1. Assessment Phase

  • Check Macie Session Status
  • List S3 Buckets
  • Configure Classification Job
  • Collect Custom Data Identifier Details

2. Summary Phase

  • Confirm Configuration

3. Configuration Phase

  • Enable Macie
  • Create Custom Data Identifier
  • Classification Job Creation

4. Validation Phase

  • List Classification Jobs
  • Describe Classification Job
1 Credits

AWS Macie S3 Discovery Setup

Overview

This AWS configuration plan guides you through setting up and managing Amazon Macie, a data security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. The plan ensures all required steps are executed to configure Macie for identifying sensitive data stored in your Amazon S3 buckets. It includes selecting an appropriate AWS region, enabling Macie, setting up classification jobs (including optional custom data identifiers), and validating the setup to ensure all configurations are functioning as intended.

Execution Details

Assessment Phase

  1. Select AWS Region

    • Guide the user to choose an AWS region that supports Amazon Macie.

  2. Check Macie Session Status

    • Validate whether Amazon Macie is already enabled in the selected region and assess the current status.

  3. List S3 Buckets

    • Retrieve and review a list of available S3 buckets in the user's AWS account.

  4. Configure Classification Job

    • Collect user inputs for setting up a Macie classification job, including S3 buckets, job type (ONE_TIME or SCHEDULED), whether to use custom data identifiers, and sampling percentage.

  5. Collect Custom Data Identifier Details

    • If enabled, collect user-defined fields for regex, keywords, and description of custom sensitive data patterns.

Summary Phase

  1. Confirm Configuration
    • Present a summary of configuration settings: region, S3 buckets, job type, sampling, and custom identifier details.

Configuration Phase

  1. Enable Macie

    • Activate Amazon Macie in the selected region.

  2. Create Custom Data Identifier

    • If configured, set up a custom data identifier using previously collected inputs.

  3. Classification Job Creation

    • Launch a classification job to scan selected S3 buckets.

Validation Phase

  1. List Classification Jobs

    • Retrieve and validate classification jobs created in this setup.

  2. Describe Classification Job

    • Verify job configuration details like job type and sampling rate.

This plan ensures comprehensive setup and validation of Amazon Macie to protect sensitive data in your AWS environment.