Analyzing your Amazon S3 security posture with Amazon Macie - Amazon Macie

Analyzing your Amazon S3 security posture with Amazon Macie

To help you perform in-depth analysis and evaluate the security posture of your Amazon Simple Storage Service (Amazon S3) data, Amazon Macie maintains a complete inventory of your S3 buckets in each AWS Region where you use Macie. To learn how Macie maintains this inventory for you, see How Macie monitors Amazon S3 data security. If you're the Macie administrator for an organization, the inventory includes data for S3 buckets that your member accounts own.

By using this inventory, you can review your Amazon S3 data estate, and examine details and statistics for key security settings and metrics that apply to individual S3 buckets. For example, you can access breakdowns of each bucket’s public access and encryption settings, and the size and number of objects that Macie can analyze to detect sensitive data in each bucket. You can also determine whether you configured any sensitive data discovery jobs to analyze objects in a bucket and, if so, when one of those jobs most recently ran. If automated sensitive data discovery is enabled for your account, you can also use the inventory to review the results of automated sensitive data discovery activities that Macie has performed thus far for your account or organization. For more information, see Discovering sensitive data.

You can browse and filter inventory data by using the S3 buckets page on the Amazon Macie console. You can also access your inventory data programmatically by using the DescribeBuckets operation of the Amazon Macie API.