Posted On: Nov 28, 2022

We are pleased to announce automated sensitive data discovery, a new capability in Amazon Macie that provides continual, cost efficient, organization-wide visibility into where sensitive data resides across your Amazon Simple Storage Service (Amazon S3) estate. With this new capability, Macie automatically and intelligently samples and analyzes objects across your S3 buckets, inspecting them for sensitive data such as personally identifiable information (PII), financial data, and AWS credentials. Macie then builds and continuously maintains an interactive data map of where your sensitive data in S3 resides across all accounts and Regions where you’ve enabled Macie, and provides a sensitivity score for each bucket. Amazon Macie uses multiple automated techniques including resource clustering by attributes such as bucket name, file types, and prefixes to minimize the data scanning needed to uncover sensitive data in your S3 buckets. This helps you continuously identify and remediate data security risks without manual configuration and lowers the cost to monitor for and respond to data security risks. 

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or with a single API call. Macie has multi-account support using AWS Organizations, which makes it easier for you to enable Macie across all of your AWS accounts. Macie applies machine learning and pattern matching techniques to automatically identify and alert you to sensitive data, such as names, addresses, credit card numbers, or credential materials.

The first 30 days of automated sensitive data discovery are available at no additional charge for existing Macie accounts. For new accounts, automated sensitive data discovery is part of the 30-day Amazon Macie free trial. During the trial period you can see the estimated cost of running automated sensitive data discovery after the trial period ends in the Macie Management Console. To learn more, see the Amazon Macie documentation page.