Suspending or disabling Amazon Macie - Amazon Macie
Suspending MacieDisabling Macie

Suspending or disabling Amazon Macie

You can suspend or disable Amazon Macie in a specific AWS Region by using the Amazon Macie console or the Amazon Macie API. Macie then stops performing all activities for your account in that Region. You aren't charged for using Macie in the Region while it's suspended or disabled.

If you suspend or disable Macie, you can re-enable it at a later time.

Suspending Amazon Macie

If you suspend Amazon Macie, Macie retains the session identifier, settings, and resources for your account in the applicable AWS Region. For example, your existing findings remain intact and are retained for up to 90 days. However, when you suspend Macie, it stops performing all activities for your account in the applicable Region. This includes monitoring your Amazon Simple Storage Service (Amazon S3) data, performing automated sensitive data discovery, and running any sensitive data discovery jobs that are currently in progress. Macie also cancels all of your sensitive data discovery jobs in the Region.

After you suspend Macie, you can re-enable it. You then regain access to your settings and resources in the applicable Region, and Macie resumes its activities for your account in that Region. This includes updating the S3 bucket inventory for your account and monitoring the buckets for security and access control. This doesn't include resuming or restarting your sensitive data discovery jobs. Sensitive data discovery jobs can't be resumed or restarted after they're cancelled.

This topic explains how to suspend Macie by using the Amazon Macie console. If you prefer to do this programmatically, you can use the UpdateMacieSession operation of the Amazon Macie API.

Note

If you're the Macie administrator for an organization, you must remove all member accounts that are associated with your account before you suspend Macie for your account. For more information, see Managing multiple accounts.

To suspend Macie

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. By using the AWS Region selector in the upper-right corner of the page, select the Region in which you want to suspend Macie.

  3. In the navigation pane, choose Settings.

  4. Choose Suspend Macie.

  5. When prompted for confirmation, enter Suspend, and then choose Suspend.

To suspend Macie in additional Regions, repeat the preceding steps in each additional Region.

Disabling Amazon Macie

When you disable Amazon Macie, Macie stops performing all activities for your account in the applicable AWS Region. This includes monitoring your Amazon Simple Storage Service (Amazon S3) data, performing automated sensitive data discovery, and running any sensitive data discovery jobs that are currently in progress. Macie also deletes all the existing settings and resources that it stores or maintains for your account in the applicable Region, including your findings and sensitive data discovery jobs. Data that you stored or published to other AWS services remains intact and isn't affected—for example, sensitive data discovery results in Amazon S3 and finding events in Amazon EventBridge.

Warning

If you disable Macie, you also permanently delete all of your existing findings, sensitive data discovery jobs, custom data identifiers, and other resources that Macie stores or maintains for your account in the applicable Region. These resources can't be recovered after they're deleted. To keep the resources and only pause your use of Macie, suspend Macie instead of disabling it.

This topic explains how to disable Macie by using the Amazon Macie console. If you prefer to do this programmatically, you can use the DisableMacie operation of the Amazon Macie API.

Note

If your account is part of an organization that centrally manages multiple Macie accounts, you must do the following before you disable Macie:

  • If your account is a Macie member account, work with your Macie administrator to remove your account as a member account.

  • If your account is a Macie administrator account, remove all member accounts that are associated with your account, and delete the associations between your account and those accounts.

How you complete the preceding tasks depends on whether your Macie account is associated with other accounts through AWS Organizations or by invitation. For more information, see Managing multiple accounts.

To disable Macie

  1. Open the Amazon Macie console at https://console.aws.amazon.com/macie/.

  2. By using the AWS Region selector in the upper-right corner of the page, select the Region in which you want to disable Macie.

  3. In the navigation pane, choose Settings.

  4. Choose Disable Macie.

  5. When prompted for confirmation, enter Disable, and then choose Disable.

To disable Macie in additional Regions, repeat the preceding steps in each additional Region.