Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

@datafire/amazonaws_macie2

DataFire1MIT5.0.0

DataFire integration for Amazon Macie 2

readme

@datafire/amazonaws_macie2

Client library for Amazon Macie 2

Installation and Usage

npm install --save @datafire/amazonaws_macie2
let amazonaws_macie2 = require('@datafire/amazonaws_macie2').create({
  accessKeyId: "",
  secretAccessKey: "",
  region: ""
});

.then(data => {
  console.log(data);
});

Description

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automates the discovery of sensitive data, such as PII and intellectual property, to provide you with insight into the data that your organization stores in AWS. Macie also provides an inventory of your Amazon S3 buckets, which it continually monitors for you. If Macie detects sensitive data or potential data access issues, it generates detailed findings for you to review and act upon as necessary.

Actions

ListOrganizationAdminAccounts

amazonaws_macie2.ListOrganizationAdminAccounts({}, context)

Input

  • input object
    • maxResults integer
    • nextToken string

Output

EnableOrganizationAdminAccount

amazonaws_macie2.EnableOrganizationAdminAccount({
  "adminAccountId": ""
}, context)

Input

  • input object
    • adminAccountId required string: The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.
    • clientToken string: A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Output

DisableOrganizationAdminAccount

amazonaws_macie2.DisableOrganizationAdminAccount({
  "adminAccountId": ""
}, context)

Input

  • input object
    • adminAccountId required string

Output

DescribeOrganizationConfiguration

amazonaws_macie2.DescribeOrganizationConfiguration({}, context)

Input

  • input object

Output

UpdateOrganizationConfiguration

amazonaws_macie2.UpdateOrganizationConfiguration({
  "autoEnable": true
}, context)

Input

  • input object
    • autoEnable required boolean: Specifies whether Amazon Macie is enabled automatically for each account, when the account is added to the AWS organization.

Output

GetClassificationExportConfiguration

amazonaws_macie2.GetClassificationExportConfiguration({}, context)

Input

  • input object

Output

PutClassificationExportConfiguration

amazonaws_macie2.PutClassificationExportConfiguration({
  "configuration": {}
}, context)

Input

  • input object
    • configuration required object: Specifies where to store data classification results, and the encryption settings to use when storing results in that location. Currently, you can store classification results only in an S3 bucket.
      • s3Destination
        • bucketName required
        • keyPrefix
        • kmsKeyArn required

Output

CreateCustomDataIdentifier

amazonaws_macie2.CreateCustomDataIdentifier({}, context)

Input

  • input object
    • tags object: A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.
    • clientToken string: A unique, case-sensitive token that you provide to ensure the idempotency of the request.
    • description string:

      A custom description of the custom data identifier. The description can contain as many as 512 characters.

      We strongly recommend that you avoid including any sensitive data in the description of a custom data identifier. Other users of your account might be able to see the identifier's description, depending on the actions that they're allowed to perform in Amazon Macie.

    • ignoreWords array: An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.
    • keywords array: An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
    • maximumMatchDistance integer: The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.
    • name string:

      A custom name for the custom data identifier. The name can contain as many as 128 characters.

      We strongly recommend that you avoid including any sensitive data in the name of a custom data identifier. Other users of your account might be able to see the identifier's name, depending on the actions that they're allowed to perform in Amazon Macie.

    • regex string: The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.

Output

BatchGetCustomDataIdentifiers

amazonaws_macie2.BatchGetCustomDataIdentifiers({}, context)

Input

  • input object
    • ids array: An array of strings that lists the unique identifiers for the custom data identifiers to retrieve information about.

Output

ListCustomDataIdentifiers

amazonaws_macie2.ListCustomDataIdentifiers({}, context)

Input

  • input object
    • maxResults string
    • nextToken string
    • maxResults integer: The maximum number of items to include in each page of the response.
    • nextToken string: The nextToken string that specifies which page of results to return in a paginated response.

Output

TestCustomDataIdentifier

amazonaws_macie2.TestCustomDataIdentifier({
  "regex": "",
  "sampleText": ""
}, context)

Input

  • input object
    • ignoreWords array: An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.
    • keywords array: An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
    • maximumMatchDistance integer: The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.
    • regex required string: The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.
    • sampleText required string: The sample text to inspect by using the custom data identifier. The text can contain as many as 1,000 characters.

Output

DeleteCustomDataIdentifier

amazonaws_macie2.DeleteCustomDataIdentifier({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

GetCustomDataIdentifier

amazonaws_macie2.GetCustomDataIdentifier({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

DescribeBuckets

amazonaws_macie2.DescribeBuckets({}, context)

Input

  • input object
    • maxResults string
    • nextToken string
    • criteria object: Specifies, as a map, one or more attribute-based conditions that filter the results of a query for information about S3 buckets.
    • maxResults integer: The maximum number of items to include in each page of the response. The default value is 50.
    • nextToken string: The nextToken string that specifies which page of results to return in a paginated response.
    • sortCriteria object: Specifies criteria for sorting the results of a query for information about S3 buckets.
      • attributeName
      • orderBy

Output

GetBucketStatistics

amazonaws_macie2.GetBucketStatistics({}, context)

Input

  • input object
    • accountId string: The unique identifier for the AWS account.

Output

ListFindings

amazonaws_macie2.ListFindings({}, context)

Input

  • input object
    • maxResults string
    • nextToken string
    • findingCriteria object: Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
      • criterion
    • maxResults integer: The maximum number of items to include in each page of the response.
    • nextToken string: The nextToken string that specifies which page of results to return in a paginated response.
    • sortCriteria object: Specifies criteria for sorting the results of a request for findings.
      • attributeName
      • orderBy

Output

GetFindings

amazonaws_macie2.GetFindings({
  "findingIds": []
}, context)

Input

  • input object
    • findingIds required array: An array of strings that lists the unique identifiers for the findings to retrieve.
    • sortCriteria object: Specifies criteria for sorting the results of a request for findings.
      • attributeName
      • orderBy

Output

CreateSampleFindings

amazonaws_macie2.CreateSampleFindings({}, context)

Input

  • input object
    • findingTypes array:

      An array that lists one or more types of findings to include in the set of sample findings. Currently, the only supported value is Policy:IAMUser/S3BucketEncryptionDisabled.

Output

GetFindingStatistics

amazonaws_macie2.GetFindingStatistics({
  "groupBy": ""
}, context)

Input

  • input object
    • findingCriteria object: Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
      • criterion
    • groupBy required string (values: resourcesAffected.s3Bucket.name, type, classificationDetails.jobId, severity.description):

      The finding property to use to group the query results. Valid values are:

      • classificationDetails.jobId - The unique identifier for the classification job that produced the finding.

      • resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to.

      • severity.description - The severity level of the finding, such as High or Medium.

      • type - The type of finding, such as Policy:IAMUser/S3BucketPublic and SensitiveData:S3Object/Personal.

    • size integer: The maximum number of items to include in each page of the response.
    • sortCriteria object: Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.
      • attributeName
      • orderBy

Output

ListFindingsFilters

amazonaws_macie2.ListFindingsFilters({}, context)

Input

  • input object
    • maxResults integer
    • nextToken string

Output

CreateFindingsFilter

amazonaws_macie2.CreateFindingsFilter({
  "action": "",
  "findingCriteria": {},
  "name": ""
}, context)

Input

  • input object
    • tags object: A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.
    • action required string (values: ARCHIVE, NOOP): The action to perform on findings that meet the filter criteria. To suppress (automatically archive) findings that meet the criteria, set this value to ARCHIVE. Valid values are:
    • clientToken string: A unique, case-sensitive token that you provide to ensure the idempotency of the request.
    • description string:

      A custom description of the filter. The description can contain as many as 512 characters.

      We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.

    • findingCriteria required object: Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
      • criterion
    • name required string:

      A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.

      We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.

    • position integer: The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

Output

DeleteFindingsFilter

amazonaws_macie2.DeleteFindingsFilter({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

GetFindingsFilter

amazonaws_macie2.GetFindingsFilter({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

UpdateFindingsFilter

amazonaws_macie2.UpdateFindingsFilter({
  "id": ""
}, context)

Input

  • input object
    • id required string
    • action string (values: ARCHIVE, NOOP): The action to perform on findings that meet the filter criteria. To suppress (automatically archive) findings that meet the criteria, set this value to ARCHIVE. Valid values are:
    • description string:

      A custom description of the filter. The description can contain as many as 512 characters.

      We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.

    • findingCriteria object: Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
      • criterion
    • name string:

      A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.

      We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.

    • position integer: The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.

Output

ListInvitations

amazonaws_macie2.ListInvitations({}, context)

Input

  • input object
    • maxResults integer
    • nextToken string

Output

CreateInvitations

amazonaws_macie2.CreateInvitations({
  "accountIds": []
}, context)

Input

  • input object
    • accountIds required array: An array that lists AWS account IDs, one for each account to send the invitation to.
    • disableEmailNotification boolean: Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.
    • message string: A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.

Output

AcceptInvitation

amazonaws_macie2.AcceptInvitation({
  "invitationId": "",
  "masterAccount": ""
}, context)

Input

  • input object
    • invitationId required string: The unique identifier for the invitation to accept.
    • masterAccount required string: The AWS account ID for the account that sent the invitation.

Output

GetInvitationsCount

amazonaws_macie2.GetInvitationsCount({}, context)

Input

  • input object

Output

DeclineInvitations

amazonaws_macie2.DeclineInvitations({
  "accountIds": []
}, context)

Input

  • input object
    • accountIds required array: An array that lists AWS account IDs, one for each account that sent an invitation to decline.

Output

DeleteInvitations

amazonaws_macie2.DeleteInvitations({
  "accountIds": []
}, context)

Input

  • input object
    • accountIds required array: An array that lists AWS account IDs, one for each account that sent an invitation to delete.

Output

CreateClassificationJob

amazonaws_macie2.CreateClassificationJob({
  "clientToken": "",
  "jobType": "",
  "name": "",
  "s3JobDefinition": {}
}, context)

Input

  • input object
    • tags object: A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.
    • clientToken required string: A unique, case-sensitive token that you provide to ensure the idempotency of the request.
    • customDataIdentifierIds array: The custom data identifiers to use for data analysis and classification.
    • description string: A custom description of the job. The description can contain as many as 200 characters.
    • initialRun boolean: Specifies whether to analyze all existing, eligible objects immediately after the job is created.
    • jobType required string (values: ONE_TIME, SCHEDULED): The schedule for running a classification job. Valid values are:
    • name required string: A custom name for the job. The name can contain as many as 500 characters.
    • s3JobDefinition required object: Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis.
    • samplingPercentage integer: The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.
    • scheduleFrequency object: Specifies the recurrence pattern for running a classification job.
      • dailySchedule
      • monthlySchedule
        • dayOfMonth
      • weeklySchedule
        • dayOfWeek

Output

ListClassificationJobs

amazonaws_macie2.ListClassificationJobs({}, context)

Input

  • input object
    • maxResults string
    • nextToken string
    • filterCriteria object: Specifies criteria for filtering the results of a request for information about classification jobs.
    • maxResults integer: The maximum number of items to include in each page of the response.
    • nextToken string: The nextToken string that specifies which page of results to return in a paginated response.
    • sortCriteria object: Specifies criteria for sorting the results of a request for information about classification jobs.
      • attributeName
      • orderBy

Output

DescribeClassificationJob

amazonaws_macie2.DescribeClassificationJob({
  "jobId": ""
}, context)

Input

  • input object
    • jobId required string

Output

UpdateClassificationJob

amazonaws_macie2.UpdateClassificationJob({
  "jobId": "",
  "jobStatus": ""
}, context)

Input

  • input object
    • jobId required string
    • jobStatus required string (values: RUNNING, PAUSED, CANCELLED, COMPLETE, IDLE, USER_PAUSED): The status of a classification job. Possible values are:

Output

DisableMacie

amazonaws_macie2.DisableMacie({}, context)

Input

  • input object

Output

GetMacieSession

amazonaws_macie2.GetMacieSession({}, context)

Input

  • input object

Output

UpdateMacieSession

amazonaws_macie2.UpdateMacieSession({}, context)

Input

  • input object
    • findingPublishingFrequency string (values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS): The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are:
    • status string (values: PAUSED, ENABLED): The status of an Amazon Macie account. Valid values are:

Output

EnableMacie

amazonaws_macie2.EnableMacie({}, context)

Input

  • input object
    • clientToken string: A unique, case-sensitive token that you provide to ensure the idempotency of the request.
    • findingPublishingFrequency string (values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS): The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are:
    • status string (values: PAUSED, ENABLED): The status of an Amazon Macie account. Valid values are:

Output

UpdateMemberSession

amazonaws_macie2.UpdateMemberSession({
  "id": "",
  "status": ""
}, context)

Input

  • input object
    • id required string
    • status required string (values: PAUSED, ENABLED): The status of an Amazon Macie account. Valid values are:

Output

GetMasterAccount

amazonaws_macie2.GetMasterAccount({}, context)

Input

  • input object

Output

DisassociateFromMasterAccount

amazonaws_macie2.DisassociateFromMasterAccount({}, context)

Input

  • input object

Output

ListMembers

amazonaws_macie2.ListMembers({}, context)

Input

  • input object
    • maxResults integer
    • nextToken string
    • onlyAssociated string

Output

CreateMember

amazonaws_macie2.CreateMember({
  "account": {}
}, context)

Input

  • input object
    • tags object: A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.
    • account required object: Specifies details for an account to associate with an Amazon Macie master account.
      • accountId
      • email

Output

DisassociateMember

amazonaws_macie2.DisassociateMember({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

DeleteMember

amazonaws_macie2.DeleteMember({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

GetMember

amazonaws_macie2.GetMember({
  "id": ""
}, context)

Input

  • input object
    • id required string

Output

ListTagsForResource

amazonaws_macie2.ListTagsForResource({
  "resourceArn": ""
}, context)

Input

  • input object
    • resourceArn required string

Output

TagResource

amazonaws_macie2.TagResource({
  "resourceArn": "",
  "tags": {}
}, context)

Input

  • input object
    • resourceArn required string
    • tags required object: A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job, custom data identifier, findings filter, or member account.

Output

Output schema unknown

UntagResource

amazonaws_macie2.UntagResource({
  "resourceArn": "",
  "tagKeys": []
}, context)

Input

  • input object
    • resourceArn required string
    • tagKeys required array

Output

Output schema unknown

GetUsageTotals

amazonaws_macie2.GetUsageTotals({}, context)

Input

  • input object

Output

GetUsageStatistics

amazonaws_macie2.GetUsageStatistics({}, context)

Input

  • input object
    • maxResults string
    • nextToken string
    • filterBy array: An array of objects, one for each condition to use to filter the query results. If the array contains more than one object, Amazon Macie uses an AND operator to join the conditions specified by the objects.
    • maxResults integer: The maximum number of items to include in each page of the response.
    • nextToken string: The nextToken string that specifies which page of results to return in a paginated response.
    • sortBy object: Specifies criteria for sorting the results of a query for account quotas and usage data.
      • key
      • orderBy

Output

Definitions

AcceptInvitationRequest

  • AcceptInvitationRequest object
    • invitationId required
    • masterAccount required

AcceptInvitationResponse

  • AcceptInvitationResponse object

AccessControlList

  • AccessControlList object: Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.
    • allowsPublicReadAccess
    • allowsPublicWriteAccess

AccessDeniedException

AccountDetail

  • AccountDetail object: Specifies details for an account to associate with an Amazon Macie master account.
    • accountId required
    • email required

AccountLevelPermissions

  • AccountLevelPermissions object: Provides information about account-level permissions settings that apply to an S3 bucket.
    • blockPublicAccess
      • blockPublicAcls
      • blockPublicPolicy
      • ignorePublicAcls
      • restrictPublicBuckets

AdminAccount

  • AdminAccount object: Provides information about the delegated Amazon Macie administrator account for an AWS organization.
    • accountId
    • status

AdminStatus

  • AdminStatus string (values: ENABLED, DISABLING_IN_PROGRESS): The current status of an account as the delegated Amazon Macie administrator account for an AWS organization.

ApiCallDetails

  • ApiCallDetails object: Provides information about an API operation that an entity invoked for an affected resource.
    • api
    • apiServiceName
    • firstSeen
    • lastSeen

AssumedRole

  • AssumedRole object: Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the AWS Security Token Service (AWS STS) API.
    • accessKeyId
    • accountId
    • arn
    • principalId
    • sessionContext
      • attributes
        • creationDate
        • mfaAuthenticated
      • sessionIssuer
        • accountId
        • arn
        • principalId
        • type
        • userName

AwsAccount

  • AwsAccount object: Provides information about an AWS account and entity that performed an action on an affected resource. The action was performed using the credentials for an AWS account other than your own account.
    • accountId
    • principalId

AwsService

  • AwsService object: Provides information about an AWS service that performed an action on an affected resource.
    • invokedBy

BatchGetCustomDataIdentifierSummary

  • BatchGetCustomDataIdentifierSummary object: Provides information about a custom data identifier.
    • arn
    • createdAt
    • deleted
    • description
    • id
    • name

BatchGetCustomDataIdentifiersRequest

  • BatchGetCustomDataIdentifiersRequest object

BatchGetCustomDataIdentifiersResponse

BlockPublicAccess

  • BlockPublicAccess object: Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account level or bucket level. For detailed information about each setting, see Using Amazon S3 block public access in the Amazon Simple Storage Service Developer Guide.
    • blockPublicAcls
    • blockPublicPolicy
    • ignorePublicAcls
    • restrictPublicBuckets

BucketCountByEffectivePermission

  • BucketCountByEffectivePermission object: Provides information about the number of S3 buckets that are publicly accessible based on a combination of permissions settings for each bucket.
    • publiclyAccessible
    • publiclyReadable
    • publiclyWritable
    • unknown

BucketCountByEncryptionType

  • BucketCountByEncryptionType object: Provides information about the number of S3 buckets that use certain types of server-side encryption or don't encrypt objects by default.
    • kmsManaged
    • s3Managed
    • unencrypted

BucketCountBySharedAccessType

  • BucketCountBySharedAccessType object: Provides information about the number of S3 buckets that are shared with other AWS accounts.
    • external
    • internal
    • notShared
    • unknown

BucketCriteria

  • BucketCriteria object: Specifies, as a map, one or more attribute-based conditions that filter the results of a query for information about S3 buckets.

BucketCriteriaAdditionalProperties

  • BucketCriteriaAdditionalProperties object: Specifies the operator to use in an attribute-based condition that filters the results of a query for information about S3 buckets.

BucketLevelPermissions

  • BucketLevelPermissions object: Provides information about the bucket-level permissions settings for an S3 bucket.
    • accessControlList
      • allowsPublicReadAccess
      • allowsPublicWriteAccess
    • blockPublicAccess
      • blockPublicAcls
      • blockPublicPolicy
      • ignorePublicAcls
      • restrictPublicBuckets
    • bucketPolicy
      • allowsPublicReadAccess
      • allowsPublicWriteAccess

BucketMetadata

  • BucketMetadata object: Provides information about an S3 bucket that Amazon Macie monitors and analyzes.
    • tags
    • accountId
    • bucketArn
    • bucketCreatedAt
    • bucketName
    • classifiableObjectCount
    • classifiableSizeInBytes
    • jobDetails
      • isDefinedInJob
      • isMonitoredByJob
      • lastJobId
      • lastJobRunTime
    • lastUpdated
    • objectCount
    • objectCountByEncryptionType
      • customerManaged
      • kmsManaged
      • s3Managed
      • unencrypted
    • publicAccess
      • effectivePermission
      • permissionConfiguration
        • accountLevelPermissions
          • blockPublicAccess
            • blockPublicAcls
            • blockPublicPolicy
            • ignorePublicAcls
            • restrictPublicBuckets
        • bucketLevelPermissions
          • accessControlList
            • allowsPublicReadAccess
            • allowsPublicWriteAccess
          • blockPublicAccess
            • blockPublicAcls
            • blockPublicPolicy
            • ignorePublicAcls
            • restrictPublicBuckets
          • bucketPolicy
            • allowsPublicReadAccess
            • allowsPublicWriteAccess
    • region
    • replicationDetails
      • replicated
      • replicatedExternally
      • replicationAccounts
    • sharedAccess
    • sizeInBytes
    • sizeInBytesCompressed
    • unclassifiableObjectCount
      • fileType
      • storageClass
      • total
    • unclassifiableObjectSizeInBytes
      • fileType
      • storageClass
      • total
    • versioning

BucketPermissionConfiguration

  • BucketPermissionConfiguration object: Provides information about the account-level and bucket-level permissions settings for an S3 bucket.
    • accountLevelPermissions
      • blockPublicAccess
        • blockPublicAcls
        • blockPublicPolicy
        • ignorePublicAcls
        • restrictPublicBuckets
    • bucketLevelPermissions
      • accessControlList
        • allowsPublicReadAccess
        • allowsPublicWriteAccess
      • blockPublicAccess
        • blockPublicAcls
        • blockPublicPolicy
        • ignorePublicAcls
        • restrictPublicBuckets
      • bucketPolicy
        • allowsPublicReadAccess
        • allowsPublicWriteAccess

BucketPolicy

  • BucketPolicy object: Provides information about the permissions settings of a bucket policy for an S3 bucket.
    • allowsPublicReadAccess
    • allowsPublicWriteAccess

BucketPublicAccess

  • BucketPublicAccess object: Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.
    • effectivePermission
    • permissionConfiguration
      • accountLevelPermissions
        • blockPublicAccess
          • blockPublicAcls
          • blockPublicPolicy
          • ignorePublicAcls
          • restrictPublicBuckets
      • bucketLevelPermissions
        • accessControlList
          • allowsPublicReadAccess
          • allowsPublicWriteAccess
        • blockPublicAccess
          • blockPublicAcls
          • blockPublicPolicy
          • ignorePublicAcls
          • restrictPublicBuckets
        • bucketPolicy
          • allowsPublicReadAccess
          • allowsPublicWriteAccess

BucketSortCriteria

  • BucketSortCriteria object: Specifies criteria for sorting the results of a query for information about S3 buckets.
    • attributeName
    • orderBy

Cell

  • Cell object: Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
    • cellReference
    • column
    • columnName
    • row

Cells

  • Cells array: Specifies the location of occurrences of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.

ClassificationDetails

  • ClassificationDetails object: Provides information about a sensitive data finding, including the classification job that produced the finding.
    • detailedResultsLocation
    • jobArn
    • jobId
    • result
      • additionalOccurrences
      • customDataIdentifiers
      • mimeType
      • sensitiveData
      • sizeClassified
      • status
        • code
        • reason

ClassificationExportConfiguration

  • ClassificationExportConfiguration object: Specifies where to store data classification results, and the encryption settings to use when storing results in that location. Currently, you can store classification results only in an S3 bucket.
    • s3Destination
      • bucketName required
      • keyPrefix
      • kmsKeyArn required

ClassificationResult

  • ClassificationResult object: Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.
    • additionalOccurrences
    • customDataIdentifiers
    • mimeType
    • sensitiveData
    • sizeClassified
    • status
      • code
      • reason

ClassificationResultStatus

  • ClassificationResultStatus object: Provides information about the status of a sensitive data finding.
    • code
    • reason

ConflictException

CreateClassificationJobRequest

  • CreateClassificationJobRequest object
    • tags
    • clientToken required
    • customDataIdentifierIds
    • description
    • initialRun
    • jobType required
    • name required
    • s3JobDefinition required
    • samplingPercentage
    • scheduleFrequency
      • dailySchedule
      • monthlySchedule
        • dayOfMonth
      • weeklySchedule
        • dayOfWeek

CreateClassificationJobResponse

  • CreateClassificationJobResponse object
    • jobArn
    • jobId

CreateCustomDataIdentifierRequest

  • CreateCustomDataIdentifierRequest object
    • tags
    • clientToken
    • description
    • ignoreWords
    • keywords
    • maximumMatchDistance
    • name
    • regex

CreateCustomDataIdentifierResponse

  • CreateCustomDataIdentifierResponse object
    • customDataIdentifierId

CreateFindingsFilterRequest

  • CreateFindingsFilterRequest object
    • tags
    • action required
    • clientToken
    • description
    • findingCriteria required
      • criterion
    • name required
    • position

CreateFindingsFilterResponse

  • CreateFindingsFilterResponse object
    • arn
    • id

CreateInvitationsRequest

  • CreateInvitationsRequest object
    • accountIds required
    • disableEmailNotification
    • message

CreateInvitationsResponse

CreateMemberRequest

  • CreateMemberRequest object
    • tags
    • account required
      • accountId required
      • email required

CreateMemberResponse

  • CreateMemberResponse object
    • arn

CreateSampleFindingsRequest

  • CreateSampleFindingsRequest object

CreateSampleFindingsResponse

  • CreateSampleFindingsResponse object

Criterion

  • Criterion object: Specifies a condition that defines a property, operator, and value to use to filter the results of a query for findings.

CriterionAdditionalProperties

  • CriterionAdditionalProperties object: Specifies the operator to use in a property-based condition that filters the results of a query for findings.

Currency

  • Currency string (values: USD): The type of currency that data for a usage metric is reported in. Possible values are:

CustomDataIdentifierSummary

  • CustomDataIdentifierSummary object: Provides information about a custom data identifier.
    • arn
    • createdAt
    • description
    • id
    • name

CustomDataIdentifiers

  • CustomDataIdentifiers object: Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.

CustomDetection

  • CustomDetection object: Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.
    • arn
    • count
    • name
    • occurrences

CustomDetections

  • CustomDetections array: Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that each identifier detected.

DailySchedule

  • DailySchedule object: Specifies that a classification job runs once a day, every day. This is an empty object.

DayOfWeek

  • DayOfWeek string (values: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY)

DeclineInvitationsRequest

  • DeclineInvitationsRequest object

DeclineInvitationsResponse

DefaultDetection

  • DefaultDetection object: Provides information about a type of sensitive data that was detected by managed data identifiers and produced a sensitive data finding.
    • count
    • occurrences
    • type

DefaultDetections

  • DefaultDetections array: Provides information about sensitive data that was detected by managed data identifiers and produced a sensitive data finding, and the number of occurrences of each type of sensitive data that was detected.

DeleteCustomDataIdentifierRequest

  • DeleteCustomDataIdentifierRequest object

DeleteCustomDataIdentifierResponse

  • DeleteCustomDataIdentifierResponse object

DeleteFindingsFilterRequest

  • DeleteFindingsFilterRequest object

DeleteFindingsFilterResponse

  • DeleteFindingsFilterResponse object

DeleteInvitationsRequest

  • DeleteInvitationsRequest object

DeleteInvitationsResponse

DeleteMemberRequest

  • DeleteMemberRequest object

DeleteMemberResponse

  • DeleteMemberResponse object

DescribeBucketsRequest

  • DescribeBucketsRequest object
    • criteria
    • maxResults
    • nextToken
    • sortCriteria
      • attributeName
      • orderBy

DescribeBucketsResponse

  • DescribeBucketsResponse object

DescribeClassificationJobRequest

  • DescribeClassificationJobRequest object

DescribeClassificationJobResponse

  • DescribeClassificationJobResponse object
    • tags
    • clientToken
    • createdAt
    • customDataIdentifierIds
    • description
    • initialRun
    • jobArn
    • jobId
    • jobStatus
    • jobType
    • lastRunErrorStatus
      • code
    • lastRunTime
    • name
    • s3JobDefinition
    • samplingPercentage
    • scheduleFrequency
      • dailySchedule
      • monthlySchedule
        • dayOfMonth
      • weeklySchedule
        • dayOfWeek
    • statistics
      • approximateNumberOfObjectsToProcess
      • numberOfRuns
    • userPausedDetails
      • jobExpiresAt
      • jobImminentExpirationHealthEventArn
      • jobPausedAt

DescribeOrganizationConfigurationRequest

  • DescribeOrganizationConfigurationRequest object

DescribeOrganizationConfigurationResponse

  • DescribeOrganizationConfigurationResponse object
    • autoEnable
    • maxAccountLimitReached

DisableMacieRequest

  • DisableMacieRequest object

DisableMacieResponse

  • DisableMacieResponse object

DisableOrganizationAdminAccountRequest

  • DisableOrganizationAdminAccountRequest object

DisableOrganizationAdminAccountResponse

  • DisableOrganizationAdminAccountResponse object

DisassociateFromMasterAccountRequest

  • DisassociateFromMasterAccountRequest object

DisassociateFromMasterAccountResponse

  • DisassociateFromMasterAccountResponse object

DisassociateMemberRequest

  • DisassociateMemberRequest object

DisassociateMemberResponse

  • DisassociateMemberResponse object

DomainDetails

  • DomainDetails object: Provides information about the domain name of the device that an entity used to perform an action on an affected resource.
    • domainName

EffectivePermission

  • EffectivePermission string (values: PUBLIC, NOT_PUBLIC, UNKNOWN)

EnableMacieRequest

  • EnableMacieRequest object
    • clientToken
    • findingPublishingFrequency
    • status

EnableMacieResponse

  • EnableMacieResponse object

EnableOrganizationAdminAccountRequest

  • EnableOrganizationAdminAccountRequest object
    • adminAccountId required
    • clientToken

EnableOrganizationAdminAccountResponse

  • EnableOrganizationAdminAccountResponse object

EncryptionType

  • EncryptionType string (values: NONE, AES256, aws:kms, UNKNOWN): The type of server-side encryption that's used to encrypt an S3 object or objects in an S3 bucket. Valid values are:

ErrorCode

  • ErrorCode string (values: ClientError, InternalError): The source of an error, issue, or delay. Possible values are:

FederatedUser

  • FederatedUser object: Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the AWS Security Token Service (AWS STS) API.
    • accessKeyId
    • accountId
    • arn
    • principalId
    • sessionContext
      • attributes
        • creationDate
        • mfaAuthenticated
      • sessionIssuer
        • accountId
        • arn
        • principalId
        • type
        • userName

Finding

  • Finding object: Provides the details of a finding.
    • accountId
    • archived
    • category
    • classificationDetails
      • detailedResultsLocation
      • jobArn
      • jobId
      • result
        • additionalOccurrences
        • customDataIdentifiers
        • mimeType
        • sensitiveData
        • sizeClassified
        • status
          • code
          • reason
    • count
    • createdAt
    • description
    • id
    • partition
    • policyDetails
      • action
        • actionType
        • apiCallDetails
          • api
          • apiServiceName
          • firstSeen
          • lastSeen
      • actor
        • domainDetails
          • domainName
        • ipAddressDetails
          • ipAddressV4
          • ipCity
            • name
          • ipCountry
            • code
            • name
          • ipGeoLocation
            • lat
            • lon
          • ipOwner
            • asn
            • asnOrg
            • isp
            • org
        • userIdentity
          • assumedRole
            • accessKeyId
            • accountId
            • arn
            • principalId
            • sessionContext
          • awsAccount
            • accountId
            • principalId
          • awsService
            • invokedBy
          • federatedUser
            • accessKeyId
            • accountId
            • arn
            • principalId
            • sessionContext
          • iamUser
            • accountId
            • arn
            • principalId
            • userName
          • root
            • accountId
            • arn
            • principalId
          • type
    • region
    • resourcesAffected
      • s3Bucket
        • tags
        • arn
        • createdAt
        • defaultServerSideEncryption
          • encryptionType
          • kmsMasterKeyId
        • name
        • owner
          • displayName
          • id
        • publicAccess
          • effectivePermission
          • permissionConfiguration
            • accountLevelPermissions
            • bucketLevelPermissions
      • s3Object
        • tags
        • bucketArn
        • eTag
        • extension
        • key
        • lastModified
        • path
        • publicAccess
        • serverSideEncryption
          • encryptionType
          • kmsMasterKeyId
        • size
        • storageClass
        • versionId
    • sample
    • schemaVersion
    • severity
      • description
      • score
    • title
    • type
    • updatedAt

FindingAction

  • FindingAction object: Provides information about an action that occurred for a resource and produced a policy finding.
    • actionType
    • apiCallDetails
      • api
      • apiServiceName
      • firstSeen
      • lastSeen

FindingActionType

  • FindingActionType string (values: AWS_API_CALL): The type of action that occurred for the resource and produced the policy finding:

FindingActor

  • FindingActor object: Provides information about an entity that performed an action that produced a policy finding for a resource.
    • domainDetails
      • domainName
    • ipAddressDetails
      • ipAddressV4
      • ipCity
        • name
      • ipCountry
        • code
        • name
      • ipGeoLocation
        • lat
        • lon
      • ipOwner
        • asn
        • asnOrg
        • isp
        • org
    • userIdentity
      • assumedRole
        • accessKeyId
        • accountId
        • arn
        • principalId
        • sessionContext
          • attributes
            • creationDate
            • mfaAuthenticated
          • sessionIssuer
            • accountId
            • arn
            • principalId
            • type
            • userName
      • awsAccount
        • accountId
        • principalId
      • awsService
        • invokedBy
      • federatedUser
        • accessKeyId
        • accountId
        • arn
        • principalId
        • sessionContext
          • attributes
            • creationDate
            • mfaAuthenticated
          • sessionIssuer
            • accountId
            • arn
            • principalId
            • type
            • userName
      • iamUser
        • accountId
        • arn
        • principalId
        • userName
      • root
        • accountId
        • arn
        • principalId
      • type

FindingCategory

  • FindingCategory string (values: CLASSIFICATION, POLICY): The category of the finding. Valid values are:

FindingCriteria

  • FindingCriteria object: Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.
    • criterion

FindingPublishingFrequency

  • FindingPublishingFrequency string (values: FIFTEEN_MINUTES, ONE_HOUR, SIX_HOURS): The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are:

FindingStatisticsSortAttributeName

  • FindingStatisticsSortAttributeName string (values: groupKey, count): The grouping to sort the results by. Valid values are:

FindingStatisticsSortCriteria

  • FindingStatisticsSortCriteria object: Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.
    • attributeName
    • orderBy

FindingType

  • FindingType string (values: SensitiveData:S3Object/Multiple, SensitiveData:S3Object/Financial, SensitiveData:S3Object/Personal, SensitiveData:S3Object/Credentials, SensitiveData:S3Object/CustomIdentifier, Policy:IAMUser/S3BucketPublic, Policy:IAMUser/S3BucketSharedExternally, Policy:IAMUser/S3BucketReplicatedExternally, Policy:IAMUser/S3BucketEncryptionDisabled, Policy:IAMUser/S3BlockPublicAccessDisabled): The type of finding. For details about each type, see Types of Amazon Macie findings in the Amazon Macie User Guide. Valid values are:

FindingsFilterAction

  • FindingsFilterAction string (values: ARCHIVE, NOOP): The action to perform on findings that meet the filter criteria. To suppress (automatically archive) findings that meet the criteria, set this value to ARCHIVE. Valid values are:

FindingsFilterListItem

  • FindingsFilterListItem object: Provides information about a findings filter.
    • tags
    • action
    • arn
    • id
    • name

GetBucketStatisticsRequest

  • GetBucketStatisticsRequest object
    • accountId

GetBucketStatisticsResponse

  • GetBucketStatisticsResponse object
    • bucketCount
    • bucketCountByEffectivePermission
      • publiclyAccessible
      • publiclyReadable
      • publiclyWritable
      • unknown
    • bucketCountByEncryptionType
      • kmsManaged
      • s3Managed
      • unencrypted
    • bucketCountBySharedAccessType
      • external
      • internal
      • notShared
      • unknown
    • classifiableObjectCount
    • classifiableSizeInBytes
    • lastUpdated
    • objectCount
    • sizeInBytes
    • sizeInBytesCompressed
    • unclassifiableObjectCount
      • fileType
      • storageClass
      • total
    • unclassifiableObjectSizeInBytes
      • fileType
      • storageClass
      • total

GetClassificationExportConfigurationRequest

  • GetClassificationExportConfigurationRequest object

GetClassificationExportConfigurationResponse

  • GetClassificationExportConfigurationResponse object
    • configuration
      • s3Destination
        • bucketName required
        • keyPrefix
        • kmsKeyArn required

GetCustomDataIdentifierRequest

  • GetCustomDataIdentifierRequest object

GetCustomDataIdentifierResponse

  • GetCustomDataIdentifierResponse object
    • tags
    • arn
    • createdAt
    • deleted
    • description
    • id
    • ignoreWords
    • keywords
    • maximumMatchDistance
    • name
    • regex

GetFindingStatisticsRequest

  • GetFindingStatisticsRequest object
    • findingCriteria
      • criterion
    • groupBy required
    • size
    • sortCriteria
      • attributeName
      • orderBy

GetFindingStatisticsResponse

  • GetFindingStatisticsResponse object

GetFindingsFilterRequest

  • GetFindingsFilterRequest object

GetFindingsFilterResponse

  • GetFindingsFilterResponse object
    • tags
    • action
    • arn
    • description
    • findingCriteria
      • criterion
    • id
    • name
    • position

GetFindingsRequest

  • GetFindingsRequest object
    • findingIds required
    • sortCriteria
      • attributeName
      • orderBy

GetFindingsResponse

  • GetFindingsResponse object

GetInvitationsCountRequest

  • GetInvitationsCountRequest object

GetInvitationsCountResponse

  • GetInvitationsCountResponse object
    • invitationsCount

GetMacieSessionRequest

  • GetMacieSessionRequest object

GetMacieSessionResponse

  • GetMacieSessionResponse object
    • createdAt
    • findingPublishingFrequency
    • serviceRole
    • status
    • updatedAt

GetMasterAccountRequest

  • GetMasterAccountRequest object

GetMasterAccountResponse

  • GetMasterAccountResponse object
    • master
      • accountId
      • invitationId
      • invitedAt
      • relationshipStatus

GetMemberRequest

  • GetMemberRequest object

GetMemberResponse

  • GetMemberResponse object
    • tags
    • accountId
    • arn
    • email
    • invitedAt
    • masterAccountId
    • relationshipStatus
    • updatedAt

GetUsageStatisticsRequest

  • GetUsageStatisticsRequest object

GetUsageStatisticsResponse

  • GetUsageStatisticsResponse object

GetUsageTotalsRequest

  • GetUsageTotalsRequest object

GetUsageTotalsResponse

  • GetUsageTotalsResponse object

GroupBy

  • GroupBy string (values: resourcesAffected.s3Bucket.name, type, classificationDetails.jobId, severity.description)

GroupCount

  • GroupCount object: Provides a group of results for a query that retrieved aggregated statistical data about findings.
    • count
    • groupKey

IamUser

  • IamUser object: Provides information about an AWS Identity and Access Management (IAM) user who performed an action on an affected resource.
    • accountId
    • arn
    • principalId
    • userName

InternalServerException

Invitation

  • Invitation object: Provides information about an Amazon Macie membership invitation that was received by an account.
    • accountId
    • invitationId
    • invitedAt
    • relationshipStatus

IpAddressDetails

  • IpAddressDetails object: Provides information about the IP address of the device that an entity used to perform an action on an affected resource.
    • ipAddressV4
    • ipCity
      • name
    • ipCountry
      • code
      • name
    • ipGeoLocation
      • lat
      • lon
    • ipOwner
      • asn
      • asnOrg
      • isp
      • org

IpCity

  • IpCity object: Provides information about the city that an IP address originated from.
    • name

IpCountry

  • IpCountry object: Provides information about the country that an IP address originated from.
    • code
    • name

IpGeoLocation

  • IpGeoLocation object: Provides geographic coordinates that indicate where a specified IP address originated from.
    • lat
    • lon

IpOwner

  • IpOwner object: Provides information about the registered owner of an IP address.
    • asn
    • asnOrg
    • isp
    • org

IsDefinedInJob

  • IsDefinedInJob string (values: TRUE, FALSE, UNKNOWN)

IsMonitoredByJob

  • IsMonitoredByJob string (values: TRUE, FALSE, UNKNOWN)

JobComparator

  • JobComparator string (values: EQ, GT, GTE, LT, LTE, NE, CONTAINS): The operator to use in a condition. Valid values are:

JobDetails

  • JobDetails object: Specifies whether any one-time or recurring classification jobs are configured to analyze data in an S3 bucket, and, if so, the details of the job that ran most recently.
    • isDefinedInJob
    • isMonitoredByJob
    • lastJobId
    • lastJobRunTime

JobScheduleFrequency

  • JobScheduleFrequency object: Specifies the recurrence pattern for running a classification job.
    • dailySchedule
    • monthlySchedule
      • dayOfMonth
    • weeklySchedule
      • dayOfWeek

JobScopeTerm

  • JobScopeTerm object: Specifies a property- or tag-based condition that defines criteria for including or excluding objects from a classification job.
    • simpleScopeTerm
    • tagScopeTerm

JobScopingBlock

  • JobScopingBlock object: Specifies one or more property- and tag-based conditions that define criteria for including or excluding objects from a classification job. If you specify more than one condition, Amazon Macie uses an AND operator to join the conditions.

JobStatus

  • JobStatus string (values: RUNNING, PAUSED, CANCELLED, COMPLETE, IDLE, USER_PAUSED): The status of a classification job. Possible values are:

JobSummary

  • JobSummary object: Provides information about a classification job, including the current status of the job.
    • bucketDefinitions
    • createdAt
    • jobId
    • jobStatus
    • jobType
    • lastRunErrorStatus
      • code
    • name
    • userPausedDetails
      • jobExpiresAt
      • jobImminentExpirationHealthEventArn
      • jobPausedAt

JobType

  • JobType string (values: ONE_TIME, SCHEDULED): The schedule for running a classification job. Valid values are:

KeyValuePair

  • KeyValuePair object: Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
    • key
    • value

KeyValuePairList

  • KeyValuePairList array: Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

LastRunErrorStatus

  • LastRunErrorStatus object: Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For example, the job is configured to analyze data for a member account that was suspended, or the job is configured to analyze an S3 bucket that Amazon Macie isn't allowed to access.
    • code

LastRunErrorStatusCode

  • LastRunErrorStatusCode string (values: NONE, ERROR): Specifies whether any account- or bucket-level access errors occurred during the run of a one-time classification job or the most recent run of a recurring classification job. Possible values are:

ListClassificationJobsRequest

ListClassificationJobsResponse

  • ListClassificationJobsResponse object

ListCustomDataIdentifiersRequest

  • ListCustomDataIdentifiersRequest object
    • maxResults
    • nextToken

ListCustomDataIdentifiersResponse

  • ListCustomDataIdentifiersResponse object
    • items
      • items