AWS Macie

AWS Macie

  • Macie is a data security service that discovers sensitive data by using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.
  • provides an inventory of the S3 buckets and automatically evaluates and monitors the buckets for security and access control.
  • automates the discovery, classification, and reporting of sensitive data.
  • generates a finding for you to review and remediate as necessary if it detects a potential issue with the security or privacy of the data, such as a bucket that becomes publicly accessible.
  • provides multi-account support using AWS Organizations to enable Macie across all of the accounts.
  • is a regional service and must be enabled on a region-by-region basis and helps view findings across all the accounts within each Region.
  • supports VPC Interface Endpoints to access Macie privately from a VPC without an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Amazon Macie

Macie Multiple Accounts

  • Macie provides multi-account support using AWS Organizations to enable Macie across all of the accounts.
  • An organization consists of a designated administrator account and one or more associated member accounts.
  • Accounts can be associated in two ways,
    • by integrating AWS Organizations (Recommended) or
    • by sending and accepting membership invitations
  • The designated administrator can assess and monitor the overall security posture of the organization’s S3 data estate, and discover sensitive data in the organization’s S3 buckets.
  • The administrator can also perform various account management and administration tasks at scale, such as monitoring estimated usage costs and assessing account quotas.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Which AWS service makes it easy to automate the process of discovering, classifying, and protecting data stored in AWS?
    1. AWS Shield
    2. AWS WAF
    3. AWS GuardDuty
    4. AWS Macie

References

Amazon_Macie