Posted On: Apr 21, 2022

Three new managed data identifiers have been added to Amazon Macie to expand its capabilities for discovering and identifying the locations of HTTP Basic Authentication Headers, HTTP Cookies, and JSON Web Tokens present in Amazon Simple Storage Service (Amazon S3). Knowing if and where these types of data are present in your S3 storage helps you to better plan the data security, governance, and privacy needs of your organization.

Amazon Macie also enhanced its existing managed data identifiers for identifying Passports, Mailing Addresses, and US Social Security Numbers (SSNs). This enhancement expands keyword support for discovering occurrences of SSNs and Passports, and the Macie pattern identification system now detects SSNs across a wider array of formats and delimiters. Additionally, the Amazon Macie machine learning models have been updated to improve accuracy in discovering mailing addresses in S3 objects. The updated models use additional checks to validate city names, ZIP codes, and Postal Codes to produce more accurate results.  

Amazon Macie uses a combination of criteria and techniques, including machine learning and pattern matching, to detect sensitive data. These criteria and techniques, referred to as managed data identifiers, can detect a large and growing list of sensitive data types for many countries and regions, including multiple types of financial data, personal health information (PHI), and personally identifiable information (PII). Each managed data identifier is designed to detect a specific type of sensitive data, such as credit card numbers, AWS secret keys, or passport numbers for a particular country or region. When you create a sensitive data discovery job, you can configure the job to use from a growing list of data identifiers to analyze objects in Amazon S3 buckets.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or with a single API call. In addition, Macie has multi-account support using AWS Organizations, which makes it easier for you to enable Macie across all of your AWS accounts. Once enabled, Macie automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert if buckets are publicly accessible, unencrypted buckets, or shared or replicated with AWS accounts outside of a customer’s organization. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as names, addresses, credit card numbers, or credential materials. Identifying sensitive data in S3 can help you comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR).

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access control and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. Macie also provides estimated costs per sensitive data discovery job in the console before you submit the job for processing. To learn more, see the Amazon Macie documentation page.