Description:
Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.
Macie is supported in the following AWS Regions:
US East (N. Virginia) (us-east-1)
US West (Oregon) (us-west-2)
Rationale:
Enabling the service will help with
Data Discovery and Classification
Amazon Macie enables you to identify business-critical data and analyze access patterns and user behavior as follows:
Continuously monitor new data in your AWS environment
Use artificial intelligence to understand access patterns of historical data
Automatically access user activity, applications, and service accounts
Use natural language processing (NLP) methods to understand data
Intelligently and accurately assign business value to data and prioritize business-critical data based on your unique organization
Create your own security alerts and custom policy definitions
Data Security
Amazon Macie enables you to be proactive with security compliance and achieve preventive security as follows:
Identify and protect various data types, including PII, PHI, regulatory documents, API keys, and secret keys
Verify compliance with automated logs that allow for instant auditing
Identify changes to policies and access control lists
Observe changes in user behavior and receive actionable alerts
Receive notifications when data and account credentials leave protected zones
Detect when large quantities of business-critical documents are shared internally and externally
Remediation:
Enable Macie
The AWS account that you use to enable Macie is automatically designated as your master account. For more information, see Concepts and Terminology.
After you enable Macie, it immediately begins pulling and analyzing independent streams of data from AWS CloudTrail to generate alerts. Because Macie consumes this data only to determine if there are potential security issues, Macie doesn't manage CloudTrail for you or make its events and logs available to you. If you have enabled CloudTrail independent of Macie, you continue to have the option to configure its settings through the CloudTrail console or APIs. For more information, see the AWS CloudTrail User Guide.
Prerequisites
- The IAM identity (user, role, group) that you use to enable Macie must have the required permissions. To grant the required permissions, attach the AmazonMacieFullAccess managed policy to this identity. For more information, see Predefined AWS Managed Policies for Macie.
To enable Amazon Macie
Open the Macie console using one of the following links:
US East (N. Virginia): https://us-east-1.redirection.macie.aws.amazon.com/
US West (Oregon): https://us-west-2.redirection.macie.aws.amazon.com/
Choose Get started.
(Optional) When you enable Macie, Macie creates a service-linked role. To view the IAM policy for this role, choose View service role permissions. For more information, see Service-Linked Roles for Amazon Macie.
Choose Enable Macie.
You can disable Macie at any time to stop it from processing and analyzing CloudTrail events. For more information, see Disabling Amazon Macie and Deleting Collected Metadata.
Resources:
https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html