“ I have checked the documents of AWS to resolve the issue of analyze objects in s3 bucket to discover sensitive data using amazon macie. So I checked for various solutions and found out that it can be possible with amazon macie service. Pricing of amazon macie depends on per month gb of sensitive data discovery.”
Amazon Macie is a data security service that discovers sensitive data by using machine learning and pattern matching, provides visibility into data security risks and enables automated protection against those risks.
To help you manage the security posture of your organization’s Amazon S3 data estate, Macie provides you with an inventory of your S3 general purpose buckets and automatically evaluates and monitors the buckets for security and access control.
In this post, you will get to know analyze objects in s3 bucket to discover sensitive data using amazon macie. Here I have used a s3 bucket to store the data, amazon macie to analyze the sensitive data and cloudwatch for log groups.
Architecture Overview
The architecture diagram shows the overall deployment architecture with data flow, amazon macie, cloudwatch and s3 bucket.
Solution overview
The blog post consists of the following phases:
- Enable Amazon Macie and Create a Job for Analyze Objects in S3 Bucket to Discover and Report Sensitive Data
- Output as Findings of S3 Bucket and CloudWatch Log Group
Phase 1: Enable Amazon Macie and Create a Job for Analyze Objects in S3 Bucket to Discover and Report Sensitive Data
- Open the amazon macie, enable the macie via get started option. Check the summary of existing buckets and other details. Create a job with choose of s3 bucket, review of s3 bucket, choose refine the scope option as one time job run, select managed data identifiers as recommended option, select custom data identifiers as keeping default, select allow lists as keeping default, give job name and job description then review and create. Once the job is created then job status will be seen as complete.
Phase 2: Output as Findings of S3 Bucket and CloudWatch Log Group
Clean-up
Disable Amazon Macie, CloudWatch Log Group and S3 Bucket.
Pricing
I review the pricing and estimated cost of this example.
Cost of Amazon Macie = Amazon Macie USE1-SensitiveDataDiscovery($0.00 per GB first 1 GB / month of Sensitive Data Discovery in US East (N. Virginia)) = 0.001 GB = $0.0
Cost of CloudWatch = AmazonCloudWatch PutLogEvents(First 5GB per month of log data ingested is free) = $0.0
Cost of Simple Storage Service = $0.0
Summary
In this post, I showed “analyze objects in s3 bucket to discover sensitive data using amazon macie”.
For more details on Amazon Macie, Checkout Get started Amazon Macie, open the Amazon Macie console. To learn more, read the Amazon Macie documentation.
Thanks for reading!
Connect with me: Linkedin
Top comments (0)