Posted On: May 13, 2020
We are excited to announce the launch of a completely redesigned Amazon Macie with dramatic price reduction that lowers the price by 80% to over 90% with volume discounting tiers (see the New Macie Pricing). This meaningful price reduction was achieved by a multi-month effort to rearchitect Macie’s data discovery engine, deeply integrating with Amazon S3 to make better use of the underlying storage and compute resources and perform even faster and more scalable detections. In addition to the price reduction, new capabilities and enhancements have been added, including updated machine learning (ML) models for more accurate identification of Personally Identifiable Information (PII), support for customer-defined data types for proprietary or unique sensitive data, and native multi-account management through AWS Organizations that allows for management of up to 5,000 accounts from a single account.
Getting started is now easier than ever with the addition of one-click enablement and direct integration with S3 that removes the requirement to enable S3 data events to use Macie. Once enabled, the service now automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert on any publicly accessible buckets, unencrypted buckets, or buckets shared or replicated with AWS accounts outside of a customer’s organization. This allows data security, privacy, and compliance teams to gain visibility into their organization’s S3 environment and ensure these data security best practices are adhered to across their entire organization.
The redesigned Macie console or APIs can now be used to search and filter buckets of interest by variables such as bucket name, public accessibility, resource tags, or encryption status and quickly submit buckets to be analyzed by Macie for the presence of sensitive data. Macie can be configured to run periodically on any bucket, automating the evaluation of any new and modified objects as they are placed in a bucket over time. As security findings are generated, they are delivered to the new Macie console and pushed out the Amazon CloudWatch Events, making it easy to integrate with existing event management, ticketing, and workflow systems, or use to trigger automated remediation with services like AWS Step Functions to take action like closing a public bucket or adding resource tags.
Macie remains optimized for S3 where anything that can be placed in S3, permanently or temporarily, in an object type supported by Macie can be evaluated for sensitive data. This allows for use cases like taking periodic snapshots of RDS or Aurora databases, crawling DynamoDB using AWS Glue, or pulling text or files out of homegrown or third-party applications, placing the data in S3, and evaluating it with Macie.
Macie has been expanded to 17 AWS Regions globally including US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with availability in additional Regions in the coming months.
The service now also comes with a 30-day free trial and perpetual free tier, including a new usage experience that allows for review of month-to-date spend and manage spend limits over time. To learn more and get started visit Amazon Macie product page.