Ref: https://learn.cantrill.io/courses/1820301/lectures/41301379

• Summary:
• Contents:

Amazon Macie - Key Concepts

• 🔧 Service for security and privacy of data stored in S3
  • Discovers, monitors and protects data stored in S3 buckets
  • Can perform automated discovery of sensitive data
    • e.g. Personal Identifiable Information (PII), Personal Health Information (PHI), SSH keys, financial information…
• Data identifiers → identify and inventory sensitive data
  • Can be thought of as rules which objects & contents are assessed against
  • Two types
    1. Managed data identifiers
       • Built-in, use ML/pattern-matching
       • Can detect almost all common types of sensitive data
    2. Custom data identifiers
       • Proprietary, regex-based
       • Can e.g. find certain patterns in your business like employee IDs
• Discovery jobs use identifiers to find any matches in buckets → generate findings
  • Findings can be viewed interactively
  • Findings can integrate with AWS Services
    • e.g. Security Hub, or sending “finding events” to EventBridge
• Multi-account architecture
  • Administrator account can manage Macie within member accounts
  • Central management either via AWS Organizations or explicit account inviting

Amazon Macie - Architecture

1. Discovery job is scheduled
2. Discovery job uses managed and custom data identifiers to scan S3 buckets and generate findings
3. Findings can trigger events in EventBridge → can be used for event-driven remediation (e.g. Lambda function that masks PII in S3 buckets)