Findings Descriptions - Amazon Macie

Findings Descriptions

The Findings Descriptions resource represents the repository of findings for your account. A finding is a notification that contains details about a data classification or a potential data access issue that Amazon Macie discovers for a data source. For detailed information about the types of findings that Macie can report, see the Amazon Macie User Guide.

You can use this resource to retrieve detailed information about one or more findings. To customize and refine your query, you can use supported parameters to specify which findings to retrieve and how to sort the results.

URI

/findings/describe

HTTP Methods

POST

Operation ID: GetFindings

Retrieves information about one or more findings.

Responses
Status Code Response Model Description
200 GetFindingsResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request Bodies

Example POST

{ "findingIds": [ "string" ], "sortCriteria": { "orderBy": enum, "attributeName": "string" } }

Response Bodies

Example GetFindingsResponse

{ "findings": [ { "severity": { "score": integer, "description": enum }, "schemaVersion": "string", "count": integer, "description": "string", "title": "string", "type": enum, "sample": boolean, "archived": boolean, "accountId": "string", "createdAt": "string", "partition": "string", "classificationDetails": { "result": { "customDataIdentifiers": { "totalCount": integer, "detections": [ { "count": integer, "name": "string", "arn": "string" } ] }, "sensitiveData": [ { "category": enum, "totalCount": integer, "detections": [ { "count": integer, "type": "string" } ] } ], "sizeClassified": integer, "mimeType": "string", "status": { "reason": "string", "code": "string" } }, "jobId": "string", "detailedResultsLocation": "string", "jobArn": "string" }, "policyDetails": { "actor": { "domainDetails": { "domainName": "string" }, "ipAddressDetails": { "ipOwner": { "org": "string", "asnOrg": "string", "isp": "string", "asn": "string" }, "ipCity": { "name": "string" }, "ipAddressV4": "string", "ipCountry": { "code": "string", "name": "string" }, "ipGeoLocation": { "lon": number, "lat": number } }, "userIdentity": { "federatedUser": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string" }, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "awsAccount": { "accountId": "string", "principalId": "string" }, "root": { "accountId": "string", "principalId": "string", "arn": "string" }, "assumedRole": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string" }, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "type": enum, "iamUser": { "accountId": "string", "principalId": "string", "userName": "string", "arn": "string" }, "awsService": { "invokedBy": "string" } } }, "action": { "actionType": enum, "apiCallDetails": { "lastSeen": "string", "firstSeen": "string", "apiServiceName": "string", "api": "string" } } }, "id": "string", "category": enum, "region": "string", "resourcesAffected": { "s3Object": { "path": "string", "extension": "string", "versionId": "string", "storageClass": enum, "bucketArn": "string", "serverSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "size": integer, "publicAccess": boolean, "eTag": "string", "lastModified": "string", "key": "string", "tags": [ { "value": "string", "key": "string" } ] }, "s3Bucket": { "owner": { "displayName": "string", "id": "string" }, "createdAt": "string", "publicAccess": { "effectivePermission": enum, "permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "name": "string", "defaultServerSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "arn": "string", "tags": [ { "value": "string", "key": "string" } ] } }, "updatedAt": "string" } ] }

Example ValidationException

{ "message": "string" }

Example ServiceQuotaExceededException

{ "message": "string" }

Example AccessDeniedException

{ "message": "string" }

Example ResourceNotFoundException

{ "message": "string" }

Example ConflictException

{ "message": "string" }

Example ThrottlingException

{ "message": "string" }

Example InternalServerException

{ "message": "string" }

Properties

AccessControlList

Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.

Property Type Required Description
allowsPublicReadAccess

boolean

False

Specifies whether the ACL grants the general public with read access permissions for the bucket.

allowsPublicWriteAccess

boolean

False

Specifies whether the ACL grants the general public with write access permissions for the bucket.

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

AccountLevelPermissions

Provides information about account-level permissions settings that apply to an S3 bucket.

Property Type Required Description
blockPublicAccess

BlockPublicAccess

False

The block public access settings for the bucket.

ApiCallDetails

Provides information about an API operation that an entity invoked for an affected resource.

Property Type Required Description
lastSeen

string

Format: date-time

False

The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.

firstSeen

string

Format: date-time

False

The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.

apiServiceName

string

False

The URL of the AWS service that provides the operation, for example: s3.amazonaws.com.

api

string

False

The name of the operation that was invoked most recently and produced the finding.

AssumedRole

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the AWS Security Token Service (AWS STS) API.

Property Type Required Description
accessKeyId

string

False

The AWS access key ID that identifies the credentials.

sessionContext

SessionContext

False

The details of the session that was created for the credentials, including the entity that issued the session.

accountId

string

False

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

principalId

string

False

The unique identifier for the entity that was used to get the credentials.

arn

string

False

The Amazon Resource Name (ARN) of the entity that was used to get the credentials.

AwsAccount

Provides information about an AWS account and entity that performed an action on an affected resource. The action was performed using the credentials for an AWS account other than your own account.

Property Type Required Description
accountId

string

False

The unique identifier for the AWS account.

principalId

string

False

The unique identifier for the entity that performed the action.

AwsService

Provides information about an AWS service that performed an action on an affected resource.

Property Type Required Description
invokedBy

string

False

The name of the AWS service that performed the action.

BlockPublicAccess

Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account level or bucket level. For detailed information about each setting, see Using Amazon S3 block public access in the Amazon Simple Storage Service Developer Guide.

Property Type Required Description
blockPublicPolicy

boolean

False

Specifies whether Amazon S3 blocks public bucket policies for the bucket.

restrictPublicBuckets

boolean

False

Specifies whether Amazon S3 restricts public bucket policies for the bucket.

blockPublicAcls

boolean

False

Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.

ignorePublicAcls

boolean

False

Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.

BucketLevelPermissions

Provides information about bucket-level permissions settings for an S3 bucket.

Property Type Required Description
accessControlList

AccessControlList

False

The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.

blockPublicAccess

BlockPublicAccess

False

The block public access settings for the bucket.

bucketPolicy

BucketPolicy

False

The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.

BucketPermissionConfiguration

The account-level and bucket-level permissions settings for an S3 bucket.

Property Type Required Description
accountLevelPermissions

AccountLevelPermissions

False

The account-level permissions settings that apply to the bucket.

bucketLevelPermissions

BucketLevelPermissions

False

The bucket-level permissions settings for the bucket.

BucketPolicy

Provides information about the permissions settings of a bucket policy for an S3 bucket.

Property Type Required Description
allowsPublicReadAccess

boolean

False

Specifies whether the bucket policy allows the general public to have read access to the bucket.

allowsPublicWriteAccess

boolean

False

Specifies whether the bucket policy allows the general public to have write access to the bucket.

BucketPublicAccess

Provides information about permissions settings that determine whether an S3 bucket is publicly accessible.

Property Type Required Description
effectivePermission

string

Values: PUBLIC | NOT_PUBLIC

False

Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are: PUBLIC, the bucket is publicly accessible; and, NOT_PUBLIC, the bucket isn't publicly accessible.

permissionConfiguration

BucketPermissionConfiguration

False

The account-level and bucket-level permissions for the bucket.

ClassificationDetails

Provides information about a sensitive data finding, including the classification job that produced the finding.

Property Type Required Description
result

ClassificationResult

False

The status and detailed results of the finding.

jobId

string

False

The unique identifier for the classification job that produced the finding.

detailedResultsLocation

string

False

The Amazon Resource Name (ARN) of the file that contains the detailed record, including offsets, for the finding.

jobArn

string

False

The Amazon Resource Name (ARN) of the classification job that produced the finding.

ClassificationResult

Provides detailed information about a sensitive data finding, including the types and number of occurrences of the sensitive data that was found.

Property Type Required Description
customDataIdentifiers

CustomDataIdentifiers

False

The number of occurrences of the data that produced the finding, and the custom data identifiers that detected the data.

sensitiveData

Array of type SensitiveDataItem

False

The category and number of occurrences of the sensitive data that produced the finding.

sizeClassified

integer

Format: int64

False

The total size, in bytes, of the data that the finding applies to.

mimeType

string

False

The type of content, expressed as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe PDF file.

status

ClassificationResultStatus

False

The status of the finding.

ClassificationResultStatus

Provides information about the status of a sensitive data finding.

Property Type Required Description
reason

string

False

A brief description of the status of the finding. Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding.

code

string

False

The status of the finding, such as COMPLETE.

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

CustomDataIdentifiers

Provides information about the number of occurrences of the data that produced a sensitive data finding, and the custom data identifiers that detected the data for the finding.

Property Type Required Description
totalCount

integer

Format: int64

False

The total number of occurrences of the data that was detected by the custom data identifiers and produced the finding.

detections

Array of type CustomDetection

False

The custom data identifiers that detected the data, and the number of occurrences of the data that each identifier detected.

CustomDetection

Provides information about a custom data identifier that produced a sensitive data finding, and the number of occurrences of the data that it detected for the finding.

Property Type Required Description
count

integer

Format: int64

False

The total number of occurrences of the data that the custom data identifier detected for the finding.

name

string

False

The name of the custom data identifier.

arn

string

False

The Amazon Resource Name (ARN) of the custom data identifier.

DefaultDetection

Provides information about sensitive data that was detected by managed data identifiers and produced a sensitive data finding.

Property Type Required Description
count

integer

Format: int64

False

The total number of occurrences of the type of data that was detected.

type

string

False

The type of data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, or ADDRESS.

DomainDetails

Provides information about the domain name of the device that an entity used to perform an action on an affected resource.

Property Type Required Description
domainName

string

False

The name of the domain.

EncryptionType

The type of server-side encryption that's used to encrypt objects in the S3 bucket. Valid values are:

  • NONE

  • AES256

  • aws:kms

  • UNKNOWN

FederatedUser

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the AWS Security Token Service (AWS STS) API.

Property Type Required Description
accessKeyId

string

False

The AWS access key ID that identifies the credentials.

sessionContext

SessionContext

False

The details of the session that was created for the credentials, including the entity that issued the session.

accountId

string

False

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

principalId

string

False

The unique identifier for the entity that was used to get the credentials.

arn

string

False

The Amazon Resource Name (ARN) of the entity that was used to get the credentials.

Finding

Provides information about a finding.

Property Type Required Description
severity

Severity

False

The severity of the finding.

schemaVersion

string

False

The version of the schema that was used to define the data structures in the finding.

count

integer

Format: int64

False

The total number of occurrences of this finding.

description

string

False

The description of the finding.

title

string

False

The brief description of the finding.

type

FindingType

False

The type of the finding.

sample

boolean

False

Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data to demonstrate what a finding might contain.

archived

boolean

False

Specifies whether the finding is archived.

accountId

string

False

The unique identifier for the AWS account that the finding applies to. This is typically the account that owns the affected resource.

createdAt

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, when the finding was created.

partition

string

False

The AWS partition that Amazon Macie created the finding in.

classificationDetails

ClassificationDetails

False

The details of a sensitive data finding. This value is null for a policy finding.

policyDetails

PolicyDetails

False

The details of a policy finding. This value is null for a sensitive data finding.

id

string

False

The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns to a finding when it creates the finding.

category

FindingCategory

False

The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and, POLICY, for a policy finding.

region

string

False

The AWS Region that Amazon Macie created the finding in.

resourcesAffected

ResourcesAffected

False

The resources that the finding applies to.

updatedAt

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, when the finding was last updated. For sensitive data findings, this value is the same as the value for the createdAt property. Sensitive data findings aren't updated.

FindingAction

Provides information about an action that occurred for a resource and produced a policy finding.

Property Type Required Description
actionType

FindingActionType

False

The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, which indicates that an entity invoked an API operation for the resource.

apiCallDetails

ApiCallDetails

False

The invocation details of the API operation that an entity invoked for the affected resource, if the value for the actionType property is AWS_API_CALL.

FindingActionType

The type of action that occurred for the resource and produced the policy finding:

  • AWS_API_CALL

FindingActor

Provides information about an entity that performed an action that produced a policy finding for a resource.

Property Type Required Description
domainDetails

DomainDetails

False

The domain name of the device that the entity used to perform the action on the affected resource.

ipAddressDetails

IpAddressDetails

False

The IP address of the device that the entity used to perform the action on the affected resource. This object also provides information such as the owner and geographic location for the IP address.

userIdentity

UserIdentity

False

The type and other characteristics of the entity that performed the action on the affected resource.

FindingCategory

The category of the finding. Valid values are:

  • CLASSIFICATION

  • POLICY

FindingType

The type of finding. Valid values are:

  • SensitiveData:S3Object/Multiple

  • SensitiveData:S3Object/Financial

  • SensitiveData:S3Object/Personal

  • SensitiveData:S3Object/Credentials

  • SensitiveData:S3Object/CustomIdentifier

  • Policy:IAMUser/S3BucketPublic

  • Policy:IAMUser/S3BucketSharedExternally

  • Policy:IAMUser/S3BucketReplicatedExternally

  • Policy:IAMUser/S3BucketEncryptionDisabled

  • Policy:IAMUser/S3BlockPublicAccessDisabled

GetFindingsRequest

Specifies one or more findings to retrieve information about.

Property Type Required Description
findingIds

Array of type string

True

An array of strings that lists the unique identifiers for the findings to retrieve information about.

sortCriteria

SortCriteria

False

The criteria for sorting the results of the request.

GetFindingsResponse

Provides the results of a request for information about one or more findings.

Property Type Required Description
findings

Array of type Finding

False

An array of objects, one for each finding that meets the criteria specified in the request.

IamUser

Provides information about an AWS Identity and Access Management (IAM) user who performed an action on an affected resource.

Property Type Required Description
accountId

string

False

The unique identifier for the AWS account that's associated with the IAM user who performed the action.

principalId

string

False

The unique identifier for the IAM user who performed the action.

userName

string

False

The user name of the IAM user who performed the action.

arn

string

False

The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user who performed the action.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

IpAddressDetails

Provides information about the IP address of the device that an entity used to perform an action on an affected resource.

Property Type Required Description
ipOwner

IpOwner

False

The registered owner of the IP address.

ipCity

IpCity

False

The city that the IP address originated from.

ipAddressV4

string

False

The Internet Protocol version 4 (IPv4) address of the device.

ipCountry

IpCountry

False

The country that the IP address originated from.

ipGeoLocation

IpGeoLocation

False

The geographic coordinates of the location that the IP address originated from.

IpCity

Provides information about the city that an IP address originated from.

Property Type Required Description
name

string

False

The name of the city.

IpCountry

Provides information about the country that an IP address originated from.

Property Type Required Description
code

string

False

The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originated from. For example, US for the United States.

name

string

False

The name of the country that the IP address originated from.

IpGeoLocation

Provides geographic coordinates that indicate where a specified IP address originated from.

Property Type Required Description
lon

number

False

The longitude coordinate of the location, rounded to four decimal places.

lat

number

False

The latitude coordinate of the location, rounded to four decimal places.

IpOwner

Provides information about the registered owner of an IP address.

Property Type Required Description
org

string

False

The name of the organization that owned the IP address.

asnOrg

string

False

The organization identifier that's associated with the autonomous system number (ASN) for the autonomous system that included the IP address.

isp

string

False

The name of the internet service provider (ISP) that owned the IP address.

asn

string

False

The autonomous system number (ASN) for the autonomous system that included the IP address.

KeyValuePair

Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

Property Type Required Description
value

string

False

One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be empty or null.

key

string

False

One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.

PolicyDetails

Provides the details of a policy finding.

Property Type Required Description
actor

FindingActor

False

The entity that performed the action that produced the finding.

action

FindingAction

False

The action that produced the finding.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ResourcesAffected

Provides information about the resources that a finding applies to.

Property Type Required Description
s3Object

S3Object

False

An array of objects, one for each S3 object that the finding applies to. Each object provides a set of metadata about an affected S3 object.

s3Bucket

S3Bucket

False

An array of objects, one for each S3 bucket that the finding applies to. Each object provides a set of metadata about an affected S3 bucket.

S3Bucket

Provides information about an S3 bucket that a finding applies to.

Property Type Required Description
owner

S3BucketOwner

False

The display name and account identifier for the user who owns the bucket.

createdAt

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, when the bucket was created.

publicAccess

BucketPublicAccess

False

The permissions settings that determine whether the bucket is publicly accessible.

name

string

False

The name of the bucket.

defaultServerSideEncryption

ServerSideEncryption

False

The server-side encryption settings for the bucket.

arn

string

False

The Amazon Resource Name (ARN) of the bucket.

tags

Array of type KeyValuePair

False

The tags that are associated with the bucket.

S3BucketOwner

Provides information about the user who owns an S3 bucket.

Property Type Required Description
displayName

string

False

The display name of the user who owns the bucket.

id

string

False

The AWS account ID for the user who owns the bucket.

S3Object

Provides information about an S3 object that a finding applies to.

Property Type Required Description
path

string

False

The path to the object, including the full key (name).

extension

string

False

The file extension of the object. If the object doesn't have a file extension, this value is "".

versionId

string

False

The identifier for the affected version of the object.

storageClass

StorageClass

False

The storage class of the object.

bucketArn

string

False

The Amazon Resource Name (ARN) of the bucket that contains the object.

serverSideEncryption

ServerSideEncryption

False

The server-side encryption settings for the object.

size

integer

Format: int64

False

The total storage size, in bytes, of the object.

publicAccess

boolean

False

Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.

eTag

string

False

The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten or changed after Amazon Macie produced the finding, this value might be different from the current ETag for the object.

lastModified

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, when the object was last modified.

key

string

False

The full key (name) that's assigned to the object.

tags

Array of type KeyValuePair

False

The tags that are associated with the object.

SensitiveDataItem

Provides information about the category, type, and number of occurrences of sensitive data that produced a finding.

Property Type Required Description
category

SensitiveDataItemCategory

False

The category of sensitive data that was detected. For example: FINANCIAL_INFORMATION, for financial information such as credit card numbers; PERSONAL_INFORMATION, for personally identifiable information such as full names and mailing addresses; or, CUSTOM_IDENTIFIER, for data that was detected by a custom data identifier.

totalCount

integer

Format: int64

False

The total number of occurrences of the sensitive data that was detected.

detections

Array of type DefaultDetection

False

An array of objects, one for each type of sensitive data that was detected. Each object reports the number of occurrences of a specific type of sensitive data that was detected.

SensitiveDataItemCategory

The category of sensitive data that was detected and produced the finding. Possible values are:

  • FINANCIAL_INFORMATION

  • PERSONAL_INFORMATION

  • CREDENTIALS

  • CUSTOM_IDENTIFIER

ServerSideEncryption

Provides information about the server-side encryption settings for an S3 bucket or object.

Property Type Required Description
encryptionType

EncryptionType

False

The server-side encryption algorithm that's used when storing data in the bucket or object. If encryption is disabled for the bucket or object, this value is NONE.

kmsMasterKeyId

string

False

The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) master key that's used to encrypt the bucket or object. This value is null if KMS isn't used to encrypt the bucket or object.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

SessionContext

Provides information about a session that was created for an entity that performed an action by using temporary security credentials.

Property Type Required Description
sessionIssuer

SessionIssuer

False

The source and type of credentials that were issued to the entity.

attributes

SessionContextAttributes

False

The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.

SessionContextAttributes

Provides information about the context in which temporary security credentials were issued to an entity.

Property Type Required Description
mfaAuthenticated

boolean

False

Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.

creationDate

string

Format: date-time

False

The date and time, in UTC and ISO 8601 format, when the credentials were issued.

SessionIssuer

Provides information about the source and type of temporary security credentials that were issued to an entity.

Property Type Required Description
accountId

string

False

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

principalId

string

False

The unique identifier for the entity that was used to get the credentials.

userName

string

False

The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.

type

string

False

The source of the temporary security credentials, such as Root, IAMUser, or Role.

arn

string

False

The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get the credentials.

Severity

Provides the numeric score and textual representation of a severity value.

Property Type Required Description
score

integer

Format: int64

False

The numeric score for the severity value, ranging from 0 (least severe) to 4 (most severe).

description

SeverityDescription

False

The textual representation of the severity value, such as Low or High.

SeverityDescription

The textual representation of the finding's severity. Possible values are:

  • Low

  • Medium

  • High

SortCriteria

Specifies criteria for sorting the results of a request for information about findings.

Property Type Required Description
orderBy

string

Values: ASC | DESC

False

The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.

attributeName

string

False

The name of the property to sort the results by. This value can be the name of any property that Amazon Macie defines for a finding.

StorageClass

The storage class of the S3 bucket or object. Possible values are:

  • STANDARD

  • REDUCED_REDUNDANCY

  • STANDARD_IA

  • INTELLIGENT_TIERING

  • DEEP_ARCHIVE

  • ONEZONE_IA

  • GLACIER

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

UserIdentity

Provides information about the type and other characteristics of an entity that performed an action on an affected resource.

Property Type Required Description
federatedUser

FederatedUser

False

If the action was performed with temporary security credentials that were obtained using the GetFederationToken operation of the AWS Security Token Service (AWS STS) API, the identifiers, session context, and other details about the identity.

awsAccount

AwsAccount

False

If the action was performed using the credentials for another AWS account, the details of that account.

root

UserIdentityRoot

False

If the action was performed using the credentials for your AWS account, the details of your account.

assumedRole

AssumedRole

False

If the action was performed with temporary security credentials that were obtained using the AssumeRole operation of the AWS Security Token Service (AWS STS) API, the identifiers, session context, and other details about the identity.

type

UserIdentityType

False

The type of entity that performed the action.

iamUser

IamUser

False

If the action was performed using the credentials for an AWS Identity and Access Management (IAM) user, the name and other details about the user.

awsService

AwsService

False

If the action was performed by an AWS account that belongs to an AWS service, the name of the service.

UserIdentityRoot

Provides information about an AWS account and entity that performed an action on an affected resource. The action was performed using the credentials for your AWS account.

Property Type Required Description
accountId

string

False

The unique identifier for the AWS account.

principalId

string

False

The unique identifier for the entity that performed the action.

arn

string

False

The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user or role that performed the action.

UserIdentityType

The type of entity that performed the action on the affected resource. Possible values are:

  • AssumedRole

  • IAMUser

  • FederatedUser

  • Root

  • AWSAccount

  • AWSService

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

See Also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

GetFindings