SDK for PHP 3.x

Client: Aws\Macie2\Macie2Client
Service ID: macie2
Version: 2020-01-01

This page describes the parameters and results for the operations of the Amazon Macie 2 (2020-01-01), and shows how to use the Aws\Macie2\Macie2Client object to call the described operations. This documentation is specific to the 2020-01-01 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AcceptInvitation ( array $params = [] )
Accepts an Amazon Macie membership invitation that was received from a specific account.
BatchGetCustomDataIdentifiers ( array $params = [] )
Retrieves information about one or more custom data identifiers.
BatchUpdateAutomatedDiscoveryAccounts ( array $params = [] )
Changes the status of automated sensitive data discovery for one or more accounts.
CreateAllowList ( array $params = [] )
Creates and defines the settings for an allow list.
CreateClassificationJob ( array $params = [] )
Creates and defines the settings for a classification job.
CreateCustomDataIdentifier ( array $params = [] )
Creates and defines the criteria and other settings for a custom data identifier.
CreateFindingsFilter ( array $params = [] )
Creates and defines the criteria and other settings for a findings filter.
CreateInvitations ( array $params = [] )
Sends an Amazon Macie membership invitation to one or more accounts.
CreateMember ( array $params = [] )
Associates an account with an Amazon Macie administrator account.
CreateSampleFindings ( array $params = [] )
Creates sample findings.
DeclineInvitations ( array $params = [] )
Declines Amazon Macie membership invitations that were received from specific accounts.
DeleteAllowList ( array $params = [] )
Deletes an allow list.
DeleteCustomDataIdentifier ( array $params = [] )
Soft deletes a custom data identifier.
DeleteFindingsFilter ( array $params = [] )
Deletes a findings filter.
DeleteInvitations ( array $params = [] )
Deletes Amazon Macie membership invitations that were received from specific accounts.
DeleteMember ( array $params = [] )
Deletes the association between an Amazon Macie administrator account and an account.
DescribeBuckets ( array $params = [] )
Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account.
DescribeClassificationJob ( array $params = [] )
Retrieves the status and settings for a classification job.
DescribeOrganizationConfiguration ( array $params = [] )
Retrieves the Amazon Macie configuration settings for an organization in Organizations.
DisableMacie ( array $params = [] )
Disables Amazon Macie and deletes all settings and resources for a Macie account.
DisableOrganizationAdminAccount ( array $params = [] )
Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations.
DisassociateFromAdministratorAccount ( array $params = [] )
Disassociates a member account from its Amazon Macie administrator account.
DisassociateFromMasterAccount ( array $params = [] )
(Deprecated) Disassociates a member account from its Amazon Macie administrator account.
DisassociateMember ( array $params = [] )
Disassociates an Amazon Macie administrator account from a member account.
EnableMacie ( array $params = [] )
Enables Amazon Macie and specifies the configuration settings for a Macie account.
EnableOrganizationAdminAccount ( array $params = [] )
Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations.
GetAdministratorAccount ( array $params = [] )
Retrieves information about the Amazon Macie administrator account for an account.
GetAllowList ( array $params = [] )
Retrieves the settings and status of an allow list.
GetAutomatedDiscoveryConfiguration ( array $params = [] )
Retrieves the configuration settings and status of automated sensitive data discovery for an organization or standalone account.
GetBucketStatistics ( array $params = [] )
Retrieves (queries) aggregated statistical data about all the S3 buckets that Amazon Macie monitors and analyzes for an account.
GetClassificationExportConfiguration ( array $params = [] )
Retrieves the configuration settings for storing data classification results.
GetClassificationScope ( array $params = [] )
Retrieves the classification scope settings for an account.
GetCustomDataIdentifier ( array $params = [] )
Retrieves the criteria and other settings for a custom data identifier.
GetFindingStatistics ( array $params = [] )
Retrieves (queries) aggregated statistical data about findings.
GetFindings ( array $params = [] )
Retrieves the details of one or more findings.
GetFindingsFilter ( array $params = [] )
Retrieves the criteria and other settings for a findings filter.
GetFindingsPublicationConfiguration ( array $params = [] )
Retrieves the configuration settings for publishing findings to Security Hub.
GetInvitationsCount ( array $params = [] )
Retrieves the count of Amazon Macie membership invitations that were received by an account.
GetMacieSession ( array $params = [] )
Retrieves the status and configuration settings for an Amazon Macie account.
GetMasterAccount ( array $params = [] )
(Deprecated) Retrieves information about the Amazon Macie administrator account for an account.
GetMember ( array $params = [] )
Retrieves information about an account that's associated with an Amazon Macie administrator account.
GetResourceProfile ( array $params = [] )
Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket.
GetRevealConfiguration ( array $params = [] )
Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
GetSensitiveDataOccurrences ( array $params = [] )
Retrieves occurrences of sensitive data reported by a finding.
GetSensitiveDataOccurrencesAvailability ( array $params = [] )
Checks whether occurrences of sensitive data can be retrieved for a finding.
GetSensitivityInspectionTemplate ( array $params = [] )
Retrieves the settings for the sensitivity inspection template for an account.
GetUsageStatistics ( array $params = [] )
Retrieves (queries) quotas and aggregated usage data for one or more accounts.
GetUsageTotals ( array $params = [] )
Retrieves (queries) aggregated usage data for an account.
ListAllowLists ( array $params = [] )
Retrieves a subset of information about all the allow lists for an account.
ListAutomatedDiscoveryAccounts ( array $params = [] )
Retrieves the status of automated sensitive data discovery for one or more accounts.
ListClassificationJobs ( array $params = [] )
Retrieves a subset of information about one or more classification jobs.
ListClassificationScopes ( array $params = [] )
Retrieves a subset of information about the classification scope for an account.
ListCustomDataIdentifiers ( array $params = [] )
Retrieves a subset of information about all the custom data identifiers for an account.
ListFindings ( array $params = [] )
Retrieves a subset of information about one or more findings.
ListFindingsFilters ( array $params = [] )
Retrieves a subset of information about all the findings filters for an account.
ListInvitations ( array $params = [] )
Retrieves information about Amazon Macie membership invitations that were received by an account.
ListManagedDataIdentifiers ( array $params = [] )
Retrieves information about all the managed data identifiers that Amazon Macie currently provides.
ListMembers ( array $params = [] )
Retrieves information about the accounts that are associated with an Amazon Macie administrator account.
ListOrganizationAdminAccounts ( array $params = [] )
Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations.
ListResourceProfileArtifacts ( array $params = [] )
Retrieves information about objects that Amazon Macie selected from an S3 bucket for automated sensitive data discovery.
ListResourceProfileDetections ( array $params = [] )
Retrieves information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket.
ListSensitivityInspectionTemplates ( array $params = [] )
Retrieves a subset of information about the sensitivity inspection template for an account.
ListTagsForResource ( array $params = [] )
Retrieves the tags (keys and values) that are associated with an Amazon Macie resource.
PutClassificationExportConfiguration ( array $params = [] )
Adds or updates the configuration settings for storing data classification results.
PutFindingsPublicationConfiguration ( array $params = [] )
Updates the configuration settings for publishing findings to Security Hub.
SearchResources ( array $params = [] )
Retrieves (queries) statistical data and other information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
TagResource ( array $params = [] )
Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource.
TestCustomDataIdentifier ( array $params = [] )
Tests criteria for a custom data identifier.
UntagResource ( array $params = [] )
Removes one or more tags (keys and values) from an Amazon Macie resource.
UpdateAllowList ( array $params = [] )
Updates the settings for an allow list.
UpdateAutomatedDiscoveryConfiguration ( array $params = [] )
Changes the configuration settings and status of automated sensitive data discovery for an organization or standalone account.
UpdateClassificationJob ( array $params = [] )
Changes the status of a classification job.
UpdateClassificationScope ( array $params = [] )
Updates the classification scope settings for an account.
UpdateFindingsFilter ( array $params = [] )
Updates the criteria and other settings for a findings filter.
UpdateMacieSession ( array $params = [] )
Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.
UpdateMemberSession ( array $params = [] )
Enables an Amazon Macie administrator to suspend or re-enable Macie for a member account.
UpdateOrganizationConfiguration ( array $params = [] )
Updates the Amazon Macie configuration settings for an organization in Organizations.
UpdateResourceProfile ( array $params = [] )
Updates the sensitivity score for an S3 bucket.
UpdateResourceProfileDetections ( array $params = [] )
Updates the sensitivity scoring settings for an S3 bucket.
UpdateRevealConfiguration ( array $params = [] )
Updates the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
UpdateSensitivityInspectionTemplate ( array $params = [] )
Updates the settings for the sensitivity inspection template for an account.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

DescribeBuckets
GetUsageStatistics
ListAutomatedDiscoveryAccounts
ListClassificationJobs
ListClassificationScopes
ListCustomDataIdentifiers
ListFindings
ListFindingsFilters
ListInvitations
ListMembers
ListOrganizationAdminAccounts
SearchResources
ListAllowLists
ListManagedDataIdentifiers
ListResourceProfileDetections
ListSensitivityInspectionTemplates
ListResourceProfileArtifacts

Waiters

Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:

Waiter name API Operation Delay Max Attempts
FindingRevealed GetSensitiveDataOccurrences 2 60

Operations

AcceptInvitation

$result = $client->acceptInvitation([/* ... */]);
$promise = $client->acceptInvitationAsync([/* ... */]);

Accepts an Amazon Macie membership invitation that was received from a specific account.

Parameter Syntax

$result = $client->acceptInvitation([
    'administratorAccountId' => '<string>',
    'invitationId' => '<string>', // REQUIRED
    'masterAccount' => '<string>',
]);

Parameter Details

Members
administratorAccountId
Type: string
invitationId
Required: Yes
Type: string
masterAccount
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

BatchGetCustomDataIdentifiers

$result = $client->batchGetCustomDataIdentifiers([/* ... */]);
$promise = $client->batchGetCustomDataIdentifiersAsync([/* ... */]);

Retrieves information about one or more custom data identifiers.

Parameter Syntax

$result = $client->batchGetCustomDataIdentifiers([
    'ids' => ['<string>', ...],
]);

Parameter Details

Members
ids
Type: Array of strings

Result Syntax

[
    'customDataIdentifiers' => [
        [
            'arn' => '<string>',
            'createdAt' => <DateTime>,
            'deleted' => true || false,
            'description' => '<string>',
            'id' => '<string>',
            'name' => '<string>',
        ],
        // ...
    ],
    'notFoundIdentifierIds' => ['<string>', ...],
]

Result Details

Members
customDataIdentifiers
Type: Array of BatchGetCustomDataIdentifierSummary structures
notFoundIdentifierIds
Type: Array of strings

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

BatchUpdateAutomatedDiscoveryAccounts

$result = $client->batchUpdateAutomatedDiscoveryAccounts([/* ... */]);
$promise = $client->batchUpdateAutomatedDiscoveryAccountsAsync([/* ... */]);

Changes the status of automated sensitive data discovery for one or more accounts.

Parameter Syntax

$result = $client->batchUpdateAutomatedDiscoveryAccounts([
    'accounts' => [
        [
            'accountId' => '<string>',
            'status' => 'ENABLED|DISABLED',
        ],
        // ...
    ],
]);

Parameter Details

Members
accounts
Type: Array of AutomatedDiscoveryAccountUpdate structures

Result Syntax

[
    'errors' => [
        [
            'accountId' => '<string>',
            'errorCode' => 'ACCOUNT_PAUSED|ACCOUNT_NOT_FOUND',
        ],
        // ...
    ],
]

Result Details

Members
errors
Type: Array of AutomatedDiscoveryAccountUpdateError structures

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

CreateAllowList

$result = $client->createAllowList([/* ... */]);
$promise = $client->createAllowListAsync([/* ... */]);

Creates and defines the settings for an allow list.

Parameter Syntax

$result = $client->createAllowList([
    'clientToken' => '<string>', // REQUIRED
    'criteria' => [ // REQUIRED
        'regex' => '<string>',
        's3WordsList' => [
            'bucketName' => '<string>', // REQUIRED
            'objectKey' => '<string>', // REQUIRED
        ],
    ],
    'description' => '<string>',
    'name' => '<string>', // REQUIRED
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
clientToken
Required: Yes
Type: string
criteria
Required: Yes
Type: AllowListCriteria structure

Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.

description
Type: string
name
Required: Yes
Type: string
tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[
    'arn' => '<string>',
    'id' => '<string>',
]

Result Details

Members
arn
Type: string
id
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateClassificationJob

$result = $client->createClassificationJob([/* ... */]);
$promise = $client->createClassificationJobAsync([/* ... */]);

Creates and defines the settings for a classification job.

Parameter Syntax

$result = $client->createClassificationJob([
    'allowListIds' => ['<string>', ...],
    'clientToken' => '<string>', // REQUIRED
    'customDataIdentifierIds' => ['<string>', ...],
    'description' => '<string>',
    'initialRun' => true || false,
    'jobType' => 'ONE_TIME|SCHEDULED', // REQUIRED
    'managedDataIdentifierIds' => ['<string>', ...],
    'managedDataIdentifierSelector' => 'ALL|EXCLUDE|INCLUDE|NONE|RECOMMENDED',
    'name' => '<string>', // REQUIRED
    's3JobDefinition' => [ // REQUIRED
        'bucketCriteria' => [
            'excludes' => [
                'and' => [
                    [
                        'simpleCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                            'values' => ['<string>', ...],
                        ],
                        'tagCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                    ],
                    // ...
                ],
            ],
            'includes' => [
                'and' => [
                    [
                        'simpleCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                            'values' => ['<string>', ...],
                        ],
                        'tagCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                    ],
                    // ...
                ],
            ],
        ],
        'bucketDefinitions' => [
            [
                'accountId' => '<string>', // REQUIRED
                'buckets' => ['<string>', ...], // REQUIRED
            ],
            // ...
        ],
        'scoping' => [
            'excludes' => [
                'and' => [
                    [
                        'simpleScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
                            'values' => ['<string>', ...],
                        ],
                        'tagScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => '<string>',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                            'target' => 'S3_OBJECT',
                        ],
                    ],
                    // ...
                ],
            ],
            'includes' => [
                'and' => [
                    [
                        'simpleScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
                            'values' => ['<string>', ...],
                        ],
                        'tagScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => '<string>',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                            'target' => 'S3_OBJECT',
                        ],
                    ],
                    // ...
                ],
            ],
        ],
    ],
    'samplingPercentage' => <integer>,
    'scheduleFrequency' => [
        'dailySchedule' => [
        ],
        'monthlySchedule' => [
            'dayOfMonth' => <integer>,
        ],
        'weeklySchedule' => [
            'dayOfWeek' => 'SUNDAY|MONDAY|TUESDAY|WEDNESDAY|THURSDAY|FRIDAY|SATURDAY',
        ],
    ],
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
allowListIds
Type: Array of strings
clientToken
Required: Yes
Type: string
customDataIdentifierIds
Type: Array of strings
description
Type: string
initialRun
Type: boolean
jobType
Required: Yes
Type: string

The schedule for running a classification job. Valid values are:

managedDataIdentifierIds
Type: Array of strings
managedDataIdentifierSelector
Type: string

The selection type that determines which managed data identifiers a classification job uses to analyze data. Valid values are:

name
Required: Yes
Type: string
s3JobDefinition
Required: Yes
Type: S3JobDefinition structure

Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.

samplingPercentage
Type: int
scheduleFrequency
Type: JobScheduleFrequency structure

Specifies the recurrence pattern for running a classification job.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[
    'jobArn' => '<string>',
    'jobId' => '<string>',
]

Result Details

Members
jobArn
Type: string
jobId
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateCustomDataIdentifier

$result = $client->createCustomDataIdentifier([/* ... */]);
$promise = $client->createCustomDataIdentifierAsync([/* ... */]);

Creates and defines the criteria and other settings for a custom data identifier.

Parameter Syntax

$result = $client->createCustomDataIdentifier([
    'clientToken' => '<string>',
    'description' => '<string>',
    'ignoreWords' => ['<string>', ...],
    'keywords' => ['<string>', ...],
    'maximumMatchDistance' => <integer>,
    'name' => '<string>', // REQUIRED
    'regex' => '<string>', // REQUIRED
    'severityLevels' => [
        [
            'occurrencesThreshold' => <integer>, // REQUIRED
            'severity' => 'LOW|MEDIUM|HIGH', // REQUIRED
        ],
        // ...
    ],
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
clientToken
Type: string
description
Type: string
ignoreWords
Type: Array of strings
keywords
Type: Array of strings
maximumMatchDistance
Type: int
name
Required: Yes
Type: string
regex
Required: Yes
Type: string
severityLevels
Type: Array of SeverityLevel structures

The severity to assign to findings that the custom data identifier produces, based on the number of occurrences of text that matches the custom data identifier's detection criteria. You can specify as many as three SeverityLevel objects in this array, one for each severity: LOW, MEDIUM, or HIGH. If you specify more than one, the occurrences thresholds must be in ascending order by severity, moving from LOW to HIGH. For example, 1 for LOW, 50 for MEDIUM, and 100 for HIGH. If an S3 object contains fewer occurrences than the lowest specified threshold, Amazon Macie doesn't create a finding.

If you don't specify any values for this array, Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie automatically assigns the MEDIUM severity to those findings.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[
    'customDataIdentifierId' => '<string>',
]

Result Details

Members
customDataIdentifierId
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateFindingsFilter

$result = $client->createFindingsFilter([/* ... */]);
$promise = $client->createFindingsFilterAsync([/* ... */]);

Creates and defines the criteria and other settings for a findings filter.

Parameter Syntax

$result = $client->createFindingsFilter([
    'action' => 'ARCHIVE|NOOP', // REQUIRED
    'clientToken' => '<string>',
    'description' => '<string>',
    'findingCriteria' => [ // REQUIRED
        'criterion' => [
            '<__string>' => [
                'eq' => ['<string>', ...],
                'eqExactMatch' => ['<string>', ...],
                'gt' => <integer>,
                'gte' => <integer>,
                'lt' => <integer>,
                'lte' => <integer>,
                'neq' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'name' => '<string>', // REQUIRED
    'position' => <integer>,
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
action
Required: Yes
Type: string

The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:

clientToken
Type: string
description
Type: string
findingCriteria
Required: Yes
Type: FindingCriteria structure

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

name
Required: Yes
Type: string
position
Type: int
tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[
    'arn' => '<string>',
    'id' => '<string>',
]

Result Details

Members
arn
Type: string
id
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateInvitations

$result = $client->createInvitations([/* ... */]);
$promise = $client->createInvitationsAsync([/* ... */]);

Sends an Amazon Macie membership invitation to one or more accounts.

Parameter Syntax

$result = $client->createInvitations([
    'accountIds' => ['<string>', ...], // REQUIRED
    'disableEmailNotification' => true || false,
    'message' => '<string>',
]);

Parameter Details

Members
accountIds
Required: Yes
Type: Array of strings
disableEmailNotification
Type: boolean
message
Type: string

Result Syntax

[
    'unprocessedAccounts' => [
        [
            'accountId' => '<string>',
            'errorCode' => 'ClientError|InternalError',
            'errorMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
unprocessedAccounts
Type: Array of UnprocessedAccount structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateMember

$result = $client->createMember([/* ... */]);
$promise = $client->createMemberAsync([/* ... */]);

Associates an account with an Amazon Macie administrator account.

Parameter Syntax

$result = $client->createMember([
    'account' => [ // REQUIRED
        'accountId' => '<string>', // REQUIRED
        'email' => '<string>', // REQUIRED
    ],
    'tags' => ['<string>', ...],
]);

Parameter Details

Members
account
Required: Yes
Type: AccountDetail structure

Specifies the details of an account to associate with an Amazon Macie administrator account.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[
    'arn' => '<string>',
]

Result Details

Members
arn
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

CreateSampleFindings

$result = $client->createSampleFindings([/* ... */]);
$promise = $client->createSampleFindingsAsync([/* ... */]);

Creates sample findings.

Parameter Syntax

$result = $client->createSampleFindings([
    'findingTypes' => ['<string>', ...],
]);

Parameter Details

Members
findingTypes
Type: Array of strings

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DeclineInvitations

$result = $client->declineInvitations([/* ... */]);
$promise = $client->declineInvitationsAsync([/* ... */]);

Declines Amazon Macie membership invitations that were received from specific accounts.

Parameter Syntax

$result = $client->declineInvitations([
    'accountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
accountIds
Required: Yes
Type: Array of strings

Result Syntax

[
    'unprocessedAccounts' => [
        [
            'accountId' => '<string>',
            'errorCode' => 'ClientError|InternalError',
            'errorMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
unprocessedAccounts
Type: Array of UnprocessedAccount structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DeleteAllowList

$result = $client->deleteAllowList([/* ... */]);
$promise = $client->deleteAllowListAsync([/* ... */]);

Deletes an allow list.

Parameter Syntax

$result = $client->deleteAllowList([
    'id' => '<string>', // REQUIRED
    'ignoreJobChecks' => '<string>',
]);

Parameter Details

Members
id
Required: Yes
Type: string
ignoreJobChecks
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

DeleteCustomDataIdentifier

$result = $client->deleteCustomDataIdentifier([/* ... */]);
$promise = $client->deleteCustomDataIdentifierAsync([/* ... */]);

Soft deletes a custom data identifier.

Parameter Syntax

$result = $client->deleteCustomDataIdentifier([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DeleteFindingsFilter

$result = $client->deleteFindingsFilter([/* ... */]);
$promise = $client->deleteFindingsFilterAsync([/* ... */]);

Deletes a findings filter.

Parameter Syntax

$result = $client->deleteFindingsFilter([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DeleteInvitations

$result = $client->deleteInvitations([/* ... */]);
$promise = $client->deleteInvitationsAsync([/* ... */]);

Deletes Amazon Macie membership invitations that were received from specific accounts.

Parameter Syntax

$result = $client->deleteInvitations([
    'accountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
accountIds
Required: Yes
Type: Array of strings

Result Syntax

[
    'unprocessedAccounts' => [
        [
            'accountId' => '<string>',
            'errorCode' => 'ClientError|InternalError',
            'errorMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
unprocessedAccounts
Type: Array of UnprocessedAccount structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DeleteMember

$result = $client->deleteMember([/* ... */]);
$promise = $client->deleteMemberAsync([/* ... */]);

Deletes the association between an Amazon Macie administrator account and an account.

Parameter Syntax

$result = $client->deleteMember([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DescribeBuckets

$result = $client->describeBuckets([/* ... */]);
$promise = $client->describeBucketsAsync([/* ... */]);

Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account.

Parameter Syntax

$result = $client->describeBuckets([
    'criteria' => [
        '<__string>' => [
            'eq' => ['<string>', ...],
            'gt' => <integer>,
            'gte' => <integer>,
            'lt' => <integer>,
            'lte' => <integer>,
            'neq' => ['<string>', ...],
            'prefix' => '<string>',
        ],
        // ...
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'sortCriteria' => [
        'attributeName' => '<string>',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
criteria
Type: Associative array of custom strings keys (__string) to BucketCriteriaAdditionalProperties structures

Specifies, as a map, one or more property-based conditions that filter the results of a query for information about S3 buckets.

maxResults
Type: int
nextToken
Type: string
sortCriteria
Type: BucketSortCriteria structure

Specifies criteria for sorting the results of a query for information about S3 buckets.

Result Syntax

[
    'buckets' => [
        [
            'accountId' => '<string>',
            'allowsUnencryptedObjectUploads' => 'TRUE|FALSE|UNKNOWN',
            'automatedDiscoveryMonitoringStatus' => 'MONITORED|NOT_MONITORED',
            'bucketArn' => '<string>',
            'bucketCreatedAt' => <DateTime>,
            'bucketName' => '<string>',
            'classifiableObjectCount' => <integer>,
            'classifiableSizeInBytes' => <integer>,
            'errorCode' => 'ACCESS_DENIED',
            'errorMessage' => '<string>',
            'jobDetails' => [
                'isDefinedInJob' => 'TRUE|FALSE|UNKNOWN',
                'isMonitoredByJob' => 'TRUE|FALSE|UNKNOWN',
                'lastJobId' => '<string>',
                'lastJobRunTime' => <DateTime>,
            ],
            'lastAutomatedDiscoveryTime' => <DateTime>,
            'lastUpdated' => <DateTime>,
            'objectCount' => <integer>,
            'objectCountByEncryptionType' => [
                'customerManaged' => <integer>,
                'kmsManaged' => <integer>,
                's3Managed' => <integer>,
                'unencrypted' => <integer>,
                'unknown' => <integer>,
            ],
            'publicAccess' => [
                'effectivePermission' => 'PUBLIC|NOT_PUBLIC|UNKNOWN',
                'permissionConfiguration' => [
                    'accountLevelPermissions' => [
                        'blockPublicAccess' => [
                            'blockPublicAcls' => true || false,
                            'blockPublicPolicy' => true || false,
                            'ignorePublicAcls' => true || false,
                            'restrictPublicBuckets' => true || false,
                        ],
                    ],
                    'bucketLevelPermissions' => [
                        'accessControlList' => [
                            'allowsPublicReadAccess' => true || false,
                            'allowsPublicWriteAccess' => true || false,
                        ],
                        'blockPublicAccess' => [
                            'blockPublicAcls' => true || false,
                            'blockPublicPolicy' => true || false,
                            'ignorePublicAcls' => true || false,
                            'restrictPublicBuckets' => true || false,
                        ],
                        'bucketPolicy' => [
                            'allowsPublicReadAccess' => true || false,
                            'allowsPublicWriteAccess' => true || false,
                        ],
                    ],
                ],
            ],
            'region' => '<string>',
            'replicationDetails' => [
                'replicated' => true || false,
                'replicatedExternally' => true || false,
                'replicationAccounts' => ['<string>', ...],
            ],
            'sensitivityScore' => <integer>,
            'serverSideEncryption' => [
                'kmsMasterKeyId' => '<string>',
                'type' => 'NONE|AES256|aws:kms|aws:kms:dsse',
            ],
            'sharedAccess' => 'EXTERNAL|INTERNAL|NOT_SHARED|UNKNOWN',
            'sizeInBytes' => <integer>,
            'sizeInBytesCompressed' => <integer>,
            'tags' => [
                [
                    'key' => '<string>',
                    'value' => '<string>',
                ],
                // ...
            ],
            'unclassifiableObjectCount' => [
                'fileType' => <integer>,
                'storageClass' => <integer>,
                'total' => <integer>,
            ],
            'unclassifiableObjectSizeInBytes' => [
                'fileType' => <integer>,
                'storageClass' => <integer>,
                'total' => <integer>,
            ],
            'versioning' => true || false,
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
buckets
Type: Array of BucketMetadata structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DescribeClassificationJob

$result = $client->describeClassificationJob([/* ... */]);
$promise = $client->describeClassificationJobAsync([/* ... */]);

Retrieves the status and settings for a classification job.

Parameter Syntax

$result = $client->describeClassificationJob([
    'jobId' => '<string>', // REQUIRED
]);

Parameter Details

Members
jobId
Required: Yes
Type: string

Result Syntax

[
    'allowListIds' => ['<string>', ...],
    'clientToken' => '<string>',
    'createdAt' => <DateTime>,
    'customDataIdentifierIds' => ['<string>', ...],
    'description' => '<string>',
    'initialRun' => true || false,
    'jobArn' => '<string>',
    'jobId' => '<string>',
    'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED',
    'jobType' => 'ONE_TIME|SCHEDULED',
    'lastRunErrorStatus' => [
        'code' => 'NONE|ERROR',
    ],
    'lastRunTime' => <DateTime>,
    'managedDataIdentifierIds' => ['<string>', ...],
    'managedDataIdentifierSelector' => 'ALL|EXCLUDE|INCLUDE|NONE|RECOMMENDED',
    'name' => '<string>',
    's3JobDefinition' => [
        'bucketCriteria' => [
            'excludes' => [
                'and' => [
                    [
                        'simpleCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                            'values' => ['<string>', ...],
                        ],
                        'tagCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                    ],
                    // ...
                ],
            ],
            'includes' => [
                'and' => [
                    [
                        'simpleCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                            'values' => ['<string>', ...],
                        ],
                        'tagCriterion' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                    ],
                    // ...
                ],
            ],
        ],
        'bucketDefinitions' => [
            [
                'accountId' => '<string>',
                'buckets' => ['<string>', ...],
            ],
            // ...
        ],
        'scoping' => [
            'excludes' => [
                'and' => [
                    [
                        'simpleScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
                            'values' => ['<string>', ...],
                        ],
                        'tagScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => '<string>',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                            'target' => 'S3_OBJECT',
                        ],
                    ],
                    // ...
                ],
            ],
            'includes' => [
                'and' => [
                    [
                        'simpleScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
                            'values' => ['<string>', ...],
                        ],
                        'tagScopeTerm' => [
                            'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                            'key' => '<string>',
                            'tagValues' => [
                                [
                                    'key' => '<string>',
                                    'value' => '<string>',
                                ],
                                // ...
                            ],
                            'target' => 'S3_OBJECT',
                        ],
                    ],
                    // ...
                ],
            ],
        ],
    ],
    'samplingPercentage' => <integer>,
    'scheduleFrequency' => [
        'dailySchedule' => [
        ],
        'monthlySchedule' => [
            'dayOfMonth' => <integer>,
        ],
        'weeklySchedule' => [
            'dayOfWeek' => 'SUNDAY|MONDAY|TUESDAY|WEDNESDAY|THURSDAY|FRIDAY|SATURDAY',
        ],
    ],
    'statistics' => [
        'approximateNumberOfObjectsToProcess' => <float>,
        'numberOfRuns' => <float>,
    ],
    'tags' => ['<string>', ...],
    'userPausedDetails' => [
        'jobExpiresAt' => <DateTime>,
        'jobImminentExpirationHealthEventArn' => '<string>',
        'jobPausedAt' => <DateTime>,
    ],
]

Result Details

Members
allowListIds
Type: Array of strings
clientToken
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
customDataIdentifierIds
Type: Array of strings
description
Type: string
initialRun
Type: boolean
jobArn
Type: string
jobId
Type: string
jobStatus
Type: string

The status of a classification job. Possible values are:

jobType
Type: string

The schedule for running a classification job. Valid values are:

lastRunErrorStatus
Type: LastRunErrorStatus structure

Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.

lastRunTime
Type: timestamp (string|DateTime or anything parsable by strtotime)
managedDataIdentifierIds
Type: Array of strings
managedDataIdentifierSelector
Type: string

The selection type that determines which managed data identifiers a classification job uses to analyze data. Valid values are:

name
Type: string
s3JobDefinition
Type: S3JobDefinition structure

Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.

samplingPercentage
Type: int
scheduleFrequency
Type: JobScheduleFrequency structure

Specifies the recurrence pattern for running a classification job.

statistics
Type: Statistics structure

Provides processing statistics for a classification job.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

userPausedDetails
Type: UserPausedDetails structure

Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DescribeOrganizationConfiguration

$result = $client->describeOrganizationConfiguration([/* ... */]);
$promise = $client->describeOrganizationConfigurationAsync([/* ... */]);

Retrieves the Amazon Macie configuration settings for an organization in Organizations.

Parameter Syntax

$result = $client->describeOrganizationConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'autoEnable' => true || false,
    'maxAccountLimitReached' => true || false,
]

Result Details

Members
autoEnable
Type: boolean
maxAccountLimitReached
Type: boolean

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DisableMacie

$result = $client->disableMacie([/* ... */]);
$promise = $client->disableMacieAsync([/* ... */]);

Disables Amazon Macie and deletes all settings and resources for a Macie account.

Parameter Syntax

$result = $client->disableMacie([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DisableOrganizationAdminAccount

$result = $client->disableOrganizationAdminAccount([/* ... */]);
$promise = $client->disableOrganizationAdminAccountAsync([/* ... */]);

Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations.

Parameter Syntax

$result = $client->disableOrganizationAdminAccount([
    'adminAccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
adminAccountId
Required: Yes
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DisassociateFromAdministratorAccount

$result = $client->disassociateFromAdministratorAccount([/* ... */]);
$promise = $client->disassociateFromAdministratorAccountAsync([/* ... */]);

Disassociates a member account from its Amazon Macie administrator account.

Parameter Syntax

$result = $client->disassociateFromAdministratorAccount([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DisassociateFromMasterAccount

$result = $client->disassociateFromMasterAccount([/* ... */]);
$promise = $client->disassociateFromMasterAccountAsync([/* ... */]);

(Deprecated) Disassociates a member account from its Amazon Macie administrator account. This operation has been replaced by the DisassociateFromAdministratorAccount operation.

Parameter Syntax

$result = $client->disassociateFromMasterAccount([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

DisassociateMember

$result = $client->disassociateMember([/* ... */]);
$promise = $client->disassociateMemberAsync([/* ... */]);

Disassociates an Amazon Macie administrator account from a member account.

Parameter Syntax

$result = $client->disassociateMember([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

EnableMacie

$result = $client->enableMacie([/* ... */]);
$promise = $client->enableMacieAsync([/* ... */]);

Enables Amazon Macie and specifies the configuration settings for a Macie account.

Parameter Syntax

$result = $client->enableMacie([
    'clientToken' => '<string>',
    'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
    'status' => 'PAUSED|ENABLED',
]);

Parameter Details

Members
clientToken
Type: string
findingPublishingFrequency
Type: string

The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:

status
Type: string

The status of an Amazon Macie account. Valid values are:

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

EnableOrganizationAdminAccount

$result = $client->enableOrganizationAdminAccount([/* ... */]);
$promise = $client->enableOrganizationAdminAccountAsync([/* ... */]);

Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations.

Parameter Syntax

$result = $client->enableOrganizationAdminAccount([
    'adminAccountId' => '<string>', // REQUIRED
    'clientToken' => '<string>',
]);

Parameter Details

Members
adminAccountId
Required: Yes
Type: string
clientToken
Type: string

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetAdministratorAccount

$result = $client->getAdministratorAccount([/* ... */]);
$promise = $client->getAdministratorAccountAsync([/* ... */]);

Retrieves information about the Amazon Macie administrator account for an account.

Parameter Syntax

$result = $client->getAdministratorAccount([
]);

Parameter Details

Members

Result Syntax

[
    'administrator' => [
        'accountId' => '<string>',
        'invitationId' => '<string>',
        'invitedAt' => <DateTime>,
        'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
    ],
]

Result Details

Members
administrator
Type: Invitation structure

Provides information about an Amazon Macie membership invitation.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetAllowList

$result = $client->getAllowList([/* ... */]);
$promise = $client->getAllowListAsync([/* ... */]);

Retrieves the settings and status of an allow list.

Parameter Syntax

$result = $client->getAllowList([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'arn' => '<string>',
    'createdAt' => <DateTime>,
    'criteria' => [
        'regex' => '<string>',
        's3WordsList' => [
            'bucketName' => '<string>',
            'objectKey' => '<string>',
        ],
    ],
    'description' => '<string>',
    'id' => '<string>',
    'name' => '<string>',
    'status' => [
        'code' => 'OK|S3_OBJECT_NOT_FOUND|S3_USER_ACCESS_DENIED|S3_OBJECT_ACCESS_DENIED|S3_THROTTLED|S3_OBJECT_OVERSIZE|S3_OBJECT_EMPTY|UNKNOWN_ERROR',
        'description' => '<string>',
    ],
    'tags' => ['<string>', ...],
    'updatedAt' => <DateTime>,
]

Result Details

Members
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
criteria
Type: AllowListCriteria structure

Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.

description
Type: string
id
Type: string
name
Type: string
status
Type: AllowListStatus structure

Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetAutomatedDiscoveryConfiguration

$result = $client->getAutomatedDiscoveryConfiguration([/* ... */]);
$promise = $client->getAutomatedDiscoveryConfigurationAsync([/* ... */]);

Retrieves the configuration settings and status of automated sensitive data discovery for an organization or standalone account.

Parameter Syntax

$result = $client->getAutomatedDiscoveryConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'autoEnableOrganizationMembers' => 'ALL|NEW|NONE',
    'classificationScopeId' => '<string>',
    'disabledAt' => <DateTime>,
    'firstEnabledAt' => <DateTime>,
    'lastUpdatedAt' => <DateTime>,
    'sensitivityInspectionTemplateId' => '<string>',
    'status' => 'ENABLED|DISABLED',
]

Result Details

Members
autoEnableOrganizationMembers
Type: string

Specifies whether to automatically enable automated sensitive data discovery for accounts that are part of an organization in Amazon Macie. Valid values are:

classificationScopeId
Type: string

The unique identifier the classification scope.

disabledAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Specifies a date and time in UTC and extended ISO 8601 format.

firstEnabledAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Specifies a date and time in UTC and extended ISO 8601 format.

lastUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Specifies a date and time in UTC and extended ISO 8601 format.

sensitivityInspectionTemplateId
Type: string

The unique identifier for the sensitivity inspection template.

status
Type: string

The status of the automated sensitive data discovery configuration for an organization in Amazon Macie or a standalone Macie account. Valid values are:

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetBucketStatistics

$result = $client->getBucketStatistics([/* ... */]);
$promise = $client->getBucketStatisticsAsync([/* ... */]);

Retrieves (queries) aggregated statistical data about all the S3 buckets that Amazon Macie monitors and analyzes for an account.

Parameter Syntax

$result = $client->getBucketStatistics([
    'accountId' => '<string>',
]);

Parameter Details

Members
accountId
Type: string

Result Syntax

[
    'bucketCount' => <integer>,
    'bucketCountByEffectivePermission' => [
        'publiclyAccessible' => <integer>,
        'publiclyReadable' => <integer>,
        'publiclyWritable' => <integer>,
        'unknown' => <integer>,
    ],
    'bucketCountByEncryptionType' => [
        'kmsManaged' => <integer>,
        's3Managed' => <integer>,
        'unencrypted' => <integer>,
        'unknown' => <integer>,
    ],
    'bucketCountByObjectEncryptionRequirement' => [
        'allowsUnencryptedObjectUploads' => <integer>,
        'deniesUnencryptedObjectUploads' => <integer>,
        'unknown' => <integer>,
    ],
    'bucketCountBySharedAccessType' => [
        'external' => <integer>,
        'internal' => <integer>,
        'notShared' => <integer>,
        'unknown' => <integer>,
    ],
    'bucketStatisticsBySensitivity' => [
        'classificationError' => [
            'classifiableSizeInBytes' => <integer>,
            'publiclyAccessibleCount' => <integer>,
            'totalCount' => <integer>,
            'totalSizeInBytes' => <integer>,
        ],
        'notClassified' => [
            'classifiableSizeInBytes' => <integer>,
            'publiclyAccessibleCount' => <integer>,
            'totalCount' => <integer>,
            'totalSizeInBytes' => <integer>,
        ],
        'notSensitive' => [
            'classifiableSizeInBytes' => <integer>,
            'publiclyAccessibleCount' => <integer>,
            'totalCount' => <integer>,
            'totalSizeInBytes' => <integer>,
        ],
        'sensitive' => [
            'classifiableSizeInBytes' => <integer>,
            'publiclyAccessibleCount' => <integer>,
            'totalCount' => <integer>,
            'totalSizeInBytes' => <integer>,
        ],
    ],
    'classifiableObjectCount' => <integer>,
    'classifiableSizeInBytes' => <integer>,
    'lastUpdated' => <DateTime>,
    'objectCount' => <integer>,
    'sizeInBytes' => <integer>,
    'sizeInBytesCompressed' => <integer>,
    'unclassifiableObjectCount' => [
        'fileType' => <integer>,
        'storageClass' => <integer>,
        'total' => <integer>,
    ],
    'unclassifiableObjectSizeInBytes' => [
        'fileType' => <integer>,
        'storageClass' => <integer>,
        'total' => <integer>,
    ],
]

Result Details

Members
bucketCount
Type: long (int|float)
bucketCountByEffectivePermission

Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.

bucketCountByEncryptionType
Type: BucketCountByEncryptionType structure

Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

bucketCountByObjectEncryptionRequirement

Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.

bucketCountBySharedAccessType

Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.

bucketStatisticsBySensitivity

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for each metric is 0.

classifiableObjectCount
Type: long (int|float)
classifiableSizeInBytes
Type: long (int|float)
lastUpdated
Type: timestamp (string|DateTime or anything parsable by strtotime)
objectCount
Type: long (int|float)
sizeInBytes
Type: long (int|float)
sizeInBytesCompressed
Type: long (int|float)
unclassifiableObjectCount
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

unclassifiableObjectSizeInBytes
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetClassificationExportConfiguration

$result = $client->getClassificationExportConfiguration([/* ... */]);
$promise = $client->getClassificationExportConfigurationAsync([/* ... */]);

Retrieves the configuration settings for storing data classification results.

Parameter Syntax

$result = $client->getClassificationExportConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'configuration' => [
        's3Destination' => [
            'bucketName' => '<string>',
            'keyPrefix' => '<string>',
            'kmsKeyArn' => '<string>',
        ],
    ],
]

Result Details

Members
configuration

Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetClassificationScope

$result = $client->getClassificationScope([/* ... */]);
$promise = $client->getClassificationScopeAsync([/* ... */]);

Retrieves the classification scope settings for an account.

Parameter Syntax

$result = $client->getClassificationScope([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'id' => '<string>',
    'name' => '<string>',
    's3' => [
        'excludes' => [
            'bucketNames' => ['<string>', ...],
        ],
    ],
]

Result Details

Members
id
Type: string

The unique identifier the classification scope.

name
Type: string

The name of the classification scope.

s3
Type: S3ClassificationScope structure

Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetCustomDataIdentifier

$result = $client->getCustomDataIdentifier([/* ... */]);
$promise = $client->getCustomDataIdentifierAsync([/* ... */]);

Retrieves the criteria and other settings for a custom data identifier.

Parameter Syntax

$result = $client->getCustomDataIdentifier([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'arn' => '<string>',
    'createdAt' => <DateTime>,
    'deleted' => true || false,
    'description' => '<string>',
    'id' => '<string>',
    'ignoreWords' => ['<string>', ...],
    'keywords' => ['<string>', ...],
    'maximumMatchDistance' => <integer>,
    'name' => '<string>',
    'regex' => '<string>',
    'severityLevels' => [
        [
            'occurrencesThreshold' => <integer>,
            'severity' => 'LOW|MEDIUM|HIGH',
        ],
        // ...
    ],
    'tags' => ['<string>', ...],
]

Result Details

Members
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
deleted
Type: boolean
description
Type: string
id
Type: string
ignoreWords
Type: Array of strings
keywords
Type: Array of strings
maximumMatchDistance
Type: int
name
Type: string
regex
Type: string
severityLevels
Type: Array of SeverityLevel structures

The severity to assign to findings that the custom data identifier produces, based on the number of occurrences of text that matches the custom data identifier's detection criteria. You can specify as many as three SeverityLevel objects in this array, one for each severity: LOW, MEDIUM, or HIGH. If you specify more than one, the occurrences thresholds must be in ascending order by severity, moving from LOW to HIGH. For example, 1 for LOW, 50 for MEDIUM, and 100 for HIGH. If an S3 object contains fewer occurrences than the lowest specified threshold, Amazon Macie doesn't create a finding.

If you don't specify any values for this array, Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie automatically assigns the MEDIUM severity to those findings.

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetFindingStatistics

$result = $client->getFindingStatistics([/* ... */]);
$promise = $client->getFindingStatisticsAsync([/* ... */]);

Retrieves (queries) aggregated statistical data about findings.

Parameter Syntax

$result = $client->getFindingStatistics([
    'findingCriteria' => [
        'criterion' => [
            '<__string>' => [
                'eq' => ['<string>', ...],
                'eqExactMatch' => ['<string>', ...],
                'gt' => <integer>,
                'gte' => <integer>,
                'lt' => <integer>,
                'lte' => <integer>,
                'neq' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'groupBy' => 'resourcesAffected.s3Bucket.name|type|classificationDetails.jobId|severity.description', // REQUIRED
    'size' => <integer>,
    'sortCriteria' => [
        'attributeName' => 'groupKey|count',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
findingCriteria
Type: FindingCriteria structure

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

groupBy
Required: Yes
Type: string
size
Type: int
sortCriteria

Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.

Result Syntax

[
    'countsByGroup' => [
        [
            'count' => <integer>,
            'groupKey' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
countsByGroup
Type: Array of GroupCount structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetFindings

$result = $client->getFindings([/* ... */]);
$promise = $client->getFindingsAsync([/* ... */]);

Retrieves the details of one or more findings.

Parameter Syntax

$result = $client->getFindings([
    'findingIds' => ['<string>', ...], // REQUIRED
    'sortCriteria' => [
        'attributeName' => '<string>',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
findingIds
Required: Yes
Type: Array of strings
sortCriteria
Type: SortCriteria structure

Specifies criteria for sorting the results of a request for findings.

Result Syntax

[
    'findings' => [
        [
            'accountId' => '<string>',
            'archived' => true || false,
            'category' => 'CLASSIFICATION|POLICY',
            'classificationDetails' => [
                'detailedResultsLocation' => '<string>',
                'jobArn' => '<string>',
                'jobId' => '<string>',
                'originType' => 'SENSITIVE_DATA_DISCOVERY_JOB|AUTOMATED_SENSITIVE_DATA_DISCOVERY',
                'result' => [
                    'additionalOccurrences' => true || false,
                    'customDataIdentifiers' => [
                        'detections' => [
                            [
                                'arn' => '<string>',
                                'count' => <integer>,
                                'name' => '<string>',
                                'occurrences' => [
                                    'cells' => [
                                        [
                                            'cellReference' => '<string>',
                                            'column' => <integer>,
                                            'columnName' => '<string>',
                                            'row' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'lineRanges' => [
                                        [
                                            'end' => <integer>,
                                            'start' => <integer>,
                                            'startColumn' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'offsetRanges' => [
                                        [
                                            'end' => <integer>,
                                            'start' => <integer>,
                                            'startColumn' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'pages' => [
                                        [
                                            'lineRange' => [
                                                'end' => <integer>,
                                                'start' => <integer>,
                                                'startColumn' => <integer>,
                                            ],
                                            'offsetRange' => [
                                                'end' => <integer>,
                                                'start' => <integer>,
                                                'startColumn' => <integer>,
                                            ],
                                            'pageNumber' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'records' => [
                                        [
                                            'jsonPath' => '<string>',
                                            'recordIndex' => <integer>,
                                        ],
                                        // ...
                                    ],
                                ],
                            ],
                            // ...
                        ],
                        'totalCount' => <integer>,
                    ],
                    'mimeType' => '<string>',
                    'sensitiveData' => [
                        [
                            'category' => 'FINANCIAL_INFORMATION|PERSONAL_INFORMATION|CREDENTIALS|CUSTOM_IDENTIFIER',
                            'detections' => [
                                [
                                    'count' => <integer>,
                                    'occurrences' => [
                                        'cells' => [
                                            [
                                                'cellReference' => '<string>',
                                                'column' => <integer>,
                                                'columnName' => '<string>',
                                                'row' => <integer>,
                                            ],
                                            // ...
                                        ],
                                        'lineRanges' => [
                                            [
                                                'end' => <integer>,
                                                'start' => <integer>,
                                                'startColumn' => <integer>,
                                            ],
                                            // ...
                                        ],
                                        'offsetRanges' => [
                                            [
                                                'end' => <integer>,
                                                'start' => <integer>,
                                                'startColumn' => <integer>,
                                            ],
                                            // ...
                                        ],
                                        'pages' => [
                                            [
                                                'lineRange' => [
                                                    'end' => <integer>,
                                                    'start' => <integer>,
                                                    'startColumn' => <integer>,
                                                ],
                                                'offsetRange' => [
                                                    'end' => <integer>,
                                                    'start' => <integer>,
                                                    'startColumn' => <integer>,
                                                ],
                                                'pageNumber' => <integer>,
                                            ],
                                            // ...
                                        ],
                                        'records' => [
                                            [
                                                'jsonPath' => '<string>',
                                                'recordIndex' => <integer>,
                                            ],
                                            // ...
                                        ],
                                    ],
                                    'type' => '<string>',
                                ],
                                // ...
                            ],
                            'totalCount' => <integer>,
                        ],
                        // ...
                    ],
                    'sizeClassified' => <integer>,
                    'status' => [
                        'code' => '<string>',
                        'reason' => '<string>',
                    ],
                ],
            ],
            'count' => <integer>,
            'createdAt' => <DateTime>,
            'description' => '<string>',
            'id' => '<string>',
            'partition' => '<string>',
            'policyDetails' => [
                'action' => [
                    'actionType' => 'AWS_API_CALL',
                    'apiCallDetails' => [
                        'api' => '<string>',
                        'apiServiceName' => '<string>',
                        'firstSeen' => <DateTime>,
                        'lastSeen' => <DateTime>,
                    ],
                ],
                'actor' => [
                    'domainDetails' => [
                        'domainName' => '<string>',
                    ],
                    'ipAddressDetails' => [
                        'ipAddressV4' => '<string>',
                        'ipCity' => [
                            'name' => '<string>',
                        ],
                        'ipCountry' => [
                            'code' => '<string>',
                            'name' => '<string>',
                        ],
                        'ipGeoLocation' => [
                            'lat' => <float>,
                            'lon' => <float>,
                        ],
                        'ipOwner' => [
                            'asn' => '<string>',
                            'asnOrg' => '<string>',
                            'isp' => '<string>',
                            'org' => '<string>',
                        ],
                    ],
                    'userIdentity' => [
                        'assumedRole' => [
                            'accessKeyId' => '<string>',
                            'accountId' => '<string>',
                            'arn' => '<string>',
                            'principalId' => '<string>',
                            'sessionContext' => [
                                'attributes' => [
                                    'creationDate' => <DateTime>,
                                    'mfaAuthenticated' => true || false,
                                ],
                                'sessionIssuer' => [
                                    'accountId' => '<string>',
                                    'arn' => '<string>',
                                    'principalId' => '<string>',
                                    'type' => '<string>',
                                    'userName' => '<string>',
                                ],
                            ],
                        ],
                        'awsAccount' => [
                            'accountId' => '<string>',
                            'principalId' => '<string>',
                        ],
                        'awsService' => [
                            'invokedBy' => '<string>',
                        ],
                        'federatedUser' => [
                            'accessKeyId' => '<string>',
                            'accountId' => '<string>',
                            'arn' => '<string>',
                            'principalId' => '<string>',
                            'sessionContext' => [
                                'attributes' => [
                                    'creationDate' => <DateTime>,
                                    'mfaAuthenticated' => true || false,
                                ],
                                'sessionIssuer' => [
                                    'accountId' => '<string>',
                                    'arn' => '<string>',
                                    'principalId' => '<string>',
                                    'type' => '<string>',
                                    'userName' => '<string>',
                                ],
                            ],
                        ],
                        'iamUser' => [
                            'accountId' => '<string>',
                            'arn' => '<string>',
                            'principalId' => '<string>',
                            'userName' => '<string>',
                        ],
                        'root' => [
                            'accountId' => '<string>',
                            'arn' => '<string>',
                            'principalId' => '<string>',
                        ],
                        'type' => 'AssumedRole|IAMUser|FederatedUser|Root|AWSAccount|AWSService',
                    ],
                ],
            ],
            'region' => '<string>',
            'resourcesAffected' => [
                's3Bucket' => [
                    'allowsUnencryptedObjectUploads' => 'TRUE|FALSE|UNKNOWN',
                    'arn' => '<string>',
                    'createdAt' => <DateTime>,
                    'defaultServerSideEncryption' => [
                        'encryptionType' => 'NONE|AES256|aws:kms|UNKNOWN|aws:kms:dsse',
                        'kmsMasterKeyId' => '<string>',
                    ],
                    'name' => '<string>',
                    'owner' => [
                        'displayName' => '<string>',
                        'id' => '<string>',
                    ],
                    'publicAccess' => [
                        'effectivePermission' => 'PUBLIC|NOT_PUBLIC|UNKNOWN',
                        'permissionConfiguration' => [
                            'accountLevelPermissions' => [
                                'blockPublicAccess' => [
                                    'blockPublicAcls' => true || false,
                                    'blockPublicPolicy' => true || false,
                                    'ignorePublicAcls' => true || false,
                                    'restrictPublicBuckets' => true || false,
                                ],
                            ],
                            'bucketLevelPermissions' => [
                                'accessControlList' => [
                                    'allowsPublicReadAccess' => true || false,
                                    'allowsPublicWriteAccess' => true || false,
                                ],
                                'blockPublicAccess' => [
                                    'blockPublicAcls' => true || false,
                                    'blockPublicPolicy' => true || false,
                                    'ignorePublicAcls' => true || false,
                                    'restrictPublicBuckets' => true || false,
                                ],
                                'bucketPolicy' => [
                                    'allowsPublicReadAccess' => true || false,
                                    'allowsPublicWriteAccess' => true || false,
                                ],
                            ],
                        ],
                    ],
                    'tags' => [
                        [
                            'key' => '<string>',
                            'value' => '<string>',
                        ],
                        // ...
                    ],
                ],
                's3Object' => [
                    'bucketArn' => '<string>',
                    'eTag' => '<string>',
                    'extension' => '<string>',
                    'key' => '<string>',
                    'lastModified' => <DateTime>,
                    'path' => '<string>',
                    'publicAccess' => true || false,
                    'serverSideEncryption' => [
                        'encryptionType' => 'NONE|AES256|aws:kms|UNKNOWN|aws:kms:dsse',
                        'kmsMasterKeyId' => '<string>',
                    ],
                    'size' => <integer>,
                    'storageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE|ONEZONE_IA|GLACIER|GLACIER_IR|OUTPOSTS',
                    'tags' => [
                        [
                            'key' => '<string>',
                            'value' => '<string>',
                        ],
                        // ...
                    ],
                    'versionId' => '<string>',
                ],
            ],
            'sample' => true || false,
            'schemaVersion' => '<string>',
            'severity' => [
                'description' => 'Low|Medium|High',
                'score' => <integer>,
            ],
            'title' => '<string>',
            'type' => 'SensitiveData:S3Object/Multiple|SensitiveData:S3Object/Financial|SensitiveData:S3Object/Personal|SensitiveData:S3Object/Credentials|SensitiveData:S3Object/CustomIdentifier|Policy:IAMUser/S3BucketPublic|Policy:IAMUser/S3BucketSharedExternally|Policy:IAMUser/S3BucketReplicatedExternally|Policy:IAMUser/S3BucketEncryptionDisabled|Policy:IAMUser/S3BlockPublicAccessDisabled|Policy:IAMUser/S3BucketSharedWithCloudFront',
            'updatedAt' => <DateTime>,
        ],
        // ...
    ],
]

Result Details

Members
findings
Type: Array of Finding structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetFindingsFilter

$result = $client->getFindingsFilter([/* ... */]);
$promise = $client->getFindingsFilterAsync([/* ... */]);

Retrieves the criteria and other settings for a findings filter.

Parameter Syntax

$result = $client->getFindingsFilter([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'action' => 'ARCHIVE|NOOP',
    'arn' => '<string>',
    'description' => '<string>',
    'findingCriteria' => [
        'criterion' => [
            '<__string>' => [
                'eq' => ['<string>', ...],
                'eqExactMatch' => ['<string>', ...],
                'gt' => <integer>,
                'gte' => <integer>,
                'lt' => <integer>,
                'lte' => <integer>,
                'neq' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'id' => '<string>',
    'name' => '<string>',
    'position' => <integer>,
    'tags' => ['<string>', ...],
]

Result Details

Members
action
Type: string

The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:

arn
Type: string
description
Type: string
findingCriteria
Type: FindingCriteria structure

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

id
Type: string
name
Type: string
position
Type: int
tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetFindingsPublicationConfiguration

$result = $client->getFindingsPublicationConfiguration([/* ... */]);
$promise = $client->getFindingsPublicationConfigurationAsync([/* ... */]);

Retrieves the configuration settings for publishing findings to Security Hub.

Parameter Syntax

$result = $client->getFindingsPublicationConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'securityHubConfiguration' => [
        'publishClassificationFindings' => true || false,
        'publishPolicyFindings' => true || false,
    ],
]

Result Details

Members
securityHubConfiguration
Type: SecurityHubConfiguration structure

Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetInvitationsCount

$result = $client->getInvitationsCount([/* ... */]);
$promise = $client->getInvitationsCountAsync([/* ... */]);

Retrieves the count of Amazon Macie membership invitations that were received by an account.

Parameter Syntax

$result = $client->getInvitationsCount([
]);

Parameter Details

Members

Result Syntax

[
    'invitationsCount' => <integer>,
]

Result Details

Members
invitationsCount
Type: long (int|float)

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetMacieSession

$result = $client->getMacieSession([/* ... */]);
$promise = $client->getMacieSessionAsync([/* ... */]);

Retrieves the status and configuration settings for an Amazon Macie account.

Parameter Syntax

$result = $client->getMacieSession([
]);

Parameter Details

Members

Result Syntax

[
    'createdAt' => <DateTime>,
    'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
    'serviceRole' => '<string>',
    'status' => 'PAUSED|ENABLED',
    'updatedAt' => <DateTime>,
]

Result Details

Members
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
findingPublishingFrequency
Type: string

The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:

serviceRole
Type: string
status
Type: string

The status of an Amazon Macie account. Valid values are:

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetMasterAccount

$result = $client->getMasterAccount([/* ... */]);
$promise = $client->getMasterAccountAsync([/* ... */]);

(Deprecated) Retrieves information about the Amazon Macie administrator account for an account. This operation has been replaced by the GetAdministratorAccount operation.

Parameter Syntax

$result = $client->getMasterAccount([
]);

Parameter Details

Members

Result Syntax

[
    'master' => [
        'accountId' => '<string>',
        'invitationId' => '<string>',
        'invitedAt' => <DateTime>,
        'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
    ],
]

Result Details

Members
master
Type: Invitation structure

Provides information about an Amazon Macie membership invitation.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetMember

$result = $client->getMember([/* ... */]);
$promise = $client->getMemberAsync([/* ... */]);

Retrieves information about an account that's associated with an Amazon Macie administrator account.

Parameter Syntax

$result = $client->getMember([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'accountId' => '<string>',
    'administratorAccountId' => '<string>',
    'arn' => '<string>',
    'email' => '<string>',
    'invitedAt' => <DateTime>,
    'masterAccountId' => '<string>',
    'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
    'tags' => ['<string>', ...],
    'updatedAt' => <DateTime>,
]

Result Details

Members
accountId
Type: string
administratorAccountId
Type: string
arn
Type: string
email
Type: string
invitedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
masterAccountId
Type: string
relationshipStatus
Type: string

The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetResourceProfile

$result = $client->getResourceProfile([/* ... */]);
$promise = $client->getResourceProfileAsync([/* ... */]);

Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket.

Parameter Syntax

$result = $client->getResourceProfile([
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

Result Syntax

[
    'profileUpdatedAt' => <DateTime>,
    'sensitivityScore' => <integer>,
    'sensitivityScoreOverridden' => true || false,
    'statistics' => [
        'totalBytesClassified' => <integer>,
        'totalDetections' => <integer>,
        'totalDetectionsSuppressed' => <integer>,
        'totalItemsClassified' => <integer>,
        'totalItemsSensitive' => <integer>,
        'totalItemsSkipped' => <integer>,
        'totalItemsSkippedInvalidEncryption' => <integer>,
        'totalItemsSkippedInvalidKms' => <integer>,
        'totalItemsSkippedPermissionDenied' => <integer>,
    ],
]

Result Details

Members
profileUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
sensitivityScore
Type: int
sensitivityScoreOverridden
Type: boolean
statistics
Type: ResourceStatistics structure

Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

GetRevealConfiguration

$result = $client->getRevealConfiguration([/* ... */]);
$promise = $client->getRevealConfigurationAsync([/* ... */]);

Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings.

Parameter Syntax

$result = $client->getRevealConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'configuration' => [
        'kmsKeyId' => '<string>',
        'status' => 'ENABLED|DISABLED',
    ],
    'retrievalConfiguration' => [
        'externalId' => '<string>',
        'retrievalMode' => 'CALLER_CREDENTIALS|ASSUME_ROLE',
        'roleName' => '<string>',
    ],
]

Result Details

Members
configuration
Type: RevealConfiguration structure

Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.

retrievalConfiguration
Type: RetrievalConfiguration structure

Provides information about the access method and settings that are used to retrieve occurrences of sensitive data reported by findings.

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetSensitiveDataOccurrences

$result = $client->getSensitiveDataOccurrences([/* ... */]);
$promise = $client->getSensitiveDataOccurrencesAsync([/* ... */]);

Retrieves occurrences of sensitive data reported by a finding.

Parameter Syntax

$result = $client->getSensitiveDataOccurrences([
    'findingId' => '<string>', // REQUIRED
]);

Parameter Details

Members
findingId
Required: Yes
Type: string

Result Syntax

[
    'error' => '<string>',
    'sensitiveDataOccurrences' => [
        '<__string>' => [
            [
                'value' => '<string>',
            ],
            // ...
        ],
        // ...
    ],
    'status' => 'SUCCESS|PROCESSING|ERROR',
]

Result Details

Members
error
Type: string
sensitiveDataOccurrences
Type: Associative array of custom strings keys (__string) to DetectedDataDetails structuress

Specifies a type of sensitive data reported by a finding and provides occurrences of the specified type of sensitive data.

status
Type: string

The status of a request to retrieve occurrences of sensitive data reported by a finding. Possible values are:

Errors

UnprocessableEntityException:

Provides information about an error that occurred due to an unprocessable entity.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

GetSensitiveDataOccurrencesAvailability

$result = $client->getSensitiveDataOccurrencesAvailability([/* ... */]);
$promise = $client->getSensitiveDataOccurrencesAvailabilityAsync([/* ... */]);

Checks whether occurrences of sensitive data can be retrieved for a finding.

Parameter Syntax

$result = $client->getSensitiveDataOccurrencesAvailability([
    'findingId' => '<string>', // REQUIRED
]);

Parameter Details

Members
findingId
Required: Yes
Type: string

Result Syntax

[
    'code' => 'AVAILABLE|UNAVAILABLE',
    'reasons' => ['<string>', ...],
]

Result Details

Members
code
Type: string

Specifies whether occurrences of sensitive data can be retrieved for a finding. Possible values are:

reasons
Type: Array of strings

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetSensitivityInspectionTemplate

$result = $client->getSensitivityInspectionTemplate([/* ... */]);
$promise = $client->getSensitivityInspectionTemplateAsync([/* ... */]);

Retrieves the settings for the sensitivity inspection template for an account.

Parameter Syntax

$result = $client->getSensitivityInspectionTemplate([
    'id' => '<string>', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string

Result Syntax

[
    'description' => '<string>',
    'excludes' => [
        'managedDataIdentifierIds' => ['<string>', ...],
    ],
    'includes' => [
        'allowListIds' => ['<string>', ...],
        'customDataIdentifierIds' => ['<string>', ...],
        'managedDataIdentifierIds' => ['<string>', ...],
    ],
    'name' => '<string>',
    'sensitivityInspectionTemplateId' => '<string>',
]

Result Details

Members
description
Type: string
excludes

Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

includes

Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

name
Type: string
sensitivityInspectionTemplateId
Type: string

The unique identifier for the sensitivity inspection template.

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

GetUsageStatistics

$result = $client->getUsageStatistics([/* ... */]);
$promise = $client->getUsageStatisticsAsync([/* ... */]);

Retrieves (queries) quotas and aggregated usage data for one or more accounts.

Parameter Syntax

$result = $client->getUsageStatistics([
    'filterBy' => [
        [
            'comparator' => 'GT|GTE|LT|LTE|EQ|NE|CONTAINS',
            'key' => 'accountId|serviceLimit|freeTrialStartDate|total',
            'values' => ['<string>', ...],
        ],
        // ...
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'sortBy' => [
        'key' => 'accountId|total|serviceLimitValue|freeTrialStartDate',
        'orderBy' => 'ASC|DESC',
    ],
    'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
]);

Parameter Details

Members
filterBy
Type: Array of UsageStatisticsFilter structures
maxResults
Type: int
nextToken
Type: string
sortBy
Type: UsageStatisticsSortBy structure

Specifies criteria for sorting the results of a query for Amazon Macie account quotas and usage data.

timeRange
Type: string

An inclusive time period that Amazon Macie usage data applies to. Possible values are:

Result Syntax

[
    'nextToken' => '<string>',
    'records' => [
        [
            'accountId' => '<string>',
            'automatedDiscoveryFreeTrialStartDate' => <DateTime>,
            'freeTrialStartDate' => <DateTime>,
            'usage' => [
                [
                    'currency' => 'USD',
                    'estimatedCost' => '<string>',
                    'serviceLimit' => [
                        'isServiceLimited' => true || false,
                        'unit' => 'TERABYTES',
                        'value' => <integer>,
                    ],
                    'type' => 'DATA_INVENTORY_EVALUATION|SENSITIVE_DATA_DISCOVERY|AUTOMATED_SENSITIVE_DATA_DISCOVERY|AUTOMATED_OBJECT_MONITORING',
                ],
                // ...
            ],
        ],
        // ...
    ],
    'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
]

Result Details

Members
nextToken
Type: string
records
Type: Array of UsageRecord structures
timeRange
Type: string

An inclusive time period that Amazon Macie usage data applies to. Possible values are:

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

GetUsageTotals

$result = $client->getUsageTotals([/* ... */]);
$promise = $client->getUsageTotalsAsync([/* ... */]);

Retrieves (queries) aggregated usage data for an account.

Parameter Syntax

$result = $client->getUsageTotals([
    'timeRange' => '<string>',
]);

Parameter Details

Members
timeRange
Type: string

Result Syntax

[
    'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
    'usageTotals' => [
        [
            'currency' => 'USD',
            'estimatedCost' => '<string>',
            'type' => 'DATA_INVENTORY_EVALUATION|SENSITIVE_DATA_DISCOVERY|AUTOMATED_SENSITIVE_DATA_DISCOVERY|AUTOMATED_OBJECT_MONITORING',
        ],
        // ...
    ],
]

Result Details

Members
timeRange
Type: string

An inclusive time period that Amazon Macie usage data applies to. Possible values are:

usageTotals
Type: Array of UsageTotal structures

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListAllowLists

$result = $client->listAllowLists([/* ... */]);
$promise = $client->listAllowListsAsync([/* ... */]);

Retrieves a subset of information about all the allow lists for an account.

Parameter Syntax

$result = $client->listAllowLists([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'allowLists' => [
        [
            'arn' => '<string>',
            'createdAt' => <DateTime>,
            'description' => '<string>',
            'id' => '<string>',
            'name' => '<string>',
            'updatedAt' => <DateTime>,
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
allowLists
Type: Array of AllowListSummary structures
nextToken
Type: string

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ListAutomatedDiscoveryAccounts

$result = $client->listAutomatedDiscoveryAccounts([/* ... */]);
$promise = $client->listAutomatedDiscoveryAccountsAsync([/* ... */]);

Retrieves the status of automated sensitive data discovery for one or more accounts.

Parameter Syntax

$result = $client->listAutomatedDiscoveryAccounts([
    'accountIds' => ['<string>', ...],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
accountIds
Type: Array of strings
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'items' => [
        [
            'accountId' => '<string>',
            'status' => 'ENABLED|DISABLED',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
items
Type: Array of AutomatedDiscoveryAccount structures
nextToken
Type: string

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ListClassificationJobs

$result = $client->listClassificationJobs([/* ... */]);
$promise = $client->listClassificationJobsAsync([/* ... */]);

Retrieves a subset of information about one or more classification jobs.

Parameter Syntax

$result = $client->listClassificationJobs([
    'filterCriteria' => [
        'excludes' => [
            [
                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                'key' => 'jobType|jobStatus|createdAt|name',
                'values' => ['<string>', ...],
            ],
            // ...
        ],
        'includes' => [
            [
                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                'key' => 'jobType|jobStatus|createdAt|name',
                'values' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'sortCriteria' => [
        'attributeName' => 'createdAt|jobStatus|name|jobType',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
filterCriteria
Type: ListJobsFilterCriteria structure

Specifies criteria for filtering the results of a request for information about classification jobs.

maxResults
Type: int
nextToken
Type: string
sortCriteria
Type: ListJobsSortCriteria structure

Specifies criteria for sorting the results of a request for information about classification jobs.

Result Syntax

[
    'items' => [
        [
            'bucketCriteria' => [
                'excludes' => [
                    'and' => [
                        [
                            'simpleCriterion' => [
                                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                                'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                                'values' => ['<string>', ...],
                            ],
                            'tagCriterion' => [
                                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                                'tagValues' => [
                                    [
                                        'key' => '<string>',
                                        'value' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                        ],
                        // ...
                    ],
                ],
                'includes' => [
                    'and' => [
                        [
                            'simpleCriterion' => [
                                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                                'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
                                'values' => ['<string>', ...],
                            ],
                            'tagCriterion' => [
                                'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
                                'tagValues' => [
                                    [
                                        'key' => '<string>',
                                        'value' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                        ],
                        // ...
                    ],
                ],
            ],
            'bucketDefinitions' => [
                [
                    'accountId' => '<string>',
                    'buckets' => ['<string>', ...],
                ],
                // ...
            ],
            'createdAt' => <DateTime>,
            'jobId' => '<string>',
            'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED',
            'jobType' => 'ONE_TIME|SCHEDULED',
            'lastRunErrorStatus' => [
                'code' => 'NONE|ERROR',
            ],
            'name' => '<string>',
            'userPausedDetails' => [
                'jobExpiresAt' => <DateTime>,
                'jobImminentExpirationHealthEventArn' => '<string>',
                'jobPausedAt' => <DateTime>,
            ],
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
items
Type: Array of JobSummary structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListClassificationScopes

$result = $client->listClassificationScopes([/* ... */]);
$promise = $client->listClassificationScopesAsync([/* ... */]);

Retrieves a subset of information about the classification scope for an account.

Parameter Syntax

$result = $client->listClassificationScopes([
    'name' => '<string>',
    'nextToken' => '<string>',
]);

Parameter Details

Members
name
Type: string
nextToken
Type: string

Result Syntax

[
    'classificationScopes' => [
        [
            'id' => '<string>',
            'name' => '<string>',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
classificationScopes
Type: Array of ClassificationScopeSummary structures
nextToken
Type: string

Specifies which page of results to return in a paginated response.

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ListCustomDataIdentifiers

$result = $client->listCustomDataIdentifiers([/* ... */]);
$promise = $client->listCustomDataIdentifiersAsync([/* ... */]);

Retrieves a subset of information about all the custom data identifiers for an account.

Parameter Syntax

$result = $client->listCustomDataIdentifiers([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'items' => [
        [
            'arn' => '<string>',
            'createdAt' => <DateTime>,
            'description' => '<string>',
            'id' => '<string>',
            'name' => '<string>',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
items
Type: Array of CustomDataIdentifierSummary structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListFindings

$result = $client->listFindings([/* ... */]);
$promise = $client->listFindingsAsync([/* ... */]);

Retrieves a subset of information about one or more findings.

Parameter Syntax

$result = $client->listFindings([
    'findingCriteria' => [
        'criterion' => [
            '<__string>' => [
                'eq' => ['<string>', ...],
                'eqExactMatch' => ['<string>', ...],
                'gt' => <integer>,
                'gte' => <integer>,
                'lt' => <integer>,
                'lte' => <integer>,
                'neq' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'sortCriteria' => [
        'attributeName' => '<string>',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
findingCriteria
Type: FindingCriteria structure

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

maxResults
Type: int
nextToken
Type: string
sortCriteria
Type: SortCriteria structure

Specifies criteria for sorting the results of a request for findings.

Result Syntax

[
    'findingIds' => ['<string>', ...],
    'nextToken' => '<string>',
]

Result Details

Members
findingIds
Type: Array of strings
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListFindingsFilters

$result = $client->listFindingsFilters([/* ... */]);
$promise = $client->listFindingsFiltersAsync([/* ... */]);

Retrieves a subset of information about all the findings filters for an account.

Parameter Syntax

$result = $client->listFindingsFilters([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'findingsFilterListItems' => [
        [
            'action' => 'ARCHIVE|NOOP',
            'arn' => '<string>',
            'id' => '<string>',
            'name' => '<string>',
            'tags' => ['<string>', ...],
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
findingsFilterListItems
Type: Array of FindingsFilterListItem structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListInvitations

$result = $client->listInvitations([/* ... */]);
$promise = $client->listInvitationsAsync([/* ... */]);

Retrieves information about Amazon Macie membership invitations that were received by an account.

Parameter Syntax

$result = $client->listInvitations([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'invitations' => [
        [
            'accountId' => '<string>',
            'invitationId' => '<string>',
            'invitedAt' => <DateTime>,
            'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
invitations
Type: Array of Invitation structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListManagedDataIdentifiers

$result = $client->listManagedDataIdentifiers([/* ... */]);
$promise = $client->listManagedDataIdentifiersAsync([/* ... */]);

Retrieves information about all the managed data identifiers that Amazon Macie currently provides.

Parameter Syntax

$result = $client->listManagedDataIdentifiers([
    'nextToken' => '<string>',
]);

Parameter Details

Members
nextToken
Type: string

Result Syntax

[
    'items' => [
        [
            'category' => 'FINANCIAL_INFORMATION|PERSONAL_INFORMATION|CREDENTIALS|CUSTOM_IDENTIFIER',
            'id' => '<string>',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
items
Type: Array of ManagedDataIdentifierSummary structures
nextToken
Type: string

Errors

There are no errors described for this operation.

ListMembers

$result = $client->listMembers([/* ... */]);
$promise = $client->listMembersAsync([/* ... */]);

Retrieves information about the accounts that are associated with an Amazon Macie administrator account.

Parameter Syntax

$result = $client->listMembers([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'onlyAssociated' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string
onlyAssociated
Type: string

Result Syntax

[
    'members' => [
        [
            'accountId' => '<string>',
            'administratorAccountId' => '<string>',
            'arn' => '<string>',
            'email' => '<string>',
            'invitedAt' => <DateTime>,
            'masterAccountId' => '<string>',
            'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
            'tags' => ['<string>', ...],
            'updatedAt' => <DateTime>,
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
members
Type: Array of Member structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListOrganizationAdminAccounts

$result = $client->listOrganizationAdminAccounts([/* ... */]);
$promise = $client->listOrganizationAdminAccountsAsync([/* ... */]);

Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations.

Parameter Syntax

$result = $client->listOrganizationAdminAccounts([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'adminAccounts' => [
        [
            'accountId' => '<string>',
            'status' => 'ENABLED|DISABLING_IN_PROGRESS',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
adminAccounts
Type: Array of AdminAccount structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

ListResourceProfileArtifacts

$result = $client->listResourceProfileArtifacts([/* ... */]);
$promise = $client->listResourceProfileArtifactsAsync([/* ... */]);

Retrieves information about objects that Amazon Macie selected from an S3 bucket for automated sensitive data discovery.

Parameter Syntax

$result = $client->listResourceProfileArtifacts([
    'nextToken' => '<string>',
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
nextToken
Type: string
resourceArn
Required: Yes
Type: string

Result Syntax

[
    'artifacts' => [
        [
            'arn' => '<string>',
            'classificationResultStatus' => '<string>',
            'sensitive' => true || false,
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
artifacts
Type: Array of ResourceProfileArtifact structures
nextToken
Type: string

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ListResourceProfileDetections

$result = $client->listResourceProfileDetections([/* ... */]);
$promise = $client->listResourceProfileDetectionsAsync([/* ... */]);

Retrieves information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket.

Parameter Syntax

$result = $client->listResourceProfileDetections([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string
resourceArn
Required: Yes
Type: string

Result Syntax

[
    'detections' => [
        [
            'arn' => '<string>',
            'count' => <integer>,
            'id' => '<string>',
            'name' => '<string>',
            'suppressed' => true || false,
            'type' => 'CUSTOM|MANAGED',
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
detections
Type: Array of Detection structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ListSensitivityInspectionTemplates

$result = $client->listSensitivityInspectionTemplates([/* ... */]);
$promise = $client->listSensitivityInspectionTemplatesAsync([/* ... */]);

Retrieves a subset of information about the sensitivity inspection template for an account.

Parameter Syntax

$result = $client->listSensitivityInspectionTemplates([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
]);

Parameter Details

Members
maxResults
Type: int
nextToken
Type: string

Result Syntax

[
    'nextToken' => '<string>',
    'sensitivityInspectionTemplates' => [
        [
            'id' => '<string>',
            'name' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
nextToken
Type: string
sensitivityInspectionTemplates
Type: Array of SensitivityInspectionTemplatesEntry structures

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Retrieves the tags (keys and values) that are associated with an Amazon Macie resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'resourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string

Result Syntax

[
    'tags' => ['<string>', ...],
]

Result Details

Members
tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Errors

There are no errors described for this operation.

PutClassificationExportConfiguration

$result = $client->putClassificationExportConfiguration([/* ... */]);
$promise = $client->putClassificationExportConfigurationAsync([/* ... */]);

Adds or updates the configuration settings for storing data classification results.

Parameter Syntax

$result = $client->putClassificationExportConfiguration([
    'configuration' => [ // REQUIRED
        's3Destination' => [
            'bucketName' => '<string>', // REQUIRED
            'keyPrefix' => '<string>',
            'kmsKeyArn' => '<string>', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
configuration
Required: Yes
Type: ClassificationExportConfiguration structure

Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.

Result Syntax

[
    'configuration' => [
        's3Destination' => [
            'bucketName' => '<string>',
            'keyPrefix' => '<string>',
            'kmsKeyArn' => '<string>',
        ],
    ],
]

Result Details

Members
configuration

Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

PutFindingsPublicationConfiguration

$result = $client->putFindingsPublicationConfiguration([/* ... */]);
$promise = $client->putFindingsPublicationConfigurationAsync([/* ... */]);

Updates the configuration settings for publishing findings to Security Hub.

Parameter Syntax

$result = $client->putFindingsPublicationConfiguration([
    'clientToken' => '<string>',
    'securityHubConfiguration' => [
        'publishClassificationFindings' => true || false, // REQUIRED
        'publishPolicyFindings' => true || false, // REQUIRED
    ],
]);

Parameter Details

Members
clientToken
Type: string
securityHubConfiguration
Type: SecurityHubConfiguration structure

Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

SearchResources

$result = $client->searchResources([/* ... */]);
$promise = $client->searchResourcesAsync([/* ... */]);

Retrieves (queries) statistical data and other information about Amazon Web Services resources that Amazon Macie monitors and analyzes.

Parameter Syntax

$result = $client->searchResources([
    'bucketCriteria' => [
        'excludes' => [
            'and' => [
                [
                    'simpleCriterion' => [
                        'comparator' => 'EQ|NE',
                        'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS|AUTOMATED_DISCOVERY_MONITORING_STATUS',
                        'values' => ['<string>', ...],
                    ],
                    'tagCriterion' => [
                        'comparator' => 'EQ|NE',
                        'tagValues' => [
                            [
                                'key' => '<string>',
                                'value' => '<string>',
                            ],
                            // ...
                        ],
                    ],
                ],
                // ...
            ],
        ],
        'includes' => [
            'and' => [
                [
                    'simpleCriterion' => [
                        'comparator' => 'EQ|NE',
                        'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS|AUTOMATED_DISCOVERY_MONITORING_STATUS',
                        'values' => ['<string>', ...],
                    ],
                    'tagCriterion' => [
                        'comparator' => 'EQ|NE',
                        'tagValues' => [
                            [
                                'key' => '<string>',
                                'value' => '<string>',
                            ],
                            // ...
                        ],
                    ],
                ],
                // ...
            ],
        ],
    ],
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'sortCriteria' => [
        'attributeName' => 'ACCOUNT_ID|RESOURCE_NAME|S3_CLASSIFIABLE_OBJECT_COUNT|S3_CLASSIFIABLE_SIZE_IN_BYTES',
        'orderBy' => 'ASC|DESC',
    ],
]);

Parameter Details

Members
bucketCriteria

Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.

maxResults
Type: int
nextToken
Type: string
sortCriteria
Type: SearchResourcesSortCriteria structure

Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.

Result Syntax

[
    'matchingResources' => [
        [
            'matchingBucket' => [
                'accountId' => '<string>',
                'automatedDiscoveryMonitoringStatus' => 'MONITORED|NOT_MONITORED',
                'bucketName' => '<string>',
                'classifiableObjectCount' => <integer>,
                'classifiableSizeInBytes' => <integer>,
                'errorCode' => 'ACCESS_DENIED',
                'errorMessage' => '<string>',
                'jobDetails' => [
                    'isDefinedInJob' => 'TRUE|FALSE|UNKNOWN',
                    'isMonitoredByJob' => 'TRUE|FALSE|UNKNOWN',
                    'lastJobId' => '<string>',
                    'lastJobRunTime' => <DateTime>,
                ],
                'lastAutomatedDiscoveryTime' => <DateTime>,
                'objectCount' => <integer>,
                'objectCountByEncryptionType' => [
                    'customerManaged' => <integer>,
                    'kmsManaged' => <integer>,
                    's3Managed' => <integer>,
                    'unencrypted' => <integer>,
                    'unknown' => <integer>,
                ],
                'sensitivityScore' => <integer>,
                'sizeInBytes' => <integer>,
                'sizeInBytesCompressed' => <integer>,
                'unclassifiableObjectCount' => [
                    'fileType' => <integer>,
                    'storageClass' => <integer>,
                    'total' => <integer>,
                ],
                'unclassifiableObjectSizeInBytes' => [
                    'fileType' => <integer>,
                    'storageClass' => <integer>,
                    'total' => <integer>,
                ],
            ],
        ],
        // ...
    ],
    'nextToken' => '<string>',
]

Result Details

Members
matchingResources
Type: Array of MatchingResource structures
nextToken
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource.

Parameter Syntax

$result = $client->tagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string
tags
Required: Yes
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

TestCustomDataIdentifier

$result = $client->testCustomDataIdentifier([/* ... */]);
$promise = $client->testCustomDataIdentifierAsync([/* ... */]);

Tests criteria for a custom data identifier.

Parameter Syntax

$result = $client->testCustomDataIdentifier([
    'ignoreWords' => ['<string>', ...],
    'keywords' => ['<string>', ...],
    'maximumMatchDistance' => <integer>,
    'regex' => '<string>', // REQUIRED
    'sampleText' => '<string>', // REQUIRED
]);

Parameter Details

Members
ignoreWords
Type: Array of strings
keywords
Type: Array of strings
maximumMatchDistance
Type: int
regex
Required: Yes
Type: string
sampleText
Required: Yes
Type: string

Result Syntax

[
    'matchCount' => <integer>,
]

Result Details

Members
matchCount
Type: int

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Removes one or more tags (keys and values) from an Amazon Macie resource.

Parameter Syntax

$result = $client->untagResource([
    'resourceArn' => '<string>', // REQUIRED
    'tagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string
tagKeys
Required: Yes
Type: Array of strings

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

There are no errors described for this operation.

UpdateAllowList

$result = $client->updateAllowList([/* ... */]);
$promise = $client->updateAllowListAsync([/* ... */]);

Updates the settings for an allow list.

Parameter Syntax

$result = $client->updateAllowList([
    'criteria' => [ // REQUIRED
        'regex' => '<string>',
        's3WordsList' => [
            'bucketName' => '<string>', // REQUIRED
            'objectKey' => '<string>', // REQUIRED
        ],
    ],
    'description' => '<string>',
    'id' => '<string>', // REQUIRED
    'name' => '<string>', // REQUIRED
]);

Parameter Details

Members
criteria
Required: Yes
Type: AllowListCriteria structure

Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.

description
Type: string
id
Required: Yes
Type: string
name
Required: Yes
Type: string

Result Syntax

[
    'arn' => '<string>',
    'id' => '<string>',
]

Result Details

Members
arn
Type: string
id
Type: string

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

UpdateAutomatedDiscoveryConfiguration

$result = $client->updateAutomatedDiscoveryConfiguration([/* ... */]);
$promise = $client->updateAutomatedDiscoveryConfigurationAsync([/* ... */]);

Changes the configuration settings and status of automated sensitive data discovery for an organization or standalone account.

Parameter Syntax

$result = $client->updateAutomatedDiscoveryConfiguration([
    'autoEnableOrganizationMembers' => 'ALL|NEW|NONE',
    'status' => 'ENABLED|DISABLED', // REQUIRED
]);

Parameter Details

Members
autoEnableOrganizationMembers
Type: string

Specifies whether to automatically enable automated sensitive data discovery for accounts that are part of an organization in Amazon Macie. Valid values are:

status
Required: Yes
Type: string

The status of the automated sensitive data discovery configuration for an organization in Amazon Macie or a standalone Macie account. Valid values are:

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

UpdateClassificationJob

$result = $client->updateClassificationJob([/* ... */]);
$promise = $client->updateClassificationJobAsync([/* ... */]);

Changes the status of a classification job.

Parameter Syntax

$result = $client->updateClassificationJob([
    'jobId' => '<string>', // REQUIRED
    'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED', // REQUIRED
]);

Parameter Details

Members
jobId
Required: Yes
Type: string
jobStatus
Required: Yes
Type: string

The status of a classification job. Possible values are:

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UpdateClassificationScope

$result = $client->updateClassificationScope([/* ... */]);
$promise = $client->updateClassificationScopeAsync([/* ... */]);

Updates the classification scope settings for an account.

Parameter Syntax

$result = $client->updateClassificationScope([
    'id' => '<string>', // REQUIRED
    's3' => [
        'excludes' => [ // REQUIRED
            'bucketNames' => ['<string>', ...], // REQUIRED
            'operation' => 'ADD|REPLACE|REMOVE', // REQUIRED
        ],
    ],
]);

Parameter Details

Members
id
Required: Yes
Type: string
s3
Type: S3ClassificationScopeUpdate structure

Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

UpdateFindingsFilter

$result = $client->updateFindingsFilter([/* ... */]);
$promise = $client->updateFindingsFilterAsync([/* ... */]);

Updates the criteria and other settings for a findings filter.

Parameter Syntax

$result = $client->updateFindingsFilter([
    'action' => 'ARCHIVE|NOOP',
    'clientToken' => '<string>',
    'description' => '<string>',
    'findingCriteria' => [
        'criterion' => [
            '<__string>' => [
                'eq' => ['<string>', ...],
                'eqExactMatch' => ['<string>', ...],
                'gt' => <integer>,
                'gte' => <integer>,
                'lt' => <integer>,
                'lte' => <integer>,
                'neq' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'id' => '<string>', // REQUIRED
    'name' => '<string>',
    'position' => <integer>,
]);

Parameter Details

Members
action
Type: string

The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:

clientToken
Type: string
description
Type: string
findingCriteria
Type: FindingCriteria structure

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

id
Required: Yes
Type: string
name
Type: string
position
Type: int

Result Syntax

[
    'arn' => '<string>',
    'id' => '<string>',
]

Result Details

Members
arn
Type: string
id
Type: string

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UpdateMacieSession

$result = $client->updateMacieSession([/* ... */]);
$promise = $client->updateMacieSessionAsync([/* ... */]);

Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.

Parameter Syntax

$result = $client->updateMacieSession([
    'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
    'status' => 'PAUSED|ENABLED',
]);

Parameter Details

Members
findingPublishingFrequency
Type: string

The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:

status
Type: string

The status of an Amazon Macie account. Valid values are:

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UpdateMemberSession

$result = $client->updateMemberSession([/* ... */]);
$promise = $client->updateMemberSessionAsync([/* ... */]);

Enables an Amazon Macie administrator to suspend or re-enable Macie for a member account.

Parameter Syntax

$result = $client->updateMemberSession([
    'id' => '<string>', // REQUIRED
    'status' => 'PAUSED|ENABLED', // REQUIRED
]);

Parameter Details

Members
id
Required: Yes
Type: string
status
Required: Yes
Type: string

The status of an Amazon Macie account. Valid values are:

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UpdateOrganizationConfiguration

$result = $client->updateOrganizationConfiguration([/* ... */]);
$promise = $client->updateOrganizationConfigurationAsync([/* ... */]);

Updates the Amazon Macie configuration settings for an organization in Organizations.

Parameter Syntax

$result = $client->updateOrganizationConfiguration([
    'autoEnable' => true || false, // REQUIRED
]);

Parameter Details

Members
autoEnable
Required: Yes
Type: boolean

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ConflictException:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

UpdateResourceProfile

$result = $client->updateResourceProfile([/* ... */]);
$promise = $client->updateResourceProfileAsync([/* ... */]);

Updates the sensitivity score for an S3 bucket.

Parameter Syntax

$result = $client->updateResourceProfile([
    'resourceArn' => '<string>', // REQUIRED
    'sensitivityScoreOverride' => <integer>,
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string
sensitivityScoreOverride
Type: int

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

UpdateResourceProfileDetections

$result = $client->updateResourceProfileDetections([/* ... */]);
$promise = $client->updateResourceProfileDetectionsAsync([/* ... */]);

Updates the sensitivity scoring settings for an S3 bucket.

Parameter Syntax

$result = $client->updateResourceProfileDetections([
    'resourceArn' => '<string>', // REQUIRED
    'suppressDataIdentifiers' => [
        [
            'id' => '<string>',
            'type' => 'CUSTOM|MANAGED',
        ],
        // ...
    ],
]);

Parameter Details

Members
resourceArn
Required: Yes
Type: string
suppressDataIdentifiers
Type: Array of SuppressDataIdentifier structures

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

ServiceQuotaExceededException:

Provides information about an error that occurred due to one or more service quotas for an account.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

UpdateRevealConfiguration

$result = $client->updateRevealConfiguration([/* ... */]);
$promise = $client->updateRevealConfigurationAsync([/* ... */]);

Updates the status and configuration settings for retrieving occurrences of sensitive data reported by findings.

Parameter Syntax

$result = $client->updateRevealConfiguration([
    'configuration' => [ // REQUIRED
        'kmsKeyId' => '<string>',
        'status' => 'ENABLED|DISABLED', // REQUIRED
    ],
    'retrievalConfiguration' => [
        'retrievalMode' => 'CALLER_CREDENTIALS|ASSUME_ROLE', // REQUIRED
        'roleName' => '<string>',
    ],
]);

Parameter Details

Members
configuration
Required: Yes
Type: RevealConfiguration structure

Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.

retrievalConfiguration

Specifies the access method and settings to use when retrieving occurrences of sensitive data reported by findings. If your request specifies an Identity and Access Management (IAM) role to assume, Amazon Macie verifies that the role exists and the attached policies are configured correctly. If there's an issue, Macie returns an error. For information about addressing the issue, see Configuration options and requirements for retrieving sensitive data samples in the Amazon Macie User Guide.

Result Syntax

[
    'configuration' => [
        'kmsKeyId' => '<string>',
        'status' => 'ENABLED|DISABLED',
    ],
    'retrievalConfiguration' => [
        'externalId' => '<string>',
        'retrievalMode' => 'CALLER_CREDENTIALS|ASSUME_ROLE',
        'roleName' => '<string>',
    ],
]

Result Details

Members
configuration
Type: RevealConfiguration structure

Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.

retrievalConfiguration
Type: RetrievalConfiguration structure

Provides information about the access method and settings that are used to retrieve occurrences of sensitive data reported by findings.

Errors

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

UpdateSensitivityInspectionTemplate

$result = $client->updateSensitivityInspectionTemplate([/* ... */]);
$promise = $client->updateSensitivityInspectionTemplateAsync([/* ... */]);

Updates the settings for the sensitivity inspection template for an account.

Parameter Syntax

$result = $client->updateSensitivityInspectionTemplate([
    'description' => '<string>',
    'excludes' => [
        'managedDataIdentifierIds' => ['<string>', ...],
    ],
    'id' => '<string>', // REQUIRED
    'includes' => [
        'allowListIds' => ['<string>', ...],
        'customDataIdentifierIds' => ['<string>', ...],
        'managedDataIdentifierIds' => ['<string>', ...],
    ],
]);

Parameter Details

Members
description
Type: string
excludes

Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

id
Required: Yes
Type: string
includes

Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Provides information about an error that occurred because a specified resource wasn't found.

ThrottlingException:

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

ValidationException:

Provides information about an error that occurred due to a syntax error in a request.

InternalServerException:

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

AccessDeniedException:

Provides information about an error that occurred due to insufficient access to a specified resource.

Shapes

AccessControlList

Description

Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.

Members
allowsPublicReadAccess
Type: boolean
allowsPublicWriteAccess
Type: boolean

AccessDeniedException

Description

Provides information about an error that occurred due to insufficient access to a specified resource.

Members
message
Type: string

AccountDetail

Description

Specifies the details of an account to associate with an Amazon Macie administrator account.

Members
accountId
Required: Yes
Type: string
email
Required: Yes
Type: string

AccountLevelPermissions

Description

Provides information about the account-level permissions settings that apply to an S3 bucket.

Members
blockPublicAccess
Type: BlockPublicAccess structure

Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.

AdminAccount

Description

Provides information about the delegated Amazon Macie administrator account for an organization in Organizations.

Members
accountId
Type: string
status
Type: string

The current status of an account as the delegated Amazon Macie administrator account for an organization in Organizations. Possible values are:

AllowListCriteria

Description

Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.

Members
regex
Type: string
s3WordsList
Type: S3WordsList structure

Provides information about an S3 object that lists specific text to ignore.

AllowListStatus

Description

Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.

Members
code
Required: Yes
Type: string

Indicates the current status of an allow list. Depending on the type of criteria that the list specifies, possible values are:

description
Type: string

AllowListSummary

Description

Provides a subset of information about an allow list.

Members
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
description
Type: string
id
Type: string
name
Type: string
updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

ApiCallDetails

Description

Provides information about an API operation that an entity invoked for an affected resource.

Members
api
Type: string
apiServiceName
Type: string
firstSeen
Type: timestamp (string|DateTime or anything parsable by strtotime)
lastSeen
Type: timestamp (string|DateTime or anything parsable by strtotime)

AssumedRole

Description

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.

Members
accessKeyId
Type: string
accountId
Type: string
arn
Type: string
principalId
Type: string
sessionContext
Type: SessionContext structure

Provides information about a session that was created for an entity that performed an action by using temporary security credentials.

AutomatedDiscoveryAccount

Description

Provides information about the status of automated sensitive data discovery for an Amazon Macie account.

Members
accountId
Type: string
status
Type: string

The status of automated sensitive data discovery for an Amazon Macie account. Valid values are:

AutomatedDiscoveryAccountUpdate

Description

Changes the status of automated sensitive data discovery for an Amazon Macie account.

Members
accountId
Type: string
status
Type: string

The status of automated sensitive data discovery for an Amazon Macie account. Valid values are:

AutomatedDiscoveryAccountUpdateError

Description

Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.

Members
accountId
Type: string
errorCode
Type: string

The error code that indicates why a request failed to change the status of automated sensitive data discovery for an Amazon Macie account. Possible values are:

AwsAccount

Description

Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.

Members
accountId
Type: string
principalId
Type: string

AwsService

Description

Provides information about an Amazon Web Service that performed an action on an affected resource.

Members
invokedBy
Type: string

BatchGetCustomDataIdentifierSummary

Description

Provides information about a custom data identifier.

Members
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
deleted
Type: boolean
description
Type: string
id
Type: string
name
Type: string

BlockPublicAccess

Description

Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.

Members
blockPublicAcls
Type: boolean
blockPublicPolicy
Type: boolean
ignorePublicAcls
Type: boolean
restrictPublicBuckets
Type: boolean

BucketCountByEffectivePermission

Description

Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.

Members
publiclyAccessible
Type: long (int|float)
publiclyReadable
Type: long (int|float)
publiclyWritable
Type: long (int|float)
unknown
Type: long (int|float)

BucketCountByEncryptionType

Description

Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

Members
kmsManaged
Type: long (int|float)
s3Managed
Type: long (int|float)
unencrypted
Type: long (int|float)
unknown
Type: long (int|float)

BucketCountBySharedAccessType

Description

Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.

Members
external
Type: long (int|float)
internal
Type: long (int|float)
notShared
Type: long (int|float)
unknown
Type: long (int|float)

BucketCountPolicyAllowsUnencryptedObjectUploads

Description

Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.

Members
allowsUnencryptedObjectUploads
Type: long (int|float)
deniesUnencryptedObjectUploads
Type: long (int|float)
unknown
Type: long (int|float)

BucketCriteriaAdditionalProperties

Description

Specifies the operator to use in a property-based condition that filters the results of a query for information about S3 buckets.

Members
eq
Type: Array of strings
gt
Type: long (int|float)
gte
Type: long (int|float)
lt
Type: long (int|float)
lte
Type: long (int|float)
neq
Type: Array of strings
prefix
Type: string

BucketLevelPermissions

Description

Provides information about the bucket-level permissions settings for an S3 bucket.

Members
accessControlList
Type: AccessControlList structure

Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.

blockPublicAccess
Type: BlockPublicAccess structure

Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.

bucketPolicy
Type: BucketPolicy structure

Provides information about the permissions settings of the bucket policy for an S3 bucket.

BucketMetadata

Description

Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.

If an error occurs when Macie attempts to retrieve and process metadata from Amazon S3 for the bucket or the bucket's objects, the value for the versioning property is false and the value for most other properties is null. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of the error, refer to the errorCode and errorMessage values.

Members
accountId
Type: string
allowsUnencryptedObjectUploads
Type: string
automatedDiscoveryMonitoringStatus
Type: string

Specifies whether automated sensitive data discovery is currently configured to analyze objects in an S3 bucket. Possible values are:

bucketArn
Type: string
bucketCreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
bucketName
Type: string
classifiableObjectCount
Type: long (int|float)
classifiableSizeInBytes
Type: long (int|float)
errorCode
Type: string

The error code for an error that prevented Amazon Macie from retrieving and processing information about an S3 bucket and the bucket's objects.

errorMessage
Type: string
jobDetails
Type: JobDetails structure

Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.

lastAutomatedDiscoveryTime
Type: timestamp (string|DateTime or anything parsable by strtotime)
lastUpdated
Type: timestamp (string|DateTime or anything parsable by strtotime)
objectCount
Type: long (int|float)
objectCountByEncryptionType
Type: ObjectCountByEncryptionType structure

Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.

publicAccess
Type: BucketPublicAccess structure

Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.

region
Type: string
replicationDetails
Type: ReplicationDetails structure

Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.

sensitivityScore
Type: int
serverSideEncryption
Type: BucketServerSideEncryption structure

Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

sharedAccess
Type: string
sizeInBytes
Type: long (int|float)
sizeInBytesCompressed
Type: long (int|float)
tags
Type: Array of KeyValuePair structures
unclassifiableObjectCount
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

unclassifiableObjectSizeInBytes
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

versioning
Type: boolean

BucketPermissionConfiguration

Description

Provides information about the account-level and bucket-level permissions settings for an S3 bucket.

Members
accountLevelPermissions
Type: AccountLevelPermissions structure

Provides information about the account-level permissions settings that apply to an S3 bucket.

bucketLevelPermissions
Type: BucketLevelPermissions structure

Provides information about the bucket-level permissions settings for an S3 bucket.

BucketPolicy

Description

Provides information about the permissions settings of the bucket policy for an S3 bucket.

Members
allowsPublicReadAccess
Type: boolean
allowsPublicWriteAccess
Type: boolean

BucketPublicAccess

Description

Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.

Members
effectivePermission
Type: string
permissionConfiguration

Provides information about the account-level and bucket-level permissions settings for an S3 bucket.

BucketServerSideEncryption

Description

Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

Members
kmsMasterKeyId
Type: string
type
Type: string

BucketSortCriteria

Description

Specifies criteria for sorting the results of a query for information about S3 buckets.

Members
attributeName
Type: string
orderBy
Type: string

BucketStatisticsBySensitivity

Description

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for each metric is 0.

Members
classificationError
Type: SensitivityAggregations structure

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.

notClassified
Type: SensitivityAggregations structure

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.

notSensitive
Type: SensitivityAggregations structure

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.

sensitive
Type: SensitivityAggregations structure

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.

Cell

Description

Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.

Members
cellReference
Type: string
column
Type: long (int|float)
columnName
Type: string
row
Type: long (int|float)

ClassificationDetails

Description

Provides information about a sensitive data finding and the details of the finding.

Members
detailedResultsLocation
Type: string
jobArn
Type: string
jobId
Type: string
originType
Type: string

Specifies how Amazon Macie found the sensitive data that produced a finding. Possible values are:

result
Type: ClassificationResult structure

Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.

ClassificationExportConfiguration

Description

Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.

Members
s3Destination
Type: S3Destination structure

Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

ClassificationResult

Description

Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.

Members
additionalOccurrences
Type: boolean
customDataIdentifiers
Type: CustomDataIdentifiers structure

Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.

mimeType
Type: string
sensitiveData
Type: Array of SensitiveDataItem structures

Provides information about the category and number of occurrences of sensitive data that produced a finding.

sizeClassified
Type: long (int|float)
status
Type: ClassificationResultStatus structure

Provides information about the status of a sensitive data finding.

ClassificationResultStatus

Description

Provides information about the status of a sensitive data finding.

Members
code
Type: string
reason
Type: string

ClassificationScopeSummary

Description

Provides information about the classification scope for an Amazon Macie account. Macie uses the scope's settings when it performs automated sensitive data discovery for the account.

Members
id
Type: string

The unique identifier the classification scope.

name
Type: string

The name of the classification scope.

ConflictException

Description

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Members
message
Type: string

CriteriaBlockForJob

Description

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.

Members
and
Type: Array of CriteriaForJob structures

CriteriaForJob

Description

Specifies a property- or tag-based condition that defines criteria for including or excluding S3 buckets from a classification job.

Members
simpleCriterion
Type: SimpleCriterionForJob structure

Specifies a property-based condition that determines whether an S3 bucket is included or excluded from a classification job.

tagCriterion
Type: TagCriterionForJob structure

Specifies a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job.

CriterionAdditionalProperties

Description

Specifies the operator to use in a property-based condition that filters the results of a query for findings. For detailed information and examples of each operator, see Fundamentals of filtering findings in the Amazon Macie User Guide.

Members
eq
Type: Array of strings
eqExactMatch
Type: Array of strings
gt
Type: long (int|float)
gte
Type: long (int|float)
lt
Type: long (int|float)
lte
Type: long (int|float)
neq
Type: Array of strings

CustomDataIdentifierSummary

Description

Provides information about a custom data identifier.

Members
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
description
Type: string
id
Type: string
name
Type: string

CustomDataIdentifiers

Description

Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.

Members
detections
Type: Array of CustomDetection structures

Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that each identifier detected.

totalCount
Type: long (int|float)

CustomDetection

Description

Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.

Members
arn
Type: string
count
Type: long (int|float)
name
Type: string
occurrences
Type: Occurrences structure

Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.

DailySchedule

Description

Specifies that a classification job runs once a day, every day. This is an empty object.

Members

DefaultDetection

Description

Provides information about a type of sensitive data that was detected by a managed data identifier and produced a sensitive data finding.

Members
count
Type: long (int|float)
occurrences
Type: Occurrences structure

Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.

type
Type: string

DetectedDataDetails

Description

Specifies 1-10 occurrences of a specific type of sensitive data reported by a finding.

Members
value
Required: Yes
Type: string

Detection

Description

Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for an account. The information also specifies the custom or managed data identifier that detected the data. This information is available only if automated sensitive data discovery has been enabled for the account.

Members
arn
Type: string
count
Type: long (int|float)
id
Type: string
name
Type: string
suppressed
Type: boolean
type
Type: string

The type of data identifier that detected a specific type of sensitive data in an S3 bucket. Possible values are:

DomainDetails

Description

Provides information about the domain name of the device that an entity used to perform an action on an affected resource.

Members
domainName
Type: string

Empty

Description

The request succeeded and there isn't any content to include in the body of the response (No Content).

Members

FederatedUser

Description

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.

Members
accessKeyId
Type: string
accountId
Type: string
arn
Type: string
principalId
Type: string
sessionContext
Type: SessionContext structure

Provides information about a session that was created for an entity that performed an action by using temporary security credentials.

Finding

Description

Provides the details of a finding.

Members
accountId
Type: string
archived
Type: boolean
category
Type: string

The category of the finding. Possible values are:

classificationDetails
Type: ClassificationDetails structure

Provides information about a sensitive data finding and the details of the finding.

count
Type: long (int|float)
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
description
Type: string
id
Type: string
partition
Type: string
policyDetails
Type: PolicyDetails structure

Provides the details of a policy finding.

region
Type: string
resourcesAffected
Type: ResourcesAffected structure

Provides information about the resources that a finding applies to.

sample
Type: boolean
schemaVersion
Type: string
severity
Type: Severity structure

Provides the numerical and qualitative representations of a finding's severity.

title
Type: string
type
Type: string

The type of finding. For details about each type, see Types of Amazon Macie findings in the Amazon Macie User Guide. Possible values are:

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

FindingAction

Description

Provides information about an action that occurred for a resource and produced a policy finding.

Members
actionType
Type: string

The type of action that occurred for the resource and produced the policy finding:

apiCallDetails
Type: ApiCallDetails structure

Provides information about an API operation that an entity invoked for an affected resource.

FindingActor

Description

Provides information about an entity that performed an action that produced a policy finding for a resource.

Members
domainDetails
Type: DomainDetails structure

Provides information about the domain name of the device that an entity used to perform an action on an affected resource.

ipAddressDetails
Type: IpAddressDetails structure

Provides information about the IP address of the device that an entity used to perform an action on an affected resource.

userIdentity
Type: UserIdentity structure

Provides information about the type and other characteristics of an entity that performed an action on an affected resource.

FindingCriteria

Description

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

Members
criterion
Type: Associative array of custom strings keys (__string) to CriterionAdditionalProperties structures

Specifies a condition that defines a property, operator, and one or more values to filter the results of a query for findings. The number of values depends on the property and operator specified by the condition. For information about defining filter conditions, see Fundamentals of filtering findings in the Amazon Macie User Guide.

FindingStatisticsSortCriteria

Description

Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.

Members
attributeName
Type: string

The grouping to sort the results by. Valid values are:

orderBy
Type: string

FindingsFilterListItem

Description

Provides information about a findings filter.

Members
action
Type: string

The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:

arn
Type: string
id
Type: string
name
Type: string
tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

GroupCount

Description

Provides a group of results for a query that retrieved aggregated statistical data about findings.

Members
count
Type: long (int|float)
groupKey
Type: string

IamUser

Description

Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.

Members
accountId
Type: string
arn
Type: string
principalId
Type: string
userName
Type: string

InternalServerException

Description

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Members
message
Type: string

Invitation

Description

Provides information about an Amazon Macie membership invitation.

Members
accountId
Type: string
invitationId
Type: string
invitedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
relationshipStatus
Type: string

The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:

IpAddressDetails

Description

Provides information about the IP address of the device that an entity used to perform an action on an affected resource.

Members
ipAddressV4
Type: string
ipCity
Type: IpCity structure

Provides information about the city that an IP address originated from.

ipCountry
Type: IpCountry structure

Provides information about the country that an IP address originated from.

ipGeoLocation
Type: IpGeoLocation structure

Provides geographic coordinates that indicate where a specified IP address originated from.

ipOwner
Type: IpOwner structure

Provides information about the registered owner of an IP address.

IpCity

Description

Provides information about the city that an IP address originated from.

Members
name
Type: string

IpCountry

Description

Provides information about the country that an IP address originated from.

Members
code
Type: string
name
Type: string

IpGeoLocation

Description

Provides geographic coordinates that indicate where a specified IP address originated from.

Members
lat
Type: double
lon
Type: double

IpOwner

Description

Provides information about the registered owner of an IP address.

Members
asn
Type: string
asnOrg
Type: string
isp
Type: string
org
Type: string

JobDetails

Description

Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.

Members
isDefinedInJob
Type: string
isMonitoredByJob
Type: string
lastJobId
Type: string
lastJobRunTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

JobScheduleFrequency

Description

Specifies the recurrence pattern for running a classification job.

Members
dailySchedule
Type: DailySchedule structure

Specifies that a classification job runs once a day, every day. This is an empty object.

monthlySchedule
Type: MonthlySchedule structure

Specifies a monthly recurrence pattern for running a classification job.

weeklySchedule
Type: WeeklySchedule structure

Specifies a weekly recurrence pattern for running a classification job.

JobScopeTerm

Description

Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job. A JobScopeTerm object can contain only one simpleScopeTerm object or one tagScopeTerm object.

Members
simpleScopeTerm
Type: SimpleScopeTerm structure

Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.

tagScopeTerm
Type: TagScopeTerm structure

Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.

JobScopingBlock

Description

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.

Members
and
Type: Array of JobScopeTerm structures

JobSummary

Description

Provides information about a classification job, including the current status of the job.

Members
bucketCriteria
Type: S3BucketCriteriaForJob structure

Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.

bucketDefinitions
Type: Array of S3BucketDefinitionForJob structures
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
jobId
Type: string
jobStatus
Type: string

The status of a classification job. Possible values are:

jobType
Type: string

The schedule for running a classification job. Valid values are:

lastRunErrorStatus
Type: LastRunErrorStatus structure

Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.

name
Type: string
userPausedDetails
Type: UserPausedDetails structure

Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.

KeyValuePair

Description

Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

Members
key
Type: string
value
Type: string

LastRunErrorStatus

Description

Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.

Members
code
Type: string

Specifies whether any account- or bucket-level access errors occurred during the run of a one-time classification job or the most recent run of a recurring classification job. Possible values are:

ListJobsFilterCriteria

Description

Specifies criteria for filtering the results of a request for information about classification jobs.

Members
excludes
Type: Array of ListJobsFilterTerm structures
includes
Type: Array of ListJobsFilterTerm structures

ListJobsFilterTerm

Description

Specifies a condition that filters the results of a request for information about classification jobs. Each condition consists of a property, an operator, and one or more values.

Members
comparator
Type: string

The operator to use in a condition. Depending on the type of condition, possible values are:

key
Type: string

The property to use to filter the results. Valid values are:

values
Type: Array of strings

ListJobsSortCriteria

Description

Specifies criteria for sorting the results of a request for information about classification jobs.

Members
attributeName
Type: string

The property to sort the results by. Valid values are:

orderBy
Type: string

ManagedDataIdentifierSummary

Description

Provides information about a managed data identifier. For additional information, see Using managed data identifiers in the Amazon Macie User Guide.

Members
category
Type: string

For a finding, the category of sensitive data that was detected and produced the finding. For a managed data identifier, the category of sensitive data that the managed data identifier detects. Possible values are:

id
Type: string

MatchingBucket

Description

Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.

If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.

Members
accountId
Type: string
automatedDiscoveryMonitoringStatus
Type: string

Specifies whether automated sensitive data discovery is currently configured to analyze objects in an S3 bucket. Possible values are:

bucketName
Type: string
classifiableObjectCount
Type: long (int|float)
classifiableSizeInBytes
Type: long (int|float)
errorCode
Type: string

The error code for an error that prevented Amazon Macie from retrieving and processing information about an S3 bucket and the bucket's objects.

errorMessage
Type: string
jobDetails
Type: JobDetails structure

Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.

lastAutomatedDiscoveryTime
Type: timestamp (string|DateTime or anything parsable by strtotime)
objectCount
Type: long (int|float)
objectCountByEncryptionType
Type: ObjectCountByEncryptionType structure

Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.

sensitivityScore
Type: int
sizeInBytes
Type: long (int|float)
sizeInBytesCompressed
Type: long (int|float)
unclassifiableObjectCount
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

unclassifiableObjectSizeInBytes
Type: ObjectLevelStatistics structure

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

MatchingResource

Description

Provides statistical data and other information about an Amazon Web Services resource that Amazon Macie monitors and analyzes for your account.

Members
matchingBucket
Type: MatchingBucket structure

Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.

If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.

Member

Description

Provides information about an account that's associated with an Amazon Macie administrator account.

Members
accountId
Type: string
administratorAccountId
Type: string
arn
Type: string
email
Type: string
invitedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
masterAccountId
Type: string
relationshipStatus
Type: string

The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:

tags
Type: Associative array of custom strings keys (__string) to strings

A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.

updatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

MonthlySchedule

Description

Specifies a monthly recurrence pattern for running a classification job.

Members
dayOfMonth
Type: int

ObjectCountByEncryptionType

Description

Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.

Members
customerManaged
Type: long (int|float)
kmsManaged
Type: long (int|float)
s3Managed
Type: long (int|float)
unencrypted
Type: long (int|float)
unknown
Type: long (int|float)

ObjectLevelStatistics

Description

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

Members
fileType
Type: long (int|float)
storageClass
Type: long (int|float)
total
Type: long (int|float)

Occurrences

Description

Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.

Members
cells
Type: Array of Cell structures

Specifies the location of occurrences of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.

lineRanges
Type: Array of Range structures

Specifies the locations of occurrences of sensitive data in a non-binary text file.

offsetRanges
Type: Array of Range structures

Specifies the locations of occurrences of sensitive data in a non-binary text file.

pages
Type: Array of Page structures

Specifies the location of occurrences of sensitive data in an Adobe Portable Document Format file.

records
Type: Array of Record structures

Specifies the locations of occurrences of sensitive data in an Apache Avro object container or a structured data file.

Page

Description

Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.

Members
lineRange
Type: Range structure

Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.

offsetRange
Type: Range structure

Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.

pageNumber
Type: long (int|float)

PolicyDetails

Description

Provides the details of a policy finding.

Members
action
Type: FindingAction structure

Provides information about an action that occurred for a resource and produced a policy finding.

actor
Type: FindingActor structure

Provides information about an entity that performed an action that produced a policy finding for a resource.

Range

Description

Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.

Members
end
Type: long (int|float)
start
Type: long (int|float)
startColumn
Type: long (int|float)

Record

Description

Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.

Members
jsonPath
Type: string
recordIndex
Type: long (int|float)

ReplicationDetails

Description

Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.

Members
replicated
Type: boolean
replicatedExternally
Type: boolean
replicationAccounts
Type: Array of strings

ResourceNotFoundException

Description

Provides information about an error that occurred because a specified resource wasn't found.

Members
message
Type: string

ResourceProfileArtifact

Description

Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an account, and the status and results of the analysis. This information is available only if automated sensitive data discovery has been enabled for the account.

Members
arn
Required: Yes
Type: string
classificationResultStatus
Required: Yes
Type: string
sensitive
Type: boolean

ResourceStatistics

Description

Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.

Members
totalBytesClassified
Type: long (int|float)
totalDetections
Type: long (int|float)
totalDetectionsSuppressed
Type: long (int|float)
totalItemsClassified
Type: long (int|float)
totalItemsSensitive
Type: long (int|float)
totalItemsSkipped
Type: long (int|float)
totalItemsSkippedInvalidEncryption
Type: long (int|float)
totalItemsSkippedInvalidKms
Type: long (int|float)
totalItemsSkippedPermissionDenied
Type: long (int|float)

ResourcesAffected

Description

Provides information about the resources that a finding applies to.

Members
s3Bucket
Type: S3Bucket structure

Provides information about the S3 bucket that a finding applies to.

s3Object
Type: S3Object structure

Provides information about the S3 object that a finding applies to.

RetrievalConfiguration

Description

Provides information about the access method and settings that are used to retrieve occurrences of sensitive data reported by findings.

Members
externalId
Type: string
retrievalMode
Required: Yes
Type: string

The access method to use when retrieving occurrences of sensitive data reported by findings. Valid values are:

roleName
Type: string

RevealConfiguration

Description

Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.

Members
kmsKeyId
Type: string
status
Required: Yes
Type: string

The status of the configuration for retrieving occurrences of sensitive data reported by findings. Valid values are:

S3Bucket

Description

Provides information about the S3 bucket that a finding applies to.

Members
allowsUnencryptedObjectUploads
Type: string
arn
Type: string
createdAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
defaultServerSideEncryption
Type: ServerSideEncryption structure

Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.

name
Type: string
owner
Type: S3BucketOwner structure

Provides information about the Amazon Web Services account that owns an S3 bucket.

publicAccess
Type: BucketPublicAccess structure

Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.

tags
Type: Array of KeyValuePair structures

Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

S3BucketCriteriaForJob

Description

Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.

Members
excludes
Type: CriteriaBlockForJob structure

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.

includes
Type: CriteriaBlockForJob structure

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.

S3BucketDefinitionForJob

Description

Specifies an Amazon Web Services account that owns S3 buckets for a classification job to analyze, and one or more specific buckets to analyze for that account.

Members
accountId
Required: Yes
Type: string
buckets
Required: Yes
Type: Array of strings

S3BucketOwner

Description

Provides information about the Amazon Web Services account that owns an S3 bucket.

Members
displayName
Type: string
id
Type: string

S3ClassificationScope

Description

Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Members
excludes
Required: Yes
Type: S3ClassificationScopeExclusion structure

Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.

S3ClassificationScopeExclusion

Description

Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.

Members
bucketNames
Required: Yes
Type: Array of strings

S3ClassificationScopeExclusionUpdate

Description

Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.

Members
bucketNames
Required: Yes
Type: Array of strings
operation
Required: Yes
Type: string

Specifies how to apply changes to the S3 bucket exclusion list defined by the classification scope for an Amazon Macie account. Valid values are:

S3ClassificationScopeUpdate

Description

Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Members
excludes
Required: Yes
Type: S3ClassificationScopeExclusionUpdate structure

Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.

S3Destination

Description

Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

Members
bucketName
Required: Yes
Type: string
keyPrefix
Type: string
kmsKeyArn
Required: Yes
Type: string

S3JobDefinition

Description

Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.

Members
bucketCriteria
Type: S3BucketCriteriaForJob structure

Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.

bucketDefinitions
Type: Array of S3BucketDefinitionForJob structures
scoping
Type: Scoping structure

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.

S3Object

Description

Provides information about the S3 object that a finding applies to.

Members
bucketArn
Type: string
eTag
Type: string
extension
Type: string
key
Type: string
lastModified
Type: timestamp (string|DateTime or anything parsable by strtotime)
path
Type: string
publicAccess
Type: boolean
serverSideEncryption
Type: ServerSideEncryption structure

Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.

size
Type: long (int|float)
storageClass
Type: string

The storage class of the S3 object. Possible values are:

tags
Type: Array of KeyValuePair structures

Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

versionId
Type: string

S3WordsList

Description

Provides information about an S3 object that lists specific text to ignore.

Members
bucketName
Required: Yes
Type: string
objectKey
Required: Yes
Type: string

Scoping

Description

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.

Members
excludes
Type: JobScopingBlock structure

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.

includes
Type: JobScopingBlock structure

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.

SearchResourcesBucketCriteria

Description

Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.

Members
excludes

Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.

includes

Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.

SearchResourcesCriteria

Description

Specifies a property- or tag-based filter condition for including or excluding Amazon Web Services resources from the query results.

Members
simpleCriterion

Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

tagCriterion
Type: SearchResourcesTagCriterion structure

Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

SearchResourcesCriteriaBlock

Description

Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.

Members
and
Type: Array of SearchResourcesCriteria structures

SearchResourcesSimpleCriterion

Description

Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

Members
comparator
Type: string

The operator to use in a condition that filters the results of a query. Valid values are:

key
Type: string

The property to use in a condition that filters the query results. Valid values are:

values
Type: Array of strings

SearchResourcesSortCriteria

Description

Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.

Members
attributeName
Type: string

The property to sort the query results by. Valid values are:

orderBy
Type: string

SearchResourcesTagCriterion

Description

Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

Members
comparator
Type: string

The operator to use in a condition that filters the results of a query. Valid values are:

tagValues
Type: Array of SearchResourcesTagCriterionPair structures

SearchResourcesTagCriterionPair

Description

Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based filter condition for a query. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based filter conditions.

Members
key
Type: string
value
Type: string

SecurityHubConfiguration

Description

Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.

Members
publishClassificationFindings
Required: Yes
Type: boolean
publishPolicyFindings
Required: Yes
Type: boolean

SensitiveDataItem

Description

Provides information about the category, types, and occurrences of sensitive data that produced a sensitive data finding.

Members
category
Type: string

For a finding, the category of sensitive data that was detected and produced the finding. For a managed data identifier, the category of sensitive data that the managed data identifier detects. Possible values are:

detections
Type: Array of DefaultDetection structures

Provides information about sensitive data that was detected by managed data identifiers and produced a sensitive data finding, and the number of occurrences of each type of sensitive data that was detected.

totalCount
Type: long (int|float)

SensitivityAggregations

Description

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.

Members
classifiableSizeInBytes
Type: long (int|float)
publiclyAccessibleCount
Type: long (int|float)
totalCount
Type: long (int|float)
totalSizeInBytes
Type: long (int|float)

SensitivityInspectionTemplateExcludes

Description

Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

Members
managedDataIdentifierIds
Type: Array of strings

SensitivityInspectionTemplateIncludes

Description

Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.

Members
allowListIds
Type: Array of strings
customDataIdentifierIds
Type: Array of strings
managedDataIdentifierIds
Type: Array of strings

SensitivityInspectionTemplatesEntry

Description

Provides information about the sensitivity inspection template for an Amazon Macie account.

Members
id
Type: string
name
Type: string

ServerSideEncryption

Description

Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.

Members
encryptionType
Type: string

The server-side encryption algorithm that was used to encrypt an S3 object or is used by default to encrypt objects that are added to an S3 bucket. Possible values are:

kmsMasterKeyId
Type: string

ServiceLimit

Description

Specifies a current quota for an Amazon Macie account.

Members
isServiceLimited
Type: boolean
unit
Type: string
value
Type: long (int|float)

ServiceQuotaExceededException

Description

Provides information about an error that occurred due to one or more service quotas for an account.

Members
message
Type: string

SessionContext

Description

Provides information about a session that was created for an entity that performed an action by using temporary security credentials.

Members
attributes
Type: SessionContextAttributes structure

Provides information about the context in which temporary security credentials were issued to an entity.

sessionIssuer
Type: SessionIssuer structure

Provides information about the source and type of temporary security credentials that were issued to an entity.

SessionContextAttributes

Description

Provides information about the context in which temporary security credentials were issued to an entity.

Members
creationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)
mfaAuthenticated
Type: boolean

SessionIssuer

Description

Provides information about the source and type of temporary security credentials that were issued to an entity.

Members
accountId
Type: string
arn
Type: string
principalId
Type: string
type
Type: string
userName
Type: string

Severity

Description

Provides the numerical and qualitative representations of a finding's severity.

Members
description
Type: string

The qualitative representation of the finding's severity. Possible values are:

score
Type: long (int|float)

SeverityLevel

Description

Specifies a severity level for findings that a custom data identifier produces. A severity level determines which severity is assigned to the findings, based on the number of occurrences of text that match the custom data identifier's detection criteria.

Members
occurrencesThreshold
Required: Yes
Type: long (int|float)
severity
Required: Yes
Type: string

The severity of a finding, ranging from LOW, for least severe, to HIGH, for most severe. Valid values are:

SimpleCriterionForJob

Description

Specifies a property-based condition that determines whether an S3 bucket is included or excluded from a classification job.

Members
comparator
Type: string

The operator to use in a condition. Depending on the type of condition, possible values are:

key
Type: string

The property to use in a condition that determines whether an S3 bucket is included or excluded from a classification job. Valid values are:

values
Type: Array of strings

SimpleScopeTerm

Description

Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.

Members
comparator
Type: string

The operator to use in a condition. Depending on the type of condition, possible values are:

key
Type: string

The property to use in a condition that determines whether an S3 object is included or excluded from a classification job. Valid values are:

values
Type: Array of strings

SortCriteria

Description

Specifies criteria for sorting the results of a request for findings.

Members
attributeName
Type: string
orderBy
Type: string

Statistics

Description

Provides processing statistics for a classification job.

Members
approximateNumberOfObjectsToProcess
Type: double
numberOfRuns
Type: double

SuppressDataIdentifier

Description

Specifies a custom data identifier or managed data identifier that detected a type of sensitive data to start excluding or including in an S3 bucket's sensitivity score.

Members
id
Type: string
type
Type: string

The type of data identifier that detected a specific type of sensitive data in an S3 bucket. Possible values are:

TagCriterionForJob

Description

Specifies a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job.

Members
comparator
Type: string

The operator to use in a condition. Depending on the type of condition, possible values are:

tagValues
Type: Array of TagCriterionPairForJob structures

TagCriterionPairForJob

Description

Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.

Members
key
Type: string
value
Type: string

TagScopeTerm

Description

Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.

Members
comparator
Type: string

The operator to use in a condition. Depending on the type of condition, possible values are:

key
Type: string
tagValues
Type: Array of TagValuePair structures
target
Type: string

The type of object to apply a tag-based condition to. Valid values are:

TagValuePair

Description

Specifies a tag key or tag key and value pair to use in a tag-based condition that determines whether an S3 object is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.

Members
key
Type: string
value
Type: string

ThrottlingException

Description

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Members
message
Type: string

UnprocessableEntityException

Description

Provides information about an error that occurred due to an unprocessable entity.

Members
message
Required: Yes
Type: string

UnprocessedAccount

Description

Provides information about an account-related request that hasn't been processed.

Members
accountId
Type: string
errorCode
Type: string

The source of an issue or delay. Possible values are:

errorMessage
Type: string

UpdateRetrievalConfiguration

Description

Specifies the access method and settings to use when retrieving occurrences of sensitive data reported by findings. If your request specifies an Identity and Access Management (IAM) role to assume, Amazon Macie verifies that the role exists and the attached policies are configured correctly. If there's an issue, Macie returns an error. For information about addressing the issue, see Configuration options and requirements for retrieving sensitive data samples in the Amazon Macie User Guide.

Members
retrievalMode
Required: Yes
Type: string

The access method to use when retrieving occurrences of sensitive data reported by findings. Valid values are:

roleName
Type: string

UsageByAccount

Description

Provides data for a specific usage metric and the corresponding quota for an Amazon Macie account.

Members
currency
Type: string

The type of currency that the data for an Amazon Macie usage metric is reported in. Possible values are:

estimatedCost
Type: string
serviceLimit
Type: ServiceLimit structure

Specifies a current quota for an Amazon Macie account.

type
Type: string

The name of an Amazon Macie usage metric for an account. Possible values are:

UsageRecord

Description

Provides quota and aggregated usage data for an Amazon Macie account.

Members
accountId
Type: string
automatedDiscoveryFreeTrialStartDate
Type: timestamp (string|DateTime or anything parsable by strtotime)
freeTrialStartDate
Type: timestamp (string|DateTime or anything parsable by strtotime)
usage
Type: Array of UsageByAccount structures

UsageStatisticsFilter

Description

Specifies a condition for filtering the results of a query for quota and usage data for one or more Amazon Macie accounts.

Members
comparator
Type: string

The operator to use in a condition that filters the results of a query for Amazon Macie account quotas and usage data. Valid values are:

key
Type: string

The field to use in a condition that filters the results of a query for Amazon Macie account quotas and usage data. Valid values are:

values
Type: Array of strings

UsageStatisticsSortBy

Description

Specifies criteria for sorting the results of a query for Amazon Macie account quotas and usage data.

Members
key
Type: string

The field to use to sort the results of a query for Amazon Macie account quotas and usage data. Valid values are:

orderBy
Type: string

UsageTotal

Description

Provides aggregated data for an Amazon Macie usage metric. The value for the metric reports estimated usage data for an account for the preceding 30 days or the current calendar month to date, depending on the time period (timeRange) specified in the request.

Members
currency
Type: string

The type of currency that the data for an Amazon Macie usage metric is reported in. Possible values are:

estimatedCost
Type: string
type
Type: string

The name of an Amazon Macie usage metric for an account. Possible values are:

UserIdentity

Description

Provides information about the type and other characteristics of an entity that performed an action on an affected resource.

Members
assumedRole
Type: AssumedRole structure

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.

awsAccount
Type: AwsAccount structure

Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.

awsService
Type: AwsService structure

Provides information about an Amazon Web Service that performed an action on an affected resource.

federatedUser
Type: FederatedUser structure

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.

iamUser
Type: IamUser structure

Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.

root
Type: UserIdentityRoot structure

Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for your Amazon Web Services account.

type
Type: string

The type of entity that performed the action on the affected resource. Possible values are:

UserIdentityRoot

Description

Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for your Amazon Web Services account.

Members
accountId
Type: string
arn
Type: string
principalId
Type: string

UserPausedDetails

Description

Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.

Members
jobExpiresAt
Type: timestamp (string|DateTime or anything parsable by strtotime)
jobImminentExpirationHealthEventArn
Type: string
jobPausedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

ValidationException

Description

Provides information about an error that occurred due to a syntax error in a request.

Members
message
Type: string

WeeklySchedule

Description

Specifies a weekly recurrence pattern for running a classification job.

Members
dayOfWeek
Type: string