Posted On: Jun 28, 2018

Today, Amazon Macie is introducing support for using AWS Identity and Access Management (IAM) service-linked roles to setup Amazon Macie with the delegated permissions needed to access resources in other services on your behalf. Service-linked roles also help you meet monitoring and auditing requirements because all actions performed on your behalf by Amazon Macie will appear in your AWS CloudTrail logs.

The Amazon Macie service-linked role called AWSServiceRoleForAmazonMacie is predefined by Macie and includes all the permissions required by Macie to access other AWS services and resources. Unlike a regular IAM role, you cannot delete the service-linked role if it is still in use by Amazon Macie. This protects you from the inadvertent revocation of permissions required by the service leaving your AWS resources in an inconsistent state. For more information, see Using Service-Linked Roles for Amazon Macie.

Amazon Macie is a security service that automatically discovers, classifies, and protects sensitive data in AWS. The service continuously monitors data access activity for anomalies and alerts when private data are made publicly accessible. Amazon Macie is currently available in US East (N. Virginia) and US West (Oregon). Learn more about Amazon Macie.