Managing Amazon Macie accounts with AWS Organizations - Amazon Macie

Managing Amazon Macie accounts with AWS Organizations

If you use AWS Organizations to centrally manage multiple AWS accounts, you can integrate Amazon Macie with AWS Organizations, and then centrally manage Macie for accounts in your organization. With this configuration, a designated Macie administrator can enable and manage Macie for as many as 5,000 accounts. The administrator can also access Amazon Simple Storage Service (Amazon S3) inventory data and run sensitive data discovery jobs for the accounts. For details about tasks that the administrator can perform, see Understanding the relationship between Amazon Macie administrator and member accounts.

To integrate Macie with AWS Organizations, you start by designating an account as the delegated Macie administrator account for the organization. The Macie administrator then enables Macie for other accounts in the organization, adds those accounts as Macie member accounts, and configures Macie settings and resources for the accounts.

Tip

If you already associated a Macie administrator account with member accounts by using invitations, you can designate that account as the delegated Macie administrator account for your organization in AWS Organizations. If you do this, all currently associated member accounts remain members and you can take full advantage of the benefits of managing accounts by using AWS Organizations. For more information, see Transitioning from an invitation-based organization.

The topics in this section explain how to integrate Macie with AWS Organizations and how to administer and manage Macie for accounts in an organization.