from step one.
   + `[controlSetId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlSetId)` – Use the control set ID from step two.
   + `[controlId](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-controlId)` – Use the control ID from step two.
   + `[manualEvidence](https://docs.aws.amazon.com/audit-manager/latest/APIReference/API_BatchImportEvidenceToAssessmentControl.html#auditmanager-BatchImportEvidenceToAssessmentControl-request-manualEvidence)` – Use `textResponse` as the manual evidence type and enter the text that you want to save as manual evidence.

For more information, choose any of the links in the previous procedure to read more in the *AWS Audit Manager API Reference*. This includes information about how to use these operations and parameters in one of the language-specific AWS SDKs.

------

## Next steps
<a name="enter-text-response-next-steps"></a>

After you've collected and reviewed the evidence for your assessment, you can generate an assessment report. For more information, see [Preparing an assessment report in AWS Audit Manager](generate-assessment-report.md).

# Supported file formats for manual evidence
<a name="supported-manual-evidence-files"></a>



The following table lists and describes the types of file that you can upload as manual evidence. For each file type, the table also lists the supported file extensions.


| File type | Description | Supported file extensions | 
| --- | --- | --- | 
|  Compression or archive  |  GNU Zip compressed archives and ZIP compressed archives  |  `.gz`, `.zip`  | 
|  Document  |  Common document files such as PDFs and Microsoft Office files  |  `.doc`, `.docx`, `.pdf`, `.ppt`, `.pptx`, `.xls`, `.xlsx`  | 
|  Image  |  Image and graphic files  |  `.jpeg`, `.jpg`, `.png`, `.svg`  | 
|  Text  |  Other non-binary text files, such as plain-text documents and markup language files  |  `.cer`, `.csv`, `.html`, `.jmx`, `.json`, `.md`, `.out`, `.rtf`, `.txt`, `.xml`, `.yaml`, `.yml`  | 

## Additional resources
<a name="supported-manual-evidence-files-additional-resources"></a>

Review the following pages to learn about the different ways that you can add your own evidence to an assessment control.
+ [Importing manual evidence files from Amazon S3](import-from-s3.md)
+ [Uploading manual evidence files from your browser](upload-from-computer.md)
+ [Entering free-form text responses as manual evidence](enter-text-response.md)