2020/09/02 - Amazon Macie 2 - 3 updated api methods
Changes This release of the Amazon Macie API introduces additional statistics for the size and count of Amazon S3 objects that Macie can analyze as part of a classification job.
{'buckets': {'classifiableSizeInBytes': 'long',
'publicAccess': {'effectivePermission': {'UNKNOWN'}},
'sharedAccess': {'UNKNOWN'},
'unclassifiableObjectCount': {'fileType': 'long',
'storageClass': 'long',
'total': 'long'},
'unclassifiableObjectSizeInBytes': {'fileType': 'long',
'storageClass': 'long',
'total': 'long'}}}
Retrieves (queries) statistical data and other information about one or more S3 buckets that Amazon Macie monitors and analyzes.
See also: AWS API Documentation
Request Syntax
client.describe_buckets(
criteria={
'string': {
'eq': [
'string',
],
'gt': 123,
'gte': 123,
'lt': 123,
'lte': 123,
'neq': [
'string',
],
'prefix': 'string'
}
},
maxResults=123,
nextToken='string',
sortCriteria={
'attributeName': 'string',
'orderBy': 'ASC'|'DESC'
}
)
dict
The criteria to use to filter the query results.
(string) --
(dict) --
Specifies the operator to use in an attribute-based condition that filters the results of a query for information about S3 buckets.
eq (list) --
An equal to condition to apply to a specified attribute value for buckets.
(string) --
gt (integer) --
A greater than condition to apply to a specified attribute value for buckets.
gte (integer) --
A greater than or equal to condition to apply to a specified attribute value for buckets.
lt (integer) --
A less than condition to apply to a specified attribute value for buckets.
lte (integer) --
A less than or equal to condition to apply to a specified attribute value for buckets.
neq (list) --
A not equal to condition to apply to a specified attribute value for buckets.
(string) --
prefix (string) --
The prefix of the buckets to include in the results.
integer
The maximum number of items to include in each page of the response. The default value is 50.
string
The nextToken string that specifies which page of results to return in a paginated response.
dict
The criteria to use to sort the query results.
attributeName (string) --
The name of the attribute to sort the results by. This value can be the name of any property that Amazon Macie defines as bucket metadata, such as bucketName or accountId.
orderBy (string) --
The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{
'buckets': [
{
'accountId': 'string',
'bucketArn': 'string',
'bucketCreatedAt': datetime(2015, 1, 1),
'bucketName': 'string',
'classifiableObjectCount': 123,
'classifiableSizeInBytes': 123,
'lastUpdated': datetime(2015, 1, 1),
'objectCount': 123,
'objectCountByEncryptionType': {
'customerManaged': 123,
'kmsManaged': 123,
's3Managed': 123,
'unencrypted': 123
},
'publicAccess': {
'effectivePermission': 'PUBLIC'|'NOT_PUBLIC'|'UNKNOWN',
'permissionConfiguration': {
'accountLevelPermissions': {
'blockPublicAccess': {
'blockPublicAcls': True|False,
'blockPublicPolicy': True|False,
'ignorePublicAcls': True|False,
'restrictPublicBuckets': True|False
}
},
'bucketLevelPermissions': {
'accessControlList': {
'allowsPublicReadAccess': True|False,
'allowsPublicWriteAccess': True|False
},
'blockPublicAccess': {
'blockPublicAcls': True|False,
'blockPublicPolicy': True|False,
'ignorePublicAcls': True|False,
'restrictPublicBuckets': True|False
},
'bucketPolicy': {
'allowsPublicReadAccess': True|False,
'allowsPublicWriteAccess': True|False
}
}
}
},
'region': 'string',
'replicationDetails': {
'replicated': True|False,
'replicatedExternally': True|False,
'replicationAccounts': [
'string',
]
},
'sharedAccess': 'EXTERNAL'|'INTERNAL'|'NOT_SHARED'|'UNKNOWN',
'sizeInBytes': 123,
'sizeInBytesCompressed': 123,
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'unclassifiableObjectCount': {
'fileType': 123,
'storageClass': 123,
'total': 123
},
'unclassifiableObjectSizeInBytes': {
'fileType': 123,
'storageClass': 123,
'total': 123
},
'versioning': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
The request succeeded.
buckets (list) --
An array of objects, one for each bucket that meets the filter criteria specified in the request.
(dict) --
Provides information about an S3 bucket that Amazon Macie monitors and analyzes.
accountId (string) --
The unique identifier for the AWS account that owns the bucket.
bucketArn (string) --
The Amazon Resource Name (ARN) of the bucket.
bucketCreatedAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
bucketName (string) --
The name of the bucket.
classifiableObjectCount (integer) --
The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supported file or storage format and storage class.
classifiableSizeInBytes (integer) --
The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported file or storage format and storage class.
lastUpdated (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved data about the bucket from Amazon S3.
objectCount (integer) --
The total number of objects in the bucket.
objectCountByEncryptionType (dict) --
The total number of objects that are in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
customerManaged (integer) --
The total number of objects that are encrypted using a customer-managed key. The objects use customer-provided server-side (SSE-C) encryption.
kmsManaged (integer) --
The total number of objects that are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK). The objects use AWS KMS AWS-managed (AWS-KMS) encryption or AWS KMS customer-managed (SSE-KMS) encryption.
s3Managed (integer) --
The total number of objects that are encrypted using an Amazon S3-managed key. The objects use Amazon S3-managed (SSE-S3) encryption.
unencrypted (integer) --
The total number of objects that aren't encrypted or use client-side encryption.
publicAccess (dict) --
Specifies whether the bucket is publicly accessible. If this value is true, an access control list (ACL), bucket policy, or block public access settings allow the bucket to be accessed by the general public.
effectivePermission (string) --
Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are:
NOT_PUBLIC - The bucket isn't publicly accessible.
PUBLIC - The bucket is publicly accessible.
UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
permissionConfiguration (dict) --
The account-level and bucket-level permissions for the bucket.
accountLevelPermissions (dict) --
The account-level permissions settings that apply to the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketLevelPermissions (dict) --
The bucket-level permissions settings for the bucket.
accessControlList (dict) --
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the ACL grants the general public with read access permissions for the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the ACL grants the general public with write access permissions for the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketPolicy (dict) --
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the bucket policy allows the general public to have read access to the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the bucket policy allows the general public to have write access to the bucket.
region (string) --
The AWS Region that hosts the bucket.
replicationDetails (dict) --
Specifies whether the bucket is configured to replicate one or more objects to buckets for other AWS accounts and, if so, which accounts.
replicated (boolean) --
Specifies whether the bucket is configured to replicate one or more objects to any destination.
replicatedExternally (boolean) --
Specifies whether the bucket is configured to replicate one or more objects to an AWS account that isn't part of the same Amazon Macie organization.
replicationAccounts (list) --
An array of AWS account IDs, one for each AWS account that the bucket is configured to replicate one or more objects to.
(string) --
sharedAccess (string) --
Specifies whether the bucket is shared with another AWS account. Possible values are:
EXTERNAL - The bucket is shared with an AWS account that isn’t part of the same Amazon Macie organization.
INTERNAL - The bucket is shared with an AWS account that's part of the same Amazon Macie organization.
NOT_SHARED - The bucket isn't shared with other AWS accounts.
UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
sizeInBytes (integer) --
The total storage size, in bytes, of the bucket.
sizeInBytesCompressed (integer) --
The total compressed storage size, in bytes, of the bucket.
tags (list) --
An array that specifies the tags (keys and values) that are associated with the bucket.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be empty or null.
unclassifiableObjectCount (dict) --
The total number of objects that Amazon Macie can't analyze in the bucket. These objects use an unsupported file or storage format or storage class.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format or storage class.
unclassifiableObjectSizeInBytes (dict) --
The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. These objects use an unsupported file or storage format or storage class.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format or storage class.
versioning (boolean) --
Specifies whether versioning is enabled for the bucket.
nextToken (string) --
The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
{'classifiableSizeInBytes': 'long',
'unclassifiableObjectCount': {'fileType': 'long',
'storageClass': 'long',
'total': 'long'},
'unclassifiableObjectSizeInBytes': {'fileType': 'long',
'storageClass': 'long',
'total': 'long'}}
Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes.
See also: AWS API Documentation
Request Syntax
client.get_bucket_statistics(
accountId='string'
)
string
The unique identifier for the AWS account.
dict
Response Syntax
{
'bucketCount': 123,
'bucketCountByEffectivePermission': {
'publiclyAccessible': 123,
'publiclyReadable': 123,
'publiclyWritable': 123
},
'bucketCountByEncryptionType': {
'kmsManaged': 123,
's3Managed': 123,
'unencrypted': 123
},
'bucketCountBySharedAccessType': {
'external': 123,
'internal': 123,
'notShared': 123
},
'classifiableObjectCount': 123,
'classifiableSizeInBytes': 123,
'lastUpdated': datetime(2015, 1, 1),
'objectCount': 123,
'sizeInBytes': 123,
'sizeInBytesCompressed': 123,
'unclassifiableObjectCount': {
'fileType': 123,
'storageClass': 123,
'total': 123
},
'unclassifiableObjectSizeInBytes': {
'fileType': 123,
'storageClass': 123,
'total': 123
}
}
Response Structure
(dict) --
The request succeeded.
bucketCount (integer) --
The total number of buckets.
bucketCountByEffectivePermission (dict) --
The total number of buckets that are publicly accessible based on a combination of permissions settings for each bucket.
publiclyAccessible (integer) --
The total number of buckets that allow the general public to have read or write access to the bucket.
publiclyReadable (integer) --
The total number of buckets that allow the general public to have read access to the bucket.
publiclyWritable (integer) --
The total number of buckets that allow the general public to have write access to the bucket.
bucketCountByEncryptionType (dict) --
The total number of buckets, grouped by server-side encryption type. This object also reports the total number of buckets that don't encrypt objects by default.
kmsManaged (integer) --
The total number of buckets that use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt objects. These buckets use AWS KMS AWS-managed (AWS-KMS) encryption or AWS KMS customer-managed (SSE-KMS) encryption.
s3Managed (integer) --
The total number of buckets that use an Amazon S3-managed key to encrypt objects. These buckets use Amazon S3-managed (SSE-S3) encryption.
unencrypted (integer) --
The total number of buckets that don't encrypt objects by default. Default encryption is disabled for these buckets.
bucketCountBySharedAccessType (dict) --
The total number of buckets that are shared with another AWS account.
external (integer) --
The total number of buckets that are shared with an AWS account that isn't part of the same Amazon Macie organization.
internal (integer) --
The total number of buckets that are shared with an AWS account that's part of the same Amazon Macie organization.
notShared (integer) --
The total number of buckets that aren't shared with any other AWS accounts.
classifiableObjectCount (integer) --
The total number of objects that Amazon Macie can analyze in the buckets. These objects use a supported file or storage format and storage class.
classifiableSizeInBytes (integer) --
The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported file or storage format and storage class.
lastUpdated (datetime) --
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved data about the buckets from Amazon S3.
objectCount (integer) --
The total number of objects in the buckets.
sizeInBytes (integer) --
The total storage size, in bytes, of the buckets.
sizeInBytesCompressed (integer) --
The total compressed storage size, in bytes, of the buckets.
unclassifiableObjectCount (dict) --
The total number of objects that Amazon Macie can't analyze in the buckets. These objects use an unsupported file or storage format or storage class.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format or storage class.
unclassifiableObjectSizeInBytes (dict) --
The total storage size, in bytes, of all the objects that Amazon Macie can't analyze in the buckets. These objects use an unsupported file or storage format or storage class.
fileType (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format.
storageClass (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported storage class.
total (integer) --
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because the objects use an unsupported file or storage format or storage class.
{'findings': {'resourcesAffected': {'s3Bucket': {'publicAccess': {'effectivePermission': {'UNKNOWN'}}}}}}
Retrieves information about one or more findings.
See also: AWS API Documentation
Request Syntax
client.get_findings(
findingIds=[
'string',
],
sortCriteria={
'attributeName': 'string',
'orderBy': 'ASC'|'DESC'
}
)
list
[REQUIRED]
An array of strings that lists the unique identifiers for the findings to retrieve information about.
(string) --
dict
The criteria for sorting the results of the request.
attributeName (string) --
The name of the property to sort the results by. This value can be the name of any property that Amazon Macie defines for a finding.
orderBy (string) --
The sort order to apply to the results, based on the value for the property specified by the attributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
dict
Response Syntax
{
'findings': [
{
'accountId': 'string',
'archived': True|False,
'category': 'CLASSIFICATION'|'POLICY',
'classificationDetails': {
'detailedResultsLocation': 'string',
'jobArn': 'string',
'jobId': 'string',
'result': {
'customDataIdentifiers': {
'detections': [
{
'arn': 'string',
'count': 123,
'name': 'string'
},
],
'totalCount': 123
},
'mimeType': 'string',
'sensitiveData': [
{
'category': 'FINANCIAL_INFORMATION'|'PERSONAL_INFORMATION'|'CREDENTIALS'|'CUSTOM_IDENTIFIER',
'detections': [
{
'count': 123,
'type': 'string'
},
],
'totalCount': 123
},
],
'sizeClassified': 123,
'status': {
'code': 'string',
'reason': 'string'
}
}
},
'count': 123,
'createdAt': datetime(2015, 1, 1),
'description': 'string',
'id': 'string',
'partition': 'string',
'policyDetails': {
'action': {
'actionType': 'AWS_API_CALL',
'apiCallDetails': {
'api': 'string',
'apiServiceName': 'string',
'firstSeen': datetime(2015, 1, 1),
'lastSeen': datetime(2015, 1, 1)
}
},
'actor': {
'domainDetails': {
'domainName': 'string'
},
'ipAddressDetails': {
'ipAddressV4': 'string',
'ipCity': {
'name': 'string'
},
'ipCountry': {
'code': 'string',
'name': 'string'
},
'ipGeoLocation': {
'lat': 123.0,
'lon': 123.0
},
'ipOwner': {
'asn': 'string',
'asnOrg': 'string',
'isp': 'string',
'org': 'string'
}
},
'userIdentity': {
'assumedRole': {
'accessKeyId': 'string',
'accountId': 'string',
'arn': 'string',
'principalId': 'string',
'sessionContext': {
'attributes': {
'creationDate': datetime(2015, 1, 1),
'mfaAuthenticated': True|False
},
'sessionIssuer': {
'accountId': 'string',
'arn': 'string',
'principalId': 'string',
'type': 'string',
'userName': 'string'
}
}
},
'awsAccount': {
'accountId': 'string',
'principalId': 'string'
},
'awsService': {
'invokedBy': 'string'
},
'federatedUser': {
'accessKeyId': 'string',
'accountId': 'string',
'arn': 'string',
'principalId': 'string',
'sessionContext': {
'attributes': {
'creationDate': datetime(2015, 1, 1),
'mfaAuthenticated': True|False
},
'sessionIssuer': {
'accountId': 'string',
'arn': 'string',
'principalId': 'string',
'type': 'string',
'userName': 'string'
}
}
},
'iamUser': {
'accountId': 'string',
'arn': 'string',
'principalId': 'string',
'userName': 'string'
},
'root': {
'accountId': 'string',
'arn': 'string',
'principalId': 'string'
},
'type': 'AssumedRole'|'IAMUser'|'FederatedUser'|'Root'|'AWSAccount'|'AWSService'
}
}
},
'region': 'string',
'resourcesAffected': {
's3Bucket': {
'arn': 'string',
'createdAt': datetime(2015, 1, 1),
'defaultServerSideEncryption': {
'encryptionType': 'NONE'|'AES256'|'aws:kms'|'UNKNOWN',
'kmsMasterKeyId': 'string'
},
'name': 'string',
'owner': {
'displayName': 'string',
'id': 'string'
},
'publicAccess': {
'effectivePermission': 'PUBLIC'|'NOT_PUBLIC'|'UNKNOWN',
'permissionConfiguration': {
'accountLevelPermissions': {
'blockPublicAccess': {
'blockPublicAcls': True|False,
'blockPublicPolicy': True|False,
'ignorePublicAcls': True|False,
'restrictPublicBuckets': True|False
}
},
'bucketLevelPermissions': {
'accessControlList': {
'allowsPublicReadAccess': True|False,
'allowsPublicWriteAccess': True|False
},
'blockPublicAccess': {
'blockPublicAcls': True|False,
'blockPublicPolicy': True|False,
'ignorePublicAcls': True|False,
'restrictPublicBuckets': True|False
},
'bucketPolicy': {
'allowsPublicReadAccess': True|False,
'allowsPublicWriteAccess': True|False
}
}
}
},
'tags': [
{
'key': 'string',
'value': 'string'
},
]
},
's3Object': {
'bucketArn': 'string',
'eTag': 'string',
'extension': 'string',
'key': 'string',
'lastModified': datetime(2015, 1, 1),
'path': 'string',
'publicAccess': True|False,
'serverSideEncryption': {
'encryptionType': 'NONE'|'AES256'|'aws:kms'|'UNKNOWN',
'kmsMasterKeyId': 'string'
},
'size': 123,
'storageClass': 'STANDARD'|'REDUCED_REDUNDANCY'|'STANDARD_IA'|'INTELLIGENT_TIERING'|'DEEP_ARCHIVE'|'ONEZONE_IA'|'GLACIER',
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'versionId': 'string'
}
},
'sample': True|False,
'schemaVersion': 'string',
'severity': {
'description': 'Low'|'Medium'|'High',
'score': 123
},
'title': 'string',
'type': 'SensitiveData:S3Object/Multiple'|'SensitiveData:S3Object/Financial'|'SensitiveData:S3Object/Personal'|'SensitiveData:S3Object/Credentials'|'SensitiveData:S3Object/CustomIdentifier'|'Policy:IAMUser/S3BucketPublic'|'Policy:IAMUser/S3BucketSharedExternally'|'Policy:IAMUser/S3BucketReplicatedExternally'|'Policy:IAMUser/S3BucketEncryptionDisabled'|'Policy:IAMUser/S3BlockPublicAccessDisabled',
'updatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
The request succeeded.
findings (list) --
An array of objects, one for each finding that meets the criteria specified in the request.
(dict) --
Provides information about a finding.
accountId (string) --
The unique identifier for the AWS account that the finding applies to. This is typically the account that owns the affected resource.
archived (boolean) --
Specifies whether the finding is archived.
category (string) --
The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and, POLICY, for a policy finding.
classificationDetails (dict) --
The details of a sensitive data finding. This value is null for a policy finding.
detailedResultsLocation (string) --
The path to the folder or file (in Amazon S3) that contains the corresponding sensitive data discovery results for the finding. If a finding applies to a large archive or compressed file, this is a path to a folder. Otherwise, this is a path to a file.
jobArn (string) --
The Amazon Resource Name (ARN) of the classification job that produced the finding.
jobId (string) --
The unique identifier for the classification job that produced the finding.
result (dict) --
The status and other details for the finding.
customDataIdentifiers (dict) --
The number of occurrences of the data that produced the finding, and the custom data identifiers that detected the data.
detections (list) --
The custom data identifiers that detected the data, and the number of occurrences of the data that each identifier detected.
(dict) --
Provides information about a custom data identifier that produced a sensitive data finding, and the number of occurrences of the data that it detected for the finding.
arn (string) --
The Amazon Resource Name (ARN) of the custom data identifier.
count (integer) --
The total number of occurrences of the data that the custom data identifier detected for the finding.
name (string) --
The name of the custom data identifier.
totalCount (integer) --
The total number of occurrences of the data that was detected by the custom data identifiers and produced the finding.
mimeType (string) --
The type of content, expressed as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe PDF file.
sensitiveData (list) --
The category and number of occurrences of the sensitive data that produced the finding.
(dict) --
Provides information about the category, type, and number of occurrences of sensitive data that produced a finding.
category (string) --
The category of sensitive data that was detected. For example: FINANCIAL_INFORMATION, for financial information such as credit card numbers; PERSONAL_INFORMATION, for personally identifiable information such as full names and mailing addresses; or, CUSTOM_IDENTIFIER, for data that was detected by a custom data identifier.
detections (list) --
An array of objects, one for each type of sensitive data that was detected. Each object reports the number of occurrences of a specific type of sensitive data that was detected.
(dict) --
Provides information about sensitive data that was detected by managed data identifiers and produced a sensitive data finding.
count (integer) --
The total number of occurrences of the type of data that was detected.
type (string) --
The type of data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, or ADDRESS.
totalCount (integer) --
The total number of occurrences of the sensitive data that was detected.
sizeClassified (integer) --
The total size, in bytes, of the data that the finding applies to.
status (dict) --
The status of the finding.
code (string) --
The status of the finding. Possible values are:
COMPLETE - Amazon Macie successfully completed its analysis of the object that the finding applies to.
PARTIAL - Macie was able to analyze only a subset of the data in the object that the finding applies to. For example, the object is a compressed or archive file that contains files in an unsupported format.
SKIPPED - Macie wasn't able to analyze the object that the finding applies to. For example, the object is a malformed file or a file that's in an unsupported format.
reason (string) --
A brief description of the status of the finding. Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding.
count (integer) --
The total number of occurrences of this finding.
createdAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the finding was created.
description (string) --
The description of the finding.
id (string) --
The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns to a finding when it creates the finding.
partition (string) --
The AWS partition that Amazon Macie created the finding in.
policyDetails (dict) --
The details of a policy finding. This value is null for a sensitive data finding.
action (dict) --
The action that produced the finding.
actionType (string) --
The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, which indicates that an entity invoked an API operation for the resource.
apiCallDetails (dict) --
The invocation details of the API operation that an entity invoked for the affected resource, if the value for the actionType property is AWS_API_CALL.
api (string) --
The name of the operation that was invoked most recently and produced the finding.
apiServiceName (string) --
The URL of the AWS service that provides the operation, for example: s3.amazonaws.com.
firstSeen (datetime) --
The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.
lastSeen (datetime) --
The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.
actor (dict) --
The entity that performed the action that produced the finding.
domainDetails (dict) --
The domain name of the device that the entity used to perform the action on the affected resource.
domainName (string) --
The name of the domain.
ipAddressDetails (dict) --
The IP address of the device that the entity used to perform the action on the affected resource. This object also provides information such as the owner and geographic location for the IP address.
ipAddressV4 (string) --
The Internet Protocol version 4 (IPv4) address of the device.
ipCity (dict) --
The city that the IP address originated from.
name (string) --
The name of the city.
ipCountry (dict) --
The country that the IP address originated from.
code (string) --
The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originated from. For example, US for the United States.
name (string) --
The name of the country that the IP address originated from.
ipGeoLocation (dict) --
The geographic coordinates of the location that the IP address originated from.
lat (float) --
The latitude coordinate of the location, rounded to four decimal places.
lon (float) --
The longitude coordinate of the location, rounded to four decimal places.
ipOwner (dict) --
The registered owner of the IP address.
asn (string) --
The autonomous system number (ASN) for the autonomous system that included the IP address.
asnOrg (string) --
The organization identifier that's associated with the autonomous system number (ASN) for the autonomous system that included the IP address.
isp (string) --
The name of the internet service provider (ISP) that owned the IP address.
org (string) --
The name of the organization that owned the IP address.
userIdentity (dict) --
The type and other characteristics of the entity that performed the action on the affected resource.
assumedRole (dict) --
If the action was performed with temporary security credentials that were obtained using the AssumeRole operation of the AWS Security Token Service (AWS STS) API, the identifiers, session context, and other details about the identity.
accessKeyId (string) --
The AWS access key ID that identifies the credentials.
accountId (string) --
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
sessionContext (dict) --
The details of the session that was created for the credentials, including the entity that issued the session.
attributes (dict) --
The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.
creationDate (datetime) --
The date and time, in UTC and ISO 8601 format, when the credentials were issued.
mfaAuthenticated (boolean) --
Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
sessionIssuer (dict) --
The source and type of credentials that were issued to the entity.
accountId (string) --
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
type (string) --
The source of the temporary security credentials, such as Root, IAMUser, or Role.
userName (string) --
The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
awsAccount (dict) --
If the action was performed using the credentials for another AWS account, the details of that account.
accountId (string) --
The unique identifier for the AWS account.
principalId (string) --
The unique identifier for the entity that performed the action.
awsService (dict) --
If the action was performed by an AWS account that belongs to an AWS service, the name of the service.
invokedBy (string) --
The name of the AWS service that performed the action.
federatedUser (dict) --
If the action was performed with temporary security credentials that were obtained using the GetFederationToken operation of the AWS Security Token Service (AWS STS) API, the identifiers, session context, and other details about the identity.
accessKeyId (string) --
The AWS access key ID that identifies the credentials.
accountId (string) --
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
sessionContext (dict) --
The details of the session that was created for the credentials, including the entity that issued the session.
attributes (dict) --
The date and time when the credentials were issued, and whether the credentials were authenticated with a multi-factor authentication (MFA) device.
creationDate (datetime) --
The date and time, in UTC and ISO 8601 format, when the credentials were issued.
mfaAuthenticated (boolean) --
Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
sessionIssuer (dict) --
The source and type of credentials that were issued to the entity.
accountId (string) --
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
arn (string) --
The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get the credentials.
principalId (string) --
The unique identifier for the entity that was used to get the credentials.
type (string) --
The source of the temporary security credentials, such as Root, IAMUser, or Role.
userName (string) --
The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
iamUser (dict) --
If the action was performed using the credentials for an AWS Identity and Access Management (IAM) user, the name and other details about the user.
accountId (string) --
The unique identifier for the AWS account that's associated with the IAM user who performed the action.
arn (string) --
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user who performed the action.
principalId (string) --
The unique identifier for the IAM user who performed the action.
userName (string) --
The user name of the IAM user who performed the action.
root (dict) --
If the action was performed using the credentials for your AWS account, the details of your account.
accountId (string) --
The unique identifier for the AWS account.
arn (string) --
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of the ARN contains the name of the user or role that performed the action.
principalId (string) --
The unique identifier for the entity that performed the action.
type (string) --
The type of entity that performed the action.
region (string) --
The AWS Region that Amazon Macie created the finding in.
resourcesAffected (dict) --
The resources that the finding applies to.
s3Bucket (dict) --
An array of objects, one for each S3 bucket that the finding applies to. Each object provides a set of metadata about an affected S3 bucket.
arn (string) --
The Amazon Resource Name (ARN) of the bucket.
createdAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
defaultServerSideEncryption (dict) --
The server-side encryption settings for the bucket.
encryptionType (string) --
The server-side encryption algorithm that's used when storing data in the bucket or object. If encryption is disabled for the bucket or object, this value is NONE.
kmsMasterKeyId (string) --
The unique identifier for the AWS Key Management Service (AWS KMS) master key that's used to encrypt the bucket or object. This value is null if AWS KMS isn't used to encrypt the bucket or object.
name (string) --
The name of the bucket.
owner (dict) --
The display name and account identifier for the user who owns the bucket.
displayName (string) --
The display name of the user who owns the bucket.
id (string) --
The AWS account ID for the user who owns the bucket.
publicAccess (dict) --
The permissions settings that determine whether the bucket is publicly accessible.
effectivePermission (string) --
Specifies whether the bucket is publicly accessible due to the combination of permissions settings that apply to the bucket. Possible values are:
NOT_PUBLIC - The bucket isn't publicly accessible.
PUBLIC - The bucket is publicly accessible.
UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
permissionConfiguration (dict) --
The account-level and bucket-level permissions for the bucket.
accountLevelPermissions (dict) --
The account-level permissions settings that apply to the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketLevelPermissions (dict) --
The bucket-level permissions settings for the bucket.
accessControlList (dict) --
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the ACL grants the general public with read access permissions for the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the ACL grants the general public with write access permissions for the bucket.
blockPublicAccess (dict) --
The block public access settings for the bucket.
blockPublicAcls (boolean) --
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in the bucket.
blockPublicPolicy (boolean) --
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
ignorePublicAcls (boolean) --
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
restrictPublicBuckets (boolean) --
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
bucketPolicy (dict) --
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn't been defined for the bucket.
allowsPublicReadAccess (boolean) --
Specifies whether the bucket policy allows the general public to have read access to the bucket.
allowsPublicWriteAccess (boolean) --
Specifies whether the bucket policy allows the general public to have write access to the bucket.
tags (list) --
The tags that are associated with the bucket.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be empty or null.
s3Object (dict) --
An array of objects, one for each S3 object that the finding applies to. Each object provides a set of metadata about an affected S3 object.
bucketArn (string) --
The Amazon Resource Name (ARN) of the bucket that contains the object.
eTag (string) --
The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten or changed after Amazon Macie produced the finding, this value might be different from the current ETag for the object.
extension (string) --
The file name extension of the object. If the object doesn't have a file name extension, this value is "".
key (string) --
The full key (name) that's assigned to the object.
lastModified (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the object was last modified.
path (string) --
The path to the object, including the full key (name).
publicAccess (boolean) --
Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.
serverSideEncryption (dict) --
The server-side encryption settings for the object.
encryptionType (string) --
The server-side encryption algorithm that's used when storing data in the bucket or object. If encryption is disabled for the bucket or object, this value is NONE.
kmsMasterKeyId (string) --
The unique identifier for the AWS Key Management Service (AWS KMS) master key that's used to encrypt the bucket or object. This value is null if AWS KMS isn't used to encrypt the bucket or object.
size (integer) --
The total storage size, in bytes, of the object.
storageClass (string) --
The storage class of the object.
tags (list) --
The tags that are associated with the object.
(dict) --
Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.
key (string) --
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category for more specific tag values.
value (string) --
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tag value can be empty or null.
versionId (string) --
The identifier for the affected version of the object.
sample (boolean) --
Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data to demonstrate what a finding might contain.
schemaVersion (string) --
The version of the schema that was used to define the data structures in the finding.
severity (dict) --
The severity of the finding.
description (string) --
The textual representation of the severity value, such as Low or High.
score (integer) --
The numeric score for the severity value, ranging from 0 (least severe) to 4 (most severe).
title (string) --
The brief description of the finding.
type (string) --
The type of the finding.
updatedAt (datetime) --
The date and time, in UTC and extended ISO 8601 format, when the finding was last updated. For sensitive data findings, this value is the same as the value for the createdAt property. Sensitive data findings aren't updated.