Posted On: Aug 30, 2022

We are pleased to announce a new capability to create allow lists in Amazon Macie. You can now create and use allow lists to specify text or text patterns that you don’t want Macie to report as sensitive data. For example, an allow list might include corporate phone numbers, names of executives, or sample data that is used for testing. When you create a sensitive data discovery job, you can configure the job to use one or more of your allow lists, in addition to choosing from a growing list of Macie managed data identifiers (MDI).

Macie has also enhanced the machine learning models used by managed data identifiers in order to produce more accurate and actionable findings when inspecting JSON data in your Amazon Simple Storage Service (Amazon S3) buckets. The accuracy of the machine learning models is further enhanced by extracting additional context from surrounding fields in JSON data and JSON Lines files. This improvement also reduces processing times for these types of files, which means that your sensitive data discovery jobs will finish more quickly. In addition, we further enhanced the detection and reporting of full names in S3 objects by updating our machine learning models to extract additional context from file headers and attributes.

Getting started with Amazon Macie is fast and easy with one-click in the AWS Management Console or with a single API call. In addition, Macie has multi-account support using AWS Organizations, which makes it easier for you to enable Macie across all of your AWS accounts. Once enabled, Macie automatically gathers a complete S3 inventory at the bucket level and automatically and continually evaluates every bucket to alert if buckets are publicly accessible, unencrypted, shared or replicated with AWS accounts outside of a customer’s organization. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as names, addresses, credit card numbers, or credential materials. Identifying sensitive data in S3 can help you comply with regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) and General Data Privacy Regulation (GDPR).

Amazon Macie comes with a 30-day free trial for S3 bucket level inventory and evaluation of access controls and encryption. Sensitive data discovery is free for the first 1 GB per account per region each month with additional scanning charged according to the Amazon Macie pricing plan. Amazon Macie also provides estimated costs per sensitive data discovery job in the console before you submit the job for processing. To learn more, see the Amazon Macie documentation page.