Automated Sensitive Data Discovery - Accounts
The Accounts resource for automated sensitive data discovery provides access to the status of automated sensitive data discovery for accounts that are centrally managed as an organization in Amazon Macie. If you're the Macie administrator for an organization, you can use this resource to check or change the status of automated sensitive data discovery for individual accounts in your organization. If you have a member account, you can use this resource to check the status of automated sensitive data discovery for your account. Contact your Macie administrator if you want to change the status.
If you're a Macie administrator, start by enabling automated sensitive data discovery for your organization. To enable it for your organization, use the Configuration resource for automated sensitive data discovery. By using that resource, you can also enable it automatically for all existing accounts and new member accounts, only new member accounts, or no accounts. After you enable it for your organization, you can manage the status of automated sensitive data discovery for individual accounts in your organization.
If automated sensitive data discovery is enabled for an account in an organization, Macie analyzes the account's Amazon Simple Storage Service (Amazon S3) data by using the configuration settings specified by the Macie administrator account for the organization:
-
Classification scope - This specifies S3 buckets to exclude from the analyses. To exclude particular buckets that an account owns, add the buckets to the classification scope for the administrator account.
-
Sensitivity inspection template - This specifies which allow lists, custom data identifiers, and managed data identifiers to use when analyzing data. To customize the analyses, update the sensitivity inspection template for the administrator account.
As the analyses progress, Macie produces records of the sensitive data that it finds and the analysis that it performs: sensitive data findings, which report sensitive data that Macie finds in individual S3 objects, and sensitive data discovery results, which log details about the analysis of individual S3 objects. Macie also updates statistics, inventory data, and other information that it provides about Amazon S3 data. For more information, see Performing automated sensitive data discovery in the Amazon Macie User Guide.
As a Macie administrator, you can disable automated sensitive data discovery for an account at any time. If you disable it, Macie stops analyzing the account's Amazon S3 data. Instead of disabling it for an account completely, consider excluding only particular S3 buckets that the account owns. If you exclude a bucket, existing sensitive data discovery statistics and details for the bucket persist. For example, the bucket's current sensitivity score remains unchanged. However, Macie skips the bucket when it subsequently performs automated sensitive data discovery for the account. If you exclude a bucket, you can include it again later. To exclude or include a bucket, update the classification scope for your administrator account.
If you're the Macie administrator for an organization, you can use the Accounts resource to check or change the status of automated sensitive data discovery for individual accounts in your organization. If you have a member account, you can use this resource to check the status of automated sensitive data discovery for your account.
URI
/automated-discovery/accounts
HTTP methods
GET
Operation ID: ListAutomatedDiscoveryAccounts
Retrieves the status of automated sensitive data discovery for one or more accounts.
Name | Type | Required | Description |
---|---|---|---|
nextToken | String | False | The |
accountIds | String | False | The AWS account ID for each account, for as many as 50 accounts. To retrieve the status for multiple accounts, append the
|
maxResults | String | False | The maximum number of items to include in each page of a paginated response. |
Status code | Response model | Description |
---|---|---|
200 | ListAutomatedDiscoveryAccountsResponse | The request succeeded. |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
404 | ResourceNotFoundException | The request failed because the specified resource wasn't found. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
PATCH
Operation ID: BatchUpdateAutomatedDiscoveryAccounts
Changes the status of automated sensitive data discovery for one or more accounts.
Status code | Response model | Description |
---|---|---|
200 | BatchUpdateAutomatedDiscoveryAccountsResponse | The request succeeded. However, the update might have failed for one or more accounts. |
400 | ValidationException | The request failed because the input doesn't satisfy the constraints specified by the service. |
403 | AccessDeniedException | The request was denied because you don't have sufficient access to the specified resource. |
409 | ConflictException | The request failed because it conflicts with the current state of the specified resource. |
429 | ThrottlingException | The request failed because you sent too many requests during a certain amount of time. |
500 | InternalServerException | The request failed due to an unknown internal server error, exception, or failure. |
Schemas
Request bodies
Response bodies
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
{ "message": "string" }
Properties
AccessDeniedException
Provides information about an error that occurred due to insufficient access to a specified resource.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
AutomatedDiscoveryAccount
Provides information about the status of automated sensitive data discovery for an Amazon Macie account.
Property | Type | Required | Description |
---|---|---|---|
accountId | string | False | The AWS account ID for the account. |
status | False | The current status of automated sensitive data discovery for the account. Possible values are: |
AutomatedDiscoveryAccountStatus
The status of automated sensitive data discovery for an Amazon Macie account. Valid values are:
ENABLED
DISABLED
AutomatedDiscoveryAccountUpdate
Changes the status of automated sensitive data discovery for an Amazon Macie account.
Property | Type | Required | Description |
---|---|---|---|
accountId | string | False | The AWS account ID for the account. |
status | False | The new status of automated sensitive data discovery for the account. Valid values are: |
AutomatedDiscoveryAccountUpdateError
Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.
Property | Type | Required | Description |
---|---|---|---|
accountId | string | False | The AWS account ID for the account that the request applied to. |
errorCode | False | The error code for the error that caused the request to fail for the account ( |
AutomatedDiscoveryAccountUpdateErrorCode
The error code that indicates why a request failed to change the status of automated sensitive data discovery for an Amazon Macie account. Possible values are:
ACCOUNT_PAUSED
ACCOUNT_NOT_FOUND
BatchUpdateAutomatedDiscoveryAccountsRequest
Changes the status of automated sensitive data discovery for one or more Amazon Macie accounts.
Property | Type | Required | Description |
---|---|---|---|
accounts | Array of type AutomatedDiscoveryAccountUpdate | False | An array of objects, one for each account to change the status of automated sensitive data discovery for. Each object specifies the AWS account ID for an account and a new status for that account. |
BatchUpdateAutomatedDiscoveryAccountsResponse
Provides the results of a request to change the status of automated sensitive data discovery for one or more Amazon Macie accounts.
Property | Type | Required | Description |
---|---|---|---|
errors | Array of type AutomatedDiscoveryAccountUpdateError | False | An array of objects, one for each account whose status wasn’t changed. Each object identifies the account and explains why the status of automated sensitive data discovery wasn’t changed for the account. This value is null if the request succeeded for all specified accounts. |
ConflictException
Provides information about an error that occurred due to a versioning conflict for a specified resource.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
InternalServerException
Provides information about an error that occurred due to an unknown internal server error, exception, or failure.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ListAutomatedDiscoveryAccountsResponse
Provides information about the status of automated sensitive data discovery for one or more Amazon Macie accounts.
Property | Type | Required | Description |
---|---|---|---|
items | Array of type AutomatedDiscoveryAccount | False | An array of objects, one for each account specified in the request. Each object specifies the AWS account ID for an account and the current status of automated sensitive data discovery for that account. |
nextToken | string | False | The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages. |
ResourceNotFoundException
Provides information about an error that occurred because a specified resource wasn't found.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ThrottlingException
Provides information about an error that occurred because too many requests were sent during a certain amount of time.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
Property | Type | Required | Description |
---|---|---|---|
message | string | False | The explanation of the error that occurred. |
See also
For more information about using this API in one of the language-specific AWS SDKs and references, see the following: