Finish Macie setup

Configure Amazon Macie to export findings to an S3 Bucket

Now that the environment is setup you need to complete the setup of Amazon Macie. When Amazon Macie runs a data discovery job, it creates a discovery result record for each Amazon S3 object that the job analyzes or attempts to analyze. This includes objects that don’t contain sensitive data, and therefore don’t produce a finding, and objects that Macie isn’t able to analyze due to issues such as permissions errors or use of an unsupported format. If an object does contain sensitive data, the record indicates where Macie found each occurrence of sensitive data in the object: the line number for text files; the page number for Adobe Portable Document Format (PDF) files; or, the record number for Apache Avro object containers and Apache Parquet files.

To access these records and enable long-term storage and retention of them, you can configure Macie to store the records in an S3 bucket and encrypt them using an AWS Key Management Service (AWS KMS) key. If you do this, Macie starts writing your discovery results to JSON Lines files, which it adds to the S3 bucket as GNU Zip (GZ) files. Consequently, the S3 bucket can serve as a definitive, long-term repository for all of your discovery results. If you don’t configure this type of repository for your discovery results, Macie stores the results for 90 days.

  1. Go to the Amazon Macie console.
  2. Click on Discovery Results in the left hand menu.
  3. Click on the Configure Now option under the section Respository for sensitive data discovery results.

Repository for sensitive data discovery results

  1. Select the Existing Bucket option
  2. Using the dropdown called Choose Bucket select the bucket named macieworkshop-env-setup-resultsbucket-<randomstring>.
  3. Under the KMS encryption section select the option Select a key from your account
  4. Using the KMS key alias dropdown select the KMS key called MacieWorkshop-Env-Setup-results-bucket-encryption-key.
  5. Your setup should resemble to image below.

Respository for discovery results setup

  1. Click Save to continue.

You should see a green banner indicating “Success”. If you see a red banner with an error message, please double check that you have selected the correct S3 bucket and KMS key.

Configure Amazon Macie to forward all findings to Security Hub

You will now setup Amazon Macie to forward all data and policy findings to AWS Security Hub.

  1. Go to the Amazon Macie console.
  2. Click on [Settings] (https://console.aws.amazon.com/macie/home#/settings) in the left hand menu.
  3. Find the panel called Publication fo findings.
  4. Make sure the check box for Publish policy findings to: Security Hub is checked.
  5. Check the box for Publish sensitive data findings to: Security Hub.

Publication of findings

You are now setup for the workshop!