Macie

Definition

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect sensitive data in AWS. It helps identify and alert on the presence of sensitive data such as personally identifiable information (PII) or intellectual property across AWS environments. Macie provides visibility into how this data is accessed and moved, enabling organizations to maintain compliance with data protection regulations.

Secure Settings Example

{
  "macie2": {
    "enable": true,
    "s3Bucket": {
      "bucketName": "my-secure-bucket",
      "classificationType": "FULL",
      "sensitivityInspection": true
    },
    "findingsPublishingFrequency": "FIFTEEN_MINUTES"
  }
}

This configuration enables Amazon Macie with full classification for a specific S3 bucket, ensuring sensitive data is regularly inspected and findings are published every fifteen minutes.

Insecure Settings Example

{
  "macie2": {
    "enable": false,
    "s3Bucket": {
      "bucketName": "my-insecure-bucket",
      "classificationType": "NONE",
      "sensitivityInspection": false
    },
    "findingsPublishingFrequency": "DAILY"
  }
}

In this insecure configuration, Macie is disabled, and no classification or sensitivity inspection is performed on the S3 bucket, leaving sensitive data unmonitored and potentially exposed.