Account Administration
The Account Administration resource provides access to the status and certain configuration settings for your Amazon Macie account.
You can use this resource to enable Macie for your AWS account and specify certain settings for your Macie account. When you enable Macie, the service generates a Macie session for your AWS account in the current AWS Region. The service also assigns a unique identifier to that session. A session is a resource that represents the Macie service for a specific AWS account in a specific Region. It enables Macie to become operational. An AWS account can have only one Macie session in each Region.
After you enable Macie, you can use this resource to review and update the status and certain configuration settings for your Macie account. This includes suspending (pausing) and later re-enabling Macie. If you suspend Macie, the service stops performing all activities for your account and it cancels all of your classification jobs. However, the service retains the session identifier, settings, data, and resources for your account. If your account is the Macie administrator account for an organization, you must remove all member accounts that are associated with your account before you suspend Macie for your account.
If you want to disable Macie completely, you can use this resource to do so. If you disable Macie, the service stops performing all activities for your account. In addition, Macie permanently deletes all settings, data, and resources that it stores or maintains for you. This includes classification jobs, custom data identifiers, findings, and the session resource (and identifier) for your account. This doesn't include resources that Macie created and stored in other AWS services for you. These might include sensitive data discovery results in Amazon Simple Storage Service (Amazon S3), finding events in Amazon EventBridge, and findings in AWS Security Hub.
If you want to disable Macie and your account is the Macie administrator account for an organization, you must first:
-
Remove all member accounts that are associated with your administrator account.
-
Delete the associations between your administrator account and its member accounts.
If you want to disable Macie and your account is a Macie member account in an organization, you must first disassociate your account from its Macie administrator account.
For more information, see Suspending Macie and Disabling Macie in the Amazon Macie User Guide.
URI
/macie
HTTP methods
DELETE
Operation ID: DisableMacie
Disables Amazon Macie and deletes all settings and resources for a Macie account.
Status code | Response model | Description |
---|---|---|
200 | Empty Schema | The request succeeded and there isn't any content to include in the body of the response (No Content). |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
402 | ServiceQuotaExceededException | The request failed because fulfilling the request would exceed one or more service quotas for your account. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
404 | ResourceNotFoundException | The request failed because the specified resource wasn't found. |
409 | ConflictException | The request failed because it conflicts with the current state of the specified resource. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
GET
Operation ID: GetMacieSession
Retrieves the status and configuration settings for an Amazon Macie account.
Status code | Response model | Description |
---|---|---|
200 | GetMacieSessionResponse | The request succeeded. |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
402 | ServiceQuotaExceededException | The request failed because fulfilling the request would exceed one or more service quotas for your account. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
404 | ResourceNotFoundException | The request failed because the specified resource wasn't found. |
409 | ConflictException | The request failed because it conflicts with the current state of the specified resource. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
PATCH
Operation ID: UpdateMacieSession
Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.
Status code | Response model | Description |
---|---|---|
200 | Empty Schema | The request succeeded and there isn't any content to include in the body of the response (No Content). |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
402 | ServiceQuotaExceededException | The request failed because fulfilling the request would exceed one or more service quotas for your account. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
404 | ResourceNotFoundException | The request failed because the specified resource wasn't found. |
409 | ConflictException | The request failed because it conflicts with the current state of the specified resource. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
POST
Operation ID: EnableMacie
Enables Amazon Macie and specifies the configuration settings for a Macie account.
Status code | Response model | Description |
---|---|---|
200 | Empty Schema | The request succeeded and there isn't any content to include in the body of the response (No Content). |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
402 | ServiceQuotaExceededException | The request failed because fulfilling the request would exceed one or more service quotas for your account. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
404 | ResourceNotFoundException | The request failed because the specified resource wasn't found. |
409 | ConflictException | The request failed because it conflicts with the current state of the specified resource. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
Schemas
Request bodies
{ "findingPublishingFrequency": enum, "status": enum }
{ "clientToken": "string", "findingPublishingFrequency": enum, "status": enum }
Response bodies
{ }
{ "createdAt": "string", "findingPublishingFrequency": enum, "serviceRole": "string", "status": enum, "updatedAt": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
Properties
AccessDeniedException
Provides information about an error that occurred due to insufficient access to a specified resource.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ConflictException
Provides information about an error that occurred due to a versioning conflict for a specified resource.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
Empty
The request succeeded and there isn't any content to include in the body of the response (No Content).
EnableMacieRequest
Enables Amazon Macie and specifies the configuration settings for a Macie account.
Property | Type | Required | Description |
---|---|---|---|
clientToken | string | False | A unique, case-sensitive token that you provide to ensure the idempotency of the request. |
findingPublishingFrequency | False | Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). | |
status | False | Specifies the new status for the account. To enable Amazon Macie and
start all Macie activities for the account, set this value to
|
FindingPublishingFrequency
The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:
FIFTEEN_MINUTES
ONE_HOUR
SIX_HOURS
GetMacieSessionResponse
Provides information about the status and configuration settings for an Amazon Macie account.
Property | Type | Required | Description |
---|---|---|---|
createdAt | string Format: date-time | False | The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created. |
findingPublishingFrequency | False | The frequency with which Amazon Macie publishes updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). | |
serviceRole | string | False | The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor and analyze data in AWS resources for the account. |
status | False | The current status of the Amazon Macie account. Possible values are:
| |
updatedAt | string Format: date-time | False | The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status or configuration settings for the Amazon Macie account. |
InternalServerException
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
MacieStatus
The status of an Amazon Macie account. Valid values are:
PAUSED
ENABLED
ResourceNotFoundException
Provides information about an error that occurred because a specified resource wasn't found.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ServiceQuotaExceededException
Provides information about an error that occurred due to one or more service quotas for an account.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ThrottlingException
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
UpdateMacieSessionRequest
Changes the status or configuration settings for an Amazon Macie account.
Property | Type | Required | Description |
---|---|---|---|
findingPublishingFrequency | False | Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). | |
status | False | Specifies a new status for the account. Valid values are: |
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
See also
For more information about using this API in one of the language-specific AWS SDKs and references, see the following: