Types of Amazon Macie findings - Amazon Macie

Types of Amazon Macie findings

Amazon Macie generates two categories of findings, policy findings and sensitive data findings. A policy finding is a detailed report of a potential policy violation for an Amazon Simple Storage Service (Amazon S3) bucket. Macie generates these findings as part of its ongoing monitoring activities for your Amazon S3 data. A sensitive data finding is a detailed report of sensitive data in an S3 object. Macie generates these findings when it discovers sensitive data in S3 objects that you configure it to analyze as part of a sensitive data discovery job.

Policy findings

Macie generates policy findings when the policies or settings for an S3 bucket are changed in a way that reduces the security of the bucket and its objects. Macie does this only if the change occurs after you enable your Macie account.

For example, if default encryption was enabled for a bucket when you enabled your Macie account and default encryption is subsequently disabled for the bucket, Macie generates a Policy:IAMUser/S3BucketEncryptionDisabled finding for the bucket. Conversely, if default encryption was and has continued to be disabled for a bucket since you enabled your Macie account, Macie doesn't generate a Policy:IAMUser/S3BucketEncryptionDisabled finding for the bucket.

Macie can generate the following types of policy findings for an S3 bucket.

Policy:IAMUser/S3BucketEncryptionDisabled

Default encryption was disabled for the bucket. By default, Amazon S3 won't encrypt objects when they're added to the bucket.

To learn about default encryption settings for S3 buckets, see Amazon S3 default encryption for S3 buckets in the Amazon Simple Storage Service Developer Guide.

Policy:IAMUser/S3BucketPublic

An access control list (ACL) or bucket policy for the bucket was changed to allow access by anonymous users or all authenticated AWS Identity and Access Management (IAM) users or roles.

To learn about ACLs and bucket policies for S3 buckets, see Identity and access management in Amazon S3 in the Amazon Simple Storage Service Developer Guide.

Policy:IAMUser/S3BucketPublicAccessDisabled

Block public access settings were disabled for the bucket. Access to the bucket is controlled only by ACLs and bucket policies.

To learn about block public access settings for S3 buckets, see Using Amazon S3 block public access in the Amazon Simple Storage Service Developer Guide.

Policy:IAMUser/S3BucketReplicatedExternally

Data replication was enabled and configured to replicate data from the bucket to an AWS account that isn't part of your Macie organization.

To learn about replication settings for S3 buckets, see Replication in the Amazon Simple Storage Service Developer Guide.

Policy:IAMUser/S3BucketSharedExternally

An ACL or bucket policy for the bucket was changed to allow the bucket to be shared with an AWS account that isn't part of your Macie organization.

To learn about ACLs and bucket policies for S3 buckets, see Identity and access management in Amazon S3 in the Amazon Simple Storage Service Developer Guide.

Sensitive data findings

Macie generates sensitive data findings when it discovers sensitive data in S3 objects that you configure it to analyze as part of a sensitive data discovery job. Macie can generate the following types of sensitive data findings for an object.

SensitiveData:S3Object/Credentials

The object contains credentials, such as private keys or AWS secret keys.

SensitiveData:S3Object/CustomIdentifier

The object contains content that matches one or more custom data identifiers. The object might include more than one type of sensitive data.

SensitiveData:S3Object/Financial

The object contains financial information, such as credit card numbers or bank account numbers.

SensitiveData:S3Object/Multiple

The object contains more than one category of sensitive data—any combination of credentials, financial information, personal information, or content that matches one or more custom data identifiers.

SensitiveData:S3Object/Personal

The object contains personal information—personally identifiable information (such as full names or mailing addresses), personal health information (such as health insurance or medical identification numbers), or a combination of the two.

For detailed information about the types of sensitive data that Macie can detect, see Using managed data identifiers. For information about the types of S3 objects that Macie can analyze, see Supported file and storage formats.