URI HTTP methods Schemas Properties See also

Classification Scope

The Classification Scope resource provides access to the settings of the classification scope for your Amazon Macie account. The classification scope specifies Amazon Simple Storage Service (Amazon S3) buckets that you don't want Macie to analyze when it performs automated sensitive data discovery for your account. It defines an S3 bucket exclusion list for automated sensitive data discovery. For more information, see Performing automated sensitive data discovery in the Amazon Macie User Guide.

The first time you enable automated sensitive data discovery for your account, Macie automatically creates the classification scope for your account. Macie then uses the settings specified by the classification scope to determine which S3 buckets to exclude from analyses. You can customize the settings by adding buckets to and removing buckets from the list of buckets to exclude. For example, you might exclude buckets that typically store AWS logging data, such as a bucket that stores AWS CloudTrail event logs. By default, Macie analyzes data in all the buckets for your account. If your account is the Macie administrator account for an organization, this includes buckets that member accounts own.

You can use the Classification Scope resource to retrieve or update the classification scope settings for your account. To use this resource, automated sensitive data discovery must be enabled for your account. To enable automated sensitive data discovery for your account, use the Automated Sensitive Data Discovery Configuration resource. When you use this resource, you have to specify the unique identifier for the classification scope for your account. To obtain this identifier, use the Classification Scopes resource.

URI

/classification-scopes/id

HTTP methods

GET

Operation ID: GetClassificationScope

Retrieves the classification scope settings for an account.

Path parameters
Name	Type	Required	Description
`id`	String	True	The unique identifier for the Amazon Macie resource that the request applies to.

Responses
Status code	Response model	Description
`200`	`GetClassificationScopeResponse`	The request succeeded.
`400`	`ValidationException`	The request failed because the input doesn't satisfy the constraints specified by the service.
`403`	`AccessDeniedException`	The request was denied because you don't have sufficient access to the specified resource.
`404`	`ResourceNotFoundException`	The request failed because the specified resource wasn't found.
`429`	`ThrottlingException`	The request failed because you sent too many requests during a certain amount of time.
`500`	`InternalServerException`	The request failed due to an unknown internal server error, exception, or failure.

PATCH

Operation ID: UpdateClassificationScope

Updates the classification scope settings for an account.

Path parameters
Name	Type	Required	Description
`id`	String	True	The unique identifier for the Amazon Macie resource that the request applies to.

Responses
Status code	Response model	Description
`200`	`Empty Schema`	The request succeeded. The specified settings were updated and there isn't any content to include in the body of the response (No Content).
`400`	`ValidationException`	The request failed because the input doesn't satisfy the constraints specified by the service.
`403`	`AccessDeniedException`	The request was denied because you don't have sufficient access to the specified resource.
`404`	`ResourceNotFoundException`	The request failed because the specified resource wasn't found.
`429`	`ThrottlingException`	The request failed because you sent too many requests during a certain amount of time.
`500`	`InternalServerException`	The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request bodies


{
  "s3": {
    "excludes": {
      "bucketNames": [
        "string"
      ],
      "operation": enum
    }
  }
}

Response bodies


{
  "id": "string",
  "name": "string",
  "s3": {
    "excludes": {
      "bucketNames": [
        "string"
      ]
    }
  }
}

{
}


{
  "message": "string"
}


{
  "message": "string"
}


{
  "message": "string"
}


{
  "message": "string"
}


{
  "message": "string"
}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

ClassificationScopeUpdateOperation

Specifies how to apply changes to the S3 bucket exclusion list defined by the classification scope for an Amazon Macie account. Valid values are:

ADD
REPLACE
REMOVE

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

GetClassificationScopeResponse

Provides information about the classification scope settings for an Amazon Macie account. Macie uses these settings when it performs automated sensitive data discovery for the account.

Property	Type	Required	Description
`id`	string	False	The unique identifier for the classification scope.
`name`	string	False	The name of the classification scope: `automated-sensitive-data-discovery`.
`s3`	S3ClassificationScope	False	The S3 buckets that are excluded from automated sensitive data discovery.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

S3ClassificationScope

Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Property	Type	Required	Description
`excludes`	S3ClassificationScopeExclusion	True	The S3 buckets that are excluded.

S3ClassificationScopeExclusion

Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.

Property	Type	Required	Description
`bucketNames`	Array of type string	True	An array of strings, one for each S3 bucket that is excluded. Each string is the full name of an excluded bucket.

S3ClassificationScopeExclusionUpdate

Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.

Property	Type	Required	Description
`bucketNames`	Array of type string	True	Depending on the value specified for the update operation (`ClassificationScopeUpdateOperation`), an array of strings that: lists the names of buckets to add or remove from the list, or specifies a new set of bucket names that overwrites all existing names in the list. Each string must be the full name of an S3 bucket. Values are case sensitive.
`operation`	ClassificationScopeUpdateOperation	True	Specifies how to apply the changes to the exclusion list. Valid values are: `ADD` - Append the specified bucket names to the current list. `REMOVE` - Remove the specified bucket names from the current list. `REPLACE` - Overwrite the current list with the specified list of bucket names. If you specify this value, Amazon Macie removes all existing names from the list and adds all the specified names to the list.

S3ClassificationScopeUpdate

Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Property	Type	Required	Description
`excludes`	S3ClassificationScopeExclusionUpdate	True	The names of the S3 buckets to add or remove from the list.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.

UpdateClassificationScopeRequest

Specifies new classification scope settings for an Amazon Macie account. Macie uses these settings when it performs automated sensitive data discovery for the account. To update the settings, automated sensitive data discovery must currently be enabled for the account.

Property	Type	Required	Description
`s3`	S3ClassificationScopeUpdate	False	The S3 buckets to add or remove from the exclusion list defined by the classification scope.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property	Type	Required	Description
`message`	string	False	The explanation of the error that occurred.