Amazon Macie- The Amazing Service

This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.

Amazon Macie is a fully managed security service which continuously monitors the data in AWS environment based on content type, file type, regular expression etc. set by IT administrator. It uses machine learning to discover, classify, and protect sensitive information in AWS. It provides dashboards and alerts by which an administrator knows how the data is being accessed. It can also discover and report the occurrence of certain important files like .pem key in an S3 Bucket, or a publicly accessible S3 Bucket. Currently, Macie is available for S3, in a few AWS Regions.

About Experiment

I have intentionally enabled public access to an S3 Bucket. I have copied .pem files to some of the S3 buckets. I expect Macie to Identify both of these activities.

Configuration

Configuring Macie is an easy process, log in to AWS Web Console and access the Amazon Macie service.

  • Enable Macie from the console
  • Select the required S3 Buckets
  • Review the activities from Macie Dashboard

Enable Macie from the console

  1. Enable Macie is a one-click process. Select the AWS Region. Make sure that S3 Buckets you want to evaluate also belongs to the same AWS Region.

Select the required S3 buckets

2) Create a few S3 bucket and upload .pem(unused) files. Also, make at least one S3 bucket with public access.

3) In the Amazon Macie console, Click INTEGRATIONS and then SELECT. In the next window, click ADD and select the required S3 buckets.

4) Review and move to the next screen, click START CLASSIFICATION. Once it is done you are ready for testing it from the dashboard

Review the activities from Macie Dashboard

5) Click The Dashboard to get an overview of the activities.

6) Click ALERTS to see alerts with priorities and descriptions. You can see that one of the S3 buckets is world read/writable.

7) To see more detailed information click RESEARCH. You can see that .pem file is detected by Macie.

8) You can set own criteria from the setting page (Optional) for your next experiment.

Conclusion

Amazon Macie can discover and alert the undesired activities in the AWS environment. We know how useful Macie is the in production environment to secure data. We have been able to detect some of the anomalies in the S3 bucket with the help of Amazon Macie.

Related Readings