Description:

Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. 


Rationale:

Macie enables you to identify business-critical data and analyze access patterns and user behavior.

Amazon Macie enables you to be proactive with security compliance and achieve preventive security.


Impact:

Enabling AWS Macie lets you 

  • In accordance with compliance like GDPR.

  • Discover your sensitive data at scale

  • Visibility of your data security posture

  • Easy to set up and manage

  • Generates an inventory of the Amazon Simple Storage Service (Amazon S3) buckets for your account in the current Region

  • Macie also begins monitoring the buckets for security and access control. If your account is the Macie administrator account for an organization, this includes buckets for associated member accounts.


Default Value:

By Default, Macie is not enabled in your AWS Account. 


Audit: 

To ensure AWS Macie is enabled in your infrastructure

  1. Sign in to AWS Management console

  2. Open the Macie console - https://console.aws.amazon.com/macie

  3. Choose to Get started 

  4. If there is a prompt to Enable  Macie in the next tab it means that Macie has not  been enabled in your Infrastructure


Remediation:

Pre-Requisite:

  • Do you have Personal Identifiable Information(PII)?

  • We need to have S3 Bucket where Macie needs to scans.

  • The IAM identity (user, role, group) that you use to enable Macie must have the required permissions. To grant the required permissions, attach the AmazonMacieFullAccess managed policy to this identity.

  • Understand companies compliance objectives (Privacy concerns, CCPA, GDPR)

  • Need to understand where the sensitive info exists. 


Implementation Steps:

  1. Sign in to AWS Management console

  2. Open the Macie console -  https://console.aws.amazon.com/macie

  3. Choose “Get started”

  4. Choose Enable Macie.

  5. Within minutes, Macie generates an inventory of the Amazon Simple Storage Service (Amazon S3) buckets for your account in the current Region.


Via CLI:

aws macie2 enable-macie --finding-publishing-frequency "FIFTEEN_MINUTES"


Backout Plan:

  1. Open the Macie console at https://console.aws.amazon.com/macie/.

  2. By using the AWS Region selector in the upper-right corner of the page, select the Region in which you want to disable Macie.

  3. In the navigation pane, choose Settings.

  4. Choose Disable Macie.

  5. When prompted for confirmation, enter Disable, and then choose Ok.

  6. To disable Macie in multiple Regions, sign in to each additional Region, and then disable Macie in the Region.


Note:

A new Amazon Macie is now available with significant design improvements and additional features, at a lower price and in AWS Regions:

  • US East (N. Virginia) (us-east-1)

  • US West (Oregon) (us-west-2)


Reference:

 https://docs.aws.amazon.com/macie/