Amazon Macie: Detect objects in S3 consisting of 'Aadhar Card' information

Amazon Macie: An overview

Amazon Macie is a service available in the AWS cloud that can detect sensitive information like Personal Identifiable Information (PII), Credit card numbers, account names, and credentials present within your objects in S3 buckets. This is useful when organizations are using shared object storages accessible for all employees within the organization to store their documents in a central repository, and your organization’s security policy states that none of the objects within these buckets should consist of any sensitive information or PII.

Transform Your Career with AWS Certifications

Advanced Skills
AWS Official Curriculum
10+ Hand-on Labs

Enroll Now

What are Managed Identifiers and Custom Identifiers?

Managed Identifiers: Managed identifiers are pre-defined identifiers by AWS like driving license number, credit card number, address, name, and many more.

Custom Identifiers: Customers create custom identifiers based on the matching pattern and keyword required. Users can specify the Regex pattern, nearby keywords, keywords to exclude, and the maximum value distance from defined keywords.

Creating a custom identifier to detect Aadhar card number

Now that you know about custom identifiers, let’s create a custom identifier to detect the ‘Aadhar Card’ number.

In the AWS console, search and open the Macie console. In the Amazon Macie console à on the left pane, click Custom Identifiers, à Click Create, and then do the configurations shown in the image below à. Click Submit.

Creating an Amazon Macie job

Now create a job to scan the S3 buckets using Amazon Macie to find any bucket with objects consisting of Aadhar Card number. We will use the custom identifier created above.

Steps for creating a Job in Macie-

In Amazon Macie console, on the left pane, click on Get Started à Under Analyze Buckets option, Click Create Job à Click Select specific buckets option and select the buckets you want to scan for Aadhar card information à Click Next à On Review buckets page, Click Next à On Refine the Scope page, Click One-time job, expand Additional Settings, in that under Object Criteria window in the text box type txt (the type of file extensions you want to scan, in my example it is a text file), Click Include and then Click Next à On Manage Identifiers page, Click None and Click Next à On Custom Identifier page, select the custom identifier created earlier (ex- AadharNUmber) and Click Next à On Allow List page Click Next à Provide the name for this Job (ex-‘FindAadharInfoObjects’) and Click Next à Review the configurations and end of page, select the option ‘Override this requirement. I understand that Macie will retain discovery results from this job for only 90 days‘ and Click Submit.

Once the scanning is completed and if the Amazon Macie can find any object with the Aadhar card number mentioned in it, it will display it in the findings as shown below. (TestMacie.txt file consists of the Aadhar card number in it)

Conclusion

If you want to detect any object stored in S3 with sensitive data mentioned in it, then according to your requirements, you can define custom identifiers and scan the objects to find the same information within the objects. Thus, custom identifiers in Amazon Macie give users the advantage of defining the sensitive information relevant to their organization or countries’ data privacy policies.

Freedom Month Sale — Discounts That Set You Free!

Up to 80% OFF AWS Courses
Up to 30% OFF Microsoft Certs

Act Fast!

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. What are Findings?

ANS: – When you create a job with Amazon Macie, it scans the objects within the selected S3 buckets for sensitive information matching the managed and custom identifiers. If any matching information is found in the object, then a finding is generated by Amazon Macie.

2. Can Macie scan S3 buckets on a scheduled basis?

ANS: – Yes, the buckets can be scanned by Amazon Macie on a scheduled basis also, like daily, weekly, monthly, and yearly. You have this option available while creating the Amazon Macie Job.