Macie Account Administration - Amazon Macie

Macie Account Administration

The Macie Account Administration resource provides access to the status and configuration settings for your Amazon Macie account.

You can use this resource to enable Macie for your AWS account, and specify settings that enable Macie to start monitoring and analyzing sensitive data for you. When you enable Macie, the service generates a session for your account in the current AWS Region, and it assigns a unique identifier to that session. A session is a resource that represents the Macie service for a specific account in a specific Region. It enables Macie to become operational. An account can have only one session in each Region.

After you enable Macie, you can also use this resource to review and update the configuration settings for your account. This includes suspending (pausing) your account and subsequently re-enabling your account. If you suspend your Macie account, the service stops performing all activities for your account. However, it retains the session identifier, settings, and resources for your account. To suspend a Macie master account, you must first disassociate the account from all of its member accounts.

If you decide to disable your Macie account completely, you can use this resource to do so. If you disable your Macie account, the service stops performing all activities for your account. In addition, Macie permanently deletes all resources that it stores or maintains for you. This includes classification jobs, custom data identifiers, findings, and the session resource (and identifier) for your account. This doesn't include resources that Macie created and stored in other AWS services for you, such as data classification results in Amazon S3 and findings in AWS Security Hub. Before you disable your Macie account, you must disassociate the account from its Macie master account or, if it's a master account, all of its member accounts.

URI

/macie

HTTP Methods

GET

Operation ID: GetMacieSession

Retrieves information about the current status and configuration settings for an Amazon Macie account.

Responses
Status Code Response Model Description
200 GetMacieSessionResponse

The request succeeded.

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

POST

Operation ID: EnableMacie

Enables Amazon Macie and specifies the configuration settings for a Macie account.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

DELETE

Operation ID: DisableMacie

Disables an Amazon Macie account and deletes Macie resources for the account.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

PATCH

Operation ID: UpdateMacieSession

Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macie account.

Responses
Status Code Response Model Description
200 Empty Schema

The request succeeded and there isn't any content to include in the body of the response (No Content).

400 ValidationException

The request failed because it contains a syntax error.

402 ServiceQuotaExceededException

The request failed because fulfilling the request would exceed one or more service quotas for your account.

403 AccessDeniedException

The request was denied because you don't have sufficient access to the specified resource.

404 ResourceNotFoundException

The request failed because the specified resource wasn't found.

409 ConflictException

The request failed because it conflicts with the current state of the specified resource.

429 ThrottlingException

The request failed because you sent too many requests during a certain amount of time.

500 InternalServerException

The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request Bodies

Example POST

{ "clientToken": "string", "findingPublishingFrequency": enum, "status": enum }

Example PATCH

{ "findingPublishingFrequency": enum, "status": enum }

Response Bodies

Example GetMacieSessionResponse

{ "createdAt": "string", "serviceRole": "string", "findingPublishingFrequency": enum, "status": enum, "updatedAt": "string" }

Example Empty Schema

{ }

Example ValidationException

{ "message": "string" }

Example ServiceQuotaExceededException

{ "message": "string" }

Example AccessDeniedException

{ "message": "string" }

Example ResourceNotFoundException

{ "message": "string" }

Example ConflictException

{ "message": "string" }

Example ThrottlingException

{ "message": "string" }

Example InternalServerException

{ "message": "string" }

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

EnableMacieRequest

Enables Amazon Macie and specifies the configuration settings for an Amazon Macie account.

Property Type Required Description
clientToken

string

False

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

findingPublishingFrequency

FindingPublishingFrequency

False

Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

status

MacieStatus

False

Specifies the status for the account. To enable Amazon Macie and start all Amazon Macie activities for the account, set this value to ENABLED.

FindingPublishingFrequency

The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are:

  • FIFTEEN_MINUTES

  • ONE_HOUR

  • SIX_HOURS

GetMacieSessionResponse

Provides information about the current status and configuration settings for an Amazon Macie account.

Property Type Required Description
createdAt

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.

serviceRole

string

False

The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor and analyze data in AWS resources for the account.

findingPublishingFrequency

FindingPublishingFrequency

False

The frequency with which Amazon Macie publishes updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

status

MacieStatus

False

The current status of the Amazon Macie account. Possible values are: PAUSED, the account is enabled but all Amazon Macie activities are suspended (paused) for the account; and, ENABLED, the account is enabled and all Amazon Macie activities are enabled for the account.

updatedAt

string

Format: date-time

False

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Amazon Macie account.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

MacieStatus

The status of an Amazon Macie account. Valid values are:

  • PAUSED

  • ENABLED

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

UpdateMacieSessionRequest

Changes the status or configuration settings for an Amazon Macie account.

Property Type Required Description
findingPublishingFrequency

FindingPublishingFrequency

False

Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

status

MacieStatus

False

Specifies whether to change the status of the account. Valid values are: ENABLED, resume all Amazon Macie activities for the account; and, PAUSED, suspend all Macie activities for the account.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property Type Required Description
message

string

False

The explanation of the error that occurred.

See Also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

GetMacieSession

EnableMacie

DisableMacie

UpdateMacieSession