URI HTTP methods Schemas Properties See also

Automated Sensitive Data Discovery Configuration

The Automated Sensitive Data Discovery Configuration resource provides access to the configuration settings for performing automated sensitive data discovery for your account, and the status of the configuration. To configure and use automated sensitive data discovery, your account must be the Amazon Macie administrator account for an organization or a standalone Macie account.

If automated sensitive data discovery is enabled for your Macie account, Macie continually uses sampling techniques to identify and select representative objects from your Amazon Simple Storage Service (Amazon S3) buckets. Macie then retrieves and analyzes the selected objects, inspecting them for sensitive data. If your account is the Macie administrator account for an organization, this includes objects in S3 buckets that your member accounts own.

You can monitor and review analyses' results in resource sensitivity profiles, statistical data, and other information that Macie produces and provides about your Amazon S3 data. These results are in addition to sensitive data findings, which report sensitive data that Macie finds in individual S3 objects, and sensitive data discovery results, which log details about the analysis of individual S3 objects. For more information, see Performing automated sensitive data discovery in the Amazon Macie User Guide.

To customize the analyses, you can change the automated sensitive data discovery configuration for your account. The configuration consists of a classification scope and a sensitivity inspection template. The classification scope specifies S3 buckets that you want to exclude from the analyses, such as buckets that typically store AWS logging data. The sensitivity inspection template specifies the allow lists, custom data identifiers, and managed data identifiers that you want Macie to use when it analyzes S3 objects. To change the configuration, use the Classification Scope and Sensitivity Inspection Template resources.

If you disable automated sensitive data discovery for your account, Macie retains your configuration settings. However, Macie stops performing all automated sensitive data discovery activities for your account. In addition, you lose access to all resource sensitivity profiles, statistical data, and other information that Macie produced and directly provided about your Amazon S3 data while performing those activities. This doesn't include sensitive data findings and discovery results. Macie stores your findings for 90 days, and you can continue to access your sensitive data discovery results in Amazon S3.

If you disable automated sensitive data discovery for your account, you can enable it again. Macie then resumes all automated sensitive data discovery activities for your account. If you re-enable it within 30 days, you regain access to resource sensitivity profiles, statistical data, and other information that Macie previously produced and directly provided while performing those activities. If you don't re-enable it within 30 days, Macie permanently deletes these profiles and the statistical data and other information that it produced and directly provided.

If you're the delegated Macie administrator for an organization or you have a standalone Macie account, you can use the Automated Sensitive Data Discovery Configuration resource to enable or disable automated sensitive data discovery for your account. You can also use this resource to retrieve your current configuration settings for performing automated sensitive data discovery, and the status of the configuration for your account.

URI

/automated-discovery/configuration

HTTP methods

GET

Operation ID: GetAutomatedDiscoveryConfiguration

Retrieves the configuration settings and status of automated sensitive data discovery for an account.

Responses
Status code	Response model	Description
`200`	`GetAutomatedDiscoveryConfigurationResponse`	The request succeeded.
`400`	`ValidationException`	The request failed because the input doesn't satisfy the constraints specified by the service.
`403`	`AccessDeniedException`	The request was denied because you don't have sufficient access to the specified resource.
`429`	`ThrottlingException`	The request failed because you sent too many requests during a certain amount of time.
`500`	`InternalServerException`	The request failed due to an unknown internal server error, exception, or failure.

PUT

Operation ID: UpdateAutomatedDiscoveryConfiguration

Enables or disables automated sensitive data discovery for an account.

Responses
Status code	Response model	Description
`200`	`Empty Schema`	The request succeeded. The status of the automated sensitive data discovery configuration for the account was updated and there isn't any content to include in the body of the response (No Content).
`400`	`ValidationException`	The request failed because the input doesn't satisfy the constraints specified by the service.
`403`	`AccessDeniedException`	The request was denied because you don't have sufficient access to the specified resource.
`429`	`ThrottlingException`	The request failed because you sent too many requests during a certain amount of time.
`500`	`InternalServerException`	The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request bodies


{
  "status": enum
}

Response bodies


{
  "classificationScopeId": "string",
  "disabledAt": "string",
  "firstEnabledAt": "string",
  "lastUpdatedAt": "string",
  "sensitivityInspectionTemplateId": "string",
  "status": enum
}

{
}


{
  "message": "string"
}


{
  "message": "string"
}


{
  "message": "string"
}


{
  "message": "string"
}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

AutomatedDiscoveryStatus

The status of the automated sensitive data discovery configuration for an Amazon Macie account. Valid values are:

ENABLED
DISABLED

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

GetAutomatedDiscoveryConfigurationResponse

Provides information about the configuration settings for performing automated sensitive data discovery for an Amazon Macie account, and the status of the configuration for the account.

Property	Type	Required	Description
`classificationScopeId`	string	False	The unique identifier for the classification scope that's used when performing automated sensitive data discovery for the account. The classification scope specifies S3 buckets to exclude from automated sensitive data discovery.
`disabledAt`	string	False	The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently disabled for the account. This value is null if automated sensitive data discovery wasn't enabled and subsequently disabled for the account.
`firstEnabledAt`	string	False	The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was initially enabled for the account. This value is null if automated sensitive data discovery has never been enabled for the account.
`lastUpdatedAt`	string	False	The date and time, in UTC and extended ISO 8601 format, when automated sensitive data discovery was most recently enabled or disabled for the account.
`sensitivityInspectionTemplateId`	string	False	The unique identifier for the sensitivity inspection template that's used when performing automated sensitive data discovery for the account. The template specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data.
`status`	AutomatedDiscoveryStatus	False	The current status of the automated sensitive data discovery configuration for the account. Possible values are: `ENABLED`, use the specified settings to perform automated sensitive data discovery activities for the account; and, `DISABLED`, don't perform automated sensitive data discovery activities for the account.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

UpdateAutomatedDiscoveryConfigurationRequest

Enables or disables automated sensitive data discovery for an Amazon Macie account.

Property Type Required Description

Property	Type	Required	Description
`status`	AutomatedDiscoveryStatus	True	The new status of automated sensitive data discovery for the account. Valid values are: `ENABLED`, start or resume automated sensitive data discovery activities for the account; and, `DISABLED`, stop performing automated sensitive data discovery activities for the account. When you enable automated sensitive data discovery for the first time, Amazon Macie uses default configuration settings to determine which data sources to analyze and which managed data identifiers to use. To change these settings, use the `UpdateClassificationScope` and `UpdateSensitivityInspectionTemplate` operations, respectively. If you change the settings and subsequently disable the configuration, Amazon Macie retains your changes.

status

AutomatedDiscoveryStatus

True

The new status of automated sensitive data discovery for the account. Valid values are: ENABLED, start or resume automated sensitive data discovery activities for the account; and, DISABLED, stop performing automated sensitive data discovery activities for the account.

When you enable automated sensitive data discovery for the first time, Amazon Macie uses default configuration settings to determine which data sources to analyze and which managed data identifiers to use. To change these settings, use the UpdateClassificationScope and UpdateSensitivityInspectionTemplate operations, respectively. If you change the settings and subsequently disable the configuration, Amazon Macie retains your changes.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.