Amazon Macie のアイコン

Amazon Macie Specialized2017年〜

A service that uses machine learning to automatically discover and protect sensitive data in S3 buckets

About 2 min read

What It Does

Amazon Macie is a service that scans data stored in S3 buckets using machine learning and pattern matching to automatically discover sensitive data such as personally identifiable information (PII), credit card numbers, and API keys. It also evaluates the security posture of S3 buckets (public access, encryption).

Use Cases

Used for inventorying sensitive data stored in S3, compliance with regulations like GDPR and PCI DSS, assessing data leakage risks, and security auditing of S3 buckets.

Everyday Analogy

Think of it like a metal detector. You scan a warehouse (S3) with a detector (Macie) to identify where valuables (sensitive data) are stored.

What Is Macie?

Amazon Macie is a service specialized in S3 data security and privacy. When enabled, it automatically creates an inventory of your S3 buckets, displaying public access settings, encryption status, and sharing status at a glance. Running a sensitive data discovery job scans objects within buckets to identify the location and type of sensitive data.

Detectable Sensitive Data

Macie can detect over 100 types of sensitive data. This includes personal information (names, addresses, phone numbers, email addresses), financial information (credit card numbers, bank account numbers), and credentials (API keys, SSH private keys). You can also create custom data identifiers to detect organization-specific data patterns (employee IDs, customer IDs, etc.). For reference materials when working with sensitive data detection, related books (Amazon) can also be useful.

Getting Started

Just click 'Enable Macie' in the Macie console to get started. An S3 bucket inventory is automatically created and the security status is displayed. Create a sensitive data discovery job and specify target buckets to run a scan. A 30-day free trial is available.

Things to Watch Out For

  • Billed based on the volume of data scanned. Scanning large amounts of data can be costly, so it's recommended to narrow down target buckets
  • S3 bucket inventory evaluation is free. Sensitive data discovery job scanning is paid
共有するXB!

Related Services

Amazon S3 iconAmazon S3A scalable object storage serviceAWS Security Hub iconAWS Security HubCentrally manage your AWS security posture and automatically check compliance with best practicesAmazon EventBridge iconAmazon EventBridgeA serverless event bus that routes events from AWS services and SaaS applicationsAWS Organizations iconAWS OrganizationsA service for centrally managing multiple AWS accounts

Related Articles

Data Privacy Protection - Automated Sensitive Data Discovery and Threat Defense with Amazon Macie and GuardDutyLearn practical data privacy protection techniques combining Amazon Macie's automated sensitive data discovery in S3 with Amazon GuardDuty's threat intelligence. This article covers comprehensive security measures from identifying personal information to real-time threat detection.Automated Sensitive Data Discovery with Amazon Macie - PII Scanning and Data Protection for S3 BucketsLearn how Amazon Macie automatically discovers sensitive data (PII, financial information, credentials) in S3 buckets and how to build a data protection strategy based on the findings.Automated Sensitive Data Discovery in S3 with Amazon Macie - PII Detection and Security Posture ManagementLearn about Macie's sensitive data discovery for S3 buckets, custom data identifiers, and Security Hub integration.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Automated Sensitive Data Discovery in S3 with Amazon Macie - PII Detection and Security Posture ManagementLearn about Macie's sensitive data discovery for S3 buckets, custom data identifiers, and Security Hub integration.Amazon MacieA data security service that uses machine learning to automatically discover sensitive data like PII and credit card numbers in S3 bucketsAutomated Sensitive Data Discovery with Amazon Macie - PII Scanning and Data Protection for S3 BucketsLearn how Amazon Macie automatically discovers sensitive data (PII, financial information, credentials) in S3 buckets and how to build a data protection strategy based on the findings.Data Privacy Protection - Automated Sensitive Data Discovery and Threat Defense with Amazon Macie and GuardDutyLearn practical data privacy protection techniques combining Amazon Macie's automated sensitive data discovery in S3 with Amazon GuardDuty's threat intelligence. This article covers comprehensive security measures from identifying personal information to real-time threat detection.AWS Security Service Integration - Native Threat Detection from GuardDuty to Detective Without a SIEMWe explain the native threat detection mechanism through the integration of GuardDuty, Security Hub, Detective, and Macie, and compare the design philosophy differences with Azure Sentinel.