Document history for Amazon Macie - Amazon Macie

Document history for Amazon Macie

The following table describes the important changes to the documentation since the last release of Amazon Macie. For notification about updates to this documentation, you can subscribe to an RSS feed.

  • Latest documentation update: July 26, 2022

ChangeDescriptionDate

New feature

To verify the nature of sensitive data that Macie finds in S3 objects, you can now configure and use Macie to retrieve samples of sensitive data reported by findings.

July 26, 2022

Updated functionality

In the AmazonMacieFullAccess policy, we updated the Amazon Resource Name (ARN) of the Macie service-linked role (aws-service-role/macie.amazonaws.com/AWSServiceRoleForAmazonMacie).

June 30, 2022

Updated functionality

We updated the AmazonMacieServiceRolePolicy policy, which is the policy that's attached to the Macie service-linked role (AWSServiceRoleForAmazonMacie). The policy no longer specifies actions and resources for Amazon Macie Classic. Amazon Macie Classic has been discontinued and is no longer available.

May 20, 2022

New functionality

Macie now includes the OriginType field in sensitive data findings that it publishes to AWS Security Hub. The OriginType field specifies how Macie found the sensitive data that produced a finding: SENSITIVE_DATA_DISCOVERY_JOB.

May 11, 2022

Updated content

Clarified how keyword and maximum match distance settings work for custom data identifiers.

April 22, 2022

New functionality

Macie now provides managed data identifiers that are designed to detect HTTP Basic Authorization headers, HTTP cookies, and JSON Web Tokens.

April 21, 2022

New content

Added descriptions and definitions of key concepts and terms for Macie.

March 16, 2022

New functionality

To calculate and display estimated costs when you create and configure sensitive data discovery jobs, Macie now retrieves pricing data for your AWS account from AWS Billing and Cost Management. To support this functionality, we added a Billing and Cost Management action to the AmazonMacieFullAccess policy.

March 7, 2022

New functionality

Macie now includes the Sample field in findings that it publishes to AWS Security Hub. The Sample field specifies whether a finding is a sample finding.

February 24, 2022

New content

Added information about using Amazon Virtual Private Cloud to establish a private connection between your VPC and Macie.

January 19, 2022

New functionality

You can now use the Amazon Macie console to assign and manage tags for custom data identifiers, filter and suppression rules for findings, sensitive data discovery jobs, and, if you're the Macie administrator for an organization, member accounts in your organization. A tag is a label that you optionally define and assign to certain types of AWS resources.

January 12, 2022

New content

Added information about using AWS Identity and Access Management to manage access to Macie.

December 20, 2021

New feature

When you create a custom data identifier, you can now define severity settings for sensitive data findings that it produces. With these settings, you can specify which severity to assign to a finding based on the number of occurrences of text that matches the custom data identifier's detection criteria.

November 4, 2021

New functionality

To learn about the different types of findings that Macie provides, you can generate sample findings. Sample findings use example data and placeholder values to demonstrate the kinds of information that Macie might include in each type of finding.

October 28, 2021

New functionality

Macie now includes the OwnerAccountId field in findings that it publishes to AWS Security Hub. This field specifies the account ID for the AWS account that owns the affected S3 bucket.

October 27, 2021

New content

Added information about centrally managing multiple Macie accounts. You can do this in two ways, by integrating Macie with AWS Organizations or by sending membership invitations from Macie.

October 13, 2021

New functionality

Your S3 bucket inventory now indicates if a bucket's permissions settings prevent Macie from retrieving information about the bucket or the bucket's objects and evaluating and monitoring the security and privacy of the bucket's data. In addition, we updated references to AWS KMS keys and customer managed keys to reflect current terminology.

October 5, 2021

New functionality

Macie now stores policy and sensitive data findings for 90 days instead of 30 days. If Macie created or updated a finding on or after August 31, 2021, you can access the finding for up to 90 days by using the Macie console or the Macie API. In certain AWS Regions, Macie began retaining findings for 90 days as early as September 27, 2021.

October 1, 2021

New feature

When you create a sensitive data discovery job, you can now specify which managed data identifiers you want the job to use when it analyzes S3 objects. With this feature, you can tailor a job's analysis to focus on certain types of sensitive data.

September 17, 2021

New functionality

Sensitive data findings now provide additional information to help you locate sensitive data in JSON and JSON Lines files.

July 6, 2021

Updated functionality

Macie now uses the AwsS3Bucket resource type in findings that it publishes to AWS Security Hub. (Macie previously set this value to AWS::S3::Bucket.) AwsS3Bucket is the resource type value that's used for S3 buckets in the AWS Security Finding Format (ASFF).

June 28, 2021

New feature

When you create a sensitive data discovery job, you can now define runtime criteria that determine which S3 buckets the job analyzes. With this feature, the scope of a job's analysis can dynamically adapt to changes to your bucket inventory.

May 15, 2021

New functionality

Your S3 bucket inventory and the Summary dashboard now provide encryption metadata and statistics indicating whether buckets require server-side encryption of new objects. In addition, you can now perform on-demand refreshes of object metadata for individual buckets in your bucket inventory.

April 30, 2021

New feature

You can now use Amazon CloudWatch Logs to monitor and analyze events that occur when you run sensitive data discovery jobs. To support this feature, we added CloudWatch Logs actions to the AWS managed policy for the Macie service-linked role.

April 14, 2021

Regional availability

Macie is now available in the AWS Asia Pacific (Osaka) Region.

April 5, 2021

New feature

You can now configure Macie to publish sensitive data findings to AWS Security Hub.

March 22, 2021

New content

Added information about monitoring and forecasting Macie costs and participating in the free trial.

February 26, 2021

Updated content

We replaced the term master account with the term administrator account. An administrator account is used to centrally manage multiple accounts.

February 12, 2021

New functionality

You can now refine the scope of sensitive data discovery jobs by using S3 object prefixes in custom include and exclude criteria.

February 2, 2021

Updated content

Macie now adheres to the finding type taxonomy of the AWS Security Finding Format (ASFF) when it publishes policy findings to AWS Security Hub.

January 28, 2021

New content

Added information about monitoring Amazon S3 data and assessing the security and privacy of that data.

January 8, 2021

Regional availability

Macie is now available in the AWS Africa (Cape Town) Region, the AWS Europe (Milan) Region, and the AWS Middle East (Bahrain) Region.

December 21, 2020

New functionality

If your account is a Macie administrator account, you can now create and run sensitive data discovery jobs that analyze data for as many as 1,000 buckets spanning as many as 1,000 accounts in your organization.

November 25, 2020

New functionality

Your S3 bucket inventory now indicates whether you've configured any one-time or periodic sensitive data discovery jobs to analyze data in a bucket. If you have, it also provides details about the job that ran most recently.

November 23, 2020

New content

Added information about filtering findings.

November 12, 2020

New functionality

Sensitive data findings now provide additional information to help you locate sensitive data in Apache Avro object containers, Apache Parquet files, and Microsoft Excel workbooks.

November 9, 2020

New feature

You can now use sensitive data findings to locate individual occurrences of sensitive data in S3 objects.

October 22, 2020

New feature

You can now pause and resume sensitive data discovery jobs.

October 16, 2020

New content

Added details about the severity scoring system for policy findings and sensitive data findings.

October 6, 2020

New features

You can now view statistics that indicate how much data Macie can analyze in individual S3 buckets when you run a sensitive data discovery job. In addition, you can now view the estimated cost of a job when you create a job.

September 3, 2020

New content

Added information about configuring, running, and managing sensitive data discovery jobs.

August 31, 2020

New functionality

Managed data identifiers can now detect certain types of personally identifiable information for Brazil.

July 31, 2020

Updated content

Added information about the supported syntax for regular expressions in custom data identifiers.

July 30, 2020

Updated content

Added keyword requirements for managed data identifiers, and increased the quota for the number of findings that each sensitive data discovery job can produce.

July 17, 2020

New content

Added information about using Amazon EventBridge and AWS Security Hub to monitor and process findings. This includes the EventBridge event schema for findings and event examples for policy and sensitive data findings.

June 22, 2020

New content

Added information about analyzing and suppressing findings.

June 17, 2020

New content

Added instructions for configuring Macie to store detailed discovery results in an S3 bucket.

June 2, 2020

New content

Added information about the types of sensitive data that Macie can detect, and encryption requirements for detecting sensitive data in Amazon S3 objects.

May 28, 2020

Initial release

This is the initial release of the Amazon Macie User Guide.

May 13, 2020