Posted On: Feb 2, 2021

We are excited to announce a series of new capabilities that have been added to Amazon Macie to make it easier to configure, scope, and run sensitive data discovery in AWS, including support for scanning jobs that cover Amazon S3 buckets residing across multiple accounts, scoping of scans by object prefix, better cost estimation for visibility of spend before jobs are submitted, and sensitive data location information added to Macie findings.  

With the addition of cross account sensitive data discovery and object prefix scoping, a single scanning job can now be configured to cover Amazon S3 buckets that span multiple AWS accounts and evaluation of objects can be scoped down by prefix or prefixes of interest within a bucket. Before job submission, an improved cost estimator experience has been added to provide better visibility into estimated cost to run a configured scanning job. The new cost estimation takes into account supported object types, compressed files, and the Macie volume discount pricing tiers. Once submitted, findings are generated in the Amazon Macie console and sent out through Amazon EventBridge where sensitive data location information is now included in the findings. This allows for identification of sensitive data within objects using detail such as line numbers, page numbers, record index, or column and row numbers.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or a single API call, including multi-account support using AWS Organizations to allow for enablement across all AWS accounts in an organization with a few clicks. The service maintains a large and growing list of managed sensitive data types, including personal identifiable information (PII) such as names, addresses, credit card numbers, and country identification numbers as well as supports the creation of custom sensitive data types that can be used to detect sensitive data that may be unique to a given business or use case.  

Available globally, Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access control and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. To learn more, see the Amazon Macie documentation page.