AWS Macie

Published in

Ankercloud Engineering

7 min readNov 30, 2023

What Is Amazon Macie And How To Protect Your Sensitive Data?

With the increasing number of security breaches experienced by both large and small companies, having a full security platform is important. Protecting valuable data like Personal Identifiable Information (PII) is a high priority and with growing data stored in AWS Cloud, we feel that we need to automate findings so you don’t have to bother to manually classify data and its permissions. In that Scenario, AWS Macie comes in handy.

Amazon Macie can play the main role in making you aware of what data is stored and the level of security you have. In this blog post, we look at what Amazon Macie is, and how to set it up in the AWS Management Console

What is an Amazon Macie?

Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in Amazon Simple Storage Service (Amazon S3)

Macie can recognize any PII or Protected Health Information (PHI) that exists in your S3 buckets. Macie also monitors the S3 buckets themselves for security and access control. This can help you meet regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR), or just continually achieve the security you require in the AWS Cloud environment.

In general, Macie helps you answer these questions about your data:

1. What data do I have in my S3 buckets?

2. Where is it located?

3. How is data being shared and stored — publicly or privately?

4. What PII or PHI is possibly publicly exposed?

5. How do I build workflow remediation for my security and compliance needs?

How does Macie work?

Within a few minutes after enabling Macie for your AWS account, Macie will generate your S3 bucket list in the region where you enabled it. It means Macie works at the region level. Macie will also begin to monitor the security and access control of the buckets. When it detects the risk of unauthorized access or any accidental data leakage, it generates detailed findings.

Macie has three main features:

1. Macie summary dashboard

This dashboard gives you a view of the total number of buckets, the total number of objects, and the total number of S3 storage consumed. It also divides the S3 buckets dashboard by whether they are shared publicly, encrypted or not, and buckets shared inside and outside your AWS account or AWS Organization.

2. Macie Jobs

Create and run sensitive data discovery jobs to automatically discover, record, and report sensitive data in Amazon S3 buckets. We can create jobs by all buckets or only publicly accessible buckets.

You can configure the job to run once for on-demand analysis or schedule for periodic analysis and monitoring. (like Weekly, Monthly )

We can create jobs only for public buckets or all the buckets which include public and private

3. Macie’s Findings

A finding is a detailed report of sensitive data in S3 buckets or S3 objects for any policy violations that happened like PII, or HIPPA. Macie provides two types of findings: policy findings and sensitive data findings.

Examples of policy findings below

Examples of sensitive data findings below

In every Macie finding dashboard, you will find detailed info.

Macie benefits

Easy to set up

Macie is easy to set up with one click in the AWS Management Console and provides multi-account support using AWS OU so you can enable Macie across all of your accounts with a few clicks.

Constant monitoring of S3 buckets

Macie continually evaluates your Amazon S3 environment and provides an S3 bucket summary across all of your AWS accounts. Macie will detect and alert you about any unencrypted buckets, publicly accessible buckets, or buckets shared outside your AWS Organization.

Macie allows you to run one-time, daily, weekly, or monthly data discovery jobs for all, or a subset of objects in an Amazon S3 bucket. It also automatically tracks changes to the bucket and only evaluates new or modified objects over time.

Meet privacy regulations

Amazon Macie maintains a growing list of sensitive data types that include common personally identifiable information (PII) and other sensitive data types as defined by data privacy regulations, such as GDPR, PCI-DSS, and HIPAA.

Custom-defined sensitive data types

Amazon Macie provides you the ability to add custom-defined data types using regular expressions to enable Macie to discover unique sensitive data for your business.

Macie set up

The easiest way to set Macie up is by using the AWS Management Console:

1. Sign in to the AWS and select Macie from security identity and complaince and choose the AWS Region where you want to start.

2. Choose “Get started”.

3. Choose “Enable” Macie.

4. Before enabling the “Job” we need to have data for analysis which need to be stored the data in S3. Store some data in S3 by creating a bucket and upload objects and needed permissions according to your consideration.

5. And then just click on “Get started” in the menu and select which “Job” you want to start.

6. Just click on “Create job”

7. Click on the criteria you desire “select specific buckets” or “select specific bucket criteria”. And choose the buckets you want to monitor manually by clicking the check box. Click next.

8. Review the buckets to make sure the needed buckets are added. Click “Next”

9. Choose the scheduled job or one-time job as per your requirement. Here i am selecting a one-time job. In additional settings, We have included or excluded different options. Here I am selecting the storage size and specifying between 50 KB to 200 KB. We have different options here in object criteria and select according to your requirement. Click Next.

For reference, I am adding the screenshot of the size of the file i uploaded in S3 bucket.

10. Select manage data identifiers. Click next.

11. To create custom identifiers for better scanning we need to click on manage custom identifiers.

12. It will redirect to these page. And click on create. Here we are customizing it in regex expressions by entering [0–9] expression any data present in the object. And customizing severity based on the number you prefer. Click on create.