Posted On: Jul 26, 2022

We are pleased to announce a new capability in Amazon Macie that allows for one-click, temporary retrieval of up to 10 examples of sensitive data found in Amazon Simple Storage Service (Amazon S3) by Amazon Macie. This new capability enables you to more easily view and understand which contents of an S3 objects were identified to be sensitive, so you can review, validate, and quickly take action as needed. All sensitive data examples captured with this new capability are encrypted using customer-managed AWS Key Management Service (AWS KMS) keys and are temporarily viewable within the Amazon Macie console after being retrieved.

Previously, you could only see the locations of the sensitive data discovered by Amazon Macie. To review the sensitive data, you had to manually go back to the original dataset using the location information provided by Amazon Macie. This additional step in the workflow slowed down security investigations. Using the one-click temporary retrieval of sensitive data capability, you can now more quickly confirm and act on Macie findings as needed. You can enable this new capability in the AWS Management Console or with a single API call.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or with a single API call. In addition, Macie has multi-account support using AWS Organizations, which makes it easier for you to enable Macie across all of your AWS accounts. Once enabled, Macie automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert if buckets are publicly accessible, unencrypted, or shared or replicated with AWS accounts outside of a customer’s organization. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as names, addresses, credit card numbers, or credential materials. Identifying sensitive data in S3 can help you comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR). 

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access controls and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. Amazon Macie also provides estimated costs per sensitive data discovery job in the console before you submit the job for processing. To learn more, see the Amazon Macie documentation page.