Description: 

Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.


Macie is supported in the following AWS Regions:

    US East (N. Virginia) (us-east-1)

    US West (Oregon) (us-west-2)


Rationale: 

Enabling the service will help with 

Data Discovery and Classification

Amazon Macie enables you to identify business-critical data and analyze access patterns and user behavior as follows:

    Continuously monitor new data in your AWS environment

    Use artificial intelligence to understand access patterns of historical data

    Automatically access user activity, applications, and service accounts

    Use natural language processing (NLP) methods to understand data

    Intelligently and accurately assign business value to data and prioritize business-critical data based on your unique organization

    Create your own security alerts and custom policy definitions


Data Security

Amazon Macie enables you to be proactive with security compliance and achieve preventive security as follows:

    Identify and protect various data types, including PII, PHI, regulatory documents, API keys, and secret keys

    Verify compliance with automated logs that allow for instant auditing

    Identify changes to policies and access control lists

    Observe changes in user behavior and receive actionable alerts

    Receive notifications when data and account credentials leave protected zones

    Detect when large quantities of business-critical documents are shared internally and externally


Remediation:

Enable Macie


The AWS account that you use to enable Macie is automatically designated as your master account. For more information, see Concepts and Terminology.


After you enable Macie, it immediately begins pulling and analyzing independent streams of data from AWS CloudTrail to generate alerts. Because Macie consumes this data only to determine if there are potential security issues, Macie doesn't manage CloudTrail for you or make its events and logs available to you. If you have enabled CloudTrail independent of Macie, you continue to have the option to configure its settings through the CloudTrail console or APIs. For more information, see the AWS CloudTrail User Guide.


Prerequisites

  • The IAM identity (user, role, group) that you use to enable Macie must have the required permissions. To grant the required permissions, attach the AmazonMacieFullAccess managed policy to this identity. For more information, see Predefined AWS Managed Policies for Macie.


To enable Amazon Macie

    Open the Macie console using one of the following links:

    US East (N. Virginia): https://us-east-1.redirection.macie.aws.amazon.com/


    US West (Oregon): https://us-west-2.redirection.macie.aws.amazon.com/

    Choose Get started.

   (Optional) When you enable Macie, Macie creates a service-linked role. To view the IAM policy for this role, choose View          service role permissions. For more information, see Service-Linked Roles for Amazon Macie.

    Choose Enable Macie.


You can disable Macie at any time to stop it from processing and analyzing CloudTrail events. For more information, see Disabling Amazon Macie and Deleting Collected Metadata.


Resources: 

    https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html