When you enable automated sensitive data discovery, Amazon Macie begins evaluating your Amazon Simple Storage Service (Amazon S3) inventory data and performing other automated discovery activities for your account in the current AWS Region. If you're the Macie administrator for an organization, by default the evaluation and activities include S3 buckets that your member accounts own. Depending on the size of your Amazon S3 data estate, statistics and other results can begin to appear within 48 hours.
After you enable automated sensitive data discovery, you can configure settings that refine the scope and nature of the analyses that Macie performs. These settings specify any S3 buckets to exclude from analyses. They also specify the managed data identifiers, custom data identifiers, and allow lists that you want Macie to use when it analyzes S3 objects. For information about these settings, see Configuring settings for automated sensitive data discovery. If you're the Macie administrator for an organization, you can also refine the scope of the analyses by enabling or disabling automated sensitive data discovery for individual accounts in your organization on a case-by-case basis.
To enable automated sensitive data discovery, you must be the Macie administrator for an organization or have a standalone Macie account. If you have a member account in an organization, work with your Macie administrator to enable automated sensitive data discovery for your account.
To enable automated sensitive data discovery
If you're the Macie administrator for an organization or you have a standalone Macie account, you can enable automated sensitive data discovery by using the Amazon Macie console or the Amazon Macie API. If you're enabling it for the first time, start by completing the prerequisite tasks. This helps ensure that you have the resources and permissions that you need.
Follow these steps to enable automated sensitive data discovery by using the Amazon Macie console.
To enable automated sensitive data discovery
Open the Amazon Macie console at https://console.aws.amazon.com/macie/
. -
By using the AWS Region selector in the upper-right corner of the page, choose the Region in which you want to enable automated sensitive data discovery.
-
In the navigation pane, under Settings, choose Automated sensitive data discovery.
-
If you have a standalone Macie account, choose Enable in the Status section.
-
If you're the Macie administrator for an organization, choose an option in the Status section to specify the accounts to enable automated sensitive data discovery for:
-
To enable it for all the accounts in your organization, choose Enable. In the dialog box that appears, choose My organization. For an organization in AWS Organizations, select Enable automatically for new accounts to also enable it automatically for accounts that subsequently join your organization. When you finish, choose Enable.
-
To enable it for only particular member accounts, choose Manage accounts. Then, in the table on the Accounts page, select the checkbox for each account to enable it for. When you finish, choose Enable automated sensitive data discovery on the Actions menu.
-
To enable it for only your Macie administrator account, choose Enable. In the dialog box that appears, choose My account and clear Enable automatically for new accounts. When you finish, choose Enable.
-
If you use Macie in multiple Regions and want to enable automated sensitive data discovery in additional Regions, repeat the preceding steps in each additional Region.
To subsequently check or change the status of automated sensitive data discovery for individual accounts in an organization, choose Accounts in the navigation pane. On the Accounts page, the Automated sensitive data discovery field in the table indicates the current status of automated discovery for an account. To change the status for an account, select the checkbox for the account. Then use the Actions menu to enable or disable automated discovery for the account.