Resource Sensitivity Profile

The Resource Sensitivity Profile resource provides statistical data for sensitive data discovery metrics that apply to individual Amazon Simple Storage Service (Amazon S3) buckets for your account. For each S3 bucket, this includes key metrics such as:

• The number of objects that Amazon Macie has analyzed.

• The number of objects that Macie has found sensitive data in.

• The number of occurrences of sensitive data that Macie has found.

The data captures the results of automated sensitive data discovery activities that Macie has performed for an S3 bucket. For more information, see Performing automated sensitive data discovery in the Amazon Macie User Guide.

This resource also provides access to the sensitivity score for individual S3 buckets. By default, Macie calculates this score based on the intersection of two primary dimensions: the amount of data that Macie has analyzed in a bucket, and the amount of sensitive data that Macie has found in a bucket. You can optionally override the calculated score and assign the maximum score (100) to a bucket, which also applies the Sensitive label to the bucket. If you assign the maximum score, Macie continues to perform automated sensitive data discovery for the bucket. However, later analyses don't affect the bucket's score.

You can use the Resource Sensitivity Profile resource to retrieve (query) statistical data for sensitive data discovery metrics that apply to an S3 bucket. You can also use this resource to retrieve and optionally change the sensitivity score for a bucket. To use this resource, automated sensitive data discovery must be enabled for your Macie account. To enable automated sensitive data discovery for your account, use the Automated Sensitive Data Discovery Configuration resource.

URI

/resource-profiles

HTTP methods

GET

Operation ID: GetResourceProfile

Retrieves (queries) sensitive data discovery statistics and the sensitivity score for an S3 bucket.

Query parameters
Name	Type	Required	Description
resourceArn	String	True	The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.

Responses
Status code	Response model	Description
200	GetResourceProfileResponse	The request succeeded.
400	ValidationException	The request failed because the input doesn't satisfy the constraints specified by the service.
402	ServiceQuotaExceededException	The request failed because fulfilling the request would exceed one or more service quotas for your account.
403	AccessDeniedException	The request was denied because you don't have sufficient access to the specified resource.
404	ResourceNotFoundException	The request failed because the specified resource wasn't found.
429	ThrottlingException	The request failed because you sent too many requests during a certain amount of time.
500	InternalServerException	The request failed due to an unknown internal server error, exception, or failure.

PATCH

Operation ID: UpdateResourceProfile

Updates the sensitivity score for an S3 bucket.

Query parameters
Name	Type	Required	Description
resourceArn	String	True	The Amazon Resource Name (ARN) of the S3 bucket that the request applies to.

Responses
Status code	Response model	Description
200	Empty Schema	The request succeeded. The S3 bucket's sensitivity score was updated and there isn't any content to include in the body of the response (No Content).
400	ValidationException	The request failed because the input doesn't satisfy the constraints specified by the service.
402	ServiceQuotaExceededException	The request failed because fulfilling the request would exceed one or more service quotas for your account.
403	AccessDeniedException	The request was denied because you don't have sufficient access to the specified resource.
404	ResourceNotFoundException	The request failed because the specified resource wasn't found.
429	ThrottlingException	The request failed because you sent too many requests during a certain amount of time.
500	InternalServerException	The request failed due to an unknown internal server error, exception, or failure.

Schemas

Request bodies

PATCH schema

{
  "sensitivityScoreOverride": integer
}

Response bodies

GetResourceProfileResponse schema

{
  "profileUpdatedAt": "string",
  "sensitivityScore": integer,
  "sensitivityScoreOverridden": boolean,
  "statistics": {
    "totalBytesClassified": integer,
    "totalDetections": integer,
    "totalDetectionsSuppressed": integer,
    "totalItemsClassified": integer,
    "totalItemsSensitive": integer,
    "totalItemsSkipped": integer,
    "totalItemsSkippedInvalidEncryption": integer,
    "totalItemsSkippedInvalidKms": integer,
    "totalItemsSkippedPermissionDenied": integer
  }
}

Empty Schema schema

{
}

ValidationException schema

{
  "message": "string"
}

ServiceQuotaExceededException schema

{
  "message": "string"
}

AccessDeniedException schema

{
  "message": "string"
}

ResourceNotFoundException schema

{
  "message": "string"
}

ThrottlingException schema

{
  "message": "string"
}

InternalServerException schema

{
  "message": "string"
}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

GetResourceProfileResponse

Provides the results of a query that retrieved sensitive data discovery statistics and the sensitivity score for an S3 bucket that Amazon Macie monitors and analyzes for your account. This data is available only if automated sensitive data discovery is currently enabled for your account.

Property	Type	Required	Description
profileUpdatedAt	string Format: date-time	True	The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently recalculated sensitive data discovery statistics and details for the bucket. If the bucket's sensitivity score is calculated automatically, this includes the score.
sensitivityScore	integer Format: int32	True	The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). By default, this score is calculated automatically based on the amount of data that Amazon Macie has analyzed in the bucket and the amount of sensitive data that Macie has found in the bucket.
sensitivityScoreOverridden	boolean	False	Specifies whether the bucket's current sensitivity score was set manually. If this value is true, the score was manually changed to 100. If this value is false, the score was calculated automatically by Amazon Macie.
statistics	ResourceStatistics	True	The sensitive data discovery statistics for the bucket. The statistics capture the results of automated sensitive data discovery activities that Amazon Macie has performed for the bucket.

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

ResourceNotFoundException

Provides information about an error that occurred because a specified resource wasn't found.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

ResourceStatistics

Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for your account. The statistics capture the results of automated sensitive data discovery activities that Macie has performed for the bucket. The data is available only if automated sensitive data discovery is currently enabled for your account.

Property	Type	Required	Description
totalBytesClassified	integer Format: int64	False	The total amount of data, in bytes, that Amazon Macie has analyzed in the bucket.
totalDetections	integer Format: int64	False	The total number of occurrences of sensitive data that Amazon Macie has found in the bucket's objects. This includes occurrences that are currently suppressed by the sensitivity scoring settings for the bucket (totalDetectionsSuppressed).
totalDetectionsSuppressed	integer Format: int64	False	The total number of occurrences of sensitive data that are currently suppressed by the sensitivity scoring settings for the bucket. These represent occurrences of sensitive data that Amazon Macie found in the bucket's objects, but the occurrences were manually suppressed. By default, suppressed occurrences are excluded from the bucket's sensitivity score.
totalItemsClassified	integer Format: int64	False	The total number of objects that Amazon Macie has analyzed in the bucket.
totalItemsSensitive	integer Format: int64	False	The total number of the bucket's objects that Amazon Macie has found sensitive data in.
totalItemsSkipped	integer Format: int64	False	The total number of objects that Amazon Macie hasn't analyzed in the bucket due to an error or issue. For example, the object is a malformed file. This value includes objects that Macie hasn't analyzed for reasons reported by other statistics in the ResourceStatistics object.
totalItemsSkippedInvalidEncryption	integer Format: int64	False	The total number of objects that Amazon Macie hasn't analyzed in the bucket because the objects are encrypted with a key that Macie isn't allowed to use.
totalItemsSkippedInvalidKms	integer Format: int64	False	The total number of objects that Amazon Macie hasn't analyzed in the bucket because the objects are encrypted with an AWS KMS key that was disabled or deleted.
totalItemsSkippedPermissionDenied	integer Format: int64	False	The total number of objects that Amazon Macie hasn't analyzed in the bucket because Macie isn't allowed to access the objects.

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

ThrottlingException

Provides information about an error that occurred because too many requests were sent during a certain amount of time.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

UpdateResourceProfileRequest

Specifies a new sensitivity score for an S3 bucket that Amazon Macie monitors and analyzes for your account. To update the score, automated sensitive data discovery must currently be enabled for your account.

Property	Type	Required	Description
sensitivityScoreOverride	integer Format: int32	False	The new sensitivity score for the bucket. Valid values are: 100, assign the maximum score and apply the Sensitive label to the bucket; and, null (empty), assign a score that Amazon Macie calculates automatically after you submit the request.

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

Property	Type	Required	Description
message	string	False	The explanation of the error that occurred.

See also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

GetResourceProfile

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

UpdateResourceProfile

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3