What is Amazon Macie? - Amazon Macie

What is Amazon Macie?

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover, monitor, and help you protect your sensitive data in Amazon Simple Storage Service (Amazon S3). Macie automates the discovery of sensitive data, such as personally identifiable information (PII) and intellectual property, to provide you with a better understanding of the data that your organization stores in Amazon S3. Within minutes, Macie can identify overly permissive or unencrypted buckets across your AWS accounts. And it automatically and continuously monitors that data, and generates detailed findings for you. Macie also enables you to define custom detection rules that reflect your organization's intellectual property, proprietary data, and particular scenarios.


Macie enables you to be proactive with security compliance and preventive security as follows:

  • Identify a variety of data types, including PII, Protected Health Information (PHI), regulatory documents, and private keys

  • Detect changes to policies and access control lists

  • Continuously monitor the security posture of your Amazon S3 data

  • Generate security findings that you can review using the Amazon Macie console, the Amazon Macie API, AWS Security Hub, or Amazon EventBridge

  • Manage multiple AWS accounts by using AWS Organizations


As with other AWS products, there are no contracts or minimum commitments for using Macie.

Macie pricing is based primarily on two dimensions—evaluating and monitoring S3 buckets for security and access control, and analyzing S3 objects to discover and report sensitive data in those objects. Depending on how you use the service, you might also incur costs for using other AWS services in combination with certain Macie features, such as retrieving bucket data from Amazon S3 and using customer-managed, AWS KMS customer master keys to decrypt objects for analysis. For more information, see Amazon Macie Pricing.

When you enable Macie for the first time, your AWS account is automatically enrolled in the 30-day free trial of Macie. This includes accounts that are enabled as part of an AWS organization. During the free trial, there’s no charge for Macie to evaluate and monitor your S3 data for security and access control. To help you understand and forecast the cost of using Macie after the free trial ends, Macie provides usage details for your account. These details include estimated costs based on your use of Macie during the preceding 30 days. They also indicate the amount of time that remains before your free trial ends.

Regional availability

Macie is available in most AWS Regions. For a list of Regions where Macie is currently available, see Amazon Macie endpoints and quotas in the Amazon Web Services General Reference. To learn more about AWS Regions, see Managing AWS Regions in the Amazon Web Services General Reference.

In each Region, AWS maintains multiple Availability Zones. These Availability Zones are physically isolated from each other, but are united by private, low-latency, high-throughput, and highly redundant network connections. They enable us to provide very high levels of availability and redundancy, while also minimizing latency. To learn more about the number of Availability Zones that are available in each Region, see AWS Global Infrastructure.