Document history for the Amazon Macie User Guide
The following table describes the important changes to the documentation since the last release of Amazon Macie. For notification about updates to this documentation, you can subscribe to an RSS feed.
Latest documentation update: December 6, 2024
| Change | Description | Date |
|---|---|---|
Updated functionality | Macie can now perform preventative control monitoring for up to 10,000 Amazon S3 general purpose buckets for your account. | December 6, 2024 |
New content | Added examples and details that explain how to configure and manage automated sensitive data discovery programmatically with the Amazon Macie API. | November 22, 2024 |
New feature | If you have a member account in an organization, you now have read access to statistics, inventory data, and other information that automated sensitive data discovery produces for your Amazon S3 data. For details about the automated discovery settings for your account and organization, contact your Macie administrator. | July 22, 2024 |
New feature | If you're the delegated Macie administrator for an organization, you can now enable or disable automated sensitive data discovery for individual accounts in your organization. With this additional option, you can now define the scope of the analyses in several ways: enable automated discovery for all accounts, selectively enable automated discovery for particular accounts, and exclude particular S3 buckets. | June 14, 2024 |
New functionality | AWS Security Hub now provides security controls that check the status of Macie and automated sensitive data discovery for accounts. If these controls are enabled, Security Hub periodically runs security checks to determine whether Macie is enabled for an AWS account (Macie.1 control), and whether automated sensitive data discovery is enabled for a Macie account (Macie.2 control). | February 20, 2024 |
New functionality | Macie can now analyze Amazon S3 objects that are encrypted using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). These objects are now eligible for analysis when Macie performs automated sensitive data discovery or you run sensitive data discovery jobs. In addition, S3 buckets and objects that use DSSE-KMS encryption are now included in statistics and metadata that Macie provides about your Amazon S3 data. | January 17, 2024 |
New feature | You can now configure Macie to assume an AWS Identity and Access Management (IAM) role when you choose to retrieve and reveal samples of sensitive data that Macie reports in findings. The samples can help you verify the nature of the sensitive data that Macie found, and tailor your investigation of an affected Amazon S3 object and bucket. | November 16, 2023 |
New functionality | Macie now provides managed data identifiers that are designed to detect International Bank Account Numbers (IBANs) for 47 additional countries and regions. You can now use Macie to detect and report occurrences of IBANs for more than 50 countries and regions. | November 1, 2023 |
New functionality | Macie now provides managed data identifiers that are designed to detect the following types of sensitive data: Google Cloud API keys, Stripe API keys, and Aadhaar numbers, Permanent Account Numbers (PANs), and driver's license identification numbers for India. | September 25, 2023 |
New quotas | To help you verify the nature of sensitive data reported by findings, we increased the size quotas for retrieving and revealing sensitive data samples from Amazon S3 objects. You can now retrieve and reveal samples from S3 objects whose storage size exceeds 10 MB. For a list of the new quotas, see Amazon Macie quotas. | September 7, 2023 |
Regional availability | Macie is now available in the Israel (Tel Aviv) Region. For a complete list of AWS Regions where Macie is currently available, see Amazon Macie endpoints and quotas in the AWS General Reference. | August 28, 2023 |
Updated functionality | We implemented a new, dynamic set of default managed data identifiers for automated sensitive data discovery. The default set includes the managed data identifiers that we recommend for automated sensitive data discovery. It's designed to detect common categories and types of sensitive data while also optimizing your automated sensitive data discovery results. | August 2, 2023 |
Updated functionality | To help you locate occurrences of
sensitive data that Macie reports in sensitive data findings and
sensitive data discovery results, we changed the character limit from 20 to 240 for the names of
JSON path elements in | July 24, 2023 |
Updated functionality | If you're the delegated Macie administrator for an organization in AWS Organizations, you can now manage Macie for up to 10,000 accounts in your organization. | June 30, 2023 |
New feature | You can now create and configure sensitive data discovery jobs to automatically use the set of managed data identifiers that we recommend for jobs. This recommended set of managed data identifiers is designed to detect common categories and types of sensitive data while also optimizing your job results. | June 28, 2023 |
New policy | We added a new AWS managed
policy, the | June 15, 2023 |
New feature | To help you assess and monitor automated sensitive data discovery coverage of your Amazon S3 data, the Macie console now includes a Resource coverage page. The page provides a unified view of coverage statistics and data for all of your S3 buckets, including a rollup of analysis issues (if any) that recently occurred for each bucket. If issues occurred, the page also provides remediation guidance. | May 15, 2023 |
New feature | Macie integrates with AWS User Notifications, which is a new AWS service that acts as a central location for your AWS notifications on the AWS Management Console. With User Notifications, you can configure custom rules and delivery channels for generating and sending notifications about Amazon EventBridge events that Macie publishes for policy and sensitive data findings. | May 5, 2023 |
Updated content | Updated descriptions of statistics and metadata that Macie provides about default encryption settings for S3 buckets. Also updated the description of the Policy:IAMUser/S3BucketEncryptionDisabled policy finding. Amazon S3 now automatically applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for objects that are added to new and existing buckets. For information about this change in Amazon S3, see Setting default server-side encryption behavior for S3 buckets in the Amazon Simple Storage Service User Guide. | February 27, 2023 |
New functionality | Macie can now generate an additional type of policy finding for an S3
bucket: | February 24, 2023 |
New functionality | Macie now supports the Amazon S3 Glacier Instant Retrieval storage class for sensitive data discovery. S3 objects that use this storage class are now eligible for analysis when Macie performs automated sensitive data discovery or you run sensitive data discovery jobs. They're also considered classifiable objects in statistics and metadata that Macie provides about your Amazon S3 data. | December 21, 2022 |
New feature | You can now configure Macie to perform automated sensitive data discovery for your account or organization. With automated sensitive data discovery, Macie continually evaluates your Amazon S3 data and uses sampling techniques to identify, select, and analyze representative objects in your S3 buckets, inspecting the objects for sensitive data. You can evaluate analyses' results in statistics, findings, and other information that Macie provides about your Amazon S3 data. | November 28, 2022 |
New feature | You can now create and use allow lists to specify text and text patterns that you want Macie to ignore when it inspects Amazon S3 objects for sensitive data. By using allow lists, you can define sensitive data exceptions for your particular scenarios or environment—for example, the names of public representatives for your organization, specific phone numbers, or sample data that your organization uses for testing. | August 30, 2022 |
New feature | To verify the nature of sensitive data that Macie finds in S3 objects, you can now configure and use Macie to retrieve samples of sensitive data reported by findings. | July 26, 2022 |
Updated functionality | In the AmazonMacieFullAccess policy, we updated the
Amazon Resource Name (ARN) of the Macie service-linked role
( | June 30, 2022 |
Updated functionality | We updated the AmazonMacieServiceRolePolicy policy, which is
the policy that's attached to the Macie service-linked role
( | May 20, 2022 |
New functionality | Macie now includes the | May 11, 2022 |
Updated content | Clarified how keyword and maximum match distance settings work for custom data identifiers. | April 22, 2022 |
New functionality | Macie now provides managed data identifiers that are designed to detect HTTP Basic Authorization headers, HTTP cookies, and JSON Web Tokens. | April 21, 2022 |
New content | Added descriptions and definitions of key concepts and terms for Macie. | March 16, 2022 |
New functionality | To calculate and display estimated costs when you create and configure sensitive data discovery jobs, Macie now retrieves pricing data for your AWS account from AWS Billing and Cost Management. To support this functionality, we added a Billing and Cost Management action to the AmazonMacieFullAccess policy. | March 7, 2022 |
New functionality | Macie now includes the | February 24, 2022 |
New content | Added information about using Amazon Virtual Private Cloud to establish a private connection between your VPC and Macie. | January 19, 2022 |
New functionality | You can now use the Amazon Macie console to assign and manage tags for custom data identifiers, filter and suppression rules for findings, sensitive data discovery jobs, and, if you're the Macie administrator for an organization, member accounts in your organization. A tag is a label that you optionally define and assign to certain types of AWS resources. | January 12, 2022 |
New content | Added information about using AWS Identity and Access Management to manage access to Macie. | December 20, 2021 |
New feature | When you create a custom data identifier, you can now define severity settings for sensitive data findings that it produces. With these settings, you can specify which severity to assign to a finding based on the number of occurrences of text that match the custom data identifier's detection criteria. | November 4, 2021 |
New functionality | To learn about the different types of findings that Macie provides, you can generate sample findings. Sample findings use example data and placeholder values to demonstrate the kinds of information that Macie might include in each type of finding. | October 28, 2021 |
New functionality | Macie now includes the | October 27, 2021 |
New content | Added information about centrally managing multiple Macie accounts. You can do this in two ways, by integrating Macie with AWS Organizations or by sending membership invitations from Macie. | October 13, 2021 |
New functionality | Your S3 bucket inventory now indicates if a bucket's permissions settings prevent Macie from retrieving information about the bucket or the bucket's objects and evaluating and monitoring the security and privacy of the bucket's data. In addition, we updated references to AWS KMS keys and customer managed keys to reflect current terminology. | October 5, 2021 |
New functionality | Macie now stores policy and sensitive data findings for 90 days instead of 30 days. If Macie created or updated a finding on or after August 31, 2021, you can access the finding for up to 90 days by using the Macie console or the Macie API. In certain AWS Regions, Macie began retaining findings for 90 days as early as September 27, 2021. | October 1, 2021 |
New feature | When you create a sensitive data discovery job, you can now specify which managed data identifiers you want the job to use when it analyzes S3 objects. With this feature, you can tailor a job's analysis to focus on certain types of sensitive data. | September 17, 2021 |
New functionality | Sensitive data findings now provide additional information to help you locate sensitive data in JSON and JSON Lines files. | July 6, 2021 |
Updated functionality | Macie now uses the | June 28, 2021 |
New feature | When you create a sensitive data discovery job, you can now define runtime criteria that determine which S3 buckets the job analyzes. With this feature, the scope of a job's analysis can dynamically adapt to changes to your bucket inventory. | May 15, 2021 |
New functionality | Your S3 bucket inventory and the Summary dashboard now provide encryption metadata and statistics indicating whether bucket policies require server-side encryption of new objects. In addition, you can now perform on-demand refreshes of object metadata for individual buckets in your bucket inventory. | April 30, 2021 |
New feature | You can now use Amazon CloudWatch Logs to monitor and analyze events that occur when you run sensitive data discovery jobs. To support this feature, we added CloudWatch Logs actions to the AWS managed policy for the Macie service-linked role. | April 14, 2021 |
Regional availability | Macie is now available in the AWS Asia Pacific (Osaka) Region. | April 5, 2021 |
New feature | You can now configure Macie to publish sensitive data findings to AWS Security Hub. | March 22, 2021 |
New content | Added information about monitoring and forecasting Macie costs and participating in the free trial. | February 26, 2021 |
Updated content | We replaced the term master account with the term administrator account. An administrator account is used to centrally manage multiple accounts. | February 12, 2021 |
New functionality | You can now refine the scope of sensitive data discovery jobs by using S3 object prefixes in custom include and exclude criteria. | February 2, 2021 |
Updated content | Macie now adheres to the finding type taxonomy of the AWS Security Finding Format (ASFF) when it publishes policy findings to AWS Security Hub. | January 28, 2021 |
New content | Added information about monitoring Amazon S3 data and assessing the security and privacy of that data. | January 8, 2021 |
Regional availability | Macie is now available in the AWS Africa (Cape Town) Region, the AWS Europe (Milan) Region, and the AWS Middle East (Bahrain) Region. | December 21, 2020 |
New functionality | If your account is a Macie administrator account, you can now create and run sensitive data discovery jobs that analyze data for as many as 1,000 buckets spanning as many as 1,000 accounts in your organization. | November 25, 2020 |
New functionality | Your S3 bucket inventory now indicates whether you've configured any one-time or periodic sensitive data discovery jobs to analyze data in a bucket. If you have, it also provides details about the job that ran most recently. | November 23, 2020 |
New content | Added information about filtering findings. | November 12, 2020 |
New functionality | Sensitive data findings now provide additional information to help you locate sensitive data in Apache Avro object containers, Apache Parquet files, and Microsoft Excel workbooks. | November 9, 2020 |
New feature | You can now use sensitive data findings to locate individual occurrences of sensitive data in S3 objects. | October 22, 2020 |
New feature | You can now pause and resume sensitive data discovery jobs. | October 16, 2020 |
New content | Added details about the severity scoring system for policy findings and sensitive data findings. | October 6, 2020 |
New features | You can now view statistics that indicate how much data Macie can analyze in individual S3 buckets when you run a sensitive data discovery job. In addition, you can now view the estimated cost of a job when you create a job. | September 3, 2020 |
New content | Added information about configuring, running, and managing sensitive data discovery jobs. | August 31, 2020 |
New functionality | Managed data identifiers can now detect certain types of personally identifiable information for Brazil. | July 31, 2020 |
Updated content | Added information about the supported syntax for regular expressions in custom data identifiers. | July 30, 2020 |
Updated content | Added keyword requirements for managed data identifiers, and increased the quota for the number of findings that each sensitive data discovery job can produce. | July 17, 2020 |
New content | Added information about using Amazon EventBridge and AWS Security Hub to monitor and process findings. This includes the EventBridge event schema for findings and event examples for policy and sensitive data findings. | June 22, 2020 |
New content | Added information about analyzing and suppressing findings. | June 17, 2020 |
New content | Added instructions for configuring Macie to store detailed discovery results in an S3 bucket. | June 2, 2020 |
New content | Added information about the types of sensitive data that Macie can detect, and encryption requirements for detecting sensitive data in Amazon S3 objects. | May 28, 2020 |
General availability | This is the initial public release of the Amazon Macie User Guide. | May 13, 2020 |
