Amazon Macie: Detect objects in S3 consisting of 'Aadhar Card' information

Amazon Macie: An overview

Amazon Macie is a service available in the AWS cloud that can detect sensitive information like Personal Identifiable Information (PII), Credit card numbers, account names, and credentials present within your objects in S3 buckets. This is useful when organizations are using shared object storages accessible for all employees within the organization to store their documents in a central repository, and your organization’s security policy states that none of the objects within these buckets should consist of any sensitive information or PII.

Transform Your Career with AWS Certifications

Advanced Skills
AWS Official Curriculum
10+ Hand-on Labs

Enroll Now

What are Managed Identifiers and Custom Identifiers?

Managed Identifiers: Managed identifiers are pre-defined identifiers by AWS like driving license number, credit card number, address, name, and many more.

Custom Identifiers: Customers create custom identifiers based on the matching pattern and keyword required. Users can specify the Regex pattern, nearby keywords, keywords to exclude, and the maximum value distance from defined keywords.

Creating a custom identifier to detect Aadhar card number

Now that you know about custom identifiers, let’s create a custom identifier to detect the ‘Aadhar Card’ number.

In the AWS console, search and open the Macie console. In the Amazon Macie console à on the left pane, click Custom Identifiers, à Click Create, and then do the configurations shown in the image below à. Click Submit.

Creating an Amazon Macie job

Now create a job to scan the S3 buckets using Amazon Macie to find any bucket with objects consisting of Aadhar Card number. We will use the custom identifier created above.

Steps for creating a Job in Macie-

In Amazon Macie console, on the left pane, click on Get Started à Under Analyze Buckets option, Click Create Job à Click Select specific buckets option and select the buckets you want to scan for Aadhar card information à Click Next à On Review buckets page, Click Next à On Refine the Scope page, Click One-time job, expand Additional Settings, in that under Object Criteria window in the text box type txt (the type of file extensions you want to scan, in my example it is a text file), Click Include and then Click Next à On Manage Identifiers page, Click None and Click Next à On Custom Identifier page, select the custom identifier created earlier (ex- AadharNUmber) and Click Next à On Allow List page Click Next à Provide the name for this Job (ex-‘FindAadharInfoObjects’) and Click Next à Review the configurations and end of page, select the option ‘Override this requirement. I understand that Macie will retain discovery results from this job for only 90 days‘ and Click Submit.

Once the scanning is completed and if the Amazon Macie can find any object with the Aadhar card number mentioned in it, it will display it in the findings as shown below. (TestMacie.txt file consists of the Aadhar card number in it)

Conclusion

If you want to detect any object stored in S3 with sensitive data mentioned in it, then according to your requirements, you can define custom identifiers and scan the objects to find the same information within the objects. Thus, custom identifiers in Amazon Macie give users the advantage of defining the sensitive information relevant to their organization or countries’ data privacy policies.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

Cloud Training
Customized Training
Experiential Learning

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. What are Findings?

ANS: – When you create a job with Amazon Macie, it scans the objects within the selected S3 buckets for sensitive information matching the managed and custom identifiers. If any matching information is found in the object, then a finding is generated by Amazon Macie.

2. Can Macie scan S3 buckets on a scheduled basis?

ANS: – Yes, the buckets can be scanned by Amazon Macie on a scheduled basis also, like daily, weekly, monthly, and yearly. You have this option available while creating the Amazon Macie Job.