Posted On: Sep 23, 2021

Amazon Macie now allows you to select which managed data identifiers to use when you create a sensitive data discovery job. This allows you to customize what data types you deem sensitive and would like Macie to alert on per specific data governance and privacy needs in your organization. When you create a job, choose from the growing list of managed data identifiers such as personally identifiable information (PII), financial information, or credential materials that you would like to target for each sensitive data discovery job you configure and run with Macie.

Amazon Macie uses a combination of criteria and techniques, including machine learning and pattern matching, to detect sensitive data. These criteria and techniques, referred to as managed data identifiers, can detect a large and growing list of sensitive data types for many countries and regions, including multiple types of financial data, personal health information (PHI), and personally identifiable information (PII). Each managed data identifier is designed to detect a specific type of sensitive data—for example, credit card numbers, AWS secret keys, or passport numbers for a particular country or region. When you create a sensitive data discovery job, you can configure the job to use these identifiers to analyze objects in Amazon Simple Storage Service (Amazon S3) buckets that you specify.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or with a single API call. In addition, Macie has multi-account support using AWS Organizations, which makes it easy for you to enable Macie across all of your AWS accounts. Once enabled, Macie automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert on any publicly accessible buckets, unencrypted buckets, or buckets shared or replicated with AWS accounts outside of a customer’s organization. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as names, addresses, credit card numbers, or credential materials. This can help you comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR).

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access control and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. To learn more, see the Amazon Macie documentation page.