Configuration to enable Amazon Macie in an AWS Account. Amazon Macie is used to discover, monitor, and help protect sensitive data in Amazon S3 Buckets.

This template creates an AWS Macie Allow List resource that uses a regular expression to specify a text pattern to ignore. The allow list is designed to ignore specific email addresses for the example.com domain. It has a name, description, and tags for identification.

This template creates an AWS Macie Allow List resource that specifies a list of predefined text to ignore. The allow list is designed to ignore specific phone numbers for a company named Example Corp. The list is stored in an Amazon S3 object and the object is stored in an S3 bucket. It has a name, description, and tags for identification.

This template creates a custom data identifier for Amazon Macie. The custom data identifier detects six-digit character sequences that are in proximity of certain keywords. It excludes matches that are specified in the IgnoreWords array.

This template creates an AWS Macie Findings Filter resource. The findings filter suppresses (automatically archives) findings for AWS resources that are owned by a specific account.

This template creates an AWS Macie session. It enables Macie for the account and configures it to publish updated policy findings every hour.

A CloudWatch Event Rule that triggers on Amazon Macie findings. The Event Rule can be used to trigger notifications or remediative actions using AWS Lambda.

This SCP prevents users or roles in any affected account from disabling Amazon Macie, deleting member accounts or disassociating an account from a master Macie account.