AWS, AWS S3, Internet of Things (IoT)

3 Mins Read

Amazon Macie: Detect objects in S3 consisting of ‘Aadhar Card’ information

Voiced by Amazon Polly

Amazon Macie: An overview 

Amazon Macie is a service available in the AWS cloud that can detect sensitive information like Personal Identifiable Information (PII), Credit card numbers, account names, and credentials present within your objects in S3 buckets. This is useful when organizations are using shared object storages accessible for all employees within the organization to store their documents in a central repository, and your organization’s security policy states that none of the objects within these buckets should consist of any sensitive information or PII.  

Transform Your Career with AWS Certifications

  • Advanced Skills
  • AWS Official Curriculum
  • 10+ Hand-on Labs
Enroll Now

What are Managed Identifiers and Custom Identifiers?

Managed Identifiers: Managed identifiers are pre-defined identifiers by AWS like driving license number, credit card number, address, name, and many more.  

Custom Identifiers: Customers create custom identifiers based on the matching pattern and keyword required. Users can specify the Regex pattern, nearby keywords, keywords to exclude, and the maximum value distance from defined keywords.

Creating a custom identifier to detect Aadhar card number

Now that you know about custom identifiers, let’s create a custom identifier to detect the ‘Aadhar Card’ number.  

 In the AWS console, search and open the Macie console. In the Amazon Macie console à on the left pane, click Custom Identifiers, à Click Create, and then do the configurations shown in the image below à. Click Submit.  

Creating an Amazon Macie job

Now create a job to scan the S3 buckets using Amazon Macie to find any bucket with objects consisting of Aadhar Card number. We will use the custom identifier created above.  

Steps for creating a Job in Macie- 

In Amazon Macie console, on the left pane, click on Get Started à Under Analyze Buckets option, Click Create Job à Click Select specific buckets option and select the buckets you want to scan for Aadhar card information à Click Next à On Review buckets page, Click Next à On Refine the Scope page, Click One-time job, expand Additional Settings, in that under Object Criteria window in the text box type txt (the type of file extensions you want to scan, in my example it is a text file), Click Include and then Click Next à On Manage Identifiers page, Click None and Click Next à On Custom Identifier page, select the custom identifier created earlier (ex- AadharNUmber) and Click Next à On Allow List page Click Next à Provide the name for this Job (ex-‘FindAadharInfoObjects’) and Click Next à Review the configurations and end of page, select the option Override this requirement. I understand that Macie will retain discovery results from this job for only 90 days and Click Submit. 

Once the scanning is completed and if the Amazon Macie can find any object with the Aadhar card number mentioned in it, it will display it in the findings as shown below. (TestMacie.txt file consists of the Aadhar card number in it)  

Conclusion

If you want to detect any object stored in S3 with sensitive data mentioned in it, then according to your requirements, you can define custom identifiers and scan the objects to find the same information within the objects. Thus, custom identifiers in Amazon Macie give users the advantage of defining the sensitive information relevant to their organization or countries’ data privacy policies.  

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. What are Findings?

ANS: – When you create a job with Amazon Macie, it scans the objects within the selected S3 buckets for sensitive information matching the managed and custom identifiers. If any matching information is found in the object, then a finding is generated by Amazon Macie.  

2. Can Macie scan S3 buckets on a scheduled basis?

ANS: – Yes, the buckets can be scanned by Amazon Macie on a scheduled basis also, like daily, weekly, monthly, and yearly. You have this option available while creating the Amazon Macie Job.  

WRITTEN BY Abhijit Dilip Powar

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!