Amazon Macie 2 2020-01-01
- Client: Aws\Macie2\Macie2Client
- Service ID: macie2
- Version: 2020-01-01
This page describes the parameters and results for the operations of the Amazon Macie 2 (2020-01-01), and shows how to use the Aws\Macie2\Macie2Client object to call the described operations. This documentation is specific to the 2020-01-01 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptInvitation ( array $params = [] )
Accepts an Amazon Macie membership invitation that was received from a specific account.
- BatchGetCustomDataIdentifiers ( array $params = [] )
Retrieves information about one or more custom data identifiers.
- CreateAllowList ( array $params = [] )
Creates and defines the settings for an allow list.
- CreateClassificationJob ( array $params = [] )
Creates and defines the settings for a classification job.
- CreateCustomDataIdentifier ( array $params = [] )
Creates and defines the criteria and other settings for a custom data identifier.
- CreateFindingsFilter ( array $params = [] )
Creates and defines the criteria and other settings for a findings filter.
- CreateInvitations ( array $params = [] )
Sends an Amazon Macie membership invitation to one or more accounts.
- CreateMember ( array $params = [] )
Associates an account with an Amazon Macie administrator account.
- CreateSampleFindings ( array $params = [] )
Creates sample findings.
- DeclineInvitations ( array $params = [] )
Declines Amazon Macie membership invitations that were received from specific accounts.
- DeleteAllowList ( array $params = [] )
Deletes an allow list.
- DeleteCustomDataIdentifier ( array $params = [] )
Soft deletes a custom data identifier.
- DeleteFindingsFilter ( array $params = [] )
Deletes a findings filter.
- DeleteInvitations ( array $params = [] )
Deletes Amazon Macie membership invitations that were received from specific accounts.
- DeleteMember ( array $params = [] )
Deletes the association between an Amazon Macie administrator account and an account.
- DescribeBuckets ( array $params = [] )
Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account.
- DescribeClassificationJob ( array $params = [] )
Retrieves the status and settings for a classification job.
- DescribeOrganizationConfiguration ( array $params = [] )
Retrieves the Amazon Macie configuration settings for an organization in Organizations.
- DisableMacie ( array $params = [] )
Disables Amazon Macie and deletes all settings and resources for a Macie account.
- DisableOrganizationAdminAccount ( array $params = [] )
Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations.
- DisassociateFromAdministratorAccount ( array $params = [] )
Disassociates a member account from its Amazon Macie administrator account.
- DisassociateFromMasterAccount ( array $params = [] )
(Deprecated) Disassociates a member account from its Amazon Macie administrator account.
- DisassociateMember ( array $params = [] )
Disassociates an Amazon Macie administrator account from a member account.
- EnableMacie ( array $params = [] )
Enables Amazon Macie and specifies the configuration settings for a Macie account.
- EnableOrganizationAdminAccount ( array $params = [] )
Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations.
- GetAdministratorAccount ( array $params = [] )
Retrieves information about the Amazon Macie administrator account for an account.
- GetAllowList ( array $params = [] )
Retrieves the settings and status of an allow list.
- GetAutomatedDiscoveryConfiguration ( array $params = [] )
Retrieves the configuration settings and status of automated sensitive data discovery for an account.
- GetBucketStatistics ( array $params = [] )
Retrieves (queries) aggregated statistical data about all the S3 buckets that Amazon Macie monitors and analyzes for an account.
- GetClassificationExportConfiguration ( array $params = [] )
Retrieves the configuration settings for storing data classification results.
- GetClassificationScope ( array $params = [] )
Retrieves the classification scope settings for an account.
- GetCustomDataIdentifier ( array $params = [] )
Retrieves the criteria and other settings for a custom data identifier.
- GetFindingStatistics ( array $params = [] )
Retrieves (queries) aggregated statistical data about findings.
- GetFindings ( array $params = [] )
Retrieves the details of one or more findings.
- GetFindingsFilter ( array $params = [] )
Retrieves the criteria and other settings for a findings filter.
- GetFindingsPublicationConfiguration ( array $params = [] )
Retrieves the configuration settings for publishing findings to Security Hub.
- GetInvitationsCount ( array $params = [] )
Retrieves the count of Amazon Macie membership invitations that were received by an account.
- GetMacieSession ( array $params = [] )
Retrieves the status and configuration settings for an Amazon Macie account.
- GetMasterAccount ( array $params = [] )
(Deprecated) Retrieves information about the Amazon Macie administrator account for an account.
- GetMember ( array $params = [] )
Retrieves information about an account that's associated with an Amazon Macie administrator account.
- GetResourceProfile ( array $params = [] )
Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket.
- GetRevealConfiguration ( array $params = [] )
Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
- GetSensitiveDataOccurrences ( array $params = [] )
Retrieves occurrences of sensitive data reported by a finding.
- GetSensitiveDataOccurrencesAvailability ( array $params = [] )
Checks whether occurrences of sensitive data can be retrieved for a finding.
- GetSensitivityInspectionTemplate ( array $params = [] )
Retrieves the settings for the sensitivity inspection template for an account.
- GetUsageStatistics ( array $params = [] )
Retrieves (queries) quotas and aggregated usage data for one or more accounts.
- GetUsageTotals ( array $params = [] )
Retrieves (queries) aggregated usage data for an account.
- ListAllowLists ( array $params = [] )
Retrieves a subset of information about all the allow lists for an account.
- ListClassificationJobs ( array $params = [] )
Retrieves a subset of information about one or more classification jobs.
- ListClassificationScopes ( array $params = [] )
Retrieves a subset of information about the classification scope for an account.
- ListCustomDataIdentifiers ( array $params = [] )
Retrieves a subset of information about all the custom data identifiers for an account.
- ListFindings ( array $params = [] )
Retrieves a subset of information about one or more findings.
- ListFindingsFilters ( array $params = [] )
Retrieves a subset of information about all the findings filters for an account.
- ListInvitations ( array $params = [] )
Retrieves information about the Amazon Macie membership invitations that were received by an account.
- ListManagedDataIdentifiers ( array $params = [] )
Retrieves information about all the managed data identifiers that Amazon Macie currently provides.
- ListMembers ( array $params = [] )
Retrieves information about the accounts that are associated with an Amazon Macie administrator account.
- ListOrganizationAdminAccounts ( array $params = [] )
Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations.
- ListResourceProfileArtifacts ( array $params = [] )
Retrieves information about objects that were selected from an S3 bucket for automated sensitive data discovery.
- ListResourceProfileDetections ( array $params = [] )
Retrieves information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket.
- ListSensitivityInspectionTemplates ( array $params = [] )
Retrieves a subset of information about the sensitivity inspection template for an account.
- ListTagsForResource ( array $params = [] )
Retrieves the tags (keys and values) that are associated with an Amazon Macie resource.
- PutClassificationExportConfiguration ( array $params = [] )
Creates or updates the configuration settings for storing data classification results.
- PutFindingsPublicationConfiguration ( array $params = [] )
Updates the configuration settings for publishing findings to Security Hub.
- SearchResources ( array $params = [] )
Retrieves (queries) statistical data and other information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
- TagResource ( array $params = [] )
Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource.
- TestCustomDataIdentifier ( array $params = [] )
Tests a custom data identifier.
- UntagResource ( array $params = [] )
Removes one or more tags (keys and values) from an Amazon Macie resource.
- UpdateAllowList ( array $params = [] )
Updates the settings for an allow list.
- UpdateAutomatedDiscoveryConfiguration ( array $params = [] )
Enables or disables automated sensitive data discovery for an account.
- UpdateClassificationJob ( array $params = [] )
Changes the status of a classification job.
- UpdateClassificationScope ( array $params = [] )
Updates the classification scope settings for an account.
- UpdateFindingsFilter ( array $params = [] )
Updates the criteria and other settings for a findings filter.
- UpdateMacieSession ( array $params = [] )
Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.
- UpdateMemberSession ( array $params = [] )
Enables an Amazon Macie administrator to suspend or re-enable Macie for a member account.
- UpdateOrganizationConfiguration ( array $params = [] )
Updates the Amazon Macie configuration settings for an organization in Organizations.
- UpdateResourceProfile ( array $params = [] )
Updates the sensitivity score for an S3 bucket.
- UpdateResourceProfileDetections ( array $params = [] )
Updates the sensitivity scoring settings for an S3 bucket.
- UpdateRevealConfiguration ( array $params = [] )
Updates the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
- UpdateSensitivityInspectionTemplate ( array $params = [] )
Updates the settings for the sensitivity inspection template for an account.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- DescribeBuckets
- GetUsageStatistics
- ListClassificationJobs
- ListClassificationScopes
- ListCustomDataIdentifiers
- ListFindings
- ListFindingsFilters
- ListInvitations
- ListMembers
- ListOrganizationAdminAccounts
- SearchResources
- ListAllowLists
- ListManagedDataIdentifiers
- ListResourceProfileDetections
- ListSensitivityInspectionTemplates
- ListResourceProfileArtifacts
Waiters
Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:
| Waiter name | API Operation | Delay | Max Attempts |
|---|---|---|---|
| FindingRevealed | GetSensitiveDataOccurrences | 2 | 60 |
Operations
AcceptInvitation
$result = $client->acceptInvitation([/* ... */]); $promise = $client->acceptInvitationAsync([/* ... */]);
Accepts an Amazon Macie membership invitation that was received from a specific account.
Parameter Syntax
$result = $client->acceptInvitation([
'administratorAccountId' => '<string>',
'invitationId' => '<string>', // REQUIRED
'masterAccount' => '<string>',
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
BatchGetCustomDataIdentifiers
$result = $client->batchGetCustomDataIdentifiers([/* ... */]); $promise = $client->batchGetCustomDataIdentifiersAsync([/* ... */]);
Retrieves information about one or more custom data identifiers.
Parameter Syntax
$result = $client->batchGetCustomDataIdentifiers([
'ids' => ['<string>', ...],
]);
Parameter Details
Result Syntax
[
'customDataIdentifiers' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'deleted' => true || false,
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'notFoundIdentifierIds' => ['<string>', ...],
]
Result Details
Members
- customDataIdentifiers
-
- Type: Array of BatchGetCustomDataIdentifierSummary structures
- notFoundIdentifierIds
-
- Type: Array of strings
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateAllowList
$result = $client->createAllowList([/* ... */]); $promise = $client->createAllowListAsync([/* ... */]);
Creates and defines the settings for an allow list.
Parameter Syntax
$result = $client->createAllowList([
'clientToken' => '<string>', // REQUIRED
'criteria' => [ // REQUIRED
'regex' => '<string>',
's3WordsList' => [
'bucketName' => '<string>', // REQUIRED
'objectKey' => '<string>', // REQUIRED
],
],
'description' => '<string>',
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- clientToken
-
- Required: Yes
- Type: string
- criteria
-
- Required: Yes
- Type: AllowListCriteria structure
Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.
- description
-
- Type: string
- name
-
- Required: Yes
- Type: string
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Result Syntax
[
'arn' => '<string>',
'id' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateClassificationJob
$result = $client->createClassificationJob([/* ... */]); $promise = $client->createClassificationJobAsync([/* ... */]);
Creates and defines the settings for a classification job.
Parameter Syntax
$result = $client->createClassificationJob([
'allowListIds' => ['<string>', ...],
'clientToken' => '<string>', // REQUIRED
'customDataIdentifierIds' => ['<string>', ...],
'description' => '<string>',
'initialRun' => true || false,
'jobType' => 'ONE_TIME|SCHEDULED', // REQUIRED
'managedDataIdentifierIds' => ['<string>', ...],
'managedDataIdentifierSelector' => 'ALL|EXCLUDE|INCLUDE|NONE',
'name' => '<string>', // REQUIRED
's3JobDefinition' => [ // REQUIRED
'bucketCriteria' => [
'excludes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
],
'bucketDefinitions' => [
[
'accountId' => '<string>', // REQUIRED
'buckets' => ['<string>', ...], // REQUIRED
],
// ...
],
'scoping' => [
'excludes' => [
'and' => [
[
'simpleScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
'values' => ['<string>', ...],
],
'tagScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => '<string>',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'target' => 'S3_OBJECT',
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
'values' => ['<string>', ...],
],
'tagScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => '<string>',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'target' => 'S3_OBJECT',
],
],
// ...
],
],
],
],
'samplingPercentage' => <integer>,
'scheduleFrequency' => [
'dailySchedule' => [
],
'monthlySchedule' => [
'dayOfMonth' => <integer>,
],
'weeklySchedule' => [
'dayOfWeek' => 'SUNDAY|MONDAY|TUESDAY|WEDNESDAY|THURSDAY|FRIDAY|SATURDAY',
],
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- allowListIds
-
- Type: Array of strings
- clientToken
-
- Required: Yes
- Type: string
- customDataIdentifierIds
-
- Type: Array of strings
- description
-
- Type: string
- initialRun
-
- Type: boolean
- jobType
-
- Required: Yes
- Type: string
The schedule for running a classification job. Valid values are:
- managedDataIdentifierIds
-
- Type: Array of strings
- managedDataIdentifierSelector
-
- Type: string
The selection type that determines which managed data identifiers a classification job uses to analyze data. Valid values are:
- name
-
- Required: Yes
- Type: string
- s3JobDefinition
-
- Required: Yes
- Type: S3JobDefinition structure
Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.
- samplingPercentage
-
- Type: int
- scheduleFrequency
-
- Type: JobScheduleFrequency structure
Specifies the recurrence pattern for running a classification job.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Result Syntax
[
'jobArn' => '<string>',
'jobId' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateCustomDataIdentifier
$result = $client->createCustomDataIdentifier([/* ... */]); $promise = $client->createCustomDataIdentifierAsync([/* ... */]);
Creates and defines the criteria and other settings for a custom data identifier.
Parameter Syntax
$result = $client->createCustomDataIdentifier([
'clientToken' => '<string>',
'description' => '<string>',
'ignoreWords' => ['<string>', ...],
'keywords' => ['<string>', ...],
'maximumMatchDistance' => <integer>,
'name' => '<string>', // REQUIRED
'regex' => '<string>', // REQUIRED
'severityLevels' => [
[
'occurrencesThreshold' => <integer>, // REQUIRED
'severity' => 'LOW|MEDIUM|HIGH', // REQUIRED
],
// ...
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- clientToken
-
- Type: string
- description
-
- Type: string
- ignoreWords
-
- Type: Array of strings
- keywords
-
- Type: Array of strings
- maximumMatchDistance
-
- Type: int
- name
-
- Required: Yes
- Type: string
- regex
-
- Required: Yes
- Type: string
- severityLevels
-
- Type: Array of SeverityLevel structures
The severity to assign to findings that the custom data identifier produces, based on the number of occurrences of text that matches the custom data identifier's detection criteria. You can specify as many as three SeverityLevel objects in this array, one for each severity: LOW, MEDIUM, or HIGH. If you specify more than one, the occurrences thresholds must be in ascending order by severity, moving from LOW to HIGH. For example, 1 for LOW, 50 for MEDIUM, and 100 for HIGH. If an S3 object contains fewer occurrences than the lowest specified threshold, Amazon Macie doesn't create a finding.
If you don't specify any values for this array, Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie automatically assigns the MEDIUM severity to those findings.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Result Syntax
[
'customDataIdentifierId' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateFindingsFilter
$result = $client->createFindingsFilter([/* ... */]); $promise = $client->createFindingsFilterAsync([/* ... */]);
Creates and defines the criteria and other settings for a findings filter.
Parameter Syntax
$result = $client->createFindingsFilter([
'action' => 'ARCHIVE|NOOP', // REQUIRED
'clientToken' => '<string>',
'description' => '<string>',
'findingCriteria' => [ // REQUIRED
'criterion' => [
'<__string>' => [
'eq' => ['<string>', ...],
'eqExactMatch' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
],
// ...
],
],
'name' => '<string>', // REQUIRED
'position' => <integer>,
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:
- clientToken
-
- Type: string
- description
-
- Type: string
- findingCriteria
-
- Required: Yes
- Type: FindingCriteria structure
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
- name
-
- Required: Yes
- Type: string
- position
-
- Type: int
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Result Syntax
[
'arn' => '<string>',
'id' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateInvitations
$result = $client->createInvitations([/* ... */]); $promise = $client->createInvitationsAsync([/* ... */]);
Sends an Amazon Macie membership invitation to one or more accounts.
Parameter Syntax
$result = $client->createInvitations([
'accountIds' => ['<string>', ...], // REQUIRED
'disableEmailNotification' => true || false,
'message' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'unprocessedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ClientError|InternalError',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- unprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateMember
$result = $client->createMember([/* ... */]); $promise = $client->createMemberAsync([/* ... */]);
Associates an account with an Amazon Macie administrator account.
Parameter Syntax
$result = $client->createMember([
'account' => [ // REQUIRED
'accountId' => '<string>', // REQUIRED
'email' => '<string>', // REQUIRED
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- account
-
- Required: Yes
- Type: AccountDetail structure
Specifies the details of an account to associate with an Amazon Macie administrator account.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
CreateSampleFindings
$result = $client->createSampleFindings([/* ... */]); $promise = $client->createSampleFindingsAsync([/* ... */]);
Creates sample findings.
Parameter Syntax
$result = $client->createSampleFindings([
'findingTypes' => ['<string>', ...],
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DeclineInvitations
$result = $client->declineInvitations([/* ... */]); $promise = $client->declineInvitationsAsync([/* ... */]);
Declines Amazon Macie membership invitations that were received from specific accounts.
Parameter Syntax
$result = $client->declineInvitations([
'accountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Result Syntax
[
'unprocessedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ClientError|InternalError',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- unprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DeleteAllowList
$result = $client->deleteAllowList([/* ... */]); $promise = $client->deleteAllowListAsync([/* ... */]);
Deletes an allow list.
Parameter Syntax
$result = $client->deleteAllowList([
'id' => '<string>', // REQUIRED
'ignoreJobChecks' => '<string>',
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
DeleteCustomDataIdentifier
$result = $client->deleteCustomDataIdentifier([/* ... */]); $promise = $client->deleteCustomDataIdentifierAsync([/* ... */]);
Soft deletes a custom data identifier.
Parameter Syntax
$result = $client->deleteCustomDataIdentifier([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DeleteFindingsFilter
$result = $client->deleteFindingsFilter([/* ... */]); $promise = $client->deleteFindingsFilterAsync([/* ... */]);
Deletes a findings filter.
Parameter Syntax
$result = $client->deleteFindingsFilter([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DeleteInvitations
$result = $client->deleteInvitations([/* ... */]); $promise = $client->deleteInvitationsAsync([/* ... */]);
Deletes Amazon Macie membership invitations that were received from specific accounts.
Parameter Syntax
$result = $client->deleteInvitations([
'accountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Result Syntax
[
'unprocessedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ClientError|InternalError',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- unprocessedAccounts
-
- Type: Array of UnprocessedAccount structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DeleteMember
$result = $client->deleteMember([/* ... */]); $promise = $client->deleteMemberAsync([/* ... */]);
Deletes the association between an Amazon Macie administrator account and an account.
Parameter Syntax
$result = $client->deleteMember([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DescribeBuckets
$result = $client->describeBuckets([/* ... */]); $promise = $client->describeBucketsAsync([/* ... */]);
Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account.
Parameter Syntax
$result = $client->describeBuckets([
'criteria' => [
'<__string>' => [
'eq' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
'prefix' => '<string>',
],
// ...
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'attributeName' => '<string>',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- criteria
-
- Type: Associative array of custom strings keys (__string) to BucketCriteriaAdditionalProperties structures
Specifies, as a map, one or more property-based conditions that filter the results of a query for information about S3 buckets.
- maxResults
-
- Type: int
- nextToken
-
- Type: string
- sortCriteria
-
- Type: BucketSortCriteria structure
Specifies criteria for sorting the results of a query for information about S3 buckets.
Result Syntax
[
'buckets' => [
[
'accountId' => '<string>',
'allowsUnencryptedObjectUploads' => 'TRUE|FALSE|UNKNOWN',
'bucketArn' => '<string>',
'bucketCreatedAt' => <DateTime>,
'bucketName' => '<string>',
'classifiableObjectCount' => <integer>,
'classifiableSizeInBytes' => <integer>,
'errorCode' => 'ACCESS_DENIED',
'errorMessage' => '<string>',
'jobDetails' => [
'isDefinedInJob' => 'TRUE|FALSE|UNKNOWN',
'isMonitoredByJob' => 'TRUE|FALSE|UNKNOWN',
'lastJobId' => '<string>',
'lastJobRunTime' => <DateTime>,
],
'lastAutomatedDiscoveryTime' => <DateTime>,
'lastUpdated' => <DateTime>,
'objectCount' => <integer>,
'objectCountByEncryptionType' => [
'customerManaged' => <integer>,
'kmsManaged' => <integer>,
's3Managed' => <integer>,
'unencrypted' => <integer>,
'unknown' => <integer>,
],
'publicAccess' => [
'effectivePermission' => 'PUBLIC|NOT_PUBLIC|UNKNOWN',
'permissionConfiguration' => [
'accountLevelPermissions' => [
'blockPublicAccess' => [
'blockPublicAcls' => true || false,
'blockPublicPolicy' => true || false,
'ignorePublicAcls' => true || false,
'restrictPublicBuckets' => true || false,
],
],
'bucketLevelPermissions' => [
'accessControlList' => [
'allowsPublicReadAccess' => true || false,
'allowsPublicWriteAccess' => true || false,
],
'blockPublicAccess' => [
'blockPublicAcls' => true || false,
'blockPublicPolicy' => true || false,
'ignorePublicAcls' => true || false,
'restrictPublicBuckets' => true || false,
],
'bucketPolicy' => [
'allowsPublicReadAccess' => true || false,
'allowsPublicWriteAccess' => true || false,
],
],
],
],
'region' => '<string>',
'replicationDetails' => [
'replicated' => true || false,
'replicatedExternally' => true || false,
'replicationAccounts' => ['<string>', ...],
],
'sensitivityScore' => <integer>,
'serverSideEncryption' => [
'kmsMasterKeyId' => '<string>',
'type' => 'NONE|AES256|aws:kms',
],
'sharedAccess' => 'EXTERNAL|INTERNAL|NOT_SHARED|UNKNOWN',
'sizeInBytes' => <integer>,
'sizeInBytesCompressed' => <integer>,
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'unclassifiableObjectCount' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
'unclassifiableObjectSizeInBytes' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
'versioning' => true || false,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- buckets
-
- Type: Array of BucketMetadata structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DescribeClassificationJob
$result = $client->describeClassificationJob([/* ... */]); $promise = $client->describeClassificationJobAsync([/* ... */]);
Retrieves the status and settings for a classification job.
Parameter Syntax
$result = $client->describeClassificationJob([
'jobId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'allowListIds' => ['<string>', ...],
'clientToken' => '<string>',
'createdAt' => <DateTime>,
'customDataIdentifierIds' => ['<string>', ...],
'description' => '<string>',
'initialRun' => true || false,
'jobArn' => '<string>',
'jobId' => '<string>',
'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED',
'jobType' => 'ONE_TIME|SCHEDULED',
'lastRunErrorStatus' => [
'code' => 'NONE|ERROR',
],
'lastRunTime' => <DateTime>,
'managedDataIdentifierIds' => ['<string>', ...],
'managedDataIdentifierSelector' => 'ALL|EXCLUDE|INCLUDE|NONE',
'name' => '<string>',
's3JobDefinition' => [
'bucketCriteria' => [
'excludes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
],
'bucketDefinitions' => [
[
'accountId' => '<string>',
'buckets' => ['<string>', ...],
],
// ...
],
'scoping' => [
'excludes' => [
'and' => [
[
'simpleScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
'values' => ['<string>', ...],
],
'tagScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => '<string>',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'target' => 'S3_OBJECT',
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'OBJECT_EXTENSION|OBJECT_LAST_MODIFIED_DATE|OBJECT_SIZE|OBJECT_KEY',
'values' => ['<string>', ...],
],
'tagScopeTerm' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => '<string>',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'target' => 'S3_OBJECT',
],
],
// ...
],
],
],
],
'samplingPercentage' => <integer>,
'scheduleFrequency' => [
'dailySchedule' => [
],
'monthlySchedule' => [
'dayOfMonth' => <integer>,
],
'weeklySchedule' => [
'dayOfWeek' => 'SUNDAY|MONDAY|TUESDAY|WEDNESDAY|THURSDAY|FRIDAY|SATURDAY',
],
],
'statistics' => [
'approximateNumberOfObjectsToProcess' => <float>,
'numberOfRuns' => <float>,
],
'tags' => ['<string>', ...],
'userPausedDetails' => [
'jobExpiresAt' => <DateTime>,
'jobImminentExpirationHealthEventArn' => '<string>',
'jobPausedAt' => <DateTime>,
],
]
Result Details
Members
- allowListIds
-
- Type: Array of strings
- clientToken
-
- Type: string
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- customDataIdentifierIds
-
- Type: Array of strings
- description
-
- Type: string
- initialRun
-
- Type: boolean
- jobArn
-
- Type: string
- jobId
-
- Type: string
- jobStatus
-
- Type: string
The status of a classification job. Possible values are:
- jobType
-
- Type: string
The schedule for running a classification job. Valid values are:
- lastRunErrorStatus
-
- Type: LastRunErrorStatus structure
Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.
- lastRunTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- managedDataIdentifierIds
-
- Type: Array of strings
- managedDataIdentifierSelector
-
- Type: string
The selection type that determines which managed data identifiers a classification job uses to analyze data. Valid values are:
- name
-
- Type: string
- s3JobDefinition
-
- Type: S3JobDefinition structure
Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.
- samplingPercentage
-
- Type: int
- scheduleFrequency
-
- Type: JobScheduleFrequency structure
Specifies the recurrence pattern for running a classification job.
- statistics
-
- Type: Statistics structure
Provides processing statistics for a classification job.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
- userPausedDetails
-
- Type: UserPausedDetails structure
Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DescribeOrganizationConfiguration
$result = $client->describeOrganizationConfiguration([/* ... */]); $promise = $client->describeOrganizationConfigurationAsync([/* ... */]);
Retrieves the Amazon Macie configuration settings for an organization in Organizations.
Parameter Syntax
$result = $client->describeOrganizationConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'autoEnable' => true || false,
'maxAccountLimitReached' => true || false,
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DisableMacie
$result = $client->disableMacie([/* ... */]); $promise = $client->disableMacieAsync([/* ... */]);
Disables Amazon Macie and deletes all settings and resources for a Macie account.
Parameter Syntax
$result = $client->disableMacie([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DisableOrganizationAdminAccount
$result = $client->disableOrganizationAdminAccount([/* ... */]); $promise = $client->disableOrganizationAdminAccountAsync([/* ... */]);
Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations.
Parameter Syntax
$result = $client->disableOrganizationAdminAccount([
'adminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DisassociateFromAdministratorAccount
$result = $client->disassociateFromAdministratorAccount([/* ... */]); $promise = $client->disassociateFromAdministratorAccountAsync([/* ... */]);
Disassociates a member account from its Amazon Macie administrator account.
Parameter Syntax
$result = $client->disassociateFromAdministratorAccount([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DisassociateFromMasterAccount
$result = $client->disassociateFromMasterAccount([/* ... */]); $promise = $client->disassociateFromMasterAccountAsync([/* ... */]);
(Deprecated) Disassociates a member account from its Amazon Macie administrator account. This operation has been replaced by the DisassociateFromAdministratorAccount operation.
Parameter Syntax
$result = $client->disassociateFromMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
DisassociateMember
$result = $client->disassociateMember([/* ... */]); $promise = $client->disassociateMemberAsync([/* ... */]);
Disassociates an Amazon Macie administrator account from a member account.
Parameter Syntax
$result = $client->disassociateMember([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
EnableMacie
$result = $client->enableMacie([/* ... */]); $promise = $client->enableMacieAsync([/* ... */]);
Enables Amazon Macie and specifies the configuration settings for a Macie account.
Parameter Syntax
$result = $client->enableMacie([
'clientToken' => '<string>',
'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
'status' => 'PAUSED|ENABLED',
]);
Parameter Details
Members
- clientToken
-
- Type: string
- findingPublishingFrequency
-
- Type: string
The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:
- status
-
- Type: string
The status of an Amazon Macie account. Valid values are:
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
EnableOrganizationAdminAccount
$result = $client->enableOrganizationAdminAccount([/* ... */]); $promise = $client->enableOrganizationAdminAccountAsync([/* ... */]);
Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations.
Parameter Syntax
$result = $client->enableOrganizationAdminAccount([
'adminAccountId' => '<string>', // REQUIRED
'clientToken' => '<string>',
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetAdministratorAccount
$result = $client->getAdministratorAccount([/* ... */]); $promise = $client->getAdministratorAccountAsync([/* ... */]);
Retrieves information about the Amazon Macie administrator account for an account.
Parameter Syntax
$result = $client->getAdministratorAccount([ ]);
Parameter Details
Members
Result Syntax
[
'administrator' => [
'accountId' => '<string>',
'invitationId' => '<string>',
'invitedAt' => <DateTime>,
'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
],
]
Result Details
Members
- administrator
-
- Type: Invitation structure
Provides information about an Amazon Macie membership invitation.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetAllowList
$result = $client->getAllowList([/* ... */]); $promise = $client->getAllowListAsync([/* ... */]);
Retrieves the settings and status of an allow list.
Parameter Syntax
$result = $client->getAllowList([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'criteria' => [
'regex' => '<string>',
's3WordsList' => [
'bucketName' => '<string>',
'objectKey' => '<string>',
],
],
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
'status' => [
'code' => 'OK|S3_OBJECT_NOT_FOUND|S3_USER_ACCESS_DENIED|S3_OBJECT_ACCESS_DENIED|S3_THROTTLED|S3_OBJECT_OVERSIZE|S3_OBJECT_EMPTY|UNKNOWN_ERROR',
'description' => '<string>',
],
'tags' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- arn
-
- Type: string
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- criteria
-
- Type: AllowListCriteria structure
Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.
- description
-
- Type: string
- id
-
- Type: string
- name
-
- Type: string
- status
-
- Type: AllowListStatus structure
Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetAutomatedDiscoveryConfiguration
$result = $client->getAutomatedDiscoveryConfiguration([/* ... */]); $promise = $client->getAutomatedDiscoveryConfigurationAsync([/* ... */]);
Retrieves the configuration settings and status of automated sensitive data discovery for an account.
Parameter Syntax
$result = $client->getAutomatedDiscoveryConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'classificationScopeId' => '<string>',
'disabledAt' => <DateTime>,
'firstEnabledAt' => <DateTime>,
'lastUpdatedAt' => <DateTime>,
'sensitivityInspectionTemplateId' => '<string>',
'status' => 'ENABLED|DISABLED',
]
Result Details
Members
- classificationScopeId
-
- Type: string
The unique identifier the classification scope.
- disabledAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies a date and time in UTC and extended ISO 8601 format.
- firstEnabledAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies a date and time in UTC and extended ISO 8601 format.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies a date and time in UTC and extended ISO 8601 format.
- sensitivityInspectionTemplateId
-
- Type: string
The unique identifier for the sensitivity inspection template.
- status
-
- Type: string
The status of the automated sensitive data discovery configuration for an Amazon Macie account. Valid values are:
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetBucketStatistics
$result = $client->getBucketStatistics([/* ... */]); $promise = $client->getBucketStatisticsAsync([/* ... */]);
Retrieves (queries) aggregated statistical data about all the S3 buckets that Amazon Macie monitors and analyzes for an account.
Parameter Syntax
$result = $client->getBucketStatistics([
'accountId' => '<string>',
]);
Parameter Details
Result Syntax
[
'bucketCount' => <integer>,
'bucketCountByEffectivePermission' => [
'publiclyAccessible' => <integer>,
'publiclyReadable' => <integer>,
'publiclyWritable' => <integer>,
'unknown' => <integer>,
],
'bucketCountByEncryptionType' => [
'kmsManaged' => <integer>,
's3Managed' => <integer>,
'unencrypted' => <integer>,
'unknown' => <integer>,
],
'bucketCountByObjectEncryptionRequirement' => [
'allowsUnencryptedObjectUploads' => <integer>,
'deniesUnencryptedObjectUploads' => <integer>,
'unknown' => <integer>,
],
'bucketCountBySharedAccessType' => [
'external' => <integer>,
'internal' => <integer>,
'notShared' => <integer>,
'unknown' => <integer>,
],
'bucketStatisticsBySensitivity' => [
'classificationError' => [
'classifiableSizeInBytes' => <integer>,
'publiclyAccessibleCount' => <integer>,
'totalCount' => <integer>,
'totalSizeInBytes' => <integer>,
],
'notClassified' => [
'classifiableSizeInBytes' => <integer>,
'publiclyAccessibleCount' => <integer>,
'totalCount' => <integer>,
'totalSizeInBytes' => <integer>,
],
'notSensitive' => [
'classifiableSizeInBytes' => <integer>,
'publiclyAccessibleCount' => <integer>,
'totalCount' => <integer>,
'totalSizeInBytes' => <integer>,
],
'sensitive' => [
'classifiableSizeInBytes' => <integer>,
'publiclyAccessibleCount' => <integer>,
'totalCount' => <integer>,
'totalSizeInBytes' => <integer>,
],
],
'classifiableObjectCount' => <integer>,
'classifiableSizeInBytes' => <integer>,
'lastUpdated' => <DateTime>,
'objectCount' => <integer>,
'sizeInBytes' => <integer>,
'sizeInBytesCompressed' => <integer>,
'unclassifiableObjectCount' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
'unclassifiableObjectSizeInBytes' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
]
Result Details
Members
- bucketCount
-
- Type: long (int|float)
- bucketCountByEffectivePermission
-
- Type: BucketCountByEffectivePermission structure
Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.
- bucketCountByEncryptionType
-
- Type: BucketCountByEncryptionType structure
Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.
- bucketCountByObjectEncryptionRequirement
-
- Type: BucketCountPolicyAllowsUnencryptedObjectUploads structure
Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.
- bucketCountBySharedAccessType
-
- Type: BucketCountBySharedAccessType structure
Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
- bucketStatisticsBySensitivity
-
- Type: BucketStatisticsBySensitivity structure
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for each metric is 0.
- classifiableObjectCount
-
- Type: long (int|float)
- classifiableSizeInBytes
-
- Type: long (int|float)
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- objectCount
-
- Type: long (int|float)
- sizeInBytes
-
- Type: long (int|float)
- sizeInBytesCompressed
-
- Type: long (int|float)
- unclassifiableObjectCount
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
- unclassifiableObjectSizeInBytes
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetClassificationExportConfiguration
$result = $client->getClassificationExportConfiguration([/* ... */]); $promise = $client->getClassificationExportConfigurationAsync([/* ... */]);
Retrieves the configuration settings for storing data classification results.
Parameter Syntax
$result = $client->getClassificationExportConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'configuration' => [
's3Destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
],
]
Result Details
Members
- configuration
-
- Type: ClassificationExportConfiguration structure
Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetClassificationScope
$result = $client->getClassificationScope([/* ... */]); $promise = $client->getClassificationScopeAsync([/* ... */]);
Retrieves the classification scope settings for an account.
Parameter Syntax
$result = $client->getClassificationScope([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'id' => '<string>',
'name' => '<string>',
's3' => [
'excludes' => [
'bucketNames' => ['<string>', ...],
],
],
]
Result Details
Members
- id
-
- Type: string
The unique identifier the classification scope.
- name
-
- Type: string
The name of the classification scope.
- s3
-
- Type: S3ClassificationScope structure
Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetCustomDataIdentifier
$result = $client->getCustomDataIdentifier([/* ... */]); $promise = $client->getCustomDataIdentifierAsync([/* ... */]);
Retrieves the criteria and other settings for a custom data identifier.
Parameter Syntax
$result = $client->getCustomDataIdentifier([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'deleted' => true || false,
'description' => '<string>',
'id' => '<string>',
'ignoreWords' => ['<string>', ...],
'keywords' => ['<string>', ...],
'maximumMatchDistance' => <integer>,
'name' => '<string>',
'regex' => '<string>',
'severityLevels' => [
[
'occurrencesThreshold' => <integer>,
'severity' => 'LOW|MEDIUM|HIGH',
],
// ...
],
'tags' => ['<string>', ...],
]
Result Details
Members
- arn
-
- Type: string
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- deleted
-
- Type: boolean
- description
-
- Type: string
- id
-
- Type: string
- ignoreWords
-
- Type: Array of strings
- keywords
-
- Type: Array of strings
- maximumMatchDistance
-
- Type: int
- name
-
- Type: string
- regex
-
- Type: string
- severityLevels
-
- Type: Array of SeverityLevel structures
The severity to assign to findings that the custom data identifier produces, based on the number of occurrences of text that matches the custom data identifier's detection criteria. You can specify as many as three SeverityLevel objects in this array, one for each severity: LOW, MEDIUM, or HIGH. If you specify more than one, the occurrences thresholds must be in ascending order by severity, moving from LOW to HIGH. For example, 1 for LOW, 50 for MEDIUM, and 100 for HIGH. If an S3 object contains fewer occurrences than the lowest specified threshold, Amazon Macie doesn't create a finding.
If you don't specify any values for this array, Macie creates findings for S3 objects that contain at least one occurrence of text that matches the detection criteria, and Macie automatically assigns the MEDIUM severity to those findings.
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetFindingStatistics
$result = $client->getFindingStatistics([/* ... */]); $promise = $client->getFindingStatisticsAsync([/* ... */]);
Retrieves (queries) aggregated statistical data about findings.
Parameter Syntax
$result = $client->getFindingStatistics([
'findingCriteria' => [
'criterion' => [
'<__string>' => [
'eq' => ['<string>', ...],
'eqExactMatch' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
],
// ...
],
],
'groupBy' => 'resourcesAffected.s3Bucket.name|type|classificationDetails.jobId|severity.description', // REQUIRED
'size' => <integer>,
'sortCriteria' => [
'attributeName' => 'groupKey|count',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- findingCriteria
-
- Type: FindingCriteria structure
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
- groupBy
-
- Required: Yes
- Type: string
- size
-
- Type: int
- sortCriteria
-
- Type: FindingStatisticsSortCriteria structure
Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.
Result Syntax
[
'countsByGroup' => [
[
'count' => <integer>,
'groupKey' => '<string>',
],
// ...
],
]
Result Details
Members
- countsByGroup
-
- Type: Array of GroupCount structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetFindings
$result = $client->getFindings([/* ... */]); $promise = $client->getFindingsAsync([/* ... */]);
Retrieves the details of one or more findings.
Parameter Syntax
$result = $client->getFindings([
'findingIds' => ['<string>', ...], // REQUIRED
'sortCriteria' => [
'attributeName' => '<string>',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- findingIds
-
- Required: Yes
- Type: Array of strings
- sortCriteria
-
- Type: SortCriteria structure
Specifies criteria for sorting the results of a request for findings.
Result Syntax
[
'findings' => [
[
'accountId' => '<string>',
'archived' => true || false,
'category' => 'CLASSIFICATION|POLICY',
'classificationDetails' => [
'detailedResultsLocation' => '<string>',
'jobArn' => '<string>',
'jobId' => '<string>',
'originType' => 'SENSITIVE_DATA_DISCOVERY_JOB|AUTOMATED_SENSITIVE_DATA_DISCOVERY',
'result' => [
'additionalOccurrences' => true || false,
'customDataIdentifiers' => [
'detections' => [
[
'arn' => '<string>',
'count' => <integer>,
'name' => '<string>',
'occurrences' => [
'cells' => [
[
'cellReference' => '<string>',
'column' => <integer>,
'columnName' => '<string>',
'row' => <integer>,
],
// ...
],
'lineRanges' => [
[
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
// ...
],
'offsetRanges' => [
[
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
// ...
],
'pages' => [
[
'lineRange' => [
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
'offsetRange' => [
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
'pageNumber' => <integer>,
],
// ...
],
'records' => [
[
'jsonPath' => '<string>',
'recordIndex' => <integer>,
],
// ...
],
],
],
// ...
],
'totalCount' => <integer>,
],
'mimeType' => '<string>',
'sensitiveData' => [
[
'category' => 'FINANCIAL_INFORMATION|PERSONAL_INFORMATION|CREDENTIALS|CUSTOM_IDENTIFIER',
'detections' => [
[
'count' => <integer>,
'occurrences' => [
'cells' => [
[
'cellReference' => '<string>',
'column' => <integer>,
'columnName' => '<string>',
'row' => <integer>,
],
// ...
],
'lineRanges' => [
[
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
// ...
],
'offsetRanges' => [
[
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
// ...
],
'pages' => [
[
'lineRange' => [
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
'offsetRange' => [
'end' => <integer>,
'start' => <integer>,
'startColumn' => <integer>,
],
'pageNumber' => <integer>,
],
// ...
],
'records' => [
[
'jsonPath' => '<string>',
'recordIndex' => <integer>,
],
// ...
],
],
'type' => '<string>',
],
// ...
],
'totalCount' => <integer>,
],
// ...
],
'sizeClassified' => <integer>,
'status' => [
'code' => '<string>',
'reason' => '<string>',
],
],
],
'count' => <integer>,
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'partition' => '<string>',
'policyDetails' => [
'action' => [
'actionType' => 'AWS_API_CALL',
'apiCallDetails' => [
'api' => '<string>',
'apiServiceName' => '<string>',
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
],
],
'actor' => [
'domainDetails' => [
'domainName' => '<string>',
],
'ipAddressDetails' => [
'ipAddressV4' => '<string>',
'ipCity' => [
'name' => '<string>',
],
'ipCountry' => [
'code' => '<string>',
'name' => '<string>',
],
'ipGeoLocation' => [
'lat' => <float>,
'lon' => <float>,
],
'ipOwner' => [
'asn' => '<string>',
'asnOrg' => '<string>',
'isp' => '<string>',
'org' => '<string>',
],
],
'userIdentity' => [
'assumedRole' => [
'accessKeyId' => '<string>',
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
'sessionContext' => [
'attributes' => [
'creationDate' => <DateTime>,
'mfaAuthenticated' => true || false,
],
'sessionIssuer' => [
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
'type' => '<string>',
'userName' => '<string>',
],
],
],
'awsAccount' => [
'accountId' => '<string>',
'principalId' => '<string>',
],
'awsService' => [
'invokedBy' => '<string>',
],
'federatedUser' => [
'accessKeyId' => '<string>',
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
'sessionContext' => [
'attributes' => [
'creationDate' => <DateTime>,
'mfaAuthenticated' => true || false,
],
'sessionIssuer' => [
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
'type' => '<string>',
'userName' => '<string>',
],
],
],
'iamUser' => [
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
'userName' => '<string>',
],
'root' => [
'accountId' => '<string>',
'arn' => '<string>',
'principalId' => '<string>',
],
'type' => 'AssumedRole|IAMUser|FederatedUser|Root|AWSAccount|AWSService',
],
],
],
'region' => '<string>',
'resourcesAffected' => [
's3Bucket' => [
'allowsUnencryptedObjectUploads' => 'TRUE|FALSE|UNKNOWN',
'arn' => '<string>',
'createdAt' => <DateTime>,
'defaultServerSideEncryption' => [
'encryptionType' => 'NONE|AES256|aws:kms|UNKNOWN',
'kmsMasterKeyId' => '<string>',
],
'name' => '<string>',
'owner' => [
'displayName' => '<string>',
'id' => '<string>',
],
'publicAccess' => [
'effectivePermission' => 'PUBLIC|NOT_PUBLIC|UNKNOWN',
'permissionConfiguration' => [
'accountLevelPermissions' => [
'blockPublicAccess' => [
'blockPublicAcls' => true || false,
'blockPublicPolicy' => true || false,
'ignorePublicAcls' => true || false,
'restrictPublicBuckets' => true || false,
],
],
'bucketLevelPermissions' => [
'accessControlList' => [
'allowsPublicReadAccess' => true || false,
'allowsPublicWriteAccess' => true || false,
],
'blockPublicAccess' => [
'blockPublicAcls' => true || false,
'blockPublicPolicy' => true || false,
'ignorePublicAcls' => true || false,
'restrictPublicBuckets' => true || false,
],
'bucketPolicy' => [
'allowsPublicReadAccess' => true || false,
'allowsPublicWriteAccess' => true || false,
],
],
],
],
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
's3Object' => [
'bucketArn' => '<string>',
'eTag' => '<string>',
'extension' => '<string>',
'key' => '<string>',
'lastModified' => <DateTime>,
'path' => '<string>',
'publicAccess' => true || false,
'serverSideEncryption' => [
'encryptionType' => 'NONE|AES256|aws:kms|UNKNOWN',
'kmsMasterKeyId' => '<string>',
],
'size' => <integer>,
'storageClass' => 'STANDARD|REDUCED_REDUNDANCY|STANDARD_IA|INTELLIGENT_TIERING|DEEP_ARCHIVE|ONEZONE_IA|GLACIER|GLACIER_IR|OUTPOSTS',
'tags' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'versionId' => '<string>',
],
],
'sample' => true || false,
'schemaVersion' => '<string>',
'severity' => [
'description' => 'Low|Medium|High',
'score' => <integer>,
],
'title' => '<string>',
'type' => 'SensitiveData:S3Object/Multiple|SensitiveData:S3Object/Financial|SensitiveData:S3Object/Personal|SensitiveData:S3Object/Credentials|SensitiveData:S3Object/CustomIdentifier|Policy:IAMUser/S3BucketPublic|Policy:IAMUser/S3BucketSharedExternally|Policy:IAMUser/S3BucketReplicatedExternally|Policy:IAMUser/S3BucketEncryptionDisabled|Policy:IAMUser/S3BlockPublicAccessDisabled|Policy:IAMUser/S3BucketSharedWithCloudFront',
'updatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- findings
-
- Type: Array of Finding structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetFindingsFilter
$result = $client->getFindingsFilter([/* ... */]); $promise = $client->getFindingsFilterAsync([/* ... */]);
Retrieves the criteria and other settings for a findings filter.
Parameter Syntax
$result = $client->getFindingsFilter([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'action' => 'ARCHIVE|NOOP',
'arn' => '<string>',
'description' => '<string>',
'findingCriteria' => [
'criterion' => [
'<__string>' => [
'eq' => ['<string>', ...],
'eqExactMatch' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
],
// ...
],
],
'id' => '<string>',
'name' => '<string>',
'position' => <integer>,
'tags' => ['<string>', ...],
]
Result Details
Members
- action
-
- Type: string
The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:
- arn
-
- Type: string
- description
-
- Type: string
- findingCriteria
-
- Type: FindingCriteria structure
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
- id
-
- Type: string
- name
-
- Type: string
- position
-
- Type: int
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetFindingsPublicationConfiguration
$result = $client->getFindingsPublicationConfiguration([/* ... */]); $promise = $client->getFindingsPublicationConfigurationAsync([/* ... */]);
Retrieves the configuration settings for publishing findings to Security Hub.
Parameter Syntax
$result = $client->getFindingsPublicationConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'securityHubConfiguration' => [
'publishClassificationFindings' => true || false,
'publishPolicyFindings' => true || false,
],
]
Result Details
Members
- securityHubConfiguration
-
- Type: SecurityHubConfiguration structure
Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetInvitationsCount
$result = $client->getInvitationsCount([/* ... */]); $promise = $client->getInvitationsCountAsync([/* ... */]);
Retrieves the count of Amazon Macie membership invitations that were received by an account.
Parameter Syntax
$result = $client->getInvitationsCount([ ]);
Parameter Details
Members
Result Syntax
[
'invitationsCount' => <integer>,
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetMacieSession
$result = $client->getMacieSession([/* ... */]); $promise = $client->getMacieSessionAsync([/* ... */]);
Retrieves the status and configuration settings for an Amazon Macie account.
Parameter Syntax
$result = $client->getMacieSession([ ]);
Parameter Details
Members
Result Syntax
[
'createdAt' => <DateTime>,
'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
'serviceRole' => '<string>',
'status' => 'PAUSED|ENABLED',
'updatedAt' => <DateTime>,
]
Result Details
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- findingPublishingFrequency
-
- Type: string
The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:
- serviceRole
-
- Type: string
- status
-
- Type: string
The status of an Amazon Macie account. Valid values are:
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetMasterAccount
$result = $client->getMasterAccount([/* ... */]); $promise = $client->getMasterAccountAsync([/* ... */]);
(Deprecated) Retrieves information about the Amazon Macie administrator account for an account. This operation has been replaced by the GetAdministratorAccount operation.
Parameter Syntax
$result = $client->getMasterAccount([ ]);
Parameter Details
Members
Result Syntax
[
'master' => [
'accountId' => '<string>',
'invitationId' => '<string>',
'invitedAt' => <DateTime>,
'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
],
]
Result Details
Members
- master
-
- Type: Invitation structure
Provides information about an Amazon Macie membership invitation.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetMember
$result = $client->getMember([/* ... */]); $promise = $client->getMemberAsync([/* ... */]);
Retrieves information about an account that's associated with an Amazon Macie administrator account.
Parameter Syntax
$result = $client->getMember([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'accountId' => '<string>',
'administratorAccountId' => '<string>',
'arn' => '<string>',
'email' => '<string>',
'invitedAt' => <DateTime>,
'masterAccountId' => '<string>',
'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
'tags' => ['<string>', ...],
'updatedAt' => <DateTime>,
]
Result Details
Members
- accountId
-
- Type: string
- administratorAccountId
-
- Type: string
- arn
-
- Type: string
-
- Type: string
- invitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- masterAccountId
-
- Type: string
- relationshipStatus
-
- Type: string
The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetResourceProfile
$result = $client->getResourceProfile([/* ... */]); $promise = $client->getResourceProfileAsync([/* ... */]);
Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket.
Parameter Syntax
$result = $client->getResourceProfile([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'profileUpdatedAt' => <DateTime>,
'sensitivityScore' => <integer>,
'sensitivityScoreOverridden' => true || false,
'statistics' => [
'totalBytesClassified' => <integer>,
'totalDetections' => <integer>,
'totalDetectionsSuppressed' => <integer>,
'totalItemsClassified' => <integer>,
'totalItemsSensitive' => <integer>,
'totalItemsSkipped' => <integer>,
'totalItemsSkippedInvalidEncryption' => <integer>,
'totalItemsSkippedInvalidKms' => <integer>,
'totalItemsSkippedPermissionDenied' => <integer>,
],
]
Result Details
Members
- profileUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- sensitivityScore
-
- Type: int
- sensitivityScoreOverridden
-
- Type: boolean
- statistics
-
- Type: ResourceStatistics structure
Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for your account. The statistics capture the results of automated sensitive data discovery activities that Macie has performed for the bucket. The data is available only if automated sensitive data discovery is currently enabled for your account.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
GetRevealConfiguration
$result = $client->getRevealConfiguration([/* ... */]); $promise = $client->getRevealConfigurationAsync([/* ... */]);
Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
Parameter Syntax
$result = $client->getRevealConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'configuration' => [
'kmsKeyId' => '<string>',
'status' => 'ENABLED|DISABLED',
],
]
Result Details
Members
- configuration
-
- Type: RevealConfiguration structure
Specifies the configuration settings for retrieving occurrences of sensitive data reported by findings, and the status of the configuration for an Amazon Macie account. When you enable the configuration for the first time, your request must specify an Key Management Service (KMS) key. Otherwise, an error occurs. Macie uses the specified key to encrypt the sensitive data that you retrieve.
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetSensitiveDataOccurrences
$result = $client->getSensitiveDataOccurrences([/* ... */]); $promise = $client->getSensitiveDataOccurrencesAsync([/* ... */]);
Retrieves occurrences of sensitive data reported by a finding.
Parameter Syntax
$result = $client->getSensitiveDataOccurrences([
'findingId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'error' => '<string>',
'sensitiveDataOccurrences' => [
'<__string>' => [
[
'value' => '<string>',
],
// ...
],
// ...
],
'status' => 'SUCCESS|PROCESSING|ERROR',
]
Result Details
Members
- error
-
- Type: string
- sensitiveDataOccurrences
-
- Type: Associative array of custom strings keys (__string) to DetectedDataDetails structuress
Specifies a type of sensitive data reported by a finding and provides occurrences of the specified type of sensitive data.
- status
-
- Type: string
The status of a request to retrieve occurrences of sensitive data reported by a finding. Possible values are:
Errors
-
Provides information about an error that occurred due to an unprocessable entity.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
GetSensitiveDataOccurrencesAvailability
$result = $client->getSensitiveDataOccurrencesAvailability([/* ... */]); $promise = $client->getSensitiveDataOccurrencesAvailabilityAsync([/* ... */]);
Checks whether occurrences of sensitive data can be retrieved for a finding.
Parameter Syntax
$result = $client->getSensitiveDataOccurrencesAvailability([
'findingId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'code' => 'AVAILABLE|UNAVAILABLE',
'reasons' => ['<string>', ...],
]
Result Details
Members
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetSensitivityInspectionTemplate
$result = $client->getSensitivityInspectionTemplate([/* ... */]); $promise = $client->getSensitivityInspectionTemplateAsync([/* ... */]);
Retrieves the settings for the sensitivity inspection template for an account.
Parameter Syntax
$result = $client->getSensitivityInspectionTemplate([
'id' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'description' => '<string>',
'excludes' => [
'managedDataIdentifierIds' => ['<string>', ...],
],
'includes' => [
'allowListIds' => ['<string>', ...],
'customDataIdentifierIds' => ['<string>', ...],
'managedDataIdentifierIds' => ['<string>', ...],
],
'name' => '<string>',
'sensitivityInspectionTemplateId' => '<string>',
]
Result Details
Members
- description
-
- Type: string
- excludes
-
- Type: SensitivityInspectionTemplateExcludes structure
Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery for an Amazon Macie account. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
- includes
-
- Type: SensitivityInspectionTemplateIncludes structure
Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery for an Amazon Macie account. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
- name
-
- Type: string
- sensitivityInspectionTemplateId
-
- Type: string
The unique identifier for the sensitivity inspection template.
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
GetUsageStatistics
$result = $client->getUsageStatistics([/* ... */]); $promise = $client->getUsageStatisticsAsync([/* ... */]);
Retrieves (queries) quotas and aggregated usage data for one or more accounts.
Parameter Syntax
$result = $client->getUsageStatistics([
'filterBy' => [
[
'comparator' => 'GT|GTE|LT|LTE|EQ|NE|CONTAINS',
'key' => 'accountId|serviceLimit|freeTrialStartDate|total',
'values' => ['<string>', ...],
],
// ...
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortBy' => [
'key' => 'accountId|total|serviceLimitValue|freeTrialStartDate',
'orderBy' => 'ASC|DESC',
],
'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
]);
Parameter Details
Members
- filterBy
-
- Type: Array of UsageStatisticsFilter structures
- maxResults
-
- Type: int
- nextToken
-
- Type: string
- sortBy
-
- Type: UsageStatisticsSortBy structure
Specifies criteria for sorting the results of a query for Amazon Macie account quotas and usage data.
- timeRange
-
- Type: string
An inclusive time period that Amazon Macie usage data applies to. Possible values are:
Result Syntax
[
'nextToken' => '<string>',
'records' => [
[
'accountId' => '<string>',
'automatedDiscoveryFreeTrialStartDate' => <DateTime>,
'freeTrialStartDate' => <DateTime>,
'usage' => [
[
'currency' => 'USD',
'estimatedCost' => '<string>',
'serviceLimit' => [
'isServiceLimited' => true || false,
'unit' => 'TERABYTES',
'value' => <integer>,
],
'type' => 'DATA_INVENTORY_EVALUATION|SENSITIVE_DATA_DISCOVERY|AUTOMATED_SENSITIVE_DATA_DISCOVERY|AUTOMATED_OBJECT_MONITORING',
],
// ...
],
],
// ...
],
'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
]
Result Details
Members
- nextToken
-
- Type: string
- records
-
- Type: Array of UsageRecord structures
- timeRange
-
- Type: string
An inclusive time period that Amazon Macie usage data applies to. Possible values are:
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
GetUsageTotals
$result = $client->getUsageTotals([/* ... */]); $promise = $client->getUsageTotalsAsync([/* ... */]);
Retrieves (queries) aggregated usage data for an account.
Parameter Syntax
$result = $client->getUsageTotals([
'timeRange' => '<string>',
]);
Parameter Details
Result Syntax
[
'timeRange' => 'MONTH_TO_DATE|PAST_30_DAYS',
'usageTotals' => [
[
'currency' => 'USD',
'estimatedCost' => '<string>',
'type' => 'DATA_INVENTORY_EVALUATION|SENSITIVE_DATA_DISCOVERY|AUTOMATED_SENSITIVE_DATA_DISCOVERY|AUTOMATED_OBJECT_MONITORING',
],
// ...
],
]
Result Details
Members
- timeRange
-
- Type: string
An inclusive time period that Amazon Macie usage data applies to. Possible values are:
- usageTotals
-
- Type: Array of UsageTotal structures
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListAllowLists
$result = $client->listAllowLists([/* ... */]); $promise = $client->listAllowListsAsync([/* ... */]);
Retrieves a subset of information about all the allow lists for an account.
Parameter Syntax
$result = $client->listAllowLists([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'allowLists' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- allowLists
-
- Type: Array of AllowListSummary structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
ListClassificationJobs
$result = $client->listClassificationJobs([/* ... */]); $promise = $client->listClassificationJobsAsync([/* ... */]);
Retrieves a subset of information about one or more classification jobs.
Parameter Syntax
$result = $client->listClassificationJobs([
'filterCriteria' => [
'excludes' => [
[
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'jobType|jobStatus|createdAt|name',
'values' => ['<string>', ...],
],
// ...
],
'includes' => [
[
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'jobType|jobStatus|createdAt|name',
'values' => ['<string>', ...],
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'attributeName' => 'createdAt|jobStatus|name|jobType',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- filterCriteria
-
- Type: ListJobsFilterCriteria structure
Specifies criteria for filtering the results of a request for information about classification jobs.
- maxResults
-
- Type: int
- nextToken
-
- Type: string
- sortCriteria
-
- Type: ListJobsSortCriteria structure
Specifies criteria for sorting the results of a request for information about classification jobs.
Result Syntax
[
'items' => [
[
'bucketCriteria' => [
'excludes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|GT|GTE|LT|LTE|NE|CONTAINS|STARTS_WITH',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
],
'bucketDefinitions' => [
[
'accountId' => '<string>',
'buckets' => ['<string>', ...],
],
// ...
],
'createdAt' => <DateTime>,
'jobId' => '<string>',
'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED',
'jobType' => 'ONE_TIME|SCHEDULED',
'lastRunErrorStatus' => [
'code' => 'NONE|ERROR',
],
'name' => '<string>',
'userPausedDetails' => [
'jobExpiresAt' => <DateTime>,
'jobImminentExpirationHealthEventArn' => '<string>',
'jobPausedAt' => <DateTime>,
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Type: Array of JobSummary structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListClassificationScopes
$result = $client->listClassificationScopes([/* ... */]); $promise = $client->listClassificationScopesAsync([/* ... */]);
Retrieves a subset of information about the classification scope for an account.
Parameter Syntax
$result = $client->listClassificationScopes([
'name' => '<string>',
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'classificationScopes' => [
[
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- classificationScopes
-
- Type: Array of ClassificationScopeSummary structures
- nextToken
-
- Type: string
Specifies which page of results to return in a paginated response.
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
ListCustomDataIdentifiers
$result = $client->listCustomDataIdentifiers([/* ... */]); $promise = $client->listCustomDataIdentifiersAsync([/* ... */]);
Retrieves a subset of information about all the custom data identifiers for an account.
Parameter Syntax
$result = $client->listCustomDataIdentifiers([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'items' => [
[
'arn' => '<string>',
'createdAt' => <DateTime>,
'description' => '<string>',
'id' => '<string>',
'name' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Type: Array of CustomDataIdentifierSummary structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Retrieves a subset of information about one or more findings.
Parameter Syntax
$result = $client->listFindings([
'findingCriteria' => [
'criterion' => [
'<__string>' => [
'eq' => ['<string>', ...],
'eqExactMatch' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'attributeName' => '<string>',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- findingCriteria
-
- Type: FindingCriteria structure
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
- maxResults
-
- Type: int
- nextToken
-
- Type: string
- sortCriteria
-
- Type: SortCriteria structure
Specifies criteria for sorting the results of a request for findings.
Result Syntax
[
'findingIds' => ['<string>', ...],
'nextToken' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListFindingsFilters
$result = $client->listFindingsFilters([/* ... */]); $promise = $client->listFindingsFiltersAsync([/* ... */]);
Retrieves a subset of information about all the findings filters for an account.
Parameter Syntax
$result = $client->listFindingsFilters([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'findingsFilterListItems' => [
[
'action' => 'ARCHIVE|NOOP',
'arn' => '<string>',
'id' => '<string>',
'name' => '<string>',
'tags' => ['<string>', ...],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- findingsFilterListItems
-
- Type: Array of FindingsFilterListItem structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListInvitations
$result = $client->listInvitations([/* ... */]); $promise = $client->listInvitationsAsync([/* ... */]);
Retrieves information about the Amazon Macie membership invitations that were received by an account.
Parameter Syntax
$result = $client->listInvitations([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'invitations' => [
[
'accountId' => '<string>',
'invitationId' => '<string>',
'invitedAt' => <DateTime>,
'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- invitations
-
- Type: Array of Invitation structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListManagedDataIdentifiers
$result = $client->listManagedDataIdentifiers([/* ... */]); $promise = $client->listManagedDataIdentifiersAsync([/* ... */]);
Retrieves information about all the managed data identifiers that Amazon Macie currently provides.
Parameter Syntax
$result = $client->listManagedDataIdentifiers([
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'items' => [
[
'category' => 'FINANCIAL_INFORMATION|PERSONAL_INFORMATION|CREDENTIALS|CUSTOM_IDENTIFIER',
'id' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- items
-
- Type: Array of ManagedDataIdentifierSummary structures
- nextToken
-
- Type: string
Errors
There are no errors described for this operation.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
Retrieves information about the accounts that are associated with an Amazon Macie administrator account.
Parameter Syntax
$result = $client->listMembers([
'maxResults' => <integer>,
'nextToken' => '<string>',
'onlyAssociated' => '<string>',
]);
Parameter Details
Result Syntax
[
'members' => [
[
'accountId' => '<string>',
'administratorAccountId' => '<string>',
'arn' => '<string>',
'email' => '<string>',
'invitedAt' => <DateTime>,
'masterAccountId' => '<string>',
'relationshipStatus' => 'Enabled|Paused|Invited|Created|Removed|Resigned|EmailVerificationInProgress|EmailVerificationFailed|RegionDisabled|AccountSuspended',
'tags' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- members
-
- Type: Array of Member structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListOrganizationAdminAccounts
$result = $client->listOrganizationAdminAccounts([/* ... */]); $promise = $client->listOrganizationAdminAccountsAsync([/* ... */]);
Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations.
Parameter Syntax
$result = $client->listOrganizationAdminAccounts([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'adminAccounts' => [
[
'accountId' => '<string>',
'status' => 'ENABLED|DISABLING_IN_PROGRESS',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- adminAccounts
-
- Type: Array of AdminAccount structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
ListResourceProfileArtifacts
$result = $client->listResourceProfileArtifacts([/* ... */]); $promise = $client->listResourceProfileArtifactsAsync([/* ... */]);
Retrieves information about objects that were selected from an S3 bucket for automated sensitive data discovery.
Parameter Syntax
$result = $client->listResourceProfileArtifacts([
'nextToken' => '<string>',
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'artifacts' => [
[
'arn' => '<string>',
'classificationResultStatus' => '<string>',
'sensitive' => true || false,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- artifacts
-
- Type: Array of ResourceProfileArtifact structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
ListResourceProfileDetections
$result = $client->listResourceProfileDetections([/* ... */]); $promise = $client->listResourceProfileDetectionsAsync([/* ... */]);
Retrieves information about the types and amount of sensitive data that Amazon Macie found in an S3 bucket.
Parameter Syntax
$result = $client->listResourceProfileDetections([
'maxResults' => <integer>,
'nextToken' => '<string>',
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'detections' => [
[
'arn' => '<string>',
'count' => <integer>,
'id' => '<string>',
'name' => '<string>',
'suppressed' => true || false,
'type' => 'CUSTOM|MANAGED',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- detections
-
- Type: Array of Detection structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
ListSensitivityInspectionTemplates
$result = $client->listSensitivityInspectionTemplates([/* ... */]); $promise = $client->listSensitivityInspectionTemplatesAsync([/* ... */]);
Retrieves a subset of information about the sensitivity inspection template for an account.
Parameter Syntax
$result = $client->listSensitivityInspectionTemplates([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Result Syntax
[
'nextToken' => '<string>',
'sensitivityInspectionTemplates' => [
[
'id' => '<string>',
'name' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
- sensitivityInspectionTemplates
-
- Type: Array of SensitivityInspectionTemplatesEntry structures
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Retrieves the tags (keys and values) that are associated with an Amazon Macie resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
Errors
There are no errors described for this operation.
PutClassificationExportConfiguration
$result = $client->putClassificationExportConfiguration([/* ... */]); $promise = $client->putClassificationExportConfigurationAsync([/* ... */]);
Creates or updates the configuration settings for storing data classification results.
Parameter Syntax
$result = $client->putClassificationExportConfiguration([
'configuration' => [ // REQUIRED
's3Destination' => [
'bucketName' => '<string>', // REQUIRED
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>', // REQUIRED
],
],
]);
Parameter Details
Members
- configuration
-
- Required: Yes
- Type: ClassificationExportConfiguration structure
Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.
Result Syntax
[
'configuration' => [
's3Destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
],
]
Result Details
Members
- configuration
-
- Type: ClassificationExportConfiguration structure
Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
PutFindingsPublicationConfiguration
$result = $client->putFindingsPublicationConfiguration([/* ... */]); $promise = $client->putFindingsPublicationConfigurationAsync([/* ... */]);
Updates the configuration settings for publishing findings to Security Hub.
Parameter Syntax
$result = $client->putFindingsPublicationConfiguration([
'clientToken' => '<string>',
'securityHubConfiguration' => [
'publishClassificationFindings' => true || false, // REQUIRED
'publishPolicyFindings' => true || false, // REQUIRED
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
- securityHubConfiguration
-
- Type: SecurityHubConfiguration structure
Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
SearchResources
$result = $client->searchResources([/* ... */]); $promise = $client->searchResourcesAsync([/* ... */]);
Retrieves (queries) statistical data and other information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
Parameter Syntax
$result = $client->searchResources([
'bucketCriteria' => [
'excludes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|NE',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|NE',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
'includes' => [
'and' => [
[
'simpleCriterion' => [
'comparator' => 'EQ|NE',
'key' => 'ACCOUNT_ID|S3_BUCKET_NAME|S3_BUCKET_EFFECTIVE_PERMISSION|S3_BUCKET_SHARED_ACCESS',
'values' => ['<string>', ...],
],
'tagCriterion' => [
'comparator' => 'EQ|NE',
'tagValues' => [
[
'key' => '<string>',
'value' => '<string>',
],
// ...
],
],
],
// ...
],
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'attributeName' => 'ACCOUNT_ID|RESOURCE_NAME|S3_CLASSIFIABLE_OBJECT_COUNT|S3_CLASSIFIABLE_SIZE_IN_BYTES',
'orderBy' => 'ASC|DESC',
],
]);
Parameter Details
Members
- bucketCriteria
-
- Type: SearchResourcesBucketCriteria structure
Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.
- maxResults
-
- Type: int
- nextToken
-
- Type: string
- sortCriteria
-
- Type: SearchResourcesSortCriteria structure
Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
Result Syntax
[
'matchingResources' => [
[
'matchingBucket' => [
'accountId' => '<string>',
'bucketName' => '<string>',
'classifiableObjectCount' => <integer>,
'classifiableSizeInBytes' => <integer>,
'errorCode' => 'ACCESS_DENIED',
'errorMessage' => '<string>',
'jobDetails' => [
'isDefinedInJob' => 'TRUE|FALSE|UNKNOWN',
'isMonitoredByJob' => 'TRUE|FALSE|UNKNOWN',
'lastJobId' => '<string>',
'lastJobRunTime' => <DateTime>,
],
'lastAutomatedDiscoveryTime' => <DateTime>,
'objectCount' => <integer>,
'objectCountByEncryptionType' => [
'customerManaged' => <integer>,
'kmsManaged' => <integer>,
's3Managed' => <integer>,
'unencrypted' => <integer>,
'unknown' => <integer>,
],
'sensitivityScore' => <integer>,
'sizeInBytes' => <integer>,
'sizeInBytesCompressed' => <integer>,
'unclassifiableObjectCount' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
'unclassifiableObjectSizeInBytes' => [
'fileType' => <integer>,
'storageClass' => <integer>,
'total' => <integer>,
],
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- matchingResources
-
- Type: Array of MatchingResource structures
- nextToken
-
- Type: string
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds or updates one or more tags (keys and values) that are associated with an Amazon Macie resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
TestCustomDataIdentifier
$result = $client->testCustomDataIdentifier([/* ... */]); $promise = $client->testCustomDataIdentifierAsync([/* ... */]);
Tests a custom data identifier.
Parameter Syntax
$result = $client->testCustomDataIdentifier([
'ignoreWords' => ['<string>', ...],
'keywords' => ['<string>', ...],
'maximumMatchDistance' => <integer>,
'regex' => '<string>', // REQUIRED
'sampleText' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'matchCount' => <integer>,
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes one or more tags (keys and values) from an Amazon Macie resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
There are no errors described for this operation.
UpdateAllowList
$result = $client->updateAllowList([/* ... */]); $promise = $client->updateAllowListAsync([/* ... */]);
Updates the settings for an allow list.
Parameter Syntax
$result = $client->updateAllowList([
'criteria' => [ // REQUIRED
'regex' => '<string>',
's3WordsList' => [
'bucketName' => '<string>', // REQUIRED
'objectKey' => '<string>', // REQUIRED
],
],
'description' => '<string>',
'id' => '<string>', // REQUIRED
'name' => '<string>', // REQUIRED
]);
Parameter Details
Members
- criteria
-
- Required: Yes
- Type: AllowListCriteria structure
Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.
- description
-
- Type: string
- id
-
- Required: Yes
- Type: string
- name
-
- Required: Yes
- Type: string
Result Syntax
[
'arn' => '<string>',
'id' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
UpdateAutomatedDiscoveryConfiguration
$result = $client->updateAutomatedDiscoveryConfiguration([/* ... */]); $promise = $client->updateAutomatedDiscoveryConfigurationAsync([/* ... */]);
Enables or disables automated sensitive data discovery for an account.
Parameter Syntax
$result = $client->updateAutomatedDiscoveryConfiguration([
'status' => 'ENABLED|DISABLED', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
UpdateClassificationJob
$result = $client->updateClassificationJob([/* ... */]); $promise = $client->updateClassificationJobAsync([/* ... */]);
Changes the status of a classification job.
Parameter Syntax
$result = $client->updateClassificationJob([
'jobId' => '<string>', // REQUIRED
'jobStatus' => 'RUNNING|PAUSED|CANCELLED|COMPLETE|IDLE|USER_PAUSED', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UpdateClassificationScope
$result = $client->updateClassificationScope([/* ... */]); $promise = $client->updateClassificationScopeAsync([/* ... */]);
Updates the classification scope settings for an account.
Parameter Syntax
$result = $client->updateClassificationScope([
'id' => '<string>', // REQUIRED
's3' => [
'excludes' => [ // REQUIRED
'bucketNames' => ['<string>', ...], // REQUIRED
'operation' => 'ADD|REPLACE|REMOVE', // REQUIRED
],
],
]);
Parameter Details
Members
- id
-
- Required: Yes
- Type: string
- s3
-
- Type: S3ClassificationScopeUpdate structure
Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
UpdateFindingsFilter
$result = $client->updateFindingsFilter([/* ... */]); $promise = $client->updateFindingsFilterAsync([/* ... */]);
Updates the criteria and other settings for a findings filter.
Parameter Syntax
$result = $client->updateFindingsFilter([
'action' => 'ARCHIVE|NOOP',
'clientToken' => '<string>',
'description' => '<string>',
'findingCriteria' => [
'criterion' => [
'<__string>' => [
'eq' => ['<string>', ...],
'eqExactMatch' => ['<string>', ...],
'gt' => <integer>,
'gte' => <integer>,
'lt' => <integer>,
'lte' => <integer>,
'neq' => ['<string>', ...],
],
// ...
],
],
'id' => '<string>', // REQUIRED
'name' => '<string>',
'position' => <integer>,
]);
Parameter Details
Members
- action
-
- Type: string
The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:
- clientToken
-
- Type: string
- description
-
- Type: string
- findingCriteria
-
- Type: FindingCriteria structure
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
- id
-
- Required: Yes
- Type: string
- name
-
- Type: string
- position
-
- Type: int
Result Syntax
[
'arn' => '<string>',
'id' => '<string>',
]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UpdateMacieSession
$result = $client->updateMacieSession([/* ... */]); $promise = $client->updateMacieSessionAsync([/* ... */]);
Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.
Parameter Syntax
$result = $client->updateMacieSession([
'findingPublishingFrequency' => 'FIFTEEN_MINUTES|ONE_HOUR|SIX_HOURS',
'status' => 'PAUSED|ENABLED',
]);
Parameter Details
Members
- findingPublishingFrequency
-
- Type: string
The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:
- status
-
- Type: string
The status of an Amazon Macie account. Valid values are:
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UpdateMemberSession
$result = $client->updateMemberSession([/* ... */]); $promise = $client->updateMemberSessionAsync([/* ... */]);
Enables an Amazon Macie administrator to suspend or re-enable Macie for a member account.
Parameter Syntax
$result = $client->updateMemberSession([
'id' => '<string>', // REQUIRED
'status' => 'PAUSED|ENABLED', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UpdateOrganizationConfiguration
$result = $client->updateOrganizationConfiguration([/* ... */]); $promise = $client->updateOrganizationConfigurationAsync([/* ... */]);
Updates the Amazon Macie configuration settings for an organization in Organizations.
Parameter Syntax
$result = $client->updateOrganizationConfiguration([
'autoEnable' => true || false, // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a versioning conflict for a specified resource.
UpdateResourceProfile
$result = $client->updateResourceProfile([/* ... */]); $promise = $client->updateResourceProfileAsync([/* ... */]);
Updates the sensitivity score for an S3 bucket.
Parameter Syntax
$result = $client->updateResourceProfile([
'resourceArn' => '<string>', // REQUIRED
'sensitivityScoreOverride' => <integer>,
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
UpdateResourceProfileDetections
$result = $client->updateResourceProfileDetections([/* ... */]); $promise = $client->updateResourceProfileDetectionsAsync([/* ... */]);
Updates the sensitivity scoring settings for an S3 bucket.
Parameter Syntax
$result = $client->updateResourceProfileDetections([
'resourceArn' => '<string>', // REQUIRED
'suppressDataIdentifiers' => [
[
'id' => '<string>',
'type' => 'CUSTOM|MANAGED',
],
// ...
],
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
- suppressDataIdentifiers
-
- Type: Array of SuppressDataIdentifier structures
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
ServiceQuotaExceededException:
Provides information about an error that occurred due to one or more service quotas for an account.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
UpdateRevealConfiguration
$result = $client->updateRevealConfiguration([/* ... */]); $promise = $client->updateRevealConfigurationAsync([/* ... */]);
Updates the status and configuration settings for retrieving occurrences of sensitive data reported by findings.
Parameter Syntax
$result = $client->updateRevealConfiguration([
'configuration' => [ // REQUIRED
'kmsKeyId' => '<string>',
'status' => 'ENABLED|DISABLED', // REQUIRED
],
]);
Parameter Details
Members
- configuration
-
- Required: Yes
- Type: RevealConfiguration structure
Specifies the configuration settings for retrieving occurrences of sensitive data reported by findings, and the status of the configuration for an Amazon Macie account. When you enable the configuration for the first time, your request must specify an Key Management Service (KMS) key. Otherwise, an error occurs. Macie uses the specified key to encrypt the sensitive data that you retrieve.
Result Syntax
[
'configuration' => [
'kmsKeyId' => '<string>',
'status' => 'ENABLED|DISABLED',
],
]
Result Details
Members
- configuration
-
- Type: RevealConfiguration structure
Specifies the configuration settings for retrieving occurrences of sensitive data reported by findings, and the status of the configuration for an Amazon Macie account. When you enable the configuration for the first time, your request must specify an Key Management Service (KMS) key. Otherwise, an error occurs. Macie uses the specified key to encrypt the sensitive data that you retrieve.
Errors
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
UpdateSensitivityInspectionTemplate
$result = $client->updateSensitivityInspectionTemplate([/* ... */]); $promise = $client->updateSensitivityInspectionTemplateAsync([/* ... */]);
Updates the settings for the sensitivity inspection template for an account.
Parameter Syntax
$result = $client->updateSensitivityInspectionTemplate([
'description' => '<string>',
'excludes' => [
'managedDataIdentifierIds' => ['<string>', ...],
],
'id' => '<string>', // REQUIRED
'includes' => [
'allowListIds' => ['<string>', ...],
'customDataIdentifierIds' => ['<string>', ...],
'managedDataIdentifierIds' => ['<string>', ...],
],
]);
Parameter Details
Members
- description
-
- Type: string
- excludes
-
- Type: SensitivityInspectionTemplateExcludes structure
Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery for an Amazon Macie account. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
- id
-
- Required: Yes
- Type: string
- includes
-
- Type: SensitivityInspectionTemplateIncludes structure
Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery for an Amazon Macie account. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
Result Syntax
[]
Result Details
Errors
-
Provides information about an error that occurred because a specified resource wasn't found.
-
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
-
Provides information about an error that occurred due to a syntax error in a request.
-
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
-
Provides information about an error that occurred due to insufficient access to a specified resource.
Shapes
AccessControlList
Description
Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.
Members
AccessDeniedException
Description
Provides information about an error that occurred due to insufficient access to a specified resource.
Members
AccountDetail
Description
Specifies the details of an account to associate with an Amazon Macie administrator account.
Members
AccountLevelPermissions
Description
Provides information about the account-level permissions settings that apply to an S3 bucket.
Members
- blockPublicAccess
-
- Type: BlockPublicAccess structure
Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.
AdminAccount
Description
Provides information about the delegated Amazon Macie administrator account for an organization in Organizations.
Members
AllowListCriteria
Description
Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.
Members
- regex
-
- Type: string
- s3WordsList
-
- Type: S3WordsList structure
Provides information about an S3 object that lists specific text to ignore.
AllowListStatus
Description
Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.
Members
AllowListSummary
Description
Provides a subset of information about an allow list.
Members
ApiCallDetails
Description
Provides information about an API operation that an entity invoked for an affected resource.
Members
AssumedRole
Description
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.
Members
- accessKeyId
-
- Type: string
- accountId
-
- Type: string
- arn
-
- Type: string
- principalId
-
- Type: string
- sessionContext
-
- Type: SessionContext structure
Provides information about a session that was created for an entity that performed an action by using temporary security credentials.
AwsAccount
Description
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.
Members
AwsService
Description
Provides information about an Amazon Web Service that performed an action on an affected resource.
Members
BatchGetCustomDataIdentifierSummary
Description
Provides information about a custom data identifier.
Members
BlockPublicAccess
Description
Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.
Members
BucketCountByEffectivePermission
Description
Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.
Members
BucketCountByEncryptionType
Description
Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.
Members
BucketCountBySharedAccessType
Description
Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
Members
BucketCountPolicyAllowsUnencryptedObjectUploads
Description
Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.
Members
BucketCriteriaAdditionalProperties
Description
Specifies the operator to use in a property-based condition that filters the results of a query for information about S3 buckets.
Members
BucketLevelPermissions
Description
Provides information about the bucket-level permissions settings for an S3 bucket.
Members
- accessControlList
-
- Type: AccessControlList structure
Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.
- blockPublicAccess
-
- Type: BlockPublicAccess structure
Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.
- bucketPolicy
-
- Type: BucketPolicy structure
Provides information about the permissions settings of the bucket policy for an S3 bucket.
BucketMetadata
Description
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
If an error occurs when Macie attempts to retrieve and process metadata from Amazon S3 for the bucket or the bucket's objects, the value for the versioning property is false and the value for most other properties is null. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of the error, refer to the errorCode and errorMessage values.
Members
- accountId
-
- Type: string
- allowsUnencryptedObjectUploads
-
- Type: string
- bucketArn
-
- Type: string
- bucketCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- bucketName
-
- Type: string
- classifiableObjectCount
-
- Type: long (int|float)
- classifiableSizeInBytes
-
- Type: long (int|float)
- errorCode
-
- Type: string
The error code for an error that prevented Amazon Macie from retrieving and processing metadata from Amazon S3 for an S3 bucket and the bucket's objects.
- errorMessage
-
- Type: string
- jobDetails
-
- Type: JobDetails structure
Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.
- lastAutomatedDiscoveryTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- lastUpdated
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- objectCount
-
- Type: long (int|float)
- objectCountByEncryptionType
-
- Type: ObjectCountByEncryptionType structure
Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.
- publicAccess
-
- Type: BucketPublicAccess structure
Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
- region
-
- Type: string
- replicationDetails
-
- Type: ReplicationDetails structure
Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.
- sensitivityScore
-
- Type: int
- serverSideEncryption
-
- Type: BucketServerSideEncryption structure
Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.
- sharedAccess
-
- Type: string
- sizeInBytes
-
- Type: long (int|float)
- sizeInBytesCompressed
-
- Type: long (int|float)
- tags
-
- Type: Array of KeyValuePair structures
- unclassifiableObjectCount
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
- unclassifiableObjectSizeInBytes
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
- versioning
-
- Type: boolean
BucketPermissionConfiguration
Description
Provides information about the account-level and bucket-level permissions settings for an S3 bucket.
Members
- accountLevelPermissions
-
- Type: AccountLevelPermissions structure
Provides information about the account-level permissions settings that apply to an S3 bucket.
- bucketLevelPermissions
-
- Type: BucketLevelPermissions structure
Provides information about the bucket-level permissions settings for an S3 bucket.
BucketPolicy
Description
Provides information about the permissions settings of the bucket policy for an S3 bucket.
Members
BucketPublicAccess
Description
Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
Members
- effectivePermission
-
- Type: string
- permissionConfiguration
-
- Type: BucketPermissionConfiguration structure
Provides information about the account-level and bucket-level permissions settings for an S3 bucket.
BucketServerSideEncryption
Description
Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.
Members
BucketSortCriteria
Description
Specifies criteria for sorting the results of a query for information about S3 buckets.
Members
BucketStatisticsBySensitivity
Description
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for each metric is 0.
Members
- classificationError
-
- Type: SensitivityAggregations structure
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.
- notClassified
-
- Type: SensitivityAggregations structure
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.
- notSensitive
-
- Type: SensitivityAggregations structure
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.
- sensitive
-
- Type: SensitivityAggregations structure
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.
Cell
Description
Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
Members
ClassificationDetails
Description
Provides information about a sensitive data finding and the details of the finding.
Members
- detailedResultsLocation
-
- Type: string
- jobArn
-
- Type: string
- jobId
-
- Type: string
- originType
-
- Type: string
Specifies how Amazon Macie found the sensitive data that produced a finding. Possible values are:
- result
-
- Type: ClassificationResult structure
Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.
ClassificationExportConfiguration
Description
Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 bucket.
Members
- s3Destination
-
- Type: S3Destination structure
Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.
ClassificationResult
Description
Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.
Members
- additionalOccurrences
-
- Type: boolean
- customDataIdentifiers
-
- Type: CustomDataIdentifiers structure
Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.
- mimeType
-
- Type: string
- sensitiveData
-
- Type: Array of SensitiveDataItem structures
Provides information about the category and number of occurrences of sensitive data that produced a finding.
- sizeClassified
-
- Type: long (int|float)
- status
-
- Type: ClassificationResultStatus structure
Provides information about the status of a sensitive data finding.
ClassificationResultStatus
Description
Provides information about the status of a sensitive data finding.
Members
ClassificationScopeSummary
Description
Provides information about the classification scope for an Amazon Macie account. Macie uses the scope's settings when it performs automated sensitive data discovery for the account.
Members
ConflictException
Description
Provides information about an error that occurred due to a versioning conflict for a specified resource.
Members
CriteriaBlockForJob
Description
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.
Members
- and
-
- Type: Array of CriteriaForJob structures
CriteriaForJob
Description
Specifies a property- or tag-based condition that defines criteria for including or excluding S3 buckets from a classification job.
Members
- simpleCriterion
-
- Type: SimpleCriterionForJob structure
Specifies a property-based condition that determines whether an S3 bucket is included or excluded from a classification job.
- tagCriterion
-
- Type: TagCriterionForJob structure
Specifies a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job.
CriterionAdditionalProperties
Description
Specifies the operator to use in a property-based condition that filters the results of a query for findings. For detailed information and examples of each operator, see Fundamentals of filtering findings in the Amazon Macie User Guide.
Members
CustomDataIdentifierSummary
Description
Provides information about a custom data identifier.
Members
CustomDataIdentifiers
Description
Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.
Members
- detections
-
- Type: Array of CustomDetection structures
Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that each identifier detected.
- totalCount
-
- Type: long (int|float)
CustomDetection
Description
Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.
Members
- arn
-
- Type: string
- count
-
- Type: long (int|float)
- name
-
- Type: string
- occurrences
-
- Type: Occurrences structure
Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.
DailySchedule
Description
Specifies that a classification job runs once a day, every day. This is an empty object.
Members
DefaultDetection
Description
Provides information about a type of sensitive data that was detected by a managed data identifier and produced a sensitive data finding.
Members
- count
-
- Type: long (int|float)
- occurrences
-
- Type: Occurrences structure
Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.
- type
-
- Type: string
DetectedDataDetails
Description
Specifies 1-10 occurrences of a specific type of sensitive data reported by a finding.
Members
Detection
Description
Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for the bucket. The information also specifies the custom data identifier or managed data identifier that detected the data. This information is available only if automated sensitive data discovery is currently enabled for your account.
Members
DomainDetails
Description
Provides information about the domain name of the device that an entity used to perform an action on an affected resource.
Members
Empty
Description
The request succeeded and there isn't any content to include in the body of the response (No Content).
Members
FederatedUser
Description
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.
Members
- accessKeyId
-
- Type: string
- accountId
-
- Type: string
- arn
-
- Type: string
- principalId
-
- Type: string
- sessionContext
-
- Type: SessionContext structure
Provides information about a session that was created for an entity that performed an action by using temporary security credentials.
Finding
Description
Provides the details of a finding.
Members
- accountId
-
- Type: string
- archived
-
- Type: boolean
- category
-
- Type: string
The category of the finding. Possible values are:
- classificationDetails
-
- Type: ClassificationDetails structure
Provides information about a sensitive data finding and the details of the finding.
- count
-
- Type: long (int|float)
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- description
-
- Type: string
- id
-
- Type: string
- partition
-
- Type: string
- policyDetails
-
- Type: PolicyDetails structure
Provides the details of a policy finding.
- region
-
- Type: string
- resourcesAffected
-
- Type: ResourcesAffected structure
Provides information about the resources that a finding applies to.
- sample
-
- Type: boolean
- schemaVersion
-
- Type: string
- severity
-
- Type: Severity structure
Provides the numerical and qualitative representations of a finding's severity.
- title
-
- Type: string
- type
-
- Type: string
The type of finding. For details about each type, see Types of Amazon Macie findings in the Amazon Macie User Guide. Possible values are:
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
FindingAction
Description
Provides information about an action that occurred for a resource and produced a policy finding.
Members
- actionType
-
- Type: string
The type of action that occurred for the resource and produced the policy finding:
- apiCallDetails
-
- Type: ApiCallDetails structure
Provides information about an API operation that an entity invoked for an affected resource.
FindingActor
Description
Provides information about an entity that performed an action that produced a policy finding for a resource.
Members
- domainDetails
-
- Type: DomainDetails structure
Provides information about the domain name of the device that an entity used to perform an action on an affected resource.
- ipAddressDetails
-
- Type: IpAddressDetails structure
Provides information about the IP address of the device that an entity used to perform an action on an affected resource.
- userIdentity
-
- Type: UserIdentity structure
Provides information about the type and other characteristics of an entity that performed an action on an affected resource.
FindingCriteria
Description
Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
Members
- criterion
-
- Type: Associative array of custom strings keys (__string) to CriterionAdditionalProperties structures
Specifies a condition that defines a property, operator, and one or more values to filter the results of a query for findings. The number of values depends on the property and operator specified by the condition. For information about defining filter conditions, see Fundamentals of filtering findings in the Amazon Macie User Guide.
FindingStatisticsSortCriteria
Description
Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.
Members
FindingsFilterListItem
Description
Provides information about a findings filter.
Members
- action
-
- Type: string
The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:
- arn
-
- Type: string
- id
-
- Type: string
- name
-
- Type: string
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
GroupCount
Description
Provides a group of results for a query that retrieved aggregated statistical data about findings.
Members
IamUser
Description
Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.
Members
InternalServerException
Description
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
Members
Invitation
Description
Provides information about an Amazon Macie membership invitation.
Members
IpAddressDetails
Description
Provides information about the IP address of the device that an entity used to perform an action on an affected resource.
Members
- ipAddressV4
-
- Type: string
- ipCity
-
- Type: IpCity structure
Provides information about the city that an IP address originated from.
- ipCountry
-
- Type: IpCountry structure
Provides information about the country that an IP address originated from.
- ipGeoLocation
-
- Type: IpGeoLocation structure
Provides geographic coordinates that indicate where a specified IP address originated from.
- ipOwner
-
- Type: IpOwner structure
Provides information about the registered owner of an IP address.
IpCity
Description
Provides information about the city that an IP address originated from.
Members
IpCountry
Description
Provides information about the country that an IP address originated from.
Members
IpGeoLocation
Description
Provides geographic coordinates that indicate where a specified IP address originated from.
Members
IpOwner
Description
Provides information about the registered owner of an IP address.
Members
JobDetails
Description
Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.
Members
JobScheduleFrequency
Description
Specifies the recurrence pattern for running a classification job.
Members
- dailySchedule
-
- Type: DailySchedule structure
Specifies that a classification job runs once a day, every day. This is an empty object.
- monthlySchedule
-
- Type: MonthlySchedule structure
Specifies a monthly recurrence pattern for running a classification job.
- weeklySchedule
-
- Type: WeeklySchedule structure
Specifies a weekly recurrence pattern for running a classification job.
JobScopeTerm
Description
Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job. A JobScopeTerm object can contain only one simpleScopeTerm object or one tagScopeTerm object.
Members
- simpleScopeTerm
-
- Type: SimpleScopeTerm structure
Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.
- tagScopeTerm
-
- Type: TagScopeTerm structure
Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.
JobScopingBlock
Description
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.
Members
- and
-
- Type: Array of JobScopeTerm structures
JobSummary
Description
Provides information about a classification job, including the current status of the job.
Members
- bucketCriteria
-
- Type: S3BucketCriteriaForJob structure
Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.
- bucketDefinitions
-
- Type: Array of S3BucketDefinitionForJob structures
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- jobId
-
- Type: string
- jobStatus
-
- Type: string
The status of a classification job. Possible values are:
- jobType
-
- Type: string
The schedule for running a classification job. Valid values are:
- lastRunErrorStatus
-
- Type: LastRunErrorStatus structure
Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.
- name
-
- Type: string
- userPausedDetails
-
- Type: UserPausedDetails structure
Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.
KeyValuePair
Description
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
Members
LastRunErrorStatus
Description
Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.
Members
ListJobsFilterCriteria
Description
Specifies criteria for filtering the results of a request for information about classification jobs.
Members
- excludes
-
- Type: Array of ListJobsFilterTerm structures
- includes
-
- Type: Array of ListJobsFilterTerm structures
ListJobsFilterTerm
Description
Specifies a condition that filters the results of a request for information about classification jobs. Each condition consists of a property, an operator, and one or more values.
Members
ListJobsSortCriteria
Description
Specifies criteria for sorting the results of a request for information about classification jobs.
Members
ManagedDataIdentifierSummary
Description
Provides information about a managed data identifier. For additional information, see Using managed data identifiers in the Amazon Macie User Guide.
Members
MatchingBucket
Description
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.
Members
- accountId
-
- Type: string
- bucketName
-
- Type: string
- classifiableObjectCount
-
- Type: long (int|float)
- classifiableSizeInBytes
-
- Type: long (int|float)
- errorCode
-
- Type: string
The error code for an error that prevented Amazon Macie from retrieving and processing metadata from Amazon S3 for an S3 bucket and the bucket's objects.
- errorMessage
-
- Type: string
- jobDetails
-
- Type: JobDetails structure
Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.
- lastAutomatedDiscoveryTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- objectCount
-
- Type: long (int|float)
- objectCountByEncryptionType
-
- Type: ObjectCountByEncryptionType structure
Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.
- sensitivityScore
-
- Type: int
- sizeInBytes
-
- Type: long (int|float)
- sizeInBytesCompressed
-
- Type: long (int|float)
- unclassifiableObjectCount
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
- unclassifiableObjectSizeInBytes
-
- Type: ObjectLevelStatistics structure
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
MatchingResource
Description
Provides statistical data and other information about an Amazon Web Services resource that Amazon Macie monitors and analyzes for your account.
Members
- matchingBucket
-
- Type: MatchingBucket structure
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.
Member
Description
Provides information about an account that's associated with an Amazon Macie administrator account.
Members
- accountId
-
- Type: string
- administratorAccountId
-
- Type: string
- arn
-
- Type: string
-
- Type: string
- invitedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- masterAccountId
-
- Type: string
- relationshipStatus
-
- Type: string
The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:
- tags
-
- Type: Associative array of custom strings keys (__string) to strings
A string-to-string map of key-value pairs that specifies the tags (keys and values) for an Amazon Macie resource.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
MonthlySchedule
Description
Specifies a monthly recurrence pattern for running a classification job.
Members
ObjectCountByEncryptionType
Description
Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.
Members
ObjectLevelStatistics
Description
Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.
Members
Occurrences
Description
Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.
Members
- cells
-
- Type: Array of Cell structures
Specifies the location of occurrences of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
- lineRanges
-
- Type: Array of Range structures
Specifies the locations of occurrences of sensitive data in a non-binary text file.
- offsetRanges
-
- Type: Array of Range structures
Specifies the locations of occurrences of sensitive data in a non-binary text file.
- pages
-
- Type: Array of Page structures
Specifies the location of occurrences of sensitive data in an Adobe Portable Document Format file.
- records
-
- Type: Array of Record structures
Specifies the locations of occurrences of sensitive data in an Apache Avro object container or a structured data file.
Page
Description
Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.
Members
- lineRange
-
- Type: Range structure
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
- offsetRange
-
- Type: Range structure
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
- pageNumber
-
- Type: long (int|float)
PolicyDetails
Description
Provides the details of a policy finding.
Members
- action
-
- Type: FindingAction structure
Provides information about an action that occurred for a resource and produced a policy finding.
- actor
-
- Type: FindingActor structure
Provides information about an entity that performed an action that produced a policy finding for a resource.
Range
Description
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
Members
Record
Description
Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.
Members
ReplicationDetails
Description
Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.
Members
ResourceNotFoundException
Description
Provides information about an error that occurred because a specified resource wasn't found.
Members
ResourceProfileArtifact
Description
Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an S3 bucket, and the status and results of the analysis. This information is available only if automated sensitive data discovery is currently enabled for your account.
Members
ResourceStatistics
Description
Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for your account. The statistics capture the results of automated sensitive data discovery activities that Macie has performed for the bucket. The data is available only if automated sensitive data discovery is currently enabled for your account.
Members
- totalBytesClassified
-
- Type: long (int|float)
- totalDetections
-
- Type: long (int|float)
- totalDetectionsSuppressed
-
- Type: long (int|float)
- totalItemsClassified
-
- Type: long (int|float)
- totalItemsSensitive
-
- Type: long (int|float)
- totalItemsSkipped
-
- Type: long (int|float)
- totalItemsSkippedInvalidEncryption
-
- Type: long (int|float)
- totalItemsSkippedInvalidKms
-
- Type: long (int|float)
- totalItemsSkippedPermissionDenied
-
- Type: long (int|float)
ResourcesAffected
Description
Provides information about the resources that a finding applies to.
Members
RevealConfiguration
Description
Specifies the configuration settings for retrieving occurrences of sensitive data reported by findings, and the status of the configuration for an Amazon Macie account. When you enable the configuration for the first time, your request must specify an Key Management Service (KMS) key. Otherwise, an error occurs. Macie uses the specified key to encrypt the sensitive data that you retrieve.
Members
S3Bucket
Description
Provides information about the S3 bucket that a finding applies to.
Members
- allowsUnencryptedObjectUploads
-
- Type: string
- arn
-
- Type: string
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- defaultServerSideEncryption
-
- Type: ServerSideEncryption structure
Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.
- name
-
- Type: string
- owner
-
- Type: S3BucketOwner structure
Provides information about the Amazon Web Services account that owns an S3 bucket.
- publicAccess
-
- Type: BucketPublicAccess structure
Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
- tags
-
- Type: Array of KeyValuePair structures
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
S3BucketCriteriaForJob
Description
Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.
Members
- excludes
-
- Type: CriteriaBlockForJob structure
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.
- includes
-
- Type: CriteriaBlockForJob structure
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.
S3BucketDefinitionForJob
Description
Specifies an Amazon Web Services account that owns S3 buckets for a classification job to analyze, and one or more specific buckets to analyze for that account.
Members
S3BucketOwner
Description
Provides information about the Amazon Web Services account that owns an S3 bucket.
Members
S3ClassificationScope
Description
Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
Members
- excludes
-
- Required: Yes
- Type: S3ClassificationScopeExclusion structure
Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.
S3ClassificationScopeExclusion
Description
Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.
Members
S3ClassificationScopeExclusionUpdate
Description
Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.
Members
S3ClassificationScopeUpdate
Description
Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.
Members
- excludes
-
- Required: Yes
- Type: S3ClassificationScopeExclusionUpdate structure
Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.
S3Destination
Description
Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.
Members
S3JobDefinition
Description
Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.
Members
- bucketCriteria
-
- Type: S3BucketCriteriaForJob structure
Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.
- bucketDefinitions
-
- Type: Array of S3BucketDefinitionForJob structures
- scoping
-
- Type: Scoping structure
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.
S3Object
Description
Provides information about the S3 object that a finding applies to.
Members
- bucketArn
-
- Type: string
- eTag
-
- Type: string
- extension
-
- Type: string
- key
-
- Type: string
- lastModified
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- path
-
- Type: string
- publicAccess
-
- Type: boolean
- serverSideEncryption
-
- Type: ServerSideEncryption structure
Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.
- size
-
- Type: long (int|float)
- storageClass
-
- Type: string
The storage class of the S3 object. Possible values are:
- tags
-
- Type: Array of KeyValuePair structures
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
- versionId
-
- Type: string
S3WordsList
Description
Provides information about an S3 object that lists specific text to ignore.
Members
Scoping
Description
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.
Members
- excludes
-
- Type: JobScopingBlock structure
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.
- includes
-
- Type: JobScopingBlock structure
Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.
SearchResourcesBucketCriteria
Description
Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.
Members
- excludes
-
- Type: SearchResourcesCriteriaBlock structure
Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.
- includes
-
- Type: SearchResourcesCriteriaBlock structure
Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.
SearchResourcesCriteria
Description
Specifies a property- or tag-based filter condition for including or excluding Amazon Web Services resources from the query results.
Members
- simpleCriterion
-
- Type: SearchResourcesSimpleCriterion structure
Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
- tagCriterion
-
- Type: SearchResourcesTagCriterion structure
Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
SearchResourcesCriteriaBlock
Description
Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.
Members
- and
-
- Type: Array of SearchResourcesCriteria structures
SearchResourcesSimpleCriterion
Description
Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
Members
SearchResourcesSortCriteria
Description
Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.
Members
SearchResourcesTagCriterion
Description
Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.
Members
- comparator
-
- Type: string
The operator to use in a condition that filters the results of a query. Valid values are:
- tagValues
-
- Type: Array of SearchResourcesTagCriterionPair structures
SearchResourcesTagCriterionPair
Description
Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based filter condition for a query. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based filter conditions.
Members
SecurityHubConfiguration
Description
Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Amazon Macie integration with Security Hub in the Amazon Macie User Guide.
Members
SensitiveDataItem
Description
Provides information about the category, types, and occurrences of sensitive data that produced a sensitive data finding.
Members
- category
-
- Type: string
For a finding, the category of sensitive data that was detected and produced the finding. For a managed data identifier, the category of sensitive data that the managed data identifier detects. Possible values are:
- detections
-
- Type: Array of DefaultDetection structures
Provides information about sensitive data that was detected by managed data identifiers and produced a sensitive data finding, and the number of occurrences of each type of sensitive data that was detected.
- totalCount
-
- Type: long (int|float)
SensitivityAggregations
Description
Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets. Each field contains aggregated data for all the buckets that have a sensitivity score (sensitivityScore) of a specified value or within a specified range (BucketStatisticsBySensitivity). If automated sensitive data discovery is currently disabled for your account, the value for each field is 0.
Members
SensitivityInspectionTemplateExcludes
Description
Specifies managed data identifiers to exclude (not use) when performing automated sensitive data discovery for an Amazon Macie account. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
Members
SensitivityInspectionTemplateIncludes
Description
Specifies the allow lists, custom data identifiers, and managed data identifiers to include (use) when performing automated sensitive data discovery for an Amazon Macie account. The configuration must specify at least one custom data identifier or managed data identifier. For information about the managed data identifiers that Amazon Macie currently provides, see Using managed data identifiers in the Amazon Macie User Guide.
Members
SensitivityInspectionTemplatesEntry
Description
Provides information about the sensitivity inspection template for an Amazon Macie account. Macie uses the template's settings when it performs automated sensitive data discovery for the account.
Members
ServerSideEncryption
Description
Provides information about the default server-side encryption settings for an S3 bucket or the encryption settings for an S3 object.
Members
ServiceLimit
Description
Specifies a current quota for an Amazon Macie account.
Members
ServiceQuotaExceededException
Description
Provides information about an error that occurred due to one or more service quotas for an account.
Members
SessionContext
Description
Provides information about a session that was created for an entity that performed an action by using temporary security credentials.
Members
- attributes
-
- Type: SessionContextAttributes structure
Provides information about the context in which temporary security credentials were issued to an entity.
- sessionIssuer
-
- Type: SessionIssuer structure
Provides information about the source and type of temporary security credentials that were issued to an entity.
SessionContextAttributes
Description
Provides information about the context in which temporary security credentials were issued to an entity.
Members
SessionIssuer
Description
Provides information about the source and type of temporary security credentials that were issued to an entity.
Members
Severity
Description
Provides the numerical and qualitative representations of a finding's severity.
Members
SeverityLevel
Description
Specifies a severity level for findings that a custom data identifier produces. A severity level determines which severity is assigned to the findings, based on the number of occurrences of text that matches the custom data identifier's detection criteria.
Members
SimpleCriterionForJob
Description
Specifies a property-based condition that determines whether an S3 bucket is included or excluded from a classification job.
Members
- comparator
-
- Type: string
The operator to use in a condition. Depending on the type of condition, possible values are:
- key
-
- Type: string
The property to use in a condition that determines whether an S3 bucket is included or excluded from a classification job. Valid values are:
- values
-
- Type: Array of strings
SimpleScopeTerm
Description
Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.
Members
- comparator
-
- Type: string
The operator to use in a condition. Depending on the type of condition, possible values are:
- key
-
- Type: string
The property to use in a condition that determines whether an S3 object is included or excluded from a classification job. Valid values are:
- values
-
- Type: Array of strings
SortCriteria
Description
Specifies criteria for sorting the results of a request for findings.
Members
Statistics
Description
Provides processing statistics for a classification job.
Members
SuppressDataIdentifier
Description
Specifies a custom data identifier or managed data identifier that detected a type of sensitive data to start excluding or including in an S3 bucket's sensitivity score.
Members
TagCriterionForJob
Description
Specifies a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job.
Members
- comparator
-
- Type: string
The operator to use in a condition. Depending on the type of condition, possible values are:
- tagValues
-
- Type: Array of TagCriterionPairForJob structures
TagCriterionPairForJob
Description
Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based condition that determines whether an S3 bucket is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.
Members
TagScopeTerm
Description
Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.
Members
- comparator
-
- Type: string
The operator to use in a condition. Depending on the type of condition, possible values are:
- key
-
- Type: string
- tagValues
-
- Type: Array of TagValuePair structures
- target
-
- Type: string
The type of object to apply a tag-based condition to. Valid values are:
TagValuePair
Description
Specifies a tag key or tag key and value pair to use in a tag-based condition that determines whether an S3 object is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.
Members
ThrottlingException
Description
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
Members
UnprocessableEntityException
Description
Provides information about an error that occurred due to an unprocessable entity.
Members
UnprocessedAccount
Description
Provides information about an account-related request that hasn't been processed.
Members
UsageByAccount
Description
Provides data for a specific usage metric and the corresponding quota for an Amazon Macie account.
Members
- currency
-
- Type: string
The type of currency that the data for an Amazon Macie usage metric is reported in. Possible values are:
- estimatedCost
-
- Type: string
- serviceLimit
-
- Type: ServiceLimit structure
Specifies a current quota for an Amazon Macie account.
- type
-
- Type: string
The name of an Amazon Macie usage metric for an account. Possible values are:
UsageRecord
Description
Provides quota and aggregated usage data for an Amazon Macie account.
Members
- accountId
-
- Type: string
- automatedDiscoveryFreeTrialStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- freeTrialStartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
- usage
-
- Type: Array of UsageByAccount structures
UsageStatisticsFilter
Description
Specifies a condition for filtering the results of a query for quota and usage data for one or more Amazon Macie accounts.
Members
- comparator
-
- Type: string
The operator to use in a condition that filters the results of a query for Amazon Macie account quotas and usage data. Valid values are:
- key
-
- Type: string
The field to use in a condition that filters the results of a query for Amazon Macie account quotas and usage data. Valid values are:
- values
-
- Type: Array of strings
UsageStatisticsSortBy
Description
Specifies criteria for sorting the results of a query for Amazon Macie account quotas and usage data.
Members
UsageTotal
Description
Provides aggregated data for an Amazon Macie usage metric. The value for the metric reports estimated usage data for an account for the preceding 30 days or the current calendar month to date, depending on the time period (timeRange) specified in the request.
Members
UserIdentity
Description
Provides information about the type and other characteristics of an entity that performed an action on an affected resource.
Members
- assumedRole
-
- Type: AssumedRole structure
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.
- awsAccount
-
- Type: AwsAccount structure
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.
- awsService
-
- Type: AwsService structure
Provides information about an Amazon Web Service that performed an action on an affected resource.
- federatedUser
-
- Type: FederatedUser structure
Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.
- iamUser
-
- Type: IamUser structure
Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.
- root
-
- Type: UserIdentityRoot structure
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for your Amazon Web Services account.
- type
-
- Type: string
The type of entity that performed the action on the affected resource. Possible values are:
UserIdentityRoot
Description
Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for your Amazon Web Services account.
Members
UserPausedDetails
Description
Provides information about when a classification job was paused. For a one-time job, this object also specifies when the job will expire and be cancelled if it isn't resumed. For a recurring job, this object also specifies when the paused job run will expire and be cancelled if it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. The information in this object applies only to a job that was paused while it had a status of RUNNING.
Members
ValidationException
Description
Provides information about an error that occurred due to a syntax error in a request.