Amazon Macie 2

2026/04/13 - Amazon Macie 2 - 2 updated api methods

Changes  This release adds an optional expectedBucketOwner field to the Macie S3 export configuration, allowing customers to verify bucket ownership before Macie writes results to the destination bucket.

GetClassificationExportConfiguration (updated) Link ¶
Changes (response) 
{'configuration': {'s3Destination': {'expectedBucketOwner': 'string'}}}

Retrieves the configuration settings for storing data classification results.

See also: AWS API Documentation

Request Syntax

client.get_classification_export_configuration()
rtype:

dict

returns:

Response Syntax

{
    'configuration': {
        's3Destination': {
            'bucketName': 'string',
            'expectedBucketOwner': 'string',
            'keyPrefix': 'string',
            'kmsKeyArn': 'string'
        }
    }
}

Response Structure

  • (dict) --

    The request succeeded.

    • configuration (dict) --

      The location where data classification results are stored, and the encryption settings that are used when storing results in that location.

      • s3Destination (dict) --

        The S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

        • bucketName (string) --

          The name of the bucket. This must be the name of an existing general purpose bucket.

        • expectedBucketOwner (string) --

          The unique identifier (ID) for the Amazon Web Services account that owns the bucket. This must be the ID for the account that owns the specified bucket.

        • keyPrefix (string) --

          The path prefix to use in the path to the location in the bucket. This prefix specifies where to store classification results in the bucket.

        • kmsKeyArn (string) --

          The Amazon Resource Name (ARN) of the customer managed KMS key to use for encryption of the results. This must be the ARN of an existing, symmetric encryption KMS key that's enabled in the same Amazon Web Services Region as the bucket.

PutClassificationExportConfiguration (updated) Link ¶
Changes (both) 
{'configuration': {'s3Destination': {'expectedBucketOwner': 'string'}}}

Adds or updates the configuration settings for storing data classification results.

See also: AWS API Documentation

Request Syntax

client.put_classification_export_configuration(
    configuration={
        's3Destination': {
            'bucketName': 'string',
            'expectedBucketOwner': 'string',
            'keyPrefix': 'string',
            'kmsKeyArn': 'string'
        }
    }
)
type configuration:

dict

param configuration:

[REQUIRED]

The location to store data classification results in, and the encryption settings to use when storing results in that location.

  • s3Destination (dict) --

    The S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

    • bucketName (string) -- [REQUIRED]

      The name of the bucket. This must be the name of an existing general purpose bucket.

    • expectedBucketOwner (string) --

      The unique identifier (ID) for the Amazon Web Services account that owns the bucket. This must be the ID for the account that owns the specified bucket.

    • keyPrefix (string) --

      The path prefix to use in the path to the location in the bucket. This prefix specifies where to store classification results in the bucket.

    • kmsKeyArn (string) -- [REQUIRED]

      The Amazon Resource Name (ARN) of the customer managed KMS key to use for encryption of the results. This must be the ARN of an existing, symmetric encryption KMS key that's enabled in the same Amazon Web Services Region as the bucket.

rtype:

dict

returns:

Response Syntax

{
    'configuration': {
        's3Destination': {
            'bucketName': 'string',
            'expectedBucketOwner': 'string',
            'keyPrefix': 'string',
            'kmsKeyArn': 'string'
        }
    }
}

Response Structure

  • (dict) --

    The request succeeded.

    • configuration (dict) --

      The location where the data classification results are stored, and the encryption settings that are used when storing results in that location.

      • s3Destination (dict) --

        The S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

        • bucketName (string) --

          The name of the bucket. This must be the name of an existing general purpose bucket.

        • expectedBucketOwner (string) --

          The unique identifier (ID) for the Amazon Web Services account that owns the bucket. This must be the ID for the account that owns the specified bucket.

        • keyPrefix (string) --

          The path prefix to use in the path to the location in the bucket. This prefix specifies where to store classification results in the bucket.

        • kmsKeyArn (string) --

          The Amazon Resource Name (ARN) of the customer managed KMS key to use for encryption of the results. This must be the ARN of an existing, symmetric encryption KMS key that's enabled in the same Amazon Web Services Region as the bucket.