What fully managed AWS data security service uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon S3?
Amazon Macie
What is the primary function of Amazon Macie?
- Discover, monitor, and protect sensitive data in S3
- Automated detection of Personally Identifiable Information (PII), Protected Health Information (PHI), and financial data
What does Amazon Macie use to determine how S3 objects and their content are evaluated?
Data identifiers
What types of data identifiers does Amazon Macie provide?
- Managed data identifiers
- Custom data identifiers
Which Amazon Macie data identifiers use built-in techniques such as machine learning and pattern matching?
Managed data identifiers
Which Amazon Macie data identifiers are customer-defined, regex-based, and proprietary?
Custom data identifiers
What Amazon Macie component uses data identifiers to scan S3 buckets for sensitive data?
Discovery job
What is generated when an Amazon Macie discovery job finds matches?
Findings are produced and can be viewed, or forwarded to Security Hub or EventBridge for automated remediation
Does Amazon Macie support native multi-account integration?
Yes, through a multi-account architecture where an administrator account manages member accounts using AWS Organizations or Macie account invitations
What types of findings can Amazon Macie generate when a discovery job detects matches?
- Policy findings
- Sensitive data findings
Which Amazon Macie findings are generated when bucket policies or settings reduce the security of a bucket or its objects?
Policy findings (only after Macie is enabled)
Provide an example of an Amazon Macie policy finding.
Policy:IAMUser/S3BlockPublicAccessDisabledPolicy:IAMUser/S3BucketEncryptionDisabledPolicy:IAMUser/S3BucketPublicPolicy:IAMUser/S3BucketSharedExternally
Which Amazon Macie findings provide details about sensitive data detected in S3 objects?
Sensitive data findings
Provide an example of an Amazon Macie sensitive data finding.
SensitiveData:S3Object/CredentialsSensitiveData:S3Object/CustomIdentifierSensitiveData:S3Object/FinancialSensitiveData:S3Object/MultipleSensitiveData:S3Object/Personal
-
IAM39
-
STS9
-
Organizations14
-
CloudTrail16
-
KMS14
-
S3128
-
EBS61
-
EFS14
-
VPC104
-
Hybrid Networking66
-
EC2152
-
Route 5336
-
RDS59
-
AWS Backup8
-
ELB44
-
SSM11
-
ECS12
-
ECR11
-
EKS7
-
ASG43
-
Lambda66
-
EventBridge11
-
SNS11
-
Step Functions15
-
API Gateway25
-
SQS41
-
Kinesis45
-
Cognito17
-
Glue13
-
MQ9
-
AppFlow6
-
ACM13
-
CloudFront75
-
Global Accelerator8
-
Storage Gateway58
-
CloudWatch65
-
CloudFormation110
-
Snow Family8
-
Directory Service17
-
DataSync12
-
FSx for Windows File Server13
-
FSx for Lustre15
-
Transfer Family15
-
Code*44
-
Elastic Beanstalk45
-
X-Ray27
-
DynamoDB97
-
ElastiCache19
-
Secrets Manager11
-
Systems Manager12
-
Web Application Firewall30
-
Shield17
-
CloudHSM11
-
Macie14
-
Inspector15
-
GuardDuty8
-
Athena8
-
Redshift12
-
Comprehend3
-
Kendra5
-
Lex4
-
Polly6
-
Rekognition4
-
Textract5
-
Transcribe5
-
Translate6
-
Forecast3
-
Fraund Detector3
-
SageMaker5
-
Local Zones6
