Posted On: Oct 25, 2023
Amazon SNS message data protection is a set of capabilities that leverage pattern matching, machine learning models, and content policies to help security and engineering teams facilitate real-time data protection in their applications that use Amazon SNS to exchange high volumes of data. Now, you can use custom data identifiers to detect the protect domain-specific sensitive data, such as your company's employee IDs. Previously, you could only use managed data identifiers to detect and protect common sensitive data, such as names, addresses, and credit card numbers.
Custom data identifiers are custom regular expressions (regex) that you define in a data protection policy, which in turn you can set to an Amazon SNS topic. The data protection policy instructs the Amazons SNS topic to detect any part of a message payload that matches your data identifiers of choice. Once the sensitive data has been detected, the policy can instruct the Amazon SNS topic to either report on the findings or execute data protection operations, such as blocking, masking, and redaction. These operations can help you adhere to compliance regulations, including HIPAA, FedRAMP, GDPR, and PCI.
Custom data identifiers are available in all AWS Regions, except for AWS GovCloud (US) Regions.
Start discovering and protecting sensitive data in your Amazon SNS topics, in real-time, using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation, or AWS Management Console.
To learn more about custom data identifiers, see the following:
- Custom data identifiers, in the Amazon SNS Developer Guide
- Mask and redact sensitive data using managed and custom data identifiers, in the AWS Security Blog