Now that the environment is setup you need to complete the setup of Amazon Macie. When Amazon Macie runs a data discovery job, it creates a discovery result record for each Amazon S3 object that the job analyzes or attempts to analyze. This includes objects that don’t contain sensitive data, and therefore don’t produce a finding, and objects that Macie isn’t able to analyze due to issues such as permissions errors or use of an unsupported format. If an object does contain sensitive data, the record indicates where Macie found each occurrence of sensitive data in the object: the line number for text files; the page number for Adobe Portable Document Format (PDF) files; or, the record number for Apache Avro object containers and Apache Parquet files.
To access these records and enable long-term storage and retention of them, you can configure Macie to store the records in an S3 bucket and encrypt them using an AWS Key Management Service (AWS KMS) key. If you do this, Macie starts writing your discovery results to JSON Lines files, which it adds to the S3 bucket as GNU Zip (GZ) files. Consequently, the S3 bucket can serve as a definitive, long-term repository for all of your discovery results. If you don’t configure this type of repository for your discovery results, Macie stores the results for 90 days.
You should see a green banner indicating “Success”. If you see a red banner with an error message, please double check that you have selected the correct S3 bucket and KMS key.
You will now setup Amazon Macie to forward all data and policy findings to AWS Security Hub.
You are now setup for the workshop!