Amazon Macie 101

Ref: https://learn.cantrill.io/courses/1820301/lectures/41301379

Amazon Macie - Key Concepts

🔧 Service for security and privacy of data stored in S3
- Discovers, monitors and protects data stored in S3 buckets
- Can perform automated discovery of sensitive data
  - e.g. Personal Identifiable Information (PII), Personal Health Information (PHI), SSH keys, financial information…
Data identifiers → identify and inventory sensitive data
- Can be thought of as rules which objects & contents are assessed against
- Two types
  1. Managed data identifiers
    - Built-in, use ML/pattern-matching
    - Can detect almost all common types of sensitive data
  2. Custom data identifiers
    - Proprietary, regex-based
    - Can e.g. find certain patterns in your business like employee IDs
Discovery jobs use identifiers to find any matches in buckets → generate findings
- Findings can be viewed interactively
- Findings can integrate with AWS Services
  - e.g. Security Hub, or sending “finding events” to EventBridge
Multi-account architecture
- Administrator account can manage Macie within member accounts
- Central management either via AWS Organizations or explicit account inviting

Discovery job is scheduled
Discovery job uses managed and custom data identifiers to scan S3 buckets and generate findings
Findings can trigger events in EventBridge → can be used for event-driven remediation (e.g. Lambda function that masks PII in S3 buckets)