After you create a custom data identifier, you can delete it. If you do this, Amazon Macie soft deletes the custom data identifier. This means that a record of the custom data identifier remains for your account, but it’s marked as deleted. If a custom data identifier has this status, you can’t configure new sensitive data discovery jobs to use it or add it to your settings for automated sensitive data discovery. In addition, you can no longer access it by using the Amazon Macie console. You can, however, retrieve its settings by using the Amazon Macie API. If you delete a custom data identifier, it doesn’t count against the quota of custom data identifiers for your account.
If you configure a sensitive data discovery job to use a custom data identifier that you subsequently delete, the job will run as scheduled and continue to use the custom data identifier. This means that your job results, both sensitive data findings and sensitive data discovery results, will report text that matches the identifier's criteria. This helps ensure that you have an immutable history of sensitive data findings and discovery results for data privacy and protection audits or investigations that you perform.
Similarly, if you configure automated sensitive data discovery to use a custom data identifier that you subsequently delete, daily analysis cycles will proceed and continue to use the custom data identifier. This means that sensitive data findings, statistics, and other types of results will continue to report text that matches the identifier's criteria.
Before you delete a custom data identifier, do the following to prevent Macie from using it during subsequent analysis cycles and job runs:
-
Check your settings for automated sensitive data discovery. If you added the custom data identifier to these settings, remove it. For more information, see Configuring settings for automated sensitive data discovery.
-
Review your job inventory to identify jobs that use the custom data identifier and are scheduled to run in the future. If you want a job to stop using the custom data identifier, you can cancel the job. Then create a copy of the job, adjust the settings for the copy, and save the copy as a new job. For more information, see Managing sensitive data discovery jobs.
It's also a good idea to note the unique identifier (ID) that Macie assigned to the custom data identifier. You'll need this ID if you later want to review the custom data identifier's settings.
After you complete the preceding tasks, delete the custom data identifier.
To delete a custom data identifier
You can delete a custom data identifier by using the Amazon Macie console or the Amazon Macie API.
Follow these steps to delete a custom data identifier by using the Amazon Macie console.
To delete a custom data identifier
Open the Amazon Macie console at https://console.aws.amazon.com/macie/
. -
In the navigation pane, under Settings, choose Custom data identifiers.
-
To note the unique identifier (ID) for the custom data identifier that you want to delete, choose the custom data identifier's name. On the page that appears, the Id box displays this ID. After you note the ID, choose Custom data identifiers in the navigation pane again.
-
On the Custom data identifiers page, select the checkbox for the custom data identifier to delete.
-
On the Actions menu, choose Delete.
-
When prompted for confirmation, choose Ok.
To review a custom data identifier's settings after you delete it, use the GetCustomDataIdentifier operation of the Amazon Macie API. Or, if you're using
the AWS CLI, run the get-custom-data-identifier command. For the id parameter,
specify the custom data identifier's ID. After you delete a custom data identifier, you
can't access its settings by using the Amazon Macie console.
