AWS, AWS S3, Internet of Things (IoT)

3 Mins Read

Amazon Macie: Detect objects in S3 consisting of ‘Aadhar Card’ information

Amazon Macie: An overview 

Amazon Macie is a service available in the AWS cloud that can detect sensitive information like Personal Identifiable Information (PII), Credit card numbers, account names, and credentials present within your objects in S3 buckets. This is useful when organizations are using shared object storages accessible for all employees within the organization to store their documents in a central repository, and your organization’s security policy states that none of the objects within these buckets should consist of any sensitive information or PII.  

What are Managed Identifiers and Custom Identifiers?

Managed Identifiers: Managed identifiers are pre-defined identifiers by AWS like driving license number, credit card number, address, name, and many more.  

Custom Identifiers: Customers create custom identifiers based on the matching pattern and keyword required. Users can specify the Regex pattern, nearby keywords, keywords to exclude, and the maximum value distance from defined keywords.

Learn from industry certified experts and become a certified AWS professional without leaving your current job.

  • AWS Authorized Instructor led Sessions
  • AWS Official Curriculum
Enroll Now

Creating a custom identifier to detect Aadhar card number

Now that you know about custom identifiers, let’s create a custom identifier to detect the ‘Aadhar Card’ number.  

 In the AWS console, search and open the Macie console. In the Amazon Macie console à on the left pane, click Custom Identifiers, à Click Create, and then do the configurations shown in the image below à. Click Submit.  

Creating an Amazon Macie job

Now create a job to scan the S3 buckets using Amazon Macie to find any bucket with objects consisting of Aadhar Card number. We will use the custom identifier created above.  

Steps for creating a Job in Macie- 

In Amazon Macie console, on the left pane, click on Get Started à Under Analyze Buckets option, Click Create Job à Click Select specific buckets option and select the buckets you want to scan for Aadhar card information à Click Next à On Review buckets page, Click Next à On Refine the Scope page, Click One-time job, expand Additional Settings, in that under Object Criteria window in the text box type txt (the type of file extensions you want to scan, in my example it is a text file), Click Include and then Click Next à On Manage Identifiers page, Click None and Click Next à On Custom Identifier page, select the custom identifier created earlier (ex- AadharNUmber) and Click Next à On Allow List page Click Next à Provide the name for this Job (ex-‘FindAadharInfoObjects’) and Click Next à Review the configurations and end of page, select the option Override this requirement. I understand that Macie will retain discovery results from this job for only 90 days and Click Submit. 

Once the scanning is completed and if the Amazon Macie can find any object with the Aadhar card number mentioned in it, it will display it in the findings as shown below. (TestMacie.txt file consists of the Aadhar card number in it)  

Conclusion

If you want to detect any object stored in S3 with sensitive data mentioned in it, then according to your requirements, you can define custom identifiers and scan the objects to find the same information within the objects. Thus, custom identifiers in Amazon Macie give users the advantage of defining the sensitive information relevant to their organization or countries’ data privacy policies.  

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a cloud-agnostic organization. We are AWS Advanced Consulting Partner, Microsoft Gold Partner, Training partner, Google Cloud Partner, VMware Training Reseller, empowering organizations and professionals with cloud skills. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.   

FAQs

1. What are Findings?

ANS: – When you create a job with Amazon Macie, it scans the objects within the selected S3 buckets for sensitive information matching the managed and custom identifiers. If any matching information is found in the object, then a finding is generated by Amazon Macie.  

2. Can Macie scan S3 buckets on a scheduled basis?

ANS: – Yes, the buckets can be scanned by Amazon Macie on a scheduled basis also, like daily, weekly, monthly, and yearly. You have this option available while creating the Amazon Macie Job.  

WRITTEN BY Abhijit Dilip Powar

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!