Getting started with Amazon Macie - Amazon Macie

Getting started with Amazon Macie

This tutorial provides an introduction to Amazon Macie.

Before you begin

When you sign up for Amazon Web Services (AWS), your account is automatically signed up for all AWS services, including Amazon Macie. However, to enable and use Macie, you have to first set up permissions that allow you to access the Amazon Macie console and API operations. You can do this by using the AWS Identity and Access Management (IAM) console to attach the AmazonMacieFullAccess managed policy to your IAM identity. To learn more, see AWS managed policies in the IAM User Guide.

Step 1: Enable Amazon Macie

After you set up the required permissions, you can enable Macie. Follow these steps to enable Macie.

To enable Macie

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. By using the AWS Region selector in the upper-right corner of the page, select the Region in which you want to enable Macie.

  3. Choose Get started.

  4. (Optional) When you enable Macie, Macie creates a service-linked role that grants Macie the permissions that it requires to call other AWS services on your behalf. To learn more about this role, see Service-linked roles for Amazon Macie.

  5. Choose Enable Macie.

Within minutes, Macie generates an inventory of the Amazon Simple Storage Service (Amazon S3) buckets for your account in the current Region. Macie also begins monitoring the buckets for security and access control.

To review your bucket inventory, choose S3 buckets in the navigation pane on the console. To then display details about a bucket, choose the bucket's name in the table. The details panel displays statistics and other information that provides insight into the security and privacy of the bucket’s data. To learn more about these details, see Reviewing your S3 bucket inventory.

Step 2: Configure a repository for sensitive data discovery results

With Macie, you detect sensitive data by creating and running sensitive data discovery jobs. A sensitive data discovery job analyzes objects in S3 buckets to determine whether the objects contain sensitive data. If Macie discovers sensitive data in an object, Macie creates a sensitive data finding. A sensitive data finding is a detailed report of sensitive data that Macie found in an object.

Macie also creates a sensitive data discovery result for each object that you configure a job to analyze. A sensitive data discovery result is a record that logs details about the analysis of an object. This includes objects that don't contain sensitive data, and therefore don't produce sensitive data findings, and objects that Macie can't analyze due to issues such as permissions settings. If an object does contain sensitive data, the sensitive data discovery result includes data from the corresponding sensitive data finding. It provides additional information too.

Macie stores your sensitive data discovery results for 90 days. To access the results and enable long-term storage and retention of them, configure Macie to store the results in an S3 bucket. You must do this within 30 days of enabling Macie. After you do this, the S3 bucket can serve as a definitive, long-term repository for all of your discovery results.

To learn how to configure a repository for your discovery results, see Storing and retaining sensitive data discovery results.

Step 3: Explore sample findings

Macie provides two categories of findings, policy findings and sensitive data findings. A finding is a detailed report of a potential policy violation for an S3 bucket or sensitive data in an S3 object. Macie generates a policy finding when the policies or settings for an S3 bucket are changed in a way that reduces the security or privacy of the bucket and the bucket's objects. Macie generates a sensitive data finding when it discovers sensitive data in an S3 object that you configure a sensitive data discovery job to analyze. Within each category, there are multiple types of findings.

To explore and learn about the different categories and types of findings that Macie can generate, optionally create and review sample findings. Sample findings use example data and placeholder values to demonstrate the kinds of information that Macie might include in each type of finding. Follow these steps to create and review sample findings.

To create and review sample findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Settings.

  3. Under Sample findings, choose Generate sample findings.

    Macie generates one sample finding for each type of finding that Macie supports.

  4. In the navigation pane, choose Findings.

    The Findings page displays current findings for your account in the current AWS Region. This includes the sample findings that you created in the preceding step.

  5. On the Findings page, locate findings whose type begins with [SAMPLE].

  6. To review the details of a specific sample finding, choose any field other than the check box for the finding. The details panel displays information for the finding.

For information about each type of finding, see Types of findings. For more information about creating and reviewing sample findings, see Working with sample findings.

Step 4: Create a job to discover sensitive data

In Macie, you create and run sensitive data discovery jobs to analyze S3 objects and report sensitive data in those objects. To analyze objects, a job can use built-in, managed data identifiers that Macie provides, custom data identifiers that you create, or a combination of the two. For information about the types of S3 objects that Macie can analyze, see Discovering sensitive data. For information about the types of sensitive data that Macie can detect, see Using managed data identifiers.

Follow these steps to create a job that runs once, immediately after you create it, and uses default settings. To learn how to create a job that runs periodically or uses custom settings, see Creating a sensitive data discovery job.

To create a sensitive data discovery job

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Jobs.

  3. Choose Create job.

  4. For the Choose S3 buckets step, choose Select specific buckets.

    Macie displays a complete inventory of the S3 buckets for your account in the current AWS Region.

  5. Select the check box for each bucket that you want the job to analyze.

    Tip

    To find specific buckets more easily, enter filter criteria in the filter bar above the table. You can also sort the inventory by choosing a column heading in the table.

  6. When you finish selecting buckets, choose Next.

  7. For the Review S3 buckets step, review and verify your bucket selections. Then choose Next.

  8. For the Refine the scope step, choose One-time job, and then choose Next.

  9. For the Select managed data identifiers step, choose All, and then choose Next.

  10. For the Select custom data identifiers step, choose Next.

  11. For the Select allow lists step, choose Next.

  12. For the Enter general settings step, enter a name and, optionally, a description of the job. Then choose Next.

  13. For the Review and create step, review the job's configuration settings and verify that they're correct.

    You can also review the total estimated cost (in US Dollars) of running the job. To learn more about this estimate, see Forecasting the cost of a sensitive data discovery job.

  14. When you finish reviewing and verifying the job's settings, choose Submit.

Macie immediately starts running the job. You can then monitor and check the status of the job.

Step 5: Review your findings

Macie automatically monitors your S3 buckets for security and access control, and it creates policy findings to report potential issues with the security or privacy of your buckets. If you create and run a sensitive data discovery job, Macie also creates sensitive data findings to report sensitive data that it discovers in S3 objects. For more information about findings, see Analyzing findings.

Follow these steps to review your findings.

To review your findings

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. In the navigation pane, choose Findings. The Findings page displays current findings for your account in the current AWS Region.

  3. (Optional) To filter the findings by specific criteria, enter the criteria in the filter bar above the table. To learn more about filters, see Filtering findings.

  4. To review the details of a specific finding, choose any field other than the check box for the finding. The details panel displays information for the finding.

For more information, including how to group, filter, and download findings, see Reviewing findings.