Amazon Macie was launched in the summer of 2017, much to the delight of cloud security engineers. Amazon Macie is a powerful security and compliance service that provides an automatic method to detect, identify, and classify data within your AWS account. Macie currently supports Amazon S3 storage, however additional support for other storage systems will be developed and added over time. Backed by machine learning, Macie can actively review your data as different actions are taken within your AWS account. Machine learning spots access patterns and analyzes user behaviour using CloudTrail event data to alert against any unusual or irregular activity. Any findings are presented within a dashboard which can trigger alerts allowing you to quickly resolve any potential threat of exposure or compromise to your data.
This course will dive into all elements of the service, discussing its many different features and customizable elements allowing you to gain the maximum potential of its ability.
Learning Objectives
By the end of this course you will be able to:
- Provide an understanding and awareness of what Amazon Macie is and what it’s used for
- Provide an explanation of each configurable component of the service to allow you to gain maximum benefit from Macie’s capabilities
- Understand how the service can provide a customizable approach to maintaining compliance
- Understand how through automation and machine learning Amazon Mazie detects and categorizes S3 content to detect potential security threats and exposures
Intended Audience
The content of this course is centered around security and compliance. As a result, this course is beneficial to those who are in the roles or their equivalent of:
- Cloud Security Architects
- Compliance Managers
- Cloud Administrators
- Cloud Support & Operations
Prerequisites
As a prerequisite of this course you should have an understanding and awareness of:
- Amazon S3
- AWS CloudTrail
Resources Referenced
Lecture Transcript
Hello and welcome to this very quick lecture where I want to demonstrate how you can use a single AWS Master account to gather data for multiple AWS accounts that you may have, to gain a full understanding of your business risk value based on everything that I've discussed so far. To do this, I shall perform a quick demonstration to explain how to complete this process.
OK so, to carry out this demonstration, I'm going to need two AWS accounts. I'm going to need a Master account, and also a second account that'll be used as a Member account. And what I'll do, I'll add the Member account to the Master account, then all the dashboard findings will be sent through to the Master account rather than having to view Macie across all your different AWS accounts.
So I've logged into one of my AWS accounts, and this is going to be my Member account. Now the first step I need to do, is run a cloud formation stack. Now this cloud formation stack is provided by AWS, and it is different from the cloud formation stack that you first use to enable Macie, because that was to enable Macie as your Master account, whereas here, we want to enable Macie as a Member account. These stacks can be found on the following webpage, and I'll also put a link to them within the transcripts as well.
So I'm going to run the cloud formation template for the Virginia region. Now again it's very simple on this select template screen. All I need to do is go across to Next. I'll leave the stack name as MacieServiceRolesMembers, and here I need to enter the Master account. So my Master account number is as follows, once I've put that Master account number in, I can then click on Next. Now here I can change a number of options if I need to, but I'm just going to leave all these as the default, then click on Next. And then at the Review screen, we just need to acknowledge the fact that AWS cloud formation might create IAM resources with custom names. So that's just a simple checkbox, and then you scroll down, and go across to Create.
This will then go ahead and run the cloud formation stack. Just refresh the page there. We can see here the stack name is the MacieServiceRolesMembers stack, and it's currently in progress. OK, now that's complete, what I'll do, I'll go across to my other AWS account, which will be my Master account. I then open up Amazon Macie and I'll add this Member account into my Macie console on my Master.
OK, so I'm now in my Master account, so if I go across to Amazon Macie. And then on the left hand side, if I go down to Integrations. And on the Accounts page here, we can see currently that we don't have any Member AWS accounts. So, to add the account we click on the Plus across this side, enter the Account ID. Now that's the Account ID of the Member account where we'd just run the account formation script. Then click on Add Accounts. And then we can see that it's now been approved. So if we click on Close, and we can check our Member AWS account section here, we can now see that, that account is now a Member account, and up here is our Master account, which is the account that I'm currently logged into. So if you have multiple AWS accounts, you'll have one as your Master account, where you set it up and enable it using the cloud formation script that we discussed earlier in this course, and if you need to add Member accounts, then you need to use a different cloud formation script, which will configure that Macie account as a Member account. And once you have those Member accounts configured, you then go to your Master account and simply add them here.
That brings me to the end of this lecture. Coming up next will be a summary of all the key points taken from the previous lectures.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.