Posted On: Apr 15, 2021

Amazon Macie now publishes job status and health logs to CloudWatch, providing you with continuous visibility into operations of your sensitive data discovery jobs to quickly identify, investigate, and address errors.

With this new feature, Amazon Macie automatically publishes job events to Amazon CloudWatch Logs, which you can monitor and analyze as as a job progresses. The data in these logs provides a record of changes to a job's status, such as the exact date and time when a job started, was paused, or finished running. The log data also provides details about any account or bucket level errors such as insufficient access privileges, or other misconfigurations that prevent Macie from accessing and analyzing data. You can subscribe to these log entries and create custom alarms to be notified to correct the errors and resume normal operations. Macie event logging is enabled by default for all sensitive data discovery jobs in all supported AWS regions. To get started, simply login to the Amazon CloudWatch console or use the Amazon CloudWatch Logs API to review the logs for your sensitive data discovery jobs. You can also learn more by reading the Macie documentation page.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or a single API call, including multi-account support using AWS Organizations to allow for enablement across all AWS accounts in an organization with a few clicks. Once enabled, Macie automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert on any publicly accessible buckets, unencrypted buckets, or buckets shared or replicated with AWS accounts outside of a customer’s organization. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII), financial information, or credential materials. This can help you comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR).

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access control and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. To learn more, see the Amazon Macie documentation page.