Amazon Macie in a nutshell - 2023 AWS service


 

The following notes are from my journey in studying for the AWS Solutions Architect - Associate exam and I share them in hopes that you too may find them informative.

(DESKTOP users only) To view script > left click > right click - open image in new tab > the cursor turns into a plus sign > left click > will offer zoomed in mode.


Links listed in image:

https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/

https://aws.amazon.com/macie/pricing/

https://aws.amazon.com/s3/pricing/

---------------------------------------------------------------------------------------------

Note: I would appreciate your support of this blog by going to the link below to "Buy me a pizza" so that I may continue to provide educational scripts, resources and general tech stuff. 🍕

Thank you.

https://www.buymeacoffee.com/infosec_coder

---------------------------------------------------------------------------------------------

Amazon Macie 

Amazon Macie is a securite service which focuses on data discovery, classification, and protection -- especially for Amazon S3 buckets.

The following are key concepts in helping to understand how to approach exam questions to determine (if it is a multiple choice question) which answers are distractors and which answer is the best answer.

I. Data Discovery 
    a. Amazon Macie automatically discovers sensitive data within Amazon  
       S3 buckets. 
    b. Macie uses machine learning and pattern matching to identify:
        - Personally Identifiable Information (PII)
        - Financial data
        - Intellectual property
        - Other sensitive content

II. Data Classification
    a. Once Macie discovers data, it classifies the data based upon sensitivity
        and criticality.
    b. Macie assigns labels to files and objects, making it easier to monitor 
        and control access by scanning targeted labels to optimise cost 
        efficiency.

III. S3 Integration
    a. Amazon Macie works primarily with Amazon S3 buckets and objects.
    b. Macie helps to secure data stored in S3, which is a common storage 
        solution in AWS.

IV. Securite and Compliance
    a. Amazon Macie aids in achieving securite and compliance objectives 
        by identifying:
            - Data Vulnerabilities
            - Access Patterns
            - Potential Risks

V. Machine Learning
    a. Amazon Macie's machine learning capabilities are designed to 
        continuously learn from data patterns and user interactions over time. 
    b. As Amazon Macie encounters more data and gets feedback form users,
        Macie refines its algorithms and improves its accuracy in data
        discovery and classification.

VI. Custom Data Identifiers
    a. Macie allows you to define custom data identifiers to target specific 
        specific types of sensitive data unique to an organisation.
    b. By default, Amazon Macie assigns the Medium severity to all findings
        that a custom data identifier produces. 
    c. By defining custom severity settings, you may specify which severity
        to assign based on the number of occurrences of text which match the
        criteria.

** Resource for more information on Building custom data identifiers in Amazon Macie.


VII. Data Access Monitoring
    a. Amazon Macie continuously monitors data access activities to 
        identify any suspicious or unauthorised access attempts.
    b. Macie analyses logs and records data access patterns to establish base 
        line access patterns: 
        - Which users are access data
        - When they access the data
        - Which IP addresses or geographic locations
    c. Once a baseline pattern has been established, Macie is easily able to 
        detect anomalies or deviations from expected behaviour. 
    d. Detected anomalies or deviations may trigger:
        - Alerts
        - Help administrators/securite teams quickly respond to potential
          securite threats.
    e. Data Access Monitoring is also used to demonstrate compliance with
        data access policies, industry regulations, and data protection 
        standards.

VIII. Alerts and Notifications
    a. Macie may generate alerts and notifications based upon predefined 
        policies to efficiently address potential securite breaches. 
    b. Amazon Macie integrates with AWS CloudWatch and may be used to:
        - Set up alarm actions
        - View metrics
    c. Macie also integrates with Simple Notification Service (SNS) to 
        deliver the alerts generated based upon policies to various endpoints:
        - Email
        - SMS
        - Mobile push notifications
        - HTTP endpoints

IX. Integrations
    a. Amazon Macie is also able to integrate with other AWS services such
        Identity and Access Management (IAM), and AWS Securite Hub to 
        enhance its capabilities and provide a comprehensive securite 
        overview.
    b. Amazon Macie integrates with IAM to grant or restrict permissions
        for specific users or roles which interact with Macie's data discovery
        and classification features.
    c. Amazon S3 Lifecycle Policies and Integration
        - You may use Macie's classification labels to create Amazon S3 
           Lifecycle policies.
        - You are able to automate the movement of data to different storage
           classes or deletion based on its sensitivity and retention 
           requirements.
    d. When used with Amazon Securite Hub, Macie's findings become a 
        part of a centralised dashboard, providing a unified view of securite
        alerts and enabling efficient incident response and management.

X. Cost Optimisation
    a. Amazon Macie follows a pay-as-you-go pricing model.

Example


For more information on Amazon Macie Pricing.

    b. Be conscientious when using custom identifiers, as this may lead to
        increased processing overhead and higher costs.
    c. Carefully review which S3 buckets require Amazon Macie to be 
        monitored  to avoid unnecessary costs. 
    d. Use data exclusions to skip certain S3 buckets or prefixes from being
        processed.
    e. Use AWS Cost Allocation tags to allocate Macie's processing costs
        with specific projects, teams, or departments.


Summary

Amazon Macie is an AWS Securite Service designed to automatically discover, classify, and resolve issues with data stored in Amazon S3 buckets. By leveraging machine learning algorithms and customisable data identifiers, Macie detects personally identifiable information (PII), and other critical data. To achieve ideal cost optimisation levels when using Amazon Macie, it is important to effectively manage data volumes, custom identifiers, and utilise exclusion options. Ultimately, Amazon Macie is like a data securite watchdog for S3 storage buckets and objects, detecting potential risks (deviations from established baseline patterns) and unusual access patterns which trigger real time alerts to administrators and incident response teams. 

















Comments

Post a Comment

Popular posts from this blog

Developer's Arsenal: How HashiCorp unites cloud securite and upholds the AWS Well-Architected Framework when implementing Policy as Code using Sentinel One.

Image
This summary highlights the compelling impact of Sentinel One on Infrastructure as Code (IaC) by: automating policies ensuring seamless adherence to infrastructure requirements (aka AWS Well-Architected Framework) significantly slashing response times for developers throughout the code submission process This blog post references the following video on Sentinel One by HashiCorp.: Video: Introduction to Sentinel, Policy as Code Framework (hashicorp.com) Armon Dadgar's discussion on policy as code, with a focus on HashiCorp's Sentinel, offers valuable insights for cloud architects, especially in the context of adhering to industry best practices like the AWS Well-Architected Framework. Sentinel is designed to be a high-level language for non-programming experts to author the policies. Dadgar begins by emphasising the benefits of infrastructure as code, aligning the principles advocated by the AWS Well-Architected Framework. By integrating the Terraform Enterprise, Sentinel One en
Read more

C++ code base - Cloud provider services menu using if/else, switch/case. 2023.

Image
 Note: I would appreciate your support of this blog by going to the link below to "Buy me a pizza" so that I may continue to provide educational scripts, resources and general tech stuff. 🍕 Thank you. https://www.buymeacoffee.com/infosec_coder ----------------------------------------------------------------------------------------- This program was created using Visual Studio for the IDE. Screenshot I Screenshot II Screenshot III CODE BASE  NOTE:   (Desktop users): To view the sections below clearly > right click > Open image in new tab. > Should give a crosshair "+" symbol > Click on that and it will zoom in on the image. OR Left click on the image. > Will open image on page. > use CTRL + scroll up or down (on mouse) to zoom in. I. II. III. IV.  V.   VI. VII. VIII. IX. X.  
Read more

AWS - Amazon Customer Outreach Ecommerce diagram with notes

Image
  Note: I would appreciate your support of this blog by going to the link below to "Buy me a pizza" so that I may continue to provide educational scripts, resources and general tech stuff. 🍕 Thank you. https://www.buymeacoffee.com/infosec_coder =====================================================  The following is a replica of the diagram from the link below with additional notes for certain steps to understand the diagram. Amazon Personalize customer outreach on your ecommerce platform | AWS Architecture Blog The screenshot below will not zoom in clearly, therefore I went ahead and took screenshots of each section. Screenshot I Screenshot II Screenshot III Screenshot IV Screenshot V Screenshot VI For the screenshot below, you may try right clicking on the image > Open image in new tab > and then CTRL + scroll up on mouse to zoom in if needed. Screenshot VII Screenshot VIII
Read more