Description
Amazon S3 buckets can contain sensitive data that, for security purposes, should be discovered, monitored, classified, and protected. Macie, along with other third-party tools, can automatically provide an inventory of Amazon S3 buckets.
Rationaleβ
Using a cloud service or third-party software to continuously monitor and automate the process of data discovery and classification for S3 buckets using machine learning and pattern matching is a strong defense in protecting that information.
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Impactβ
There is a cost associated with using Amazon Macie. There is also typically a cost associated with third-party tools that perform similar processes and protection.
Auditβ
Perform the following steps to determine if Macie is running:
From Consoleβ
- Log in to the Macie console at https://console.aws.amazon.com/macie/.
- In the left-hand pane, click on By job under findings.
- Confirm that you have a job set up for your S3 Buckets.
When you log in to the Macie console, if you are not taken to the summary page and you do not have a job set up and running, refer to the remediation procedure below. If you are using a third-party tool to manage and protect your S3 data, you meet this recommendation.