🔍

Overview of Amazon Macie Features

Nov 26, 2024

Amazon Macie Onboarding and User Experience

Overview

  • Amazon Macie integrates with AWS organizations.
  • Allows delegation of an admin account to manage Macie across all accounts.
  • Admin account can control and manage settings across all organizational accounts.

Getting Started

  • Delegate admin account through the organizational master account.
  • Quick enablement across entire organization.
  • Auto-enable functionality for new accounts joining the organization.

Dashboard View

  • Provides key metrics and controls for all buckets:
    • Public access status
    • Encryption status
    • Sharing configurations
  • High-level view of total storage, object count, and bucket count.

Monitoring and Policy Changes

  • Detects changes in bucket configurations (e.g., public access, encryption, external sharing).
  • Policy findings sent to Security Hub and CloudWatch events for automation.

Bucket and Object Visibility

  • Configuration insights at both the bucket and object levels.
  • Encryption details and public access policies.
  • Replication checks for external accounts.
  • Object-level details like encryption type and size.

Sensitive Data Discovery

  • Job Types:
    • One-time job
    • Scheduled job (daily, weekly, or monthly updates)
  • Sampling depth configuration for spot checks.
  • Filtering options: tags, modification date, file extension, and object size.

Custom Data Identifiers

  • Ability to create custom identifiers using regular expressions.
  • Allows up to 100 custom data identifiers, with 30 per job.
  • No additional cost for using custom data identifiers.

Job Configuration

  • Jobs are immutable once created.
  • Findings generated for objects with sensitive data.
  • Detailed result output includes location information within objects.

Output and Compliance

  • Outputs include findings and detailed results.
  • Detailed results provide information on location of sensitive data.
  • Long-term retention through S3 bucket storage.

Usage Tracking and Quotas

  • Track usage as a delegated admin.
  • Default quota of 5 TB per account, extendable to 25 TB.
  • 30 days free bucket inventory and policy monitoring.

Free Trial

  • 30-day free trial to get started with Amazon Macie.

These notes summarize the key features and functionalities of Amazon Macie as discussed in the presentation, focusing on onboarding, usage, and monitoring capabilities.

Full transcript