Amazon Macie 2

2022/07/26 - Amazon Macie 2 - 4 new api methods

Changes  This release adds support for retrieving (revealing) sample occurrences of sensitive data that Amazon Macie detects and reports in findings.

GetSensitiveDataOccurrences (new) Link ¶

Retrieves (reveals) occurrences of sensitive data reported by a finding.

See also: AWS API Documentation

Request Syntax

client.get_sensitive_data_occurrences(
    findingId='string'
)
type findingId:

string

param findingId:

[REQUIRED]

The unique identifier for the finding.

rtype:

dict

returns:

Response Syntax

{
    'error': 'string',
    'sensitiveDataOccurrences': {
        'string': [
            {
                'value': 'string'
            },
        ]
    },
    'status': 'SUCCESS'|'PROCESSING'|'ERROR'
}

Response Structure

  • (dict) --

    The request succeeded.

    • error (string) --

      If an error occurred when Amazon Macie attempted to retrieve occurrences of sensitive data reported by the finding, a description of the error that occurred. This value is null if the status (status) of the request is PROCESSING or SUCCESS.

    • sensitiveDataOccurrences (dict) --

      A map that specifies 1-100 types of sensitive data reported by the finding and, for each type, 1-10 occurrences of sensitive data.

      • (string) --

        • (list) --

          • (dict) --

            Specifies 1-10 occurrences of a specific type of sensitive data reported by a finding.

            • value (string) --

              An occurrence of the specified type of sensitive data. Each occurrence can contain 1-128 characters.

    • status (string) --

      The status of the request to retrieve occurrences of sensitive data reported by the finding. Possible values are:

      • ERROR - An error occurred when Amazon Macie attempted to locate, retrieve, or encrypt the sensitive data. The error value indicates the nature of the error that occurred.

      • PROCESSING - Macie is processing the request.

      • SUCCESS - Macie successfully located, retrieved, and encrypted the sensitive data.

GetSensitiveDataOccurrencesAvailability (new) Link ¶

Checks whether occurrences of sensitive data can be retrieved (revealed) for a finding.

See also: AWS API Documentation

Request Syntax

client.get_sensitive_data_occurrences_availability(
    findingId='string'
)
type findingId:

string

param findingId:

[REQUIRED]

The unique identifier for the finding.

rtype:

dict

returns:

Response Syntax

{
    'code': 'AVAILABLE'|'UNAVAILABLE',
    'reasons': [
        'OBJECT_EXCEEDS_SIZE_QUOTA'|'UNSUPPORTED_OBJECT_TYPE'|'UNSUPPORTED_FINDING_TYPE'|'INVALID_CLASSIFICATION_RESULT'|'OBJECT_UNAVAILABLE',
    ]
}

Response Structure

  • (dict) --

    The request succeeded.

    • code (string) --

      Specifies whether occurrences of sensitive data can be retrieved for the finding. Possible values are: AVAILABLE, the sensitive data can be retrieved; and, UNAVAILABLE, the sensitive data can't be retrieved. If this value is UNAVAILABLE, the reasons array indicates why the data can't be retrieved.

    • reasons (list) --

      Specifies why occurrences of sensitive data can't be retrieved for the finding. Possible values are:

      • INVALID_CLASSIFICATION_RESULT - Amazon Macie can't verify the location of the sensitive data to retrieve. There isn't a corresponding sensitive data discovery result for the finding. Or the sensitive data discovery result specified by the ClassificationDetails.detailedResultsLocation field of the finding isn't available, is malformed or corrupted, or uses an unsupported storage format.

      • OBJECT_EXCEEDS_SIZE_QUOTA - The storage size of the affected S3 object exceeds the size quota for retrieving occurrences of sensitive data.

      • OBJECT_UNAVAILABLE - The affected S3 object isn't available. The object might have been renamed, moved, or deleted. Or the object was changed after Amazon Macie created the finding.

      • UNSUPPORTED_FINDING_TYPE - The specified finding isn't a sensitive data finding.

      • UNSUPPORTED_OBJECT_TYPE - The affected S3 object uses a file or storage format that Macie doesn't support for retrieving occurrences of sensitive data.

      This value is null if sensitive data can be retrieved for the finding.

      • (string) --

        Specifies why occurrences of sensitive data can't be retrieved for a finding. Possible values are:

UpdateRevealConfiguration (new) Link ¶

Updates the status and configuration settings for retrieving (revealing) occurrences of sensitive data reported by findings.

See also: AWS API Documentation

Request Syntax

client.update_reveal_configuration(
    configuration={
        'kmsKeyId': 'string',
        'status': 'ENABLED'|'DISABLED'
    }
)
type configuration:

dict

param configuration:

[REQUIRED]

The new configuration settings and the status of the configuration for the account.

  • kmsKeyId (string) --

    The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt sensitive data that's retrieved. The key must be an existing, customer managed, symmetric encryption key that's in the same Amazon Web Services Region as the Amazon Macie account.

    If this value specifies an alias, it must include the following prefix: alias/. If this value specifies a key that's owned by another Amazon Web Services account, it must specify the ARN of the key or the ARN of the key's alias.

  • status (string) -- [REQUIRED]

    The status of the configuration for the Amazon Macie account. In a request, valid values are: ENABLED, enable the configuration for the account; and, DISABLED, disable the configuration for the account. In a response, possible values are: ENABLED, the configuration is currently enabled for the account; and, DISABLED, the configuration is currently disabled for the account.

rtype:

dict

returns:

Response Syntax

{
    'configuration': {
        'kmsKeyId': 'string',
        'status': 'ENABLED'|'DISABLED'
    }
}

Response Structure

  • (dict) --

    The request succeeded.

    • configuration (dict) --

      The new configuration settings and the status of the configuration for the account.

      • kmsKeyId (string) --

        The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt sensitive data that's retrieved. The key must be an existing, customer managed, symmetric encryption key that's in the same Amazon Web Services Region as the Amazon Macie account.

        If this value specifies an alias, it must include the following prefix: alias/. If this value specifies a key that's owned by another Amazon Web Services account, it must specify the ARN of the key or the ARN of the key's alias.

      • status (string) --

        The status of the configuration for the Amazon Macie account. In a request, valid values are: ENABLED, enable the configuration for the account; and, DISABLED, disable the configuration for the account. In a response, possible values are: ENABLED, the configuration is currently enabled for the account; and, DISABLED, the configuration is currently disabled for the account.

GetRevealConfiguration (new) Link ¶

Retrieves the status and configuration settings for retrieving (revealing) occurrences of sensitive data reported by findings.

See also: AWS API Documentation

Request Syntax

client.get_reveal_configuration()
rtype:

dict

returns:

Response Syntax

{
    'configuration': {
        'kmsKeyId': 'string',
        'status': 'ENABLED'|'DISABLED'
    }
}

Response Structure

  • (dict) --

    The request succeeded.

    • configuration (dict) --

      The current configuration settings and the status of the configuration for the account.

      • kmsKeyId (string) --

        The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt sensitive data that's retrieved. The key must be an existing, customer managed, symmetric encryption key that's in the same Amazon Web Services Region as the Amazon Macie account.

        If this value specifies an alias, it must include the following prefix: alias/. If this value specifies a key that's owned by another Amazon Web Services account, it must specify the ARN of the key or the ARN of the key's alias.

      • status (string) --

        The status of the configuration for the Amazon Macie account. In a request, valid values are: ENABLED, enable the configuration for the account; and, DISABLED, disable the configuration for the account. In a response, possible values are: ENABLED, the configuration is currently enabled for the account; and, DISABLED, the configuration is currently disabled for the account.