2024/01/16 - Amazon Macie 2 - 2 updated api methods
Changes This release adds support for analyzing Amazon S3 objects that are encrypted using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). It also adds support for reporting DSSE-KMS details in statistics and metadata about encryption settings for S3 buckets and objects.
{'buckets': {'serverSideEncryption': {'type': {'aws:kms:dsse'}}}}
Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes for an account.
See also: AWS API Documentation
Request Syntax
client.describe_buckets( criteria={ 'string': { 'eq': [ 'string', ], 'gt': 123, 'gte': 123, 'lt': 123, 'lte': 123, 'neq': [ 'string', ], 'prefix': 'string' } }, maxResults=123, nextToken='string', sortCriteria={ 'attributeName': 'string', 'orderBy': 'ASC'|'DESC' } )
dict
The criteria to use to filter the query results.
(string) --
(dict) --
Specifies the operator to use in a property-based condition that filters the results of a query for information about S3 buckets.
eq (list) --
The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.
(string) --
gt (integer) --
The value for the property is greater than the specified value.
gte (integer) --
The value for the property is greater than or equal to the specified value.
lt (integer) --
The value for the property is less than the specified value.
lte (integer) --
The value for the property is less than or equal to the specified value.
neq (list) --
The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.
(string) --
prefix (string) --
The name of the bucket begins with the specified value.
integer
The maximum number of items to include in each page of the response. The default value is 50.
string
The nextToken string that specifies which page of results to return in a paginated response.
dict
The criteria to use to sort the query results.
attributeName (string) --
The name of the bucket property to sort the results by. This value can be one of the following properties that Amazon Macie defines as bucket metadata: accountId, bucketName, classifiableObjectCount, classifiableSizeInBytes, objectCount, sensitivityScore, or sizeInBytes.
orderBy (string) --
The sort order to apply to the results, based on the value specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{ 'buckets': [ { 'accountId': 'string', 'allowsUnencryptedObjectUploads': 'TRUE'|'FALSE'|'UNKNOWN', 'bucketArn': 'string', 'bucketCreatedAt': datetime(2015, 1, 1), 'bucketName': 'string', 'classifiableObjectCount': 123, 'classifiableSizeInBytes': 123, 'errorCode': 'ACCESS_DENIED', 'errorMessage': 'string', 'jobDetails': { 'isDefinedInJob': 'TRUE'|'FALSE'|'UNKNOWN', 'isMonitoredByJob': 'TRUE'|'FALSE'|'UNKNOWN', 'lastJobId': 'string', 'lastJobRunTime': datetime(2015, 1, 1) }, 'lastAutomatedDiscoveryTime': datetime(2015, 1, 1), 'lastUpdated': datetime(2015, 1, 1), 'objectCount': 123, 'objectCountByEncryptionType': { 'customerManaged': 123, 'kmsManaged': 123, 's3Managed': 123, 'unencrypted': 123, 'unknown': 123 }, 'publicAccess': { 'effectivePermission': 'PUBLIC'|'NOT_PUBLIC'|'UNKNOWN', 'permissionConfiguration': { 'accountLevelPermissions': { 'blockPublicAccess': { 'blockPublicAcls': True|False, 'blockPublicPolicy': True|False, 'ignorePublicAcls': True|False, 'restrictPublicBuckets': True|False } }, 'bucketLevelPermissions': { 'accessControlList': { 'allowsPublicReadAccess': True|False, 'allowsPublicWriteAccess': True|False }, 'blockPublicAccess': { 'blockPublicAcls': True|False, 'blockPublicPolicy': True|False, 'ignorePublicAcls': True|False, 'restrictPublicBuckets': True|False }, 'bucketPolicy': { 'allowsPublicReadAccess': True|False, 'allowsPublicWriteAccess': True|False } } } }, 'region': 'string', 'replicationDetails': { 'replicated': True|False, 'replicatedExternally': True|False, 'replicationAccounts': [ 'string', ] }, 'sensitivityScore': 123, 'serverSideEncryption': { 'kmsMasterKeyId': 'string', 'type': 'NONE'|'AES256'|'aws:kms'|'aws:kms:dsse' }, 'sharedAccess': 'EXTERNAL'|'INTERNAL'|'NOT_SHARED'|'UNKNOWN', 'sizeInBytes': 123, 'sizeInBytesCompressed': 123, 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'unclassifiableObjectCount': { 'fileType': 123, 'storageClass': 123, 'total': 123 }, 'unclassifiableObjectSizeInBytes': { 'fileType': 123, 'storageClass': 123, 'total': 123 }, 'versioning': True|False }, ], 'nextToken': 'string' }
Response Structure
(dict) --
The request succeeded.
buckets (list) --
An array of objects, one for each bucket that matches the filter criteria specified in the request.
(dict) --
Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide .
If an error occurs when Macie attempts to retrieve and process metadata from Amazon S3 for the bucket or the bucket's objects, the value for the versioning property is false and the value for most other properties is null. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of the error, refer to the errorCode and errorMessage values.
accountId (string) --
The unique identifier for the Amazon Web Services account that owns the bucket.
allowsUnencryptedObjectUploads (string) --
Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are:
FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header.
TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header.
UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects.
Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
bucketArn (string) --
The Amazon Resource Name (ARN) of the bucket.
bucketCreatedAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket.
bucketName (string) --
The name of the bucket.
classifiableObjectCount (integer) --
The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.
classifiableSizeInBytes (integer) --
The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.
If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
errorCode (string) --
The error code for an error that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. If this value is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. If this value is null, Macie was able to retrieve and process the information.
errorMessage (string) --
A brief description of the error (errorCode) that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. This value is null if Macie was able to retrieve and process the information.
jobDetails (dict) --
Specifies whether any one-time or recurring classification jobs are configured to analyze data in the bucket, and, if so, the details of the job that ran most recently.
isDefinedInJob (string) --
Specifies whether any one-time or recurring jobs are configured to analyze data in the bucket. Possible values are:
TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more jobs and at least one of those jobs has a status other than CANCELLED. Or the bucket matched the bucket criteria (S3BucketCriteriaForJob) for at least one job that previously ran.
FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any jobs, all the jobs that explicitly include the bucket in their bucket definitions have a status of CANCELLED, or the bucket didn't match the bucket criteria (S3BucketCriteriaForJob) for any jobs that previously ran.
UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
isMonitoredByJob (string) --
Specifies whether any recurring jobs are configured to analyze data in the bucket. Possible values are:
TRUE - The bucket is explicitly included in the bucket definition (S3BucketDefinitionForJob) for one or more recurring jobs or the bucket matches the bucket criteria (S3BucketCriteriaForJob) for one or more recurring jobs. At least one of those jobs has a status other than CANCELLED.
FALSE - The bucket isn't explicitly included in the bucket definition (S3BucketDefinitionForJob) for any recurring jobs, the bucket doesn't match the bucket criteria (S3BucketCriteriaForJob) for any recurring jobs, or all the recurring jobs that are configured to analyze data in the bucket have a status of CANCELLED.
UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
lastJobId (string) --
The unique identifier for the job that ran most recently and is configured to analyze data in the bucket, either the latest run of a recurring job or the only run of a one-time job.
This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
lastJobRunTime (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the job (lastJobId) started. If the job is a recurring job, this value indicates when the most recent run started.
This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
lastAutomatedDiscoveryTime (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.
lastUpdated (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved bucket or object metadata from Amazon S3 for the bucket.
objectCount (integer) --
The total number of objects in the bucket.
objectCountByEncryptionType (dict) --
The total number of objects in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
customerManaged (integer) --
The total number of objects that are encrypted with customer-provided keys. The objects use server-side encryption with customer-provided keys (SSE-C).
kmsManaged (integer) --
The total number of objects that are encrypted with KMS keys, either Amazon Web Services managed keys or customer managed keys. The objects use dual-layer server-side encryption or server-side encryption with KMS keys (DSSE-KMS or SSE-KMS).
s3Managed (integer) --
The total number of objects that are encrypted with Amazon S3 managed keys. The objects use server-side encryption with Amazon S3 managed keys (SSE-S3).
unencrypted (integer) --
The total number of objects that use client-side encryption or aren't encrypted.
unknown (integer) --
The total number of objects that Amazon Macie doesn't have current encryption metadata for. Macie can't provide current data about the encryption settings for these objects.
publicAccess (dict) --
Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket, and provides information about those settings.
effectivePermission (string) --
Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are:
NOT_PUBLIC - The bucket isn't publicly accessible.
PUBLIC - The bucket is publicly accessible.
UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
permissionConfiguration (dict) --
The account-level and bucket-level permissions settings for the bucket.
accountLevelPermissions (dict) --
The account-level permissions settings that apply to the bucket.
blockPublicAccess (dict) --
The block public access settings for the Amazon Web Services account that owns the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketLevelPermissions (dict) --
The bucket-level permissions settings for the bucket.
accessControlList (dict) --
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the ACL grants the general public with read access permissions for the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the ACL grants the general public with write access permissions for the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketPolicy (dict) --
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the bucket policy allows the general public to have read access to the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the bucket policy allows the general public to have write access to the bucket.
region (string) --
The Amazon Web Services Region that hosts the bucket.
replicationDetails (dict) --
Specifies whether the bucket is configured to replicate one or more objects to buckets for other Amazon Web Services accounts and, if so, which accounts.
replicated (boolean) --
Specifies whether the bucket is configured to replicate one or more objects to any destination.
replicatedExternally (boolean) --
Specifies whether the bucket is configured to replicate one or more objects to a bucket for an Amazon Web Services account that isn't part of your Amazon Macie organization. An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
replicationAccounts (list) --
An array of Amazon Web Services account IDs, one for each Amazon Web Services account that owns a bucket that the bucket is configured to replicate one or more objects to.
(string) --
sensitivityScore (integer) --
The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.
serverSideEncryption (dict) --
The default server-side encryption settings for the bucket.
kmsMasterKeyId (string) --
The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used by default to encrypt objects that are added to the bucket. This value is null if the bucket is configured to use an Amazon S3 managed key to encrypt new objects.
type (string) --
The server-side encryption algorithm that's used by default to encrypt objects that are added to the bucket. Possible values are:
AES256 - New objects use SSE-S3 encryption. They're encrypted with an Amazon S3 managed key.
aws:kms - New objects use SSE-KMS encryption. They're encrypted with an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer managed key.
aws:kms:dsse - New objects use DSSE-KMS encryption. They're encrypted with an KMS key (kmsMasterKeyId), either an Amazon Web Services managed key or a customer managed key.
NONE - The bucket's default encryption settings don't specify server-side encryption behavior for new objects.
sharedAccess (string) --
Specifies whether the bucket is shared with another Amazon Web Services account, an Amazon CloudFront origin access identity (OAI), or a CloudFront origin access control (OAC). Possible values are:
EXTERNAL - The bucket is shared with one or more of the following or any combination of the following: a CloudFront OAI, a CloudFront OAC, or an Amazon Web Services account that isn't part of your Amazon Macie organization.
INTERNAL - The bucket is shared with one or more Amazon Web Services accounts that are part of your Amazon Macie organization. It isn't shared with a CloudFront OAI or OAC.
NOT_SHARED - The bucket isn't shared with another Amazon Web Services account, a CloudFront OAI, or a CloudFront OAC.
UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
sizeInBytes (integer) --
The total storage size, in bytes, of the bucket.
If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each object in the bucket. This value doesn't reflect the storage size of all versions of each object in the bucket.
sizeInBytesCompressed (integer) --
The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the bucket.
If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.
tags (list) --
An array that specifies the tags (keys and values) that are associated with the bucket.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be an empty string.
unclassifiableObjectCount (dict) --
The total number of objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects don't have a file name extension for a supported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class or don't have a file name extension for a supported file or storage format.
unclassifiableObjectSizeInBytes (dict) --
The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. These objects don't use a supported storage class or don't have a file name extension for a supported file or storage format.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects don't have a file name extension for a supported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class or don't have a file name extension for a supported file or storage format.
versioning (boolean) --
Specifies whether versioning is enabled for the bucket.
nextToken (string) --
The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
{'findings': {'resourcesAffected': {'s3Bucket': {'defaultServerSideEncryption': {'encryptionType': {'aws:kms:dsse'}}}, 's3Object': {'serverSideEncryption': {'encryptionType': {'aws:kms:dsse'}}}}}}
Retrieves the details of one or more findings.
See also: AWS API Documentation
Request Syntax
client.get_findings( findingIds=[ 'string', ], sortCriteria={ 'attributeName': 'string', 'orderBy': 'ASC'|'DESC' } )
list
[REQUIRED]
An array of strings that lists the unique identifiers for the findings to retrieve. You can specify as many as 50 unique identifiers in this array.
(string) --
dict
The criteria for sorting the results of the request.
attributeName (string) --
The name of the property to sort the results by. Valid values are: count, createdAt, policyDetails.action.apiCallDetails.firstSeen, policyDetails.action.apiCallDetails.lastSeen, resourcesAffected, severity.score, type, and updatedAt.
orderBy (string) --
The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{ 'findings': [ { 'accountId': 'string', 'archived': True|False, 'category': 'CLASSIFICATION'|'POLICY', 'classificationDetails': { 'detailedResultsLocation': 'string', 'jobArn': 'string', 'jobId': 'string', 'originType': 'SENSITIVE_DATA_DISCOVERY_JOB'|'AUTOMATED_SENSITIVE_DATA_DISCOVERY', 'result': { 'additionalOccurrences': True|False, 'customDataIdentifiers': { 'detections': [ { 'arn': 'string', 'count': 123, 'name': 'string', 'occurrences': { 'cells': [ { 'cellReference': 'string', 'column': 123, 'columnName': 'string', 'row': 123 }, ], 'lineRanges': [ { 'end': 123, 'start': 123, 'startColumn': 123 }, ], 'offsetRanges': [ { 'end': 123, 'start': 123, 'startColumn': 123 }, ], 'pages': [ { 'lineRange': { 'end': 123, 'start': 123, 'startColumn': 123 }, 'offsetRange': { 'end': 123, 'start': 123, 'startColumn': 123 }, 'pageNumber': 123 }, ], 'records': [ { 'jsonPath': 'string', 'recordIndex': 123 }, ] } }, ], 'totalCount': 123 }, 'mimeType': 'string', 'sensitiveData': [ { 'category': 'FINANCIAL_INFORMATION'|'PERSONAL_INFORMATION'|'CREDENTIALS'|'CUSTOM_IDENTIFIER', 'detections': [ { 'count': 123, 'occurrences': { 'cells': [ { 'cellReference': 'string', 'column': 123, 'columnName': 'string', 'row': 123 }, ], 'lineRanges': [ { 'end': 123, 'start': 123, 'startColumn': 123 }, ], 'offsetRanges': [ { 'end': 123, 'start': 123, 'startColumn': 123 }, ], 'pages': [ { 'lineRange': { 'end': 123, 'start': 123, 'startColumn': 123 }, 'offsetRange': { 'end': 123, 'start': 123, 'startColumn': 123 }, 'pageNumber': 123 }, ], 'records': [ { 'jsonPath': 'string', 'recordIndex': 123 }, ] }, 'type': 'string' }, ], 'totalCount': 123 }, ], 'sizeClassified': 123, 'status': { 'code': 'string', 'reason': 'string' } } }, 'count': 123, 'createdAt': datetime(2015, 1, 1), 'description': 'string', 'id': 'string', 'partition': 'string', 'policyDetails': { 'action': { 'actionType': 'AWS_API_CALL', 'apiCallDetails': { 'api': 'string', 'apiServiceName': 'string', 'firstSeen': datetime(2015, 1, 1), 'lastSeen': datetime(2015, 1, 1) } }, 'actor': { 'domainDetails': { 'domainName': 'string' }, 'ipAddressDetails': { 'ipAddressV4': 'string', 'ipCity': { 'name': 'string' }, 'ipCountry': { 'code': 'string', 'name': 'string' }, 'ipGeoLocation': { 'lat': 123.0, 'lon': 123.0 }, 'ipOwner': { 'asn': 'string', 'asnOrg': 'string', 'isp': 'string', 'org': 'string' } }, 'userIdentity': { 'assumedRole': { 'accessKeyId': 'string', 'accountId': 'string', 'arn': 'string', 'principalId': 'string', 'sessionContext': { 'attributes': { 'creationDate': datetime(2015, 1, 1), 'mfaAuthenticated': True|False }, 'sessionIssuer': { 'accountId': 'string', 'arn': 'string', 'principalId': 'string', 'type': 'string', 'userName': 'string' } } }, 'awsAccount': { 'accountId': 'string', 'principalId': 'string' }, 'awsService': { 'invokedBy': 'string' }, 'federatedUser': { 'accessKeyId': 'string', 'accountId': 'string', 'arn': 'string', 'principalId': 'string', 'sessionContext': { 'attributes': { 'creationDate': datetime(2015, 1, 1), 'mfaAuthenticated': True|False }, 'sessionIssuer': { 'accountId': 'string', 'arn': 'string', 'principalId': 'string', 'type': 'string', 'userName': 'string' } } }, 'iamUser': { 'accountId': 'string', 'arn': 'string', 'principalId': 'string', 'userName': 'string' }, 'root': { 'accountId': 'string', 'arn': 'string', 'principalId': 'string' }, 'type': 'AssumedRole'|'IAMUser'|'FederatedUser'|'Root'|'AWSAccount'|'AWSService' } } }, 'region': 'string', 'resourcesAffected': { 's3Bucket': { 'allowsUnencryptedObjectUploads': 'TRUE'|'FALSE'|'UNKNOWN', 'arn': 'string', 'createdAt': datetime(2015, 1, 1), 'defaultServerSideEncryption': { 'encryptionType': 'NONE'|'AES256'|'aws:kms'|'UNKNOWN'|'aws:kms:dsse', 'kmsMasterKeyId': 'string' }, 'name': 'string', 'owner': { 'displayName': 'string', 'id': 'string' }, 'publicAccess': { 'effectivePermission': 'PUBLIC'|'NOT_PUBLIC'|'UNKNOWN', 'permissionConfiguration': { 'accountLevelPermissions': { 'blockPublicAccess': { 'blockPublicAcls': True|False, 'blockPublicPolicy': True|False, 'ignorePublicAcls': True|False, 'restrictPublicBuckets': True|False } }, 'bucketLevelPermissions': { 'accessControlList': { 'allowsPublicReadAccess': True|False, 'allowsPublicWriteAccess': True|False }, 'blockPublicAccess': { 'blockPublicAcls': True|False, 'blockPublicPolicy': True|False, 'ignorePublicAcls': True|False, 'restrictPublicBuckets': True|False }, 'bucketPolicy': { 'allowsPublicReadAccess': True|False, 'allowsPublicWriteAccess': True|False } } } }, 'tags': [ { 'key': 'string', 'value': 'string' }, ] }, 's3Object': { 'bucketArn': 'string', 'eTag': 'string', 'extension': 'string', 'key': 'string', 'lastModified': datetime(2015, 1, 1), 'path': 'string', 'publicAccess': True|False, 'serverSideEncryption': { 'encryptionType': 'NONE'|'AES256'|'aws:kms'|'UNKNOWN'|'aws:kms:dsse', 'kmsMasterKeyId': 'string' }, 'size': 123, 'storageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'ONEZONE_IA'|'GLACIER'|'GLACIER_IR'|'OUTPOSTS', 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'versionId': 'string' } }, 'sample': True|False, 'schemaVersion': 'string', 'severity': { 'description': 'Low'|'Medium'|'High', 'score': 123 }, 'title': 'string', 'type': 'SensitiveData:S3Object/Multiple'|'SensitiveData:S3Object/Financial'|'SensitiveData:S3Object/Personal'|'SensitiveData:S3Object/Credentials'|'SensitiveData:S3Object/CustomIdentifier'|'Policy:IAMUser/S3BucketPublic'|'Policy:IAMUser/S3BucketSharedExternally'|'Policy:IAMUser/S3BucketReplicatedExternally'|'Policy:IAMUser/S3BucketEncryptionDisabled'|'Policy:IAMUser/S3BlockPublicAccessDisabled'|'Policy:IAMUser/S3BucketSharedWithCloudFront', 'updatedAt': datetime(2015, 1, 1) }, ] }
Response Structure
(dict) --
The request succeeded.
findings (list) --
An array of objects, one for each finding that matches the criteria specified in the request.
(dict) --
Provides the details of a finding.
accountId (string) --
The unique identifier for the Amazon Web Services account that the finding applies to. This is typically the account that owns the affected resource.
archived (boolean) --
Specifies whether the finding is archived (suppressed).
category (string) --
The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and, POLICY, for a policy finding.
classificationDetails (dict) --
The details of a sensitive data finding. This value is null for a policy finding.
detailedResultsLocation (string) --
The path to the folder or file in Amazon S3 that contains the corresponding sensitive data discovery result for the finding. If a finding applies to a large archive or compressed file, this value is the path to a folder. Otherwise, this value is the path to a file.
jobArn (string) --
The Amazon Resource Name (ARN) of the classification job that produced the finding. This value is null if the origin of the finding (originType) is AUTOMATED_SENSITIVE_DATA_DISCOVERY.
jobId (string) --
The unique identifier for the classification job that produced the finding. This value is null if the origin of the finding (originType) is AUTOMATED_SENSITIVE_DATA_DISCOVERY.
originType (string) --
Specifies how Amazon Macie found the sensitive data that produced the finding. Possible values are: SENSITIVE_DATA_DISCOVERY_JOB, for a classification job; and, AUTOMATED_SENSITIVE_DATA_DISCOVERY, for automated sensitive data discovery.
result (dict) --
The status and other details of the finding.
additionalOccurrences (boolean) --
Specifies whether Amazon Macie detected additional occurrences of sensitive data in the S3 object. A finding includes location data for a maximum of 15 occurrences of sensitive data.
This value can help you determine whether to investigate additional occurrences of sensitive data in an object. You can do this by referring to the corresponding sensitive data discovery result for the finding (classificationDetails.detailedResultsLocation).
customDataIdentifiers (dict) --
The custom data identifiers that detected the sensitive data and the number of occurrences of the data that they detected.
detections (list) --
The custom data identifiers that detected the data, and the number of occurrences of the data that each identifier detected.
(dict) --
Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.
arn (string) --
The unique identifier for the custom data identifier.
count (integer) --
The total number of occurrences of the sensitive data that the custom data identifier detected.
name (string) --
The name of the custom data identifier.
occurrences (dict) --
The location of 1-15 occurrences of the sensitive data that the custom data identifier detected. A finding includes location data for a maximum of 15 occurrences of sensitive data.
cells (list) --
An array of objects, one for each occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file. This value is null for all other types of files.
Each Cell object specifies a cell or field that contains the sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
cellReference (string) --
The location of the cell, as an absolute cell reference, that contains the sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel workbook. This value is null for CSV and TSV files.
column (integer) --
The column number of the column that contains the sensitive data. For a Microsoft Excel workbook, this value correlates to the alphabetical character(s) for a column identifier, for example: 1 for column A, 2 for column B, and so on.
columnName (string) --
The name of the column that contains the sensitive data, if available.
row (integer) --
The row number of the row that contains the sensitive data.
lineRanges (list) --
An array of objects, one for each occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file. Each Range object specifies a line or inclusive range of lines that contains the sensitive data, and the position of the data on the specified line or lines.
This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptions are the location of sensitive data in: unstructured sections of an otherwise structured file, such as a comment in a file; a malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column names that contain sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
offsetRanges (list) --
Reserved for future use.
(dict) --
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
pages (list) --
An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Format file. This value is null for all other types of files.
Each Page object specifies a page that contains the sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.
lineRange (dict) --
Reserved for future use.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
offsetRange (dict) --
Reserved for future use.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
pageNumber (integer) --
The page number of the page that contains the sensitive data.
records (list) --
An array of objects, one for each occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This value is null for all other types of files.
For an Avro object container or Parquet file, each Record object specifies a record index and the path to a field in a record that contains the sensitive data. For a JSON or JSON Lines file, each Record object specifies the path to a field or array that contains the sensitive data. For a JSON Lines file, it also specifies the index of the line that contains the data.
(dict) --
Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.
jsonPath (string) --
The path, as a JSONPath expression, to the sensitive data. For an Avro object container or Parquet file, this is the path to the field in the record (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the path to the field or array that contains the data. If the data is a value in an array, the path also indicates which value contains the data.
If Amazon Macie detects sensitive data in the name of any element in the path, Macie omits this field. If the name of an element exceeds 240 characters, Macie truncates the name by removing characters from the beginning of the name. If the resulting full path exceeds 250 characters, Macie also truncates the path, starting with the first element in the path, until the path contains 250 or fewer characters.
recordIndex (integer) --
For an Avro object container or Parquet file, the record index, starting from 0, for the record that contains the sensitive data. For a JSON Lines file, the line index, starting from 0, for the line that contains the sensitive data. This value is always 0 for JSON files.
totalCount (integer) --
The total number of occurrences of the data that was detected by the custom data identifiers and produced the finding.
mimeType (string) --
The type of content, as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe Portable Document Format file.
sensitiveData (list) --
The category, types, and number of occurrences of the sensitive data that produced the finding.
(dict) --
Provides information about the category, types, and occurrences of sensitive data that produced a sensitive data finding.
category (string) --
The category of sensitive data that was detected. For example: CREDENTIALS, for credentials data such as private keys or Amazon Web Services secret access keys; FINANCIAL_INFORMATION, for financial data such as credit card numbers; or, PERSONAL_INFORMATION, for personal health information, such as health insurance identification numbers, or personally identifiable information, such as passport numbers.
detections (list) --
An array of objects, one for each type of sensitive data that was detected. Each object reports the number of occurrences of a specific type of sensitive data that was detected, and the location of up to 15 of those occurrences.
(dict) --
Provides information about a type of sensitive data that was detected by a managed data identifier and produced a sensitive data finding.
count (integer) --
The total number of occurrences of the type of sensitive data that was detected.
occurrences (dict) --
The location of 1-15 occurrences of the sensitive data that was detected. A finding includes location data for a maximum of 15 occurrences of sensitive data.
cells (list) --
An array of objects, one for each occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file. This value is null for all other types of files.
Each Cell object specifies a cell or field that contains the sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.
cellReference (string) --
The location of the cell, as an absolute cell reference, that contains the sensitive data, for example Sheet2!C5 for cell C5 on Sheet2 in a Microsoft Excel workbook. This value is null for CSV and TSV files.
column (integer) --
The column number of the column that contains the sensitive data. For a Microsoft Excel workbook, this value correlates to the alphabetical character(s) for a column identifier, for example: 1 for column A, 2 for column B, and so on.
columnName (string) --
The name of the column that contains the sensitive data, if available.
row (integer) --
The row number of the row that contains the sensitive data.
lineRanges (list) --
An array of objects, one for each occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file. Each Range object specifies a line or inclusive range of lines that contains the sensitive data, and the position of the data on the specified line or lines.
This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptions are the location of sensitive data in: unstructured sections of an otherwise structured file, such as a comment in a file; a malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column names that contain sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
offsetRanges (list) --
Reserved for future use.
(dict) --
Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
pages (list) --
An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Format file. This value is null for all other types of files.
Each Page object specifies a page that contains the sensitive data.
(dict) --
Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.
lineRange (dict) --
Reserved for future use.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
offsetRange (dict) --
Reserved for future use.
end (integer) --
The number of lines from the beginning of the file to the end of the sensitive data.
start (integer) --
The number of lines from the beginning of the file to the beginning of the sensitive data.
startColumn (integer) --
The number of characters, with spaces and starting from 1, from the beginning of the first line that contains the sensitive data (start) to the beginning of the sensitive data.
pageNumber (integer) --
The page number of the page that contains the sensitive data.
records (list) --
An array of objects, one for each occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file. This value is null for all other types of files.
For an Avro object container or Parquet file, each Record object specifies a record index and the path to a field in a record that contains the sensitive data. For a JSON or JSON Lines file, each Record object specifies the path to a field or array that contains the sensitive data. For a JSON Lines file, it also specifies the index of the line that contains the data.
(dict) --
Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.
jsonPath (string) --
The path, as a JSONPath expression, to the sensitive data. For an Avro object container or Parquet file, this is the path to the field in the record (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the path to the field or array that contains the data. If the data is a value in an array, the path also indicates which value contains the data.
If Amazon Macie detects sensitive data in the name of any element in the path, Macie omits this field. If the name of an element exceeds 240 characters, Macie truncates the name by removing characters from the beginning of the name. If the resulting full path exceeds 250 characters, Macie also truncates the path, starting with the first element in the path, until the path contains 250 or fewer characters.
recordIndex (integer) --
For an Avro object container or Parquet file, the record index, starting from 0, for the record that contains the sensitive data. For a JSON Lines file, the line index, starting from 0, for the line that contains the sensitive data. This value is always 0 for JSON files.
type (string) --
The type of sensitive data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, or ADDRESS.
totalCount (integer) --
The total number of occurrences of the sensitive data that was detected.
sizeClassified (integer) --
The total size, in bytes, of the data that the finding applies to.
status (dict) --
The status of the finding.
code (string) --
The status of the finding. Possible values are:
COMPLETE - Amazon Macie successfully completed its analysis of the S3 object that the finding applies to.
PARTIAL - Macie analyzed only a subset of the data in the S3 object that the finding applies to. For example, the object is an archive file that contains files in an unsupported format.
SKIPPED - Macie wasn't able to analyze the S3 object that the finding applies to. For example, the object is a file that uses an unsupported format.
reason (string) --
A brief description of the status of the finding. This value is null if the status (code) of the finding is COMPLETE.
Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding and the affected S3 object. Possible values are:
ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and Macie extracted and analyzed only some or none of the files in the archive. To determine which files Macie analyzed, if any, refer to the corresponding sensitive data discovery result for the finding (classificationDetails.detailedResultsLocation).
ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total storage size exceeds the size quota for this type of archive.
ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose nested depth exceeds the quota for the maximum number of nested levels that Macie analyzes for this type of archive.
ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file that exceeds the quota for the maximum amount of data that Macie extracts and analyzes for this type of archive.
ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive file that contains more than the maximum number of files that Macie extracts and analyzes for this type of archive.
FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size quota for this type of file.
INVALID_ENCRYPTION - The object is encrypted using server-side encryption but Macie isn't allowed to use the key. Macie can't decrypt and analyze the object.
INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled or is being deleted. Macie can't decrypt and analyze the object.
INVALID_OBJECT_STATE - The object doesn't use a supported Amazon S3 storage class.
JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the nested depth of the data exceeds the quota for the number of nested levels that Macie analyzes for this type of file.
MALFORMED_FILE - The object is a malformed or corrupted file. An error occurred when Macie attempted to detect the file's type or extract data from the file.
MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office file that is malformed or exceeds the size quota for this type of file. If the file is malformed, an error occurred when Macie attempted to extract data from the file.
NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted shortly before or when Macie attempted to analyze the object.
OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing it.
OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML file whose compression ratio exceeds the compression quota for this type of file.
OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML file that exceeds the size quota for this type of file.
PERMISSION_DENIED - Macie isn't allowed to access the object. The object's permissions settings prevent Macie from analyzing the object.
SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before or when Macie attempted to analyze it.
TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional analysis would exceed the time quota for analyzing an object.
UNABLE_TO_PARSE_FILE - The object is a file that contains structured data and an error occurred when Macie attempted to parse the data.
UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an unsupported file or storage format.
For information about quotas, supported storage classes, and supported file and storage formats, see Quotas and Supported storage classes and formats in the Amazon Macie User Guide .
count (integer) --
The total number of occurrences of the finding. For sensitive data findings, this value is always 1. All sensitive data findings are considered unique.
createdAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie created the finding.
description (string) --
The description of the finding.
id (string) --
The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns to a finding when it creates the finding.
partition (string) --
The Amazon Web Services partition that Amazon Macie created the finding in.
policyDetails (dict) --
The details of a policy finding. This value is null for a sensitive data finding.
action (dict) --
The action that produced the finding.
actionType (string) --
The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, which indicates that an entity invoked an API operation for the resource.
apiCallDetails (dict) --
The invocation details of the API operation that an entity invoked for the affected resource, if the value for the actionType property is AWS_API_CALL.
api (string) --
The name of the operation that was invoked most recently and produced the finding.
apiServiceName (string) --
The URL of the Amazon Web Service that provides the operation, for example: s3.amazonaws.com.
firstSeen (datetime) --
The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.
lastSeen (datetime) --
The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.
actor (dict) --
The entity that performed the action that produced the finding.
domainDetails (dict) --
The domain name of the device that the entity used to perform the action on the affected resource.
domainName (string) --
The name of the domain.
ipAddressDetails (dict) --
The IP address of the device that the entity used to perform the action on the affected resource. This object also provides information such as the owner and geographic location for the IP address.
ipAddressV4 (string) --
The Internet Protocol version 4 (IPv4) address of the device.
ipCity (dict) --
The city that the IP address originated from.
name (string) --
The name of the city.
ipCountry (dict) --
The country that the IP address originated from.
code (string) --
The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originated from. For example, US for the United States.
name (string) --
The name of the country that the IP address originated from.
ipGeoLocation (dict) --
The geographic coordinates of the location that the IP address originated from.
lat (float) --
The latitude coordinate of the location, rounded to four decimal places.
lon (float) --
The longitude coordinate of the location, rounded to four decimal places.
ipOwner (dict) --
The registered owner of the IP address.
asn (string) --
The autonomous system number (ASN) for the autonomous system that included the IP address.
asnOrg (string) --
The organization identifier that's associated with the autonomous system number (ASN) for the autonomous system that included the IP address.
isp (string) --
The name of the internet service provider (ISP) that owned the IP address.
org (string) --
The name of the organization that owned the IP address.
userIdentity (dict) --
The type and other characteristics of the entity that performed the action on the affected resource.
assumedRole (dict) --
If the action was performed with temporary security credentials that were obtained using the AssumeRole operation of the Security Token Service (STS) API, the identifiers, session context, and other details about the identity.
accessKeyId (string) --
The Amazon Web Services access key ID that identifies the credentials.
accountId (string) --
The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
sessionContext (dict) --
The details of the session that was created for the credentials, including the entity that issued the session.
attributes (dict) --
The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.
creationDate (datetime) --
The date and time, in UTC and ISO 8601 format, when the credentials were issued.
mfaAuthenticated (boolean) --
Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
sessionIssuer (dict) --
The source and type of credentials that were issued to the entity.
accountId (string) --
The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the source account, Identity and Access Management (IAM) user, or role that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
type (string) --
The source of the temporary security credentials, such as Root, IAMUser, or Role.
userName (string) --
The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
awsAccount (dict) --
If the action was performed using the credentials for another Amazon Web Services account, the details of that account.
accountId (string) --
The unique identifier for the Amazon Web Services account.
principalId (string) --
The unique identifier for the entity that performed the action.
awsService (dict) --
If the action was performed by an Amazon Web Services account that belongs to an Amazon Web Service, the name of the service.
invokedBy (string) --
The name of the Amazon Web Service that performed the action.
federatedUser (dict) --
If the action was performed with temporary security credentials that were obtained using the GetFederationToken operation of the Security Token Service (STS) API, the identifiers, session context, and other details about the identity.
accessKeyId (string) --
The Amazon Web Services access key ID that identifies the credentials.
accountId (string) --
The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
sessionContext (dict) --
The details of the session that was created for the credentials, including the entity that issued the session.
attributes (dict) --
The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.
creationDate (datetime) --
The date and time, in UTC and ISO 8601 format, when the credentials were issued.
mfaAuthenticated (boolean) --
Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
sessionIssuer (dict) --
The source and type of credentials that were issued to the entity.
accountId (string) --
The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the source account, Identity and Access Management (IAM) user, or role that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
type (string) --
The source of the temporary security credentials, such as Root, IAMUser, or Role.
userName (string) --
The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
iamUser (dict) --
If the action was performed using the credentials for an Identity and Access Management (IAM) user, the name and other details about the user.
accountId (string) --
The unique identifier for the Amazon Web Services account that's associated with the IAM user who performed the action.
arn (string) --
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user who performed the action.
principalId (string) --
The unique identifier for the IAM user who performed the action.
userName (string) --
The username of the IAM user who performed the action.
root (dict) --
If the action was performed using the credentials for your Amazon Web Services account, the details of your account.
accountId (string) --
The unique identifier for the Amazon Web Services account.
arn (string) --
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user or role that performed the action.
principalId (string) --
The unique identifier for the entity that performed the action.
type (string) --
The type of entity that performed the action.
region (string) --
The Amazon Web Services Region that Amazon Macie created the finding in.
resourcesAffected (dict) --
The resources that the finding applies to.
s3Bucket (dict) --
The details of the S3 bucket that the finding applies to.
allowsUnencryptedObjectUploads (string) --
Specifies whether the bucket policy for the bucket requires server-side encryption of objects when objects are added to the bucket. Possible values are:
FALSE - The bucket policy requires server-side encryption of new objects. PutObject requests must include a valid server-side encryption header.
TRUE - The bucket doesn't have a bucket policy or it has a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, it doesn't require PutObject requests to include a valid server-side encryption header.
UNKNOWN - Amazon Macie can't determine whether the bucket policy requires server-side encryption of new objects.
Valid server-side encryption headers are: x-amz-server-side-encryption with a value of AES256 or aws:kms, and x-amz-server-side-encryption-customer-algorithm with a value of AES256.
arn (string) --
The Amazon Resource Name (ARN) of the bucket.
createdAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket, relative to when the finding was created or last updated.
defaultServerSideEncryption (dict) --
The default server-side encryption settings for the bucket.
encryptionType (string) --
The server-side encryption algorithm that's used when storing data in the bucket or object. If default encryption settings aren't configured for the bucket or the object isn't encrypted using server-side encryption, this value is NONE.
kmsMasterKeyId (string) --
The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used to encrypt data in the bucket or the object. This value is null if an KMS key isn't used to encrypt the data.
name (string) --
The name of the bucket.
owner (dict) --
The display name and canonical user ID for the Amazon Web Services account that owns the bucket.
displayName (string) --
The display name of the account that owns the bucket.
id (string) --
The canonical user ID for the account that owns the bucket.
publicAccess (dict) --
The permissions settings that determine whether the bucket is publicly accessible.
effectivePermission (string) --
Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are:
NOT_PUBLIC - The bucket isn't publicly accessible.
PUBLIC - The bucket is publicly accessible.
UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
permissionConfiguration (dict) --
The account-level and bucket-level permissions settings for the bucket.
accountLevelPermissions (dict) --
The account-level permissions settings that apply to the bucket.
blockPublicAccess (dict) --
The block public access settings for the Amazon Web Services account that owns the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketLevelPermissions (dict) --
The bucket-level permissions settings for the bucket.
accessControlList (dict) --
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the ACL grants the general public with read access permissions for the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the ACL grants the general public with write access permissions for the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketPolicy (dict) --
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the bucket policy allows the general public to have read access to the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the bucket policy allows the general public to have write access to the bucket.
tags (list) --
The tags that are associated with the bucket.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be an empty string.
s3Object (dict) --
The details of the S3 object that the finding applies to.
bucketArn (string) --
The Amazon Resource Name (ARN) of the bucket that contains the object.
eTag (string) --
The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten or changed after Amazon Macie produced the finding, this value might be different from the current ETag for the object.
extension (string) --
The file name extension of the object. If the object doesn't have a file name extension, this value is "".
key (string) --
The full name (key ) of the object, including the object's prefix if applicable.
lastModified (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the object was last modified.
path (string) --
The full path to the affected object, including the name of the affected bucket and the object's name (key).
publicAccess (boolean) --
Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.
serverSideEncryption (dict) --
The type of server-side encryption that was used to encrypt the object.
encryptionType (string) --
The server-side encryption algorithm that's used when storing data in the bucket or object. If default encryption settings aren't configured for the bucket or the object isn't encrypted using server-side encryption, this value is NONE.
kmsMasterKeyId (string) --
The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used to encrypt data in the bucket or the object. This value is null if an KMS key isn't used to encrypt the data.
size (integer) --
The total storage size, in bytes, of the object.
storageClass (string) --
The storage class of the object.
tags (list) --
The tags that are associated with the object.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be an empty string.
versionId (string) --
The identifier for the affected version of the object.
sample (boolean) --
Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data to demonstrate what a finding might contain.
schemaVersion (string) --
The version of the schema that was used to define the data structures in the finding.
severity (dict) --
The severity level and score for the finding.
description (string) --
The qualitative representation of the finding's severity, ranging from Low (least severe) to High (most severe).
score (integer) --
The numerical representation of the finding's severity, ranging from 1 (least severe) to 3 (most severe).
title (string) --
The brief description of the finding.
type (string) --
The type of the finding.
updatedAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last updated the finding. For sensitive data findings, this value is the same as the value for the createdAt property. All sensitive data findings are considered new.