AWS Macie
- Macie is a data security service that discovers sensitive data by using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.
- provides an inventory of the S3 buckets and automatically evaluates and monitors the buckets for security and access control.
- automates the discovery, classification, and reporting of sensitive data.
- generates a finding for you to review and remediate as necessary if it detects a potential issue with the security or privacy of the data, such as a bucket that becomes publicly accessible.
- provides multi-account support using AWS Organizations to enable Macie across all of the accounts.
- is a regional service and must be enabled on a region-by-region basis and helps view findings across all the accounts within each Region.
- supports VPC Interface Endpoints to access Macie privately from a VPC without an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Macie Multiple Accounts
- Macie provides multi-account support using AWS Organizations to enable Macie across all of the accounts.
- An organization consists of a designated administrator account and one or more associated member accounts.
- Accounts can be associated in two ways,
- by integrating AWS Organizations (Recommended) or
- by sending and accepting membership invitations
- The designated administrator can assess and monitor the overall security posture of the organization’s S3 data estate, and discover sensitive data in the organization’s S3 buckets.
- The administrator can also perform various account management and administration tasks at scale, such as monitoring estimated usage costs and assessing account quotas.
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- Which AWS service makes it easy to automate the process of discovering, classifying, and protecting data stored in AWS?
- AWS Shield
- AWS WAF
- AWS GuardDuty
- AWS Macie