Amazon MacieREST API Reference
Amazon Macie REST API Reference
Amazon Macie: REST API ReferenceCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.
Amazon Macie REST API Reference
Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Finding regional endpoints ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Managing multiple accounts .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Signing requests ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Logging API calls ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Operations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Resources .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
AWS Organization Administrator ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
AWS Organization Administration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Export Configuration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Custom Data Identifier Creation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Custom Data Identifier Descriptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Custom Data Identifier List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Custom Data Identifier Testing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Custom Data Identifier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
iii
Amazon Macie REST API Reference
See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Data Sources - S3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Data Sources - S3 Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Findings List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Findings Descriptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Findings Samples .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Findings Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Findings Filters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Findings Filter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Invitation List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Invitation Acceptance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
iv
Amazon Macie REST API Reference
HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Invitation Count .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Invitation Decline .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Invitation Deletion .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Classification Job Creation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Classification Job List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Classification Job Description .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Macie Account Administration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Member Account Status .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Master Account .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
v
Amazon Macie REST API Reference
See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Master Disassociation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Member List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Member Disassociation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Member .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Tags .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Usage Totals ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Usage Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
AWS glossary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Document history .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
vi
Amazon Macie REST API ReferenceFinding regional endpoints
WelcomeAmazon Macie is a fully managed data security and data privacy service that uses machine learning andpattern matching to help you discover, monitor, and protect your sensitive data in AWS.
Macie automates the discovery of sensitive data, such as personally identifiable information (PII) andfinancial information, to provide you with a better understanding of the data that your organizationstores in Amazon Simple Storage Service (Amazon S3). Macie also provides you with an inventory of yourAmazon S3 buckets, and it automatically evaluates and monitors those buckets for security and accesscontrol. If Macie detects sensitive data or potential issues with the security or privacy of your data, itcreates detailed findings for you to review and remediate as necessary.
This guide, the Amazon Macie REST API Reference, provides information about the Amazon Macie API.This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Macie, youmight find it helpful to also review the Amazon Macie User Guide. The Amazon Macie User Guide explainskey concepts and provides procedures that demonstrate how to use Macie features. It also providesinformation about topics such as integrating Macie with other AWS services.
In addition to interacting with Macie by making RESTful calls to the Amazon Macie API, you can usea current version of an AWS command line tool or SDK. AWS provides tools and SDKs that consist oflibraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python,C++, and .NET. These tools and SDKs provide convenient, programmatic access to Macie and otherAWS services. They also handle tasks such as signing requests, managing errors, and retrying requestsautomatically. For information about installing and using the AWS tools and SDKs, see Tools to Build onAWS.
Finding regional endpointsThe Amazon Macie API is available in most AWS Regions and it provides an endpoint for each of theseRegions. For a list of Regions and endpoints where the API is currently available, see Amazon Macieendpoints and quotas in the Amazon Web Services General Reference. To learn more about AWS Regions,see Managing AWS Regions in the Amazon Web Services General Reference.
When you send a request to the Amazon Macie API, the request applies only to the AWS Regionthat’s currently active for your account or specified in the request. If your request submits changes toconfiguration or other settings for your account, the changes apply only to that Region. To make thesame changes in other Regions, send the request to each additional Region that you want to apply thechanges to.
Managing multiple accountsYou can centrally manage multiple accounts in Amazon Macie. To do this, you designate a single AWSaccount as the master account for Macie. You then associate other AWS accounts with the masteraccount as member accounts. You can do this in two ways, by using AWS Organizations or by sendingmembership invitations directly from Amazon Macie.
If you're a user of a master account, you can view and manage certain Macie resources for your ownaccount and all of its member accounts. You can also perform certain administrative tasks and choosecertain settings for all the accounts.
1
Amazon Macie REST API ReferenceSigning requests
If you're a user of a member account, you can view and manage Macie resources only for your ownaccount. You can't view or otherwise access Macie resources for other member accounts or the masteraccount. For this reason, you might not be able to use certain operations of the Amazon Macie API.
For detailed information about the primary tasks that master and member accounts can perform, seeManaging multiple accounts in the Amazon Macie User Guide.
Signing requestsWhen you send an HTTPS request to the Amazon Macie API, you have to sign the request by using yourAWS access key, which consists of an access key ID and a secret access key. For everyday work with Macie,we strongly recommend that you not use the access key ID and secret key for your AWS root account.Instead, use the access key ID and secret access key for an AWS Identity and Access Management (IAM)user. You can also use the AWS Security Token Service to generate temporary security credentials thatyou can use to sign requests. All Amazon Macie operations require Signature Version 4.
For more information about using credentials and signing requests, see the following resources:
• AWS security credentials – This section of the AWS General Reference provides information about thetypes of credentials that can be used to access AWS.
• Temporary security credentials – This section of the IAM User Guide describes how to create and usetemporary security credentials.
• Signing AWS API requests – This section of the AWS General Reference explains and guides you throughthe process of signing a request using an access key ID and secret access key.
Logging API callsAmazon Macie integrates with AWS CloudTrail, which is a service that provides a record of actions thatwere taken in Macie by a user, a role, or another AWS service. This includes actions that were performedusing the Macie console and programmatic calls to Amazon Macie API operations.
By using the information collected by CloudTrail, you can determine which requests were successfullysent to Macie. For each request, you can identify when it was made, the IP address from which it wasmade, who made it, and additional details. To learn more about CloudTrail, see the AWS CloudTrail UserGuide.
2
Amazon Macie REST API Reference
OperationsThe Amazon Macie REST API includes the following operations.
• AcceptInvitation (p. 176)
Accepts an Amazon Macie membership invitation that was received from a specific account.• BatchGetCustomDataIdentifiers (p. 35)
Retrieves information about one or more custom data identifiers.• CreateClassificationJob (p. 195)
Creates and defines the settings for a classification job.• CreateCustomDataIdentifier (p. 29)
Creates and defines the criteria and other settings for a custom data identifier.• CreateFindingsFilter (p. 146)
Creates and defines the criteria and other settings for a findings filter.• CreateInvitations (p. 168)
Sends an Amazon Macie membership invitation to one or more accounts.• CreateMember (p. 262)
Associates an account with an Amazon Macie master account.• CreateSampleFindings (p. 133)
Creates sample findings.• DeclineInvitations (p. 185)
Declines Amazon Macie membership invitations that were received from specific accounts.• DeleteCustomDataIdentifier (p. 53)
Soft deletes a custom data identifier.• DeleteFindingsFilter (p. 157)
Deletes a findings filter.• DeleteInvitations (p. 190)
Deletes Amazon Macie membership invitations that were received from specific accounts.• DeleteMember (p. 275)
Deletes the association between an Amazon Macie master account and an account.• DescribeBuckets (p. 59)
Retrieves (queries) statistical data and other information about one or more S3 buckets that AmazonMacie monitors and analyzes.
• DescribeClassificationJob (p. 219)
Retrieves the status and settings for a classification job.• DescribeOrganizationConfiguration (p. 16)
Retrieves the Amazon Macie configuration settings for an AWS organization.
3
Amazon Macie REST API Reference
• DisableMacie (p. 239)
Disables an Amazon Macie account and deletes Macie resources for the account.• DisableOrganizationAdminAccount (p. 10)
Disables an account as the delegated Amazon Macie administrator account for an AWS organization.• DisassociateFromMasterAccount (p. 257)
Disassociates a member account from its Amazon Macie master account.• DisassociateMember (p. 270)
Disassociates an Amazon Macie master account from a member account.• EnableMacie (p. 238)
Enables Amazon Macie and specifies the configuration settings for a Macie account.• EnableOrganizationAdminAccount (p. 9)
Designates an account as the delegated Amazon Macie administrator account for an AWS organization.• GetBucketStatistics (p. 77)
Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors andanalyzes.
• GetClassificationExportConfiguration (p. 22)
Retrieves the configuration settings for storing data classification results.• GetCustomDataIdentifier (p. 52)
Retrieves the criteria and other settings for a custom data identifier.• GetFindings (p. 93)
Retrieves the details of one or more findings.• GetFindingsFilter (p. 156)
Retrieves the criteria and other settings for a findings filter.• GetFindingStatistics (p. 138)
Retrieves (queries) aggregated statistical data about findings.• GetInvitationsCount (p. 180)
Retrieves the count of Amazon Macie membership invitations that were received by an account.• GetMacieSession (p. 237)
Retrieves the current status and configuration settings for an Amazon Macie account.• GetMasterAccount (p. 252)
Retrieves information about the Amazon Macie master account for an account.• GetMember (p. 274)
Retrieves information about a member account that's associated with an Amazon Macie masteraccount.
• GetUsageStatistics (p. 291)
Retrieves (queries) quotas and aggregated usage data for one or more accounts.• GetUsageTotals (p. 286)
Retrieves (queries) aggregated usage data for an account.
4
Amazon Macie REST API Reference
• ListClassificationJobs (p. 208)
Retrieves a subset of information about one or more classification jobs.
• ListCustomDataIdentifiers (p. 41)
Retrieves a subset of information about all the custom data identifiers for an account.
• ListFindings (p. 86)
Retrieves a subset of information about one or more findings.
• ListFindingsFilters (p. 145)
Retrieves a subset of information about all the findings filters for an account.
• ListInvitations (p. 167)
Retrieves information about all the Amazon Macie membership invitations that were received by anaccount.
• ListMembers (p. 261)
Retrieves information about the accounts that are associated with an Amazon Macie master account.
• ListOrganizationAdminAccounts (p. 8)
Retrieves information about the delegated Amazon Macie administrator account for an AWSorganization.
• ListTagsForResource (p. 281)
Retrieves the tags (keys and values) that are associated with a classification job, custom data identifier,findings filter, or member account.
• PutClassificationExportConfiguration (p. 23)
Creates or updates the configuration settings for storing data classification results.
• TagResource (p. 282)
Adds or updates one or more tags (keys and values) that are associated with a classification job,custom data identifier, findings filter, or member account.
• TestCustomDataIdentifier (p. 46)
Tests a custom data identifier.
• UntagResource (p. 282)
Removes one or more tags (keys and values) from a classification job, custom data identifier, findingsfilter, or member account.
• UpdateClassificationJob (p. 220)
Changes the status of a classification job.
• UpdateFindingsFilter (p. 157)
Updates the criteria and other settings for a findings filter.
• UpdateMacieSession (p. 239)
Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macieaccount.
• UpdateMemberSession (p. 247)
Enables an Amazon Macie master account to suspend or re-enable a member account.
• UpdateOrganizationConfiguration (p. 17)
5
Amazon Macie REST API Reference
Updates the Amazon Macie configuration settings for an AWS organization.
6
Amazon Macie REST API ReferenceAWS Organization Administrator
ResourcesThe Amazon Macie REST API includes the following resources.
Topics• AWS Organization Administrator (p. 7)• AWS Organization Administration (p. 16)• Export Configuration (p. 22)• Custom Data Identifier Creation (p. 29)• Custom Data Identifier Descriptions (p. 35)• Custom Data Identifier List (p. 40)• Custom Data Identifier Testing (p. 46)• Custom Data Identifier (p. 52)• Data Sources - S3 (p. 59)• Data Sources - S3 Statistics (p. 76)• Findings List (p. 86)• Findings Descriptions (p. 93)• Findings Samples (p. 132)• Findings Statistics (p. 137)• Findings Filters (p. 145)• Findings Filter (p. 155)• Invitation List (p. 167)• Invitation Acceptance (p. 175)• Invitation Count (p. 180)• Invitation Decline (p. 184)• Invitation Deletion (p. 190)• Classification Job Creation (p. 195)• Classification Job List (p. 208)• Classification Job Description (p. 219)• Macie Account Administration (p. 237)• Member Account Status (p. 246)• Master Account (p. 251)• Master Disassociation (p. 256)• Member List (p. 260)• Member Disassociation (p. 269)• Member (p. 274)• Tags (p. 281)• Usage Totals (p. 286)• Usage Statistics (p. 291)
AWS Organization AdministratorThe AWS Organization Administrator resource provides settings that specify which account is thedelegated Amazon Macie administrator account for an AWS organization. To use this resource, you mustbe a user of the management account for the AWS organization.
7
Amazon Macie REST API ReferenceURI
An AWS organization is a set of AWS accounts that are managed as a group by using the AWSOrganizations service. AWS Organizations is an account management service that enables administratorsto consolidate and centrally manage multiple AWS accounts as a single organization. To learn moreabout this service, see the AWS Organizations User Guide.
If you're a user of the management account for an AWS organization, you can use this resource todesignate a delegated Macie administrator account for the organization. You can also use this resourceto retrieve information about and change that designation. Note that an AWS organization can have onlyone delegated Macie administrator account.
URI/admin
HTTP Methods
GET
Operation ID: ListOrganizationAdminAccounts
Retrieves information about the delegated Amazon Macie administrator account for an AWSorganization.
Query Parameters
Name Type Required Description
nextToken String False The nextToken stringthat specifies whichpage of results toreturn in a paginatedresponse.
maxResults String False The maximum numberof items to includein each page of apaginated response.
Responses
Status Code Response Model Description
200 ListOrganizationAdminAccountsResponse (p. 11)The request succeeded.
400 ValidationException (p. 11)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.
8
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.
POST
Operation ID: EnableOrganizationAdminAccount
Designates an account as the delegated Amazon Macie administrator account for an AWS organization.
Responses
Status Code Response Model Description
200 Empty Schema (p. 11) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 11)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.
9
Amazon Macie REST API ReferenceSchemas
DELETEOperation ID: DisableOrganizationAdminAccount
Disables an account as the delegated Amazon Macie administrator account for an AWS organization.
Query Parameters
Name Type Required Description
adminAccountId String True The AWS accountID of the delegatedadministrator account.
Responses
Status Code Response Model Description
200 Empty Schema (p. 11) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 11)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest BodiesExample POST
{
10
Amazon Macie REST API ReferenceSchemas
"clientToken": "string", "adminAccountId": "string"}
Response Bodies
Example ListOrganizationAdminAccountsResponse
{ "nextToken": "string", "adminAccounts": [ { "accountId": "string", "status": enum } ]}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"
11
Amazon Macie REST API ReferenceProperties
}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
AdminAccountProvides information about the delegated Amazon Macie administrator account for an AWS organization.
accountId
The AWS account ID for the account.
Type: stringRequired: False
status
The current status of the account as a delegated administrator of Amazon Macie for the organization.
Type: AdminStatus (p. 12)Required: False
AdminStatusThe current status of an account as the delegated Amazon Macie administrator account for an AWSorganization.
ENABLED
12
Amazon Macie REST API ReferenceProperties
DISABLING_IN_PROGRESS
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
EnableOrganizationAdminAccountRequestSpecifies an account to designate as a delegated Amazon Macie administrator account for an AWSorganization. To submit this request, you must be a user of the management account for the AWSorganization.
clientToken
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
Type: stringRequired: False
adminAccountId
The AWS account ID for the account to designate as the delegated Amazon Macie administrator accountfor the organization.
Type: stringRequired: True
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ListOrganizationAdminAccountsResponseProvides information about the delegated Amazon Macie administrator accounts for an AWSorganization.
13
Amazon Macie REST API ReferenceProperties
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
adminAccounts
An array of objects, one for each delegated Amazon Macie administrator account for the organization.Only one of these accounts can have a status of ENABLED.
Type: Array of type AdminAccount (p. 12)Required: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
14
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListOrganizationAdminAccounts• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
EnableOrganizationAdminAccount• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DisableOrganizationAdminAccount• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
15
Amazon Macie REST API ReferenceAWS Organization Administration
• AWS SDK for Ruby V3
AWS Organization AdministrationThe AWS Organization Administration resource provides access to the Amazon Macie configurationsettings for an AWS organization. This includes the setting that determines whether Macie is enabledautomatically for accounts that are added to an AWS organization. To use this resource, you must be thedelegated Macie administrator for your AWS organization.
An AWS organization is a set of AWS accounts that are managed as a group by using the AWSOrganizations service. AWS Organizations is an account management service that enables administratorsto consolidate and centrally manage multiple AWS accounts as a single organization. To learn moreabout this service, see the AWS Organizations User Guide.
If you're the delegated Macie administrator for an AWS organization, you can use this resource to retrieveinformation about and update the Macie configuration settings for the organization.
URI/admin/configuration
HTTP MethodsGETOperation ID: DescribeOrganizationConfiguration
Retrieves the Amazon Macie configuration settings for an AWS organization.
Responses
Status Code Response Model Description
200 DescribeOrganizationConfigurationResponse (p. 18)The request succeeded.
400 ValidationException (p. 18)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 18)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 18)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 18)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 18) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 18)The request failed because yousent too many requests during acertain amount of time.
16
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 19)The request failed due to anunknown internal server error,exception, or failure.
PATCHOperation ID: UpdateOrganizationConfiguration
Updates the Amazon Macie configuration settings for an AWS organization.
Responses
Status Code Response Model Description
200 Empty Schema (p. 18) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 18)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 18)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 18)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 18)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 18) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 18)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 19)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example PATCH
{
17
Amazon Macie REST API ReferenceSchemas
"autoEnable": boolean}
Response Bodies
Example DescribeOrganizationConfigurationResponse
{ "autoEnable": boolean, "maxAccountLimitReached": boolean}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{
18
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
DescribeOrganizationConfigurationResponseProvides information about the Amazon Macie configuration settings for an AWS organization.
autoEnable
Specifies whether Amazon Macie is enabled automatically for accounts that are added to the AWSorganization.
Type: booleanRequired: False
maxAccountLimitReached
Specifies whether the maximum number of Amazon Macie member accounts are part of the AWSorganization.
Type: booleanRequired: False
19
Amazon Macie REST API ReferenceProperties
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UpdateOrganizationConfigurationRequestSpecifies whether Amazon Macie is enabled automatically for accounts that are added to an AWSorganization.
20
Amazon Macie REST API ReferenceSee Also
autoEnable
Specifies whether Amazon Macie is enabled automatically for each account, when the account is addedto the AWS organization.
Type: booleanRequired: True
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DescribeOrganizationConfiguration• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
UpdateOrganizationConfiguration• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
21
Amazon Macie REST API ReferenceExport Configuration
Export ConfigurationThe Export Configuration resource provides settings for storing data classification results in an AmazonSimple Storage Service (Amazon S3) bucket. A data classification result, also referred to as a sensitivedata discovery result, is a record that logs details about the analysis of each Amazon S3 object that youconfigure a classification job to analyze. This includes objects that don't contain sensitive data, andtherefore don't produce a finding, and objects that Amazon Macie can't analyze due to issues such aspermissions settings. Macie automatically creates these records for each (and every) classification jobthat you create and run. You can configure Macie to store these records in an S3 bucket that you specify,and encrypt them using an AWS Key Management Service (AWS KMS) key that you also specify.
If you use Macie in multiple AWS Regions, you need to configure these settings for each Region in whichyou use Macie. If you prefer to store all classification results for all Regions in one S3 bucket, you cando this by specifying the same bucket, located in one specific Region, for each Region in which you useMacie.
You can use the Export Configuration resource to create, retrieve information about, or update settingsfor storing data classification results in an S3 bucket.
URI/classification-export-configuration
HTTP Methods
GET
Operation ID: GetClassificationExportConfiguration
Retrieves the configuration settings for storing data classification results.
Responses
Status Code Response Model Description
200 GetClassificationExportConfigurationResponse (p. 24)The request succeeded.
400 ValidationException (p. 24)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 24)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 24)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 24)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 25) The request failed because itconflicts with the current stateof the specified resource.
22
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
429 ThrottlingException (p. 25)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 25)The request failed due to anunknown internal server error,exception, or failure.
PUTOperation ID: PutClassificationExportConfiguration
Creates or updates the configuration settings for storing data classification results.
Responses
Status Code Response Model Description
200 PutClassificationExportConfigurationResponse (p. 24)The request succeeded.
400 ValidationException (p. 24)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 24)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 24)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 24)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 25) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 25)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 25)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example PUT
{
23
Amazon Macie REST API ReferenceSchemas
"configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}
Response Bodies
Example GetClassificationExportConfigurationResponse
{ "configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}
Example PutClassificationExportConfigurationResponse
{ "configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{
24
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedException
Provides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ClassificationExportConfiguration
Specifies where to store data classification results, and the encryption settings to use when storingresults in that location. Currently, you can store classification results only in an S3 bucket.
s3Destination
The S3 bucket to store data classification results in, and the encryption settings to use when storingresults in that bucket.
Type: S3Destination (p. 27)Required: False
ConflictException
Provides information about an error that occurred due to a versioning conflict for a specified resource.
25
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
GetClassificationExportConfigurationResponseProvides information about the current configuration settings for storing data classification results.
configuration
The location where data classification results are stored, and the encryption settings that are used whenstoring results in that location.
Type: ClassificationExportConfiguration (p. 25)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
PutClassificationExportConfigurationRequestSpecifies where to store data classification results, and the encryption settings to use when storingresults in that location. Currently, you can store classification results only in an S3 bucket.
configuration
The location to store data classification results in, and the encryption settings to use when storing resultsin that location.
Type: ClassificationExportConfiguration (p. 25)Required: True
PutClassificationExportConfigurationResponseProvides information about updated settings for storing data classification results.
configuration
The location where the data classification results are stored, and the encryption settings that are usedwhen storing results in that location.
Type: ClassificationExportConfiguration (p. 25)Required: False
26
Amazon Macie REST API ReferenceProperties
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
S3DestinationSpecifies an S3 bucket to store data classification results in, and the encryption settings to use whenstoring results in that bucket.
bucketName
The name of the bucket.
Type: stringRequired: True
kmsKeyArn
The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) customer masterkey (CMK) to use for encryption of the results. This must be the ARN of an existing CMK that's in thesame AWS Region as the bucket.
Type: stringRequired: True
keyPrefix
The path prefix to use in the path to the location in the bucket. This prefix specifies where to storeclassification results in the bucket.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
27
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetClassificationExportConfiguration• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
PutClassificationExportConfiguration• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
28
Amazon Macie REST API ReferenceCustom Data Identifier Creation
Custom Data Identifier CreationA custom data identifier is a set of criteria that you define to detect sensitive data in one or more datasources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in thedata. It can also specify character sequences, such as words and phrases, and a proximity rule that refinethe analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet yourorganization's specific needs, and supplement the built-in data identifiers that Amazon Macie provides.
You can use the Custom Data Identifier Creation resource to create a new custom data identifier. Notethat you can't change a custom data identifier after you create it. This helps ensure that you have animmutable history of sensitive data findings and discovery results for data privacy and protection auditsor investigations that you perform. To test and refine a custom data identifier before you create it, usethe Custom Data Identifier Testing (p. 46) resource.
URI/custom-data-identifiers
HTTP Methods
POSTOperation ID: CreateCustomDataIdentifier
Creates and defines the criteria and other settings for a custom data identifier.
Responses
Status Code Response Model Description
200 CreateCustomDataIdentifierResponse (p. 30)The request succeeded. Thespecified custom data identifierwas created.
400 ValidationException (p. 30)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 30)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 30)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 31)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 31) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 31)The request failed because yousent too many requests during acertain amount of time.
29
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 31)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "regex": "string", "keywords": [ "string" ], "clientToken": "string", "ignoreWords": [ "string" ], "name": "string", "description": "string", "maximumMatchDistance": integer, "tags": { }}
Response Bodies
Example CreateCustomDataIdentifierResponse
{ "customDataIdentifierId": "string"}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
30
Amazon Macie REST API ReferenceProperties
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateCustomDataIdentifierRequestSpecifies the criteria and other settings for a new custom data identifier. You can't change a customdata identifier after you create it. This helps ensure that you have an immutable history of sensitive datafindings and discovery results for data privacy and protection audits or investigations.
31
Amazon Macie REST API ReferenceProperties
regex
The regular expression (regex) that defines the pattern to match. The expression can contain as many as512 characters.
Type: stringRequired: False
keywords
An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. The array can contain as many as 50keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
Type: Array of type stringRequired: False
clientToken
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
Type: stringRequired: False
ignoreWords
An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Thearray can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignorewords are case sensitive.
Type: Array of type stringRequired: False
name
A custom name for the custom data identifier. The name can contain as many as 128 characters.
We strongly recommend that you avoid including any sensitive data in the name of a custom dataidentifier. Other users of your account might be able to see the identifier's name, depending on theactions that they're allowed to perform in Amazon Macie.
Type: stringRequired: False
description
A custom description of the custom data identifier. The description can contain as many as 512characters.
We strongly recommend that you avoid including any sensitive data in the description of a custom dataidentifier. Other users of your account might be able to see the identifier's description, depending on theactions that they're allowed to perform in Amazon Macie.
Type: stringRequired: False
32
Amazon Macie REST API ReferenceProperties
maximumMatchDistance
The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters.The default value is 50.
Type: integerRequired: FalseFormat: int32
tags
A map of key-value pairs that specifies the tags to associate with the custom data identifier.
A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and anassociated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tagvalue is 256 characters.
Type: TagMap (p. 34)Required: False
CreateCustomDataIdentifierResponseProvides information about a custom data identifier that was created in response to a request.
customDataIdentifierId
The unique identifier for the custom data identifier that was created.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
33
Amazon Macie REST API ReferenceSee Also
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
CreateCustomDataIdentifier• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++
34
Amazon Macie REST API ReferenceCustom Data Identifier Descriptions
• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Custom Data Identifier DescriptionsA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier Descriptions resource provides access to the repository of customdata identifiers for your account. It provides information about each custom data identifier that you canuse in Amazon Macie.
You can use this resource to retrieve information about one or more custom data identifiers for youraccount. To refine your request, you can use the supported request parameter to specify which customdata identifiers to retrieve information about. To retrieve detailed information about the criteria andother settings for an individual custom data identifier, use the Custom Data Identifier (p. 52) resource.
URI/custom-data-identifiers/get
HTTP MethodsPOSTOperation ID: BatchGetCustomDataIdentifiers
Retrieves information about one or more custom data identifiers.
Responses
Status Code Response Model Description
200 BatchGetCustomDataIdentifiersResponse (p. 36)The request succeeded.
400 ValidationException (p. 36)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 36)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 37)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 37)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 37) The request failed because itconflicts with the current stateof the specified resource.
35
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
429 ThrottlingException (p. 37)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 37)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example POST
{ "ids": [ "string" ]}
Response Bodies
Example BatchGetCustomDataIdentifiersResponse
{ "customDataIdentifiers": [ { "createdAt": "string", "deleted": boolean, "name": "string", "description": "string", "id": "string", "arn": "string" } ], "notFoundIdentifierIds": [ "string" ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
36
Amazon Macie REST API ReferenceProperties
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
BatchGetCustomDataIdentifierSummaryProvides information about a custom data identifier.
createdAt
The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
Type: stringRequired: FalseFormat: date-time
37
Amazon Macie REST API ReferenceProperties
deleted
Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, AmazonMacie doesn't delete it permanently. Instead, it soft deletes the identifier.
Type: booleanRequired: False
name
The custom name of the custom data identifier.
Type: stringRequired: False
description
The custom description of the custom data identifier.
Type: stringRequired: False
id
The unique identifier for the custom data identifier.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the custom data identifier.
Type: stringRequired: False
BatchGetCustomDataIdentifiersRequestSpecifies one or more custom data identifiers to retrieve information about.
ids
An array of strings that lists the unique identifiers for the custom data identifiers to retrieve informationabout.
Type: Array of type stringRequired: False
BatchGetCustomDataIdentifiersResponseProvides information about one or more custom data identifiers.
customDataIdentifiers
An array of objects, one for each custom data identifier that meets the criteria specified in the request.
38
Amazon Macie REST API ReferenceProperties
Type: Array of type BatchGetCustomDataIdentifierSummary (p. 37)Required: False
notFoundIdentifierIds
An array of identifiers, one for each identifier that was specified in the request, but doesn't correlate toan existing custom data identifier.
Type: Array of type stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
39
Amazon Macie REST API ReferenceSee Also
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
BatchGetCustomDataIdentifiers• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Custom Data Identifier ListA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier List resource represents the repository of custom data identifiers foryour account. It provides a subset of information about each custom data identifier that you can use inAmazon Macie.
You can use this resource to retrieve a subset of information about all the custom data identifiers foryour account. To retrieve detailed information about the criteria and other settings for an individualcustom data identifier, use the Custom Data Identifier (p. 52) resource.
40
Amazon Macie REST API ReferenceURI
URI/custom-data-identifiers/list
HTTP MethodsPOSTOperation ID: ListCustomDataIdentifiers
Retrieves a subset of information about all the custom data identifiers for an account.
Responses
Status Code Response Model Description
200 ListCustomDataIdentifiersResponse (p. 42)The request succeeded.
400 ValidationException (p. 42)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 42)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 42)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 42)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 42) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 42)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 43)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "nextToken": "string", "maxResults": integer}
41
Amazon Macie REST API ReferenceSchemas
Response Bodies
Example ListCustomDataIdentifiersResponse
{ "nextToken": "string", "items": [ { "createdAt": "string", "name": "string", "description": "string", "id": "string", "arn": "string" } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
42
Amazon Macie REST API ReferenceProperties
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CustomDataIdentifierSummaryProvides information about a custom data identifier.
createdAt
The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
Type: stringRequired: FalseFormat: date-time
name
The custom name of the custom data identifier.
Type: stringRequired: False
description
The custom description of the custom data identifier.
Type: stringRequired: False
43
Amazon Macie REST API ReferenceProperties
id
The unique identifier for the custom data identifier.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the custom data identifier.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ListCustomDataIdentifiersRequestSpecifies criteria for paginating the results of a request for information about custom data identifiers.
nextToken
The nextToken string that specifies which page of results to return in a paginated response.
Type: stringRequired: False
maxResults
The maximum number of items to include in each page of the response.
Type: integerRequired: FalseFormat: int32
ListCustomDataIdentifiersResponseProvides the results of a request for information about custom data identifiers.
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: string
44
Amazon Macie REST API ReferenceProperties
Required: False
items
An array of objects, one for each custom data identifier.
Type: Array of type CustomDataIdentifierSummary (p. 43)Required: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
45
Amazon Macie REST API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListCustomDataIdentifiers• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Custom Data Identifier TestingThe Custom Data Identifier Testing resource provides an environment for developing, testing, andrefining a custom data identifier. A custom data identifier is a set of criteria that you define to detectsensitive data in one or more data sources.
When you develop a customer data identifier, you specify a regular expression (regex) that defines a textpattern to match in a data source. You can also specify character sequences, such as words and phrases,and a proximity rule to refine the analysis. By using custom data identifiers, you can tailor your dataanalysis to meet your organization's specific needs, and supplement the built-in data identifiers thatAmazon Macie provides.
You can use the Custom Data Identifier Testing resource to develop, test, and refine a custom dataidentifier. Note that this resource doesn't create a persistent data identifier that you can subsequentlyaccess and use in Amazon Macie. Instead, it provides a test environment that can help you optimize andrefine a data identifier by using sample data. When you finish developing and testing a custom dataidentifier, use the Custom Data Identifier Creation (p. 29) resource to create it.
URI/custom-data-identifiers/test
HTTP MethodsPOSTOperation ID: TestCustomDataIdentifier
Tests a custom data identifier.
Responses
Status Code Response Model Description
200 TestCustomDataIdentifierResponse (p. 48)The request succeeded.
46
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
400 ValidationException (p. 48)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 48)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 48)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 48)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 48) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 48)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 48)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "regex": "string", "keywords": [ "string" ], "ignoreWords": [ "string" ], "maximumMatchDistance": integer, "sampleText": "string"}
Example POST
{ "regex": "string", "keywords": [ "string" ], "ignoreWords": [ "string" ], "maximumMatchDistance": integer,
47
Amazon Macie REST API ReferenceSchemas
"sampleText": "string"}
Response Bodies
Example TestCustomDataIdentifierResponse
{ "matchCount": integer}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"
48
Amazon Macie REST API ReferenceProperties
}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
49
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
TestCustomDataIdentifierRequestSpecifies the detection criteria of a custom data identifier to test.
regex
The regular expression (regex) that defines the pattern to match. The expression can contain as many as512 characters.
Type: stringRequired: True
keywords
An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. The array can contain as many as 50keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
Type: Array of type stringRequired: False
ignoreWords
An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Thearray can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignorewords are case sensitive.
Type: Array of type stringRequired: False
maximumMatchDistance
The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters.The default value is 50.
Type: integerRequired: FalseFormat: int32
sampleText
The sample text to inspect by using the custom data identifier. The text can contain as many as 1,000characters.
Type: stringRequired: True
50
Amazon Macie REST API ReferenceSee Also
TestCustomDataIdentifierResponseProvides test results for a custom data identifier.
matchCount
The number of instances of sample text that matched the detection criteria specified in the custom dataidentifier.
Type: integerRequired: FalseFormat: int32
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
TestCustomDataIdentifier• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
51
Amazon Macie REST API ReferenceCustom Data Identifier
Custom Data IdentifierA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier resource provides access to the repository of custom data identifiersfor your account. It provides comprehensive, detailed information about each custom data identifierthat you can use in Amazon Macie. This includes the criteria and other settings for each custom dataidentifier. The Custom Data Identifier resource also enables you to delete a custom data identifier.
When you use this resource to delete or retrieve information about a custom data identifier, you have tospecify the unique identifier for the customer data identifier. To find this identifier, use the Custom DataIdentifier List (p. 40) resource.
You can use the Custom Data Identifier resource to retrieve detailed information about a custom dataidentifier. You can also use this resource to delete a custom data identifier.
URI/custom-data-identifiers/id
HTTP MethodsGETOperation ID: GetCustomDataIdentifier
Retrieves the criteria and other settings for a custom data identifier.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 GetCustomDataIdentifierResponse (p. 54)The request succeeded.
400 ValidationException (p. 54)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 54)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 54)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 55)The request failed because thespecified resource wasn't found.
52
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
409 ConflictException (p. 55) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 55)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 55)The request failed due to anunknown internal server error,exception, or failure.
DELETEOperation ID: DeleteCustomDataIdentifier
Soft deletes a custom data identifier.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 Empty Schema (p. 54) The request succeeded. Thespecified custom data identifierwas deleted and there isn't anycontent to include in the body ofthe response (No Content).
400 ValidationException (p. 54)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 54)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 54)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 55)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 55) The request failed because itconflicts with the current stateof the specified resource.
53
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
429 ThrottlingException (p. 55)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 55)The request failed due to anunknown internal server error,exception, or failure.
SchemasResponse Bodies
Example GetCustomDataIdentifierResponse
{ "createdAt": "string", "regex": "string", "deleted": boolean, "keywords": [ "string" ], "ignoreWords": [ "string" ], "name": "string", "description": "string", "maximumMatchDistance": integer, "id": "string", "arn": "string", "tags": { }}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{
54
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
55
Amazon Macie REST API ReferenceProperties
GetCustomDataIdentifierResponseProvides information about the criteria and other settings for a custom data identifier.
createdAt
The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
Type: stringRequired: FalseFormat: date-time
regex
The regular expression (regex) that defines the pattern to match.
Type: stringRequired: False
deleted
Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, AmazonMacie doesn't delete it permanently. Instead, it soft deletes the identifier.
Type: booleanRequired: False
keywords
An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. Keywords aren't case sensitive.
Type: Array of type stringRequired: False
ignoreWords
An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Ignorewords are case sensitive.
Type: Array of type stringRequired: False
name
The custom name of the custom data identifier.
Type: stringRequired: False
description
The custom description of the custom data identifier.
56
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
maximumMatchDistance
The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern.
Type: integerRequired: FalseFormat: int32
id
The unique identifier for the custom data identifier.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the custom data identifier.
Type: stringRequired: False
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the customdata identifier.
Type: TagMap (p. 58)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
57
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetCustomDataIdentifier• AWS Command Line Interface
58
Amazon Macie REST API ReferenceData Sources - S3
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeleteCustomDataIdentifier• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Data Sources - S3The S3 Data Sources resource provides statistical data and other information about the Amazon SimpleStorage Service (Amazon S3) buckets that you configured Amazon Macie to monitor and analyze. Thisincludes data such as the number of objects that are in an S3 bucket and how many of those objectsMacie can analyze. This also includes information about the settings that define who can access data inan S3 bucket and how that data can be accessed. The data is available for all the S3 buckets that youconfigured Macie to monitor and analyze.
You can use this resource to retrieve (query) statistical data and other information about the settings andcontents of one or more S3 buckets that Macie monitors and analyzes. To customize and refine a query,you can use supported parameters that specify whether and how to filter, sort, and paginate the queryresults.
URI/datasources/s3
HTTP Methods
POSTOperation ID: DescribeBuckets
Retrieves (queries) statistical data and other information about one or more S3 buckets that AmazonMacie monitors and analyzes.
59
Amazon Macie REST API ReferenceSchemas
Responses
Status Code Response Model Description
200 DescribeBucketsResponse (p. 60)The request succeeded.
400 ValidationException (p. 62)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 62)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 62)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 62)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 62) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 62)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 62)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "criteria": { }, "nextToken": "string", "maxResults": integer, "sortCriteria": { "orderBy": enum, "attributeName": "string" }}
Response Bodies
Example DescribeBucketsResponse
{ "nextToken": "string", "buckets": [
60
Amazon Macie REST API ReferenceSchemas
{ "bucketName": "string", "objectCount": integer, "sizeInBytes": integer, "versioning": boolean, "classifiableObjectCount": integer, "publicAccess": { "effectivePermission": enum, "permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "objectCountByEncryptionType": { "kmsManaged": integer, "s3Managed": integer, "customerManaged": integer, "unencrypted": integer }, "classifiableSizeInBytes": integer, "tags": [ { "value": "string", "key": "string" } ], "unclassifiableObjectCount": { "total": integer, "storageClass": integer, "fileType": integer }, "lastUpdated": "string", "accountId": "string", "bucketArn": "string", "bucketCreatedAt": "string", "replicationDetails": { "replicationAccounts": [ "string" ], "replicatedExternally": boolean, "replicated": boolean }, "unclassifiableObjectSizeInBytes": { "total": integer,
61
Amazon Macie REST API ReferenceSchemas
"storageClass": integer, "fileType": integer }, "sharedAccess": enum, "region": "string", "jobDetails": { "lastJobId": "string", "lastJobRunTime": "string", "isDefinedInJob": enum, "isMonitoredByJob": enum }, "sizeInBytesCompressed": integer } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"
62
Amazon Macie REST API ReferenceProperties
}
PropertiesAccessControlListProvides information about the permissions settings of the bucket-level access control list (ACL) for anS3 bucket.
allowsPublicReadAccess
Specifies whether the ACL grants the general public with read access permissions for the bucket.
Type: booleanRequired: False
allowsPublicWriteAccess
Specifies whether the ACL grants the general public with write access permissions for the bucket.
Type: booleanRequired: False
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
AccountLevelPermissionsProvides information about account-level permissions settings that apply to an S3 bucket.
blockPublicAccess
The block public access settings for the bucket.
Type: BlockPublicAccess (p. 63)Required: False
BlockPublicAccessProvides information about the block public access settings for an S3 bucket. These settings can applyto a bucket at the account level or bucket level. For detailed information about each setting, see UsingAmazon S3 block public access in the Amazon Simple Storage Service Developer Guide.
blockPublicPolicy
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
63
Amazon Macie REST API ReferenceProperties
Type: booleanRequired: False
restrictPublicBuckets
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
Type: booleanRequired: False
blockPublicAcls
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in thebucket.
Type: booleanRequired: False
ignorePublicAcls
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
Type: booleanRequired: False
BucketCriteriaSpecifies, as a map, one or more attribute-based conditions that filter the results of a query forinformation about S3 buckets.
key-value pairs
Type: object
BucketCriteriaAdditionalPropertiesSpecifies the operator to use in an attribute-based condition that filters the results of a query forinformation about S3 buckets.
prefix
The prefix of the buckets to include in the results.
Type: stringRequired: False
lt
A less than condition to apply to a specified attribute value for buckets.
Type: integerRequired: FalseFormat: int64
64
Amazon Macie REST API ReferenceProperties
gte
A greater than or equal to condition to apply to a specified attribute value for buckets.
Type: integerRequired: FalseFormat: int64
neq
A not equal to condition to apply to a specified attribute value for buckets.
Type: Array of type stringRequired: False
lte
A less than or equal to condition to apply to a specified attribute value for buckets.
Type: integerRequired: FalseFormat: int64
eq
An equal to condition to apply to a specified attribute value for buckets.
Type: Array of type stringRequired: False
gt
A greater than condition to apply to a specified attribute value for buckets.
Type: integerRequired: FalseFormat: int64
BucketLevelPermissionsProvides information about the bucket-level permissions settings for an S3 bucket.
accessControlList
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn'tbeen defined for the bucket.
Type: AccessControlList (p. 63)Required: False
blockPublicAccess
The block public access settings for the bucket.
65
Amazon Macie REST API ReferenceProperties
Type: BlockPublicAccess (p. 63)Required: False
bucketPolicy
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn'tbeen defined for the bucket.
Type: BucketPolicy (p. 69)Required: False
BucketMetadataProvides information about an S3 bucket that Amazon Macie monitors and analyzes.
bucketName
The name of the bucket.
Type: stringRequired: False
objectCount
The total number of objects in the bucket.
Type: integerRequired: FalseFormat: int64
sizeInBytes
The total storage size, in bytes, of the bucket.
Type: integerRequired: FalseFormat: int64
versioning
Specifies whether versioning is enabled for the bucket.
Type: booleanRequired: False
classifiableObjectCount
The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supportedstorage class and have a file name extension for a supported file or storage format.
Type: integerRequired: FalseFormat: int64
66
Amazon Macie REST API ReferenceProperties
publicAccess
Specifies whether the bucket is publicly accessible. If this value is true, an access control list (ACL),bucket policy, or block public access settings allow the bucket to be accessed by the general public.
Type: BucketPublicAccess (p. 70)Required: False
objectCountByEncryptionType
The total number of objects that are in the bucket, grouped by server-side encryption type. This includesa grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
Type: ObjectCountByEncryptionType (p. 73)Required: False
classifiableSizeInBytes
The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. Theseobjects use a supported storage class and have a file name extension for a supported file or storageformat.
Type: integerRequired: FalseFormat: int64
tags
An array that specifies the tags (keys and values) that are associated with the bucket.
Type: Array of type KeyValuePair (p. 73)Required: False
unclassifiableObjectCount
The total number of objects that Amazon Macie can't analyze in the bucket. These objects don't use asupported storage class or don't have a file name extension for a supported file or storage format.
Type: ObjectLevelStatistics (p. 74)Required: False
lastUpdated
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieveddata about the bucket from Amazon S3.
Type: stringRequired: FalseFormat: date-time
accountId
The unique identifier for the AWS account that owns the bucket.
Type: string
67
Amazon Macie REST API ReferenceProperties
Required: False
bucketArn
The Amazon Resource Name (ARN) of the bucket.
Type: stringRequired: False
bucketCreatedAt
The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
Type: stringRequired: FalseFormat: date-time
replicationDetails
Specifies whether the bucket is configured to replicate one or more objects to buckets for other AWSaccounts and, if so, which accounts.
Type: ReplicationDetails (p. 75)Required: False
unclassifiableObjectSizeInBytes
The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. Theseobjects don't use a supported storage class or don't have a file name extension for a supported file orstorage format.
Type: ObjectLevelStatistics (p. 74)Required: False
sharedAccess
Specifies whether the bucket is shared with another AWS account. Possible values are:
• EXTERNAL - The bucket is shared with an AWS account that isn't part of the same Amazon Macieorganization.
• INTERNAL - The bucket is shared with an AWS account that's part of the same Amazon Macieorganization.
• NOT_SHARED - The bucket isn't shared with other AWS accounts.
• UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
Type: stringRequired: FalseValues: EXTERNAL | INTERNAL | NOT_SHARED | UNKNOWN
region
The AWS Region that hosts the bucket.
68
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
jobDetails
Specifies whether any one-time or recurring classification jobs are configured to analyze data in thebucket, and, if so, the details of the job that ran most recently.
Type: JobDetails (p. 72)Required: False
sizeInBytesCompressed
The total compressed storage size, in bytes, of the bucket.
Type: integerRequired: FalseFormat: int64
BucketPermissionConfigurationProvides information about the account-level and bucket-level permissions settings for an S3 bucket.
accountLevelPermissions
The account-level permissions settings that apply to the bucket.
Type: AccountLevelPermissions (p. 63)Required: False
bucketLevelPermissions
The bucket-level permissions settings for the bucket.
Type: BucketLevelPermissions (p. 65)Required: False
BucketPolicyProvides information about the permissions settings of a bucket policy for an S3 bucket.
allowsPublicReadAccess
Specifies whether the bucket policy allows the general public to have read access to the bucket.
Type: booleanRequired: False
allowsPublicWriteAccess
Specifies whether the bucket policy allows the general public to have write access to the bucket.
Type: boolean
69
Amazon Macie REST API ReferenceProperties
Required: False
BucketPublicAccessProvides information about the permissions settings that determine whether an S3 bucket is publiclyaccessible.
effectivePermission
Specifies whether the bucket is publicly accessible due to the combination of permissions settings thatapply to the bucket. Possible values are:
• NOT_PUBLIC - The bucket isn't publicly accessible.• PUBLIC - The bucket is publicly accessible.• UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
Type: stringRequired: FalseValues: PUBLIC | NOT_PUBLIC | UNKNOWN
permissionConfiguration
The account-level and bucket-level permissions for the bucket.
Type: BucketPermissionConfiguration (p. 69)Required: False
BucketSortCriteriaSpecifies criteria for sorting the results of a query for information about S3 buckets.
orderBy
The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.
Type: stringRequired: FalseValues: ASC | DESC
attributeName
The name of the attribute to sort the results by. This value can be the name of any property that AmazonMacie defines as bucket metadata, such as bucketName or accountId.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
70
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
DescribeBucketsRequestSpecifies criteria for filtering, sorting, and paginating the results of a query for information about S3buckets.
criteria
The criteria to use to filter the query results.
Type: BucketCriteria (p. 64)Required: False
nextToken
The nextToken string that specifies which page of results to return in a paginated response.
Type: stringRequired: False
maxResults
The maximum number of items to include in each page of the response. The default value is 50.
Type: integerRequired: FalseFormat: int32
sortCriteria
The criteria to use to sort the query results.
Type: BucketSortCriteria (p. 70)Required: False
DescribeBucketsResponseProvides the results of a query that retrieved statistical data and other information about one or more S3buckets that Amazon Macie monitors and analyzes.
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
71
Amazon Macie REST API ReferenceProperties
buckets
An array of objects, one for each bucket that meets the filter criteria specified in the request.
Type: Array of type BucketMetadata (p. 66)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
JobDetailsSpecifies whether any one-time or recurring classification jobs are configured to analyze data in an S3bucket, and, if so, the details of the job that ran most recently.
lastJobId
The unique identifier for the job that ran most recently (either the latest run of a recurring job or theonly run of a one-time job) and is configured to analyze data in the bucket.
This value is null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
Type: stringRequired: False
lastJobRunTime
The date and time, in UTC and extended ISO 8601 format, when the job (lastJobId) started. If the jobis a recurring job, this value indicates when the most recent run started.
This value is null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
Type: stringRequired: FalseFormat: date-time
isDefinedInJob
Specifies whether any one-time or recurring jobs are configured to analyze data in the bucket. Possiblevalues are:
• TRUE - One or more jobs is configured to analyze data in the bucket, and at least one of those jobs hasa status other than CANCELLED.
• FALSE - No jobs are configured to analyze data in the bucket, or all the jobs that are configured toanalyze data in the bucket have a status of CANCELLED.
• UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
72
Amazon Macie REST API ReferenceProperties
Type: stringRequired: FalseValues: TRUE | FALSE | UNKNOWN
isMonitoredByJob
Specifies whether any recurring jobs are configured to analyze data in the bucket. Possible values are:
• TRUE - One or more recurring jobs is configured to analyze data in the bucket, and at least one ofthose jobs has a status other than CANCELLED.
• FALSE - No recurring jobs are configured to analyze data in the bucket, or all the recurring jobs thatare configured to analyze data in the bucket have a status of CANCELLED.
• UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.
Type: stringRequired: FalseValues: TRUE | FALSE | UNKNOWN
KeyValuePairProvides information about the tags that are associated with an S3 bucket or object. Each tag consists ofa required tag key and an associated tag value.
value
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tagvalue can be an empty string.
Type: stringRequired: False
key
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category formore specific tag values.
Type: stringRequired: False
ObjectCountByEncryptionTypeProvides information about the number of objects that are in an S3 bucket and use certain types ofserver-side encryption, use client-side encryption, or aren't encrypted.
kmsManaged
The total number of objects that are encrypted using an AWS Key Management Service (AWS KMS)customer master key (CMK). The objects use AWS managed AWS KMS (AWS-KMS) encryption orcustomer managed AWS KMS (SSE-KMS) encryption.
Type: integerRequired: FalseFormat: int64
73
Amazon Macie REST API ReferenceProperties
s3Managed
The total number of objects that are encrypted using an Amazon S3 managed key. The objects useAmazon S3 managed (SSE-S3) encryption.
Type: integerRequired: FalseFormat: int64
customerManaged
The total number of objects that are encrypted using a customer-managed key. The objects usecustomer-provided server-side (SSE-C) encryption.
Type: integerRequired: FalseFormat: int64
unencrypted
The total number of objects that aren't encrypted or use client-side encryption.
Type: integerRequired: FalseFormat: int64
ObjectLevelStatisticsProvides information about the total storage size (in bytes) or number of objects that Amazon Maciecan't analyze in one or more S3 buckets. In a BucketMetadata object, this data is for a specific bucket.In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the queryresults.
total
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class or don't have a file name extension for a supported file orstorage format.
Type: integerRequired: FalseFormat: int64
storageClass
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class.
Type: integerRequired: FalseFormat: int64
fileType
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects don't have a file name extension for a supported file or storage format.
74
Amazon Macie REST API ReferenceProperties
Type: integerRequired: FalseFormat: int64
ReplicationDetailsProvides information about settings that define whether one or more objects in an S3 bucket arereplicated to S3 buckets for other AWS accounts and, if so, which accounts.
replicationAccounts
An array of AWS account IDs, one for each AWS account that the bucket is configured to replicate one ormore objects to.
Type: Array of type stringRequired: False
replicatedExternally
Specifies whether the bucket is configured to replicate one or more objects to an AWS account that isn'tpart of the same Amazon Macie organization.
Type: booleanRequired: False
replicated
Specifies whether the bucket is configured to replicate one or more objects to any destination.
Type: booleanRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
75
Amazon Macie REST API ReferenceSee Also
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DescribeBuckets• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Data Sources - S3 StatisticsThe S3 Data Source Statistics resource provides aggregated statistical data for all the Amazon SimpleStorage Service (Amazon S3) buckets that you configured Amazon Macie to monitor and analyze. Thisincludes data for key metrics such as the number of S3 buckets that Macie monitors and analyzes, thenumber of objects in those buckets, and the number of buckets that use each server-side encryptiontype.
You can use this resource to retrieve (query) aggregated data for key metrics that apply to all the S3buckets that you configured Amazon Macie to monitor and analyze. To retrieve additional types of datafor these buckets, use the S3 Data Sources (p. 59) resource.
76
Amazon Macie REST API ReferenceURI
URI/datasources/s3/statistics
HTTP MethodsPOSTOperation ID: GetBucketStatistics
Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors andanalyzes.
Responses
Status Code Response Model Description
200 GetBucketStatisticsResponse (p. 78)The request succeeded.
400 ValidationException (p. 78)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 78)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 78)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 79)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 79) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 79)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 79)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "accountId": "string"}
77
Amazon Macie REST API ReferenceSchemas
Response Bodies
Example GetBucketStatisticsResponse
{ "bucketCountByEffectivePermission": { "publiclyWritable": integer, "publiclyReadable": integer, "publiclyAccessible": integer, "unknown": integer }, "lastUpdated": "string", "objectCount": integer, "sizeInBytes": integer, "classifiableObjectCount": integer, "bucketCount": integer, "bucketCountByEncryptionType": { "kmsManaged": integer, "s3Managed": integer, "unencrypted": integer }, "unclassifiableObjectSizeInBytes": { "total": integer, "storageClass": integer, "fileType": integer }, "classifiableSizeInBytes": integer, "bucketCountBySharedAccessType": { "internal": integer, "external": integer, "notShared": integer, "unknown": integer }, "unclassifiableObjectCount": { "total": integer, "storageClass": integer, "fileType": integer }, "sizeInBytesCompressed": integer}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
78
Amazon Macie REST API ReferenceProperties
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
BucketCountByEffectivePermissionProvides information about the number of S3 buckets that are publicly accessible based on acombination of permissions settings for each bucket.
publiclyWritable
The total number of buckets that allow the general public to have write access to the bucket.
Type: integerRequired: FalseFormat: int64
publiclyReadable
The total number of buckets that allow the general public to have read access to the bucket.
79
Amazon Macie REST API ReferenceProperties
Type: integerRequired: FalseFormat: int64
publiclyAccessible
The total number of buckets that allow the general public to have read or write access to the bucket.
Type: integerRequired: FalseFormat: int64
unknown
The total number of buckets that Amazon Macie wasn't able to evaluate permissions settings for. Maciecan't determine whether these buckets are publicly accessible.
Type: integerRequired: FalseFormat: int64
BucketCountByEncryptionTypeProvides information about the number of S3 buckets that use certain types of server-side encryption ordon't encrypt objects by default.
kmsManaged
The total number of buckets that use an AWS Key Management Service (AWS KMS) customer master key(CMK) to encrypt objects. These buckets use AWS managed AWS KMS (AWS-KMS) encryption or customermanaged AWS KMS (SSE-KMS) encryption.
Type: integerRequired: FalseFormat: int64
s3Managed
The total number of buckets that use an Amazon S3 managed key to encrypt objects. These buckets useAmazon S3 managed (SSE-S3) encryption.
Type: integerRequired: FalseFormat: int64
unencrypted
The total number of buckets that don't encrypt objects by default. Default encryption is disabled forthese buckets.
Type: integerRequired: FalseFormat: int64
80
Amazon Macie REST API ReferenceProperties
BucketCountBySharedAccessTypeProvides information about the number of S3 buckets that are shared with other AWS accounts.
internal
The total number of buckets that are shared with an AWS account that's part of the same Amazon Macieorganization.
Type: integerRequired: FalseFormat: int64
external
The total number of buckets that are shared with an AWS account that isn't part of the same AmazonMacie organization.
Type: integerRequired: FalseFormat: int64
notShared
The total number of buckets that aren't shared with other AWS accounts.
Type: integerRequired: FalseFormat: int64
unknown
The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. Maciecan't determine whether these buckets are shared with other AWS accounts.
Type: integerRequired: FalseFormat: int64
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
GetBucketStatisticsRequestSpecifies the account that owns the S3 buckets to retrieve aggregated statistical data for.
81
Amazon Macie REST API ReferenceProperties
accountId
The unique identifier for the AWS account.
Type: stringRequired: False
GetBucketStatisticsResponse
Provides the results of a query that retrieved aggregated statistical data for the S3 buckets that areowned by an account.
bucketCountByEffectivePermission
The total number of buckets that are publicly accessible based on a combination of permissions settingsfor each bucket.
Type: BucketCountByEffectivePermission (p. 79)Required: False
lastUpdated
The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieveddata about the buckets from Amazon S3.
Type: stringRequired: FalseFormat: date-time
objectCount
The total number of objects in the buckets.
Type: integerRequired: FalseFormat: int64
sizeInBytes
The total storage size, in bytes, of the buckets.
Type: integerRequired: FalseFormat: int64
classifiableObjectCount
The total number of objects that Amazon Macie can analyze in the buckets. These objects use asupported storage class and have a file name extension for a supported file or storage format.
Type: integerRequired: FalseFormat: int64
82
Amazon Macie REST API ReferenceProperties
bucketCount
The total number of buckets.
Type: integerRequired: FalseFormat: int64
bucketCountByEncryptionType
The total number of buckets, grouped by server-side encryption type. This object also reports the totalnumber of buckets that don't encrypt objects by default.
Type: BucketCountByEncryptionType (p. 80)Required: False
unclassifiableObjectSizeInBytes
The total storage size, in bytes, of all the objects that Amazon Macie can't analyze in the buckets. Theseobjects don't use a supported storage class or don't have a file name extension for a supported file orstorage format.
Type: ObjectLevelStatistics (p. 84)Required: False
classifiableSizeInBytes
The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. Theseobjects use a supported storage class and have a file name extension for a supported file or storageformat.
Type: integerRequired: FalseFormat: int64
bucketCountBySharedAccessType
The total number of buckets that are shared with another AWS account.
Type: BucketCountBySharedAccessType (p. 81)Required: False
unclassifiableObjectCount
The total number of objects that Amazon Macie can't analyze in the buckets. These objects don't use asupported storage class or don't have a file name extension for a supported file or storage format.
Type: ObjectLevelStatistics (p. 84)Required: False
sizeInBytesCompressed
The total compressed storage size, in bytes, of the buckets.
Type: integer
83
Amazon Macie REST API ReferenceProperties
Required: FalseFormat: int64
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ObjectLevelStatisticsProvides information about the total storage size (in bytes) or number of objects that Amazon Maciecan't analyze in one or more S3 buckets. In a BucketMetadata object, this data is for a specific bucket.In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the queryresults.
total
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class or don't have a file name extension for a supported file orstorage format.
Type: integerRequired: FalseFormat: int64
storageClass
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class.
Type: integerRequired: FalseFormat: int64
fileType
The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects don't have a file name extension for a supported file or storage format.
Type: integerRequired: FalseFormat: int64
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
84
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetBucketStatistics• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
85
Amazon Macie REST API ReferenceFindings List
• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Findings ListThe Findings List resource provides a subset of information about the findings for your account. A findingis a detailed report of a potential policy violation for an Amazon Simple Storage Service (Amazon S3)bucket or sensitive data in an S3 object.
Note that this resource doesn't provide access to all the data for a finding. Instead, it provides only asubset of metadata, such as the finding identifier. To retrieve all the data for one or more findings, usethe Findings Descriptions (p. 93) resource.
You can use the Findings List resource to retrieve a subset of information about one or more findings.To customize and refine your query, you can use supported parameters that specify whether and how tofilter, sort, and paginate the results.
URI/findings
HTTP Methods
POSTOperation ID: ListFindings
Retrieves a subset of information about one or more findings.
Responses
Status Code Response Model Description
200 ListFindingsResponse (p. 87)The request succeeded.
400 ValidationException (p. 87)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 87)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 88)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 88)The request failed because thespecified resource wasn't found.
86
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
409 ConflictException (p. 88) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 88)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 88)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest BodiesExample POST
{ "nextToken": "string", "maxResults": integer, "findingCriteria": { "criterion": { } }, "sortCriteria": { "orderBy": enum, "attributeName": "string" }}
Response BodiesExample ListFindingsResponse
{ "findingIds": [ "string" ], "nextToken": "string"}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
87
Amazon Macie REST API ReferenceProperties
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
88
Amazon Macie REST API ReferenceProperties
CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.
key-value pairs
Type: object
CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.
eqExactMatch
The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.
You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.
Type: Array of type stringRequired: False
lt
The value for the property is less than the specified value.
Type: integerRequired: FalseFormat: int64
gte
The value for the property is greater than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
neq
The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.
Type: Array of type stringRequired: False
89
Amazon Macie REST API ReferenceProperties
lte
The value for the property is less than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
eq
The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.
Type: Array of type stringRequired: False
gt
The value for the property is greater than the specified value.
Type: integerRequired: FalseFormat: int64
FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.
criterion
A condition that specifies the property, operator, and one or more values to use to filter the results.
Type: Criterion (p. 89)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ListFindingsRequestSpecifies criteria for filtering, sorting, and paginating the results of a request for information aboutfindings.
nextToken
The nextToken string that specifies which page of results to return in a paginated response.
90
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
maxResults
The maximum number of items to include in each page of the response.
Type: integerRequired: FalseFormat: int32
findingCriteria
The criteria to use to filter the results.
Type: FindingCriteria (p. 90)Required: False
sortCriteria
The criteria to use to sort the results.
Type: SortCriteria (p. 92)Required: False
ListFindingsResponseProvides the results of a request for information about one or more findings.
findingIds
An array of strings, where each string is the unique identifier for a finding that meets the filter criteriaspecified in the request.
Type: Array of type stringRequired: False
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: string
91
Amazon Macie REST API ReferenceProperties
Required: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
SortCriteriaSpecifies criteria for sorting the results of a request for findings.
orderBy
The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.
Type: stringRequired: FalseValues: ASC | DESC
attributeName
The name of the property to sort the results by. This value can be the name of any property that AmazonMacie defines for a finding.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
92
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListFindings• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Findings DescriptionsThe Findings Descriptions resource represents the repository of findings for your account. A finding is adetailed report of a potential policy violation for an Amazon Simple Storage Service (Amazon S3) bucketor sensitive data in an S3 object. Each finding provides a severity rating, information about the affectedresource, and additional details, such as when and how Macie found the issue. For information about thetypes of findings that Macie can report, see Types of Amazon Macie findings in the Amazon Macie UserGuide.
You can use this resource to retrieve the details of one or more findings. To customize and refine yourquery, you can use supported parameters to specify which findings to retrieve and how to sort theresults.
URI/findings/describe
HTTP Methods
POSTOperation ID: GetFindings
Retrieves the details of one or more findings.
Responses
Status Code Response Model Description
200 GetFindingsResponse (p. 94)The request succeeded.
93
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
400 ValidationException (p. 99)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 99)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 99)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 100)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 100) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 100)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 100)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "findingIds": [ "string" ], "sortCriteria": { "orderBy": enum, "attributeName": "string" }}
Response Bodies
Example GetFindingsResponse
{ "findings": [ { "severity": { "score": integer, "description": enum }, "schemaVersion": "string",
94
Amazon Macie REST API ReferenceSchemas
"count": integer, "description": "string", "title": "string", "type": enum, "sample": boolean, "archived": boolean, "accountId": "string", "createdAt": "string", "partition": "string", "classificationDetails": { "result": { "customDataIdentifiers": { "totalCount": integer, "detections": [ { "occurrences": { "lineRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "offsetRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "cells": [ { "column": integer, "row": integer, "columnName": "string", "cellReference": "string" } ], "pages": [ { "pageNumber": integer, "offsetRange": { "startColumn": integer, "start": integer, "end": integer }, "lineRange": { "startColumn": integer, "start": integer, "end": integer } } ], "records": [ { "jsonPath": "string", "recordIndex": integer } ] }, "count": integer, "name": "string", "arn": "string" } ] },
95
Amazon Macie REST API ReferenceSchemas
"sensitiveData": [ { "category": enum, "totalCount": integer, "detections": [ { "occurrences": { "lineRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "offsetRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "cells": [ { "column": integer, "row": integer, "columnName": "string", "cellReference": "string" } ], "pages": [ { "pageNumber": integer, "offsetRange": { "startColumn": integer, "start": integer, "end": integer }, "lineRange": { "startColumn": integer, "start": integer, "end": integer } } ], "records": [ { "jsonPath": "string", "recordIndex": integer } ] }, "count": integer, "type": "string" } ] } ], "sizeClassified": integer, "mimeType": "string", "additionalOccurrences": boolean, "status": { "reason": "string", "code": "string" } }, "jobId": "string",
96
Amazon Macie REST API ReferenceSchemas
"detailedResultsLocation": "string", "jobArn": "string" }, "policyDetails": { "actor": { "domainDetails": { "domainName": "string" }, "ipAddressDetails": { "ipOwner": { "org": "string", "asnOrg": "string", "isp": "string", "asn": "string" }, "ipCity": { "name": "string" }, "ipAddressV4": "string", "ipCountry": { "code": "string", "name": "string" }, "ipGeoLocation": { "lon": number, "lat": number } }, "userIdentity": { "federatedUser": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string" }, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "awsAccount": { "accountId": "string", "principalId": "string" }, "root": { "accountId": "string", "principalId": "string", "arn": "string" }, "assumedRole": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string"
97
Amazon Macie REST API ReferenceSchemas
}, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "type": enum, "iamUser": { "accountId": "string", "principalId": "string", "userName": "string", "arn": "string" }, "awsService": { "invokedBy": "string" } } }, "action": { "actionType": enum, "apiCallDetails": { "lastSeen": "string", "firstSeen": "string", "apiServiceName": "string", "api": "string" } } }, "id": "string", "category": enum, "region": "string", "resourcesAffected": { "s3Object": { "path": "string", "extension": "string", "versionId": "string", "storageClass": enum, "bucketArn": "string", "serverSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "size": integer, "publicAccess": boolean, "eTag": "string", "lastModified": "string", "key": "string", "tags": [ { "value": "string", "key": "string" } ] }, "s3Bucket": { "owner": { "displayName": "string", "id": "string" }, "createdAt": "string", "publicAccess": { "effectivePermission": enum,
98
Amazon Macie REST API ReferenceSchemas
"permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "name": "string", "defaultServerSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "arn": "string", "tags": [ { "value": "string", "key": "string" } ] } }, "updatedAt": "string" } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{
99
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessControlListProvides information about the permissions settings of the bucket-level access control list (ACL) for anS3 bucket.
allowsPublicReadAccess
Specifies whether the ACL grants the general public with read access permissions for the bucket.
Type: booleanRequired: False
allowsPublicWriteAccess
Specifies whether the ACL grants the general public with write access permissions for the bucket.
Type: booleanRequired: False
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
100
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
AccountLevelPermissionsProvides information about account-level permissions settings that apply to an S3 bucket.
blockPublicAccess
The block public access settings for the bucket.
Type: BlockPublicAccess (p. 103)Required: False
ApiCallDetailsProvides information about an API operation that an entity invoked for an affected resource.
lastSeen
The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation(api) was invoked and produced the finding.
Type: stringRequired: FalseFormat: date-time
firstSeen
The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked andproduced the finding.
Type: stringRequired: FalseFormat: date-time
apiServiceName
The URL of the AWS service that provides the operation, for example: s3.amazonaws.com.
Type: stringRequired: False
api
The name of the operation that was invoked most recently and produced the finding.
Type: stringRequired: False
101
Amazon Macie REST API ReferenceProperties
AssumedRole
Provides information about an identity that performed an action on an affected resource by usingtemporary security credentials. The credentials were obtained using the AssumeRole operation of theAWS Security Token Service (AWS STS) API.
accessKeyId
The AWS access key ID that identifies the credentials.
Type: stringRequired: False
sessionContext
The details of the session that was created for the credentials, including the entity that issued thesession.
Type: SessionContext (p. 127)Required: False
accountId
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
Type: stringRequired: False
principalId
The unique identifier for the entity that was used to get the credentials.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
Type: stringRequired: False
AwsAccount
Provides information about an AWS account and entity that performed an action on an affectedresource. The action was performed using the credentials for an AWS account other than your ownaccount.
accountId
The unique identifier for the AWS account.
Type: string
102
Amazon Macie REST API ReferenceProperties
Required: False
principalId
The unique identifier for the entity that performed the action.
Type: stringRequired: False
AwsServiceProvides information about an AWS service that performed an action on an affected resource.
invokedBy
The name of the AWS service that performed the action.
Type: stringRequired: False
BlockPublicAccessProvides information about the block public access settings for an S3 bucket. These settings can applyto a bucket at the account level or bucket level. For detailed information about each setting, see UsingAmazon S3 block public access in the Amazon Simple Storage Service Developer Guide.
blockPublicPolicy
Specifies whether Amazon S3 blocks public bucket policies for the bucket.
Type: booleanRequired: False
restrictPublicBuckets
Specifies whether Amazon S3 restricts public bucket policies for the bucket.
Type: booleanRequired: False
blockPublicAcls
Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in thebucket.
Type: booleanRequired: False
ignorePublicAcls
Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.
Type: booleanRequired: False
103
Amazon Macie REST API ReferenceProperties
BucketLevelPermissionsProvides information about the bucket-level permissions settings for an S3 bucket.
accessControlList
The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn'tbeen defined for the bucket.
Type: AccessControlList (p. 100)Required: False
blockPublicAccess
The block public access settings for the bucket.
Type: BlockPublicAccess (p. 103)Required: False
bucketPolicy
The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn'tbeen defined for the bucket.
Type: BucketPolicy (p. 104)Required: False
BucketPermissionConfigurationProvides information about the account-level and bucket-level permissions settings for an S3 bucket.
accountLevelPermissions
The account-level permissions settings that apply to the bucket.
Type: AccountLevelPermissions (p. 101)Required: False
bucketLevelPermissions
The bucket-level permissions settings for the bucket.
Type: BucketLevelPermissions (p. 104)Required: False
BucketPolicyProvides information about the permissions settings of a bucket policy for an S3 bucket.
allowsPublicReadAccess
Specifies whether the bucket policy allows the general public to have read access to the bucket.
Type: boolean
104
Amazon Macie REST API ReferenceProperties
Required: False
allowsPublicWriteAccess
Specifies whether the bucket policy allows the general public to have write access to the bucket.
Type: booleanRequired: False
BucketPublicAccessProvides information about the permissions settings that determine whether an S3 bucket is publiclyaccessible.
effectivePermission
Specifies whether the bucket is publicly accessible due to the combination of permissions settings thatapply to the bucket. Possible values are:
• NOT_PUBLIC - The bucket isn't publicly accessible.
• PUBLIC - The bucket is publicly accessible.
• UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.
Type: stringRequired: FalseValues: PUBLIC | NOT_PUBLIC | UNKNOWN
permissionConfiguration
The account-level and bucket-level permissions for the bucket.
Type: BucketPermissionConfiguration (p. 104)Required: False
CellSpecifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSVfile.
column
The column number of the column that contains the data. For a Microsoft Excel workbook, this valuecorrelates to the alphabetical character(s) for a column identifier. For example, 1 for column A, 2 forcolumn B, and so on.
Type: integerRequired: FalseFormat: int64
row
The row number of the row that contains the data.
105
Amazon Macie REST API ReferenceProperties
Type: integerRequired: FalseFormat: int64
columnName
The name of the column that contains the data, if available.
Type: stringRequired: False
cellReference
The location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5for cell C5 on Sheet2 in a Microsoft Excel workbook. This value is null for CSV and TSV files.
Type: stringRequired: False
ClassificationDetailsProvides information about a sensitive data finding, including the classification job that produced thefinding.
result
The status and other details for the finding.
Type: ClassificationResult (p. 107)Required: False
jobId
The unique identifier for the classification job that produced the finding.
Type: stringRequired: False
detailedResultsLocation
The path to the folder or file (in Amazon S3) that contains the corresponding sensitive data discoveryresult for the finding. If a finding applies to a large archive or compressed file, this value is the path to afolder. Otherwise, this value is the path to a file.
Type: stringRequired: False
jobArn
The Amazon Resource Name (ARN) of the classification job that produced the finding.
Type: stringRequired: False
106
Amazon Macie REST API ReferenceProperties
ClassificationResultProvides the details of a sensitive data finding, including the types, number of occurrences, and locationsof the sensitive data that was detected.
customDataIdentifiers
The custom data identifiers that detected the sensitive data and the number of occurrences of the datathat they detected.
Type: CustomDataIdentifiers (p. 108)Required: False
sensitiveData
The category, types, and number of occurrences of the sensitive data that produced the finding.
Type: Array of type SensitiveDataItem (p. 126)Required: False
sizeClassified
The total size, in bytes, of the data that the finding applies to.
Type: integerRequired: FalseFormat: int64
mimeType
The type of content, as a MIME type, that the finding applies to. For example, application/gzip, for aGNU Gzip compressed archive file, or application/pdf, for an Adobe Portable Document Format file.
Type: stringRequired: False
additionalOccurrences
Specifies whether Amazon Macie detected additional occurrences of sensitive data in the S3 object. Afinding includes location data for a maximum of 15 occurrences of sensitive data.
This value can help you determine whether to investigate additional occurrences of sensitive data in anobject. You can do this by referring to the corresponding sensitive data discovery result for the finding(ClassificationDetails.detailedResultsLocation).
Type: booleanRequired: False
status
The status of the finding.
Type: ClassificationResultStatus (p. 108)Required: False
107
Amazon Macie REST API ReferenceProperties
ClassificationResultStatusProvides information about the status of a sensitive data finding.
reason
A brief description of the status of the finding. Amazon Macie uses this value to notify you of any errors,warnings, or considerations that might impact your analysis of the finding.
Type: stringRequired: False
code
The status of the finding. Possible values are:
• COMPLETE - Amazon Macie successfully completed its analysis of the object that the finding applies to.• PARTIAL - Macie analyzed only a subset of the data in the object that the finding applies to. For
example, the object is an archive file that contains files in an unsupported format.• SKIPPED - Macie wasn't able to analyze the object that the finding applies to. For example, the object
is a malformed file or a file that uses an unsupported format.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CustomDataIdentifiersProvides information about custom data identifiers that produced a sensitive data finding, and thenumber of occurrences of the data that they detected for the finding.
totalCount
The total number of occurrences of the data that was detected by the custom data identifiers andproduced the finding.
Type: integerRequired: FalseFormat: int64
detections
The custom data identifiers that detected the data, and the number of occurrences of the data that eachidentifier detected.
108
Amazon Macie REST API ReferenceProperties
Type: Array of type CustomDetection (p. 109)Required: False
CustomDetectionProvides information about a custom data identifier that produced a sensitive data finding, and thesensitive data that it detected for the finding.
occurrences
The location of 1-15 occurrences of the sensitive data that the custom data identifier detected. A findingincludes location data for a maximum of 15 occurrences of sensitive data.
Type: Occurrences (p. 119)Required: False
count
The total number of occurrences of the sensitive data that the custom data identifier detected.
Type: integerRequired: FalseFormat: int64
name
The name of the custom data identifier.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the custom data identifier.
Type: stringRequired: False
DefaultDetectionProvides information about a type of sensitive data that was detected by managed data identifiers andproduced a sensitive data finding.
occurrences
The location of 1-15 occurrences of the sensitive data that was detected. A finding includes location datafor a maximum of 15 occurrences of sensitive data.
Type: Occurrences (p. 119)Required: False
count
The total number of occurrences of the type of sensitive data that was detected.
109
Amazon Macie REST API ReferenceProperties
Type: integerRequired: FalseFormat: int64
type
The type of sensitive data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, orADDRESS.
Type: stringRequired: False
DomainDetailsProvides information about the domain name of the device that an entity used to perform an action onan affected resource.
domainName
The name of the domain.
Type: stringRequired: False
EncryptionTypeThe type of server-side encryption that's used to encrypt an S3 object or objects in an S3 bucket. Validvalues are:
NONEAES256aws:kmsUNKNOWN
FederatedUserProvides information about an identity that performed an action on an affected resource by usingtemporary security credentials. The credentials were obtained using the GetFederationTokenoperation of the AWS Security Token Service (AWS STS) API.
accessKeyId
The AWS access key ID that identifies the credentials.
Type: stringRequired: False
sessionContext
The details of the session that was created for the credentials, including the entity that issued thesession.
Type: SessionContext (p. 127)
110
Amazon Macie REST API ReferenceProperties
Required: False
accountId
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
Type: stringRequired: False
principalId
The unique identifier for the entity that was used to get the credentials.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the entity that was used to get the credentials.
Type: stringRequired: False
FindingProvides the details of a finding.
severity
The severity level and score for the finding.
Type: Severity (p. 129)Required: False
schemaVersion
The version of the schema that was used to define the data structures in the finding.
Type: stringRequired: False
count
The total number of occurrences of the finding. For sensitive data findings, this value is always 1. Allsensitive data findings are considered new (unique) because they derive from individual classificationjobs.
Type: integerRequired: FalseFormat: int64
description
The description of the finding.
111
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
title
The brief description of the finding.
Type: stringRequired: False
type
The type of the finding.
Type: FindingType (p. 115)Required: False
sample
Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data todemonstrate what a finding might contain.
Type: booleanRequired: False
archived
Specifies whether the finding is archived.
Type: booleanRequired: False
accountId
The unique identifier for the AWS account that the finding applies to. This is typically the account thatowns the affected resource.
Type: stringRequired: False
createdAt
The date and time, in UTC and extended ISO 8601 format, when the finding was created.
Type: stringRequired: FalseFormat: date-time
partition
The AWS partition that Amazon Macie created the finding in.
Type: string
112
Amazon Macie REST API ReferenceProperties
Required: False
classificationDetails
The details of a sensitive data finding. This value is null for a policy finding.
Type: ClassificationDetails (p. 106)Required: False
policyDetails
The details of a policy finding. This value is null for a sensitive data finding.
Type: PolicyDetails (p. 121)Required: False
id
The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns toa finding when it creates the finding.
Type: stringRequired: False
category
The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and,POLICY, for a policy finding.
Type: FindingCategory (p. 115)Required: False
region
The AWS Region that Amazon Macie created the finding in.
Type: stringRequired: False
resourcesAffected
The resources that the finding applies to.
Type: ResourcesAffected (p. 122)Required: False
updatedAt
The date and time, in UTC and extended ISO 8601 format, when the finding was last updated. Forsensitive data findings, this value is the same as the value for the createdAt property. All sensitive datafindings are considered new (unique) because they derive from individual classification jobs.
Type: stringRequired: False
113
Amazon Macie REST API ReferenceProperties
Format: date-time
FindingActionProvides information about an action that occurred for a resource and produced a policy finding.
actionType
The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, whichindicates that an entity invoked an API operation for the resource.
Type: FindingActionType (p. 114)Required: False
apiCallDetails
The invocation details of the API operation that an entity invoked for the affected resource, if the valuefor the actionType property is AWS_API_CALL.
Type: ApiCallDetails (p. 101)Required: False
FindingActionTypeThe type of action that occurred for the resource and produced the policy finding:
AWS_API_CALL
FindingActorProvides information about an entity that performed an action that produced a policy finding for aresource.
domainDetails
The domain name of the device that the entity used to perform the action on the affected resource.
Type: DomainDetails (p. 110)Required: False
ipAddressDetails
The IP address of the device that the entity used to perform the action on the affected resource. Thisobject also provides information such as the owner and geographic location for the IP address.
Type: IpAddressDetails (p. 116)Required: False
userIdentity
The type and other characteristics of the entity that performed the action on the affected resource.
Type: UserIdentity (p. 130)
114
Amazon Macie REST API ReferenceProperties
Required: False
FindingCategoryThe category of the finding. Valid values are:
CLASSIFICATIONPOLICY
FindingTypeThe type of finding. For details about each type, see Types of Amazon Macie findings in the AmazonMacie User Guide. Valid values are:
SensitiveData:S3Object/MultipleSensitiveData:S3Object/FinancialSensitiveData:S3Object/PersonalSensitiveData:S3Object/CredentialsSensitiveData:S3Object/CustomIdentifierPolicy:IAMUser/S3BucketPublicPolicy:IAMUser/S3BucketSharedExternallyPolicy:IAMUser/S3BucketReplicatedExternallyPolicy:IAMUser/S3BucketEncryptionDisabledPolicy:IAMUser/S3BlockPublicAccessDisabled
GetFindingsRequestSpecifies one or more findings to retrieve.
findingIds
An array of strings that lists the unique identifiers for the findings to retrieve.
Type: Array of type stringRequired: True
sortCriteria
The criteria for sorting the results of the request.
Type: SortCriteria (p. 129)Required: False
GetFindingsResponseProvides the results of a request for one or more findings.
findings
An array of objects, one for each finding that meets the criteria specified in the request.
Type: Array of type Finding (p. 111)
115
Amazon Macie REST API ReferenceProperties
Required: False
IamUserProvides information about an AWS Identity and Access Management (IAM) user who performed anaction on an affected resource.
accountId
The unique identifier for the AWS account that's associated with the IAM user who performed the action.
Type: stringRequired: False
principalId
The unique identifier for the IAM user who performed the action.
Type: stringRequired: False
userName
The user name of the IAM user who performed the action.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of theARN contains the name of the user who performed the action.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
IpAddressDetailsProvides information about the IP address of the device that an entity used to perform an action on anaffected resource.
116
Amazon Macie REST API ReferenceProperties
ipOwner
The registered owner of the IP address.
Type: IpOwner (p. 118)Required: False
ipCity
The city that the IP address originated from.
Type: IpCity (p. 117)Required: False
ipAddressV4
The Internet Protocol version 4 (IPv4) address of the device.
Type: stringRequired: False
ipCountry
The country that the IP address originated from.
Type: IpCountry (p. 117)Required: False
ipGeoLocation
The geographic coordinates of the location that the IP address originated from.
Type: IpGeoLocation (p. 118)Required: False
IpCityProvides information about the city that an IP address originated from.
name
The name of the city.
Type: stringRequired: False
IpCountryProvides information about the country that an IP address originated from.
code
The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originatedfrom. For example, US for the United States.
117
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
name
The name of the country that the IP address originated from.
Type: stringRequired: False
IpGeoLocationProvides geographic coordinates that indicate where a specified IP address originated from.
lon
The longitude coordinate of the location, rounded to four decimal places.
Type: numberRequired: False
lat
The latitude coordinate of the location, rounded to four decimal places.
Type: numberRequired: False
IpOwnerProvides information about the registered owner of an IP address.
org
The name of the organization that owned the IP address.
Type: stringRequired: False
asnOrg
The organization identifier that's associated with the autonomous system number (ASN) for theautonomous system that included the IP address.
Type: stringRequired: False
isp
The name of the internet service provider (ISP) that owned the IP address.
Type: stringRequired: False
118
Amazon Macie REST API ReferenceProperties
asn
The autonomous system number (ASN) for the autonomous system that included the IP address.
Type: stringRequired: False
KeyValuePairProvides information about the tags that are associated with an S3 bucket or object. Each tag consists ofa required tag key and an associated tag value.
value
One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tagvalue can be an empty string.
Type: stringRequired: False
key
One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category formore specific tag values.
Type: stringRequired: False
OccurrencesProvides the location of 1-15 occurrences of sensitive data that was detected by managed dataidentifiers or a custom data identifier and produced a sensitive data finding.
lineRanges
An array of objects, one for each occurrence of sensitive data in a Microsoft Word document or non-binary text file, such as an HTML, JSON, TXT, or XML file. Each object specifies the line that contains thedata, and the position of the data on that line.
This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptionsare the locations of: data in unstructured sections of an otherwise structured file, such as a comment in afile; and, data in a malformed file that Amazon Macie analyzes as plain text.
Type: Array of type Range (p. 121)Required: False
offsetRanges
An array of objects, one for each occurrence of sensitive data in a binary text file. Each object specifiesthe position of the data relative to the beginning of the file.
This value is typically null. For binary text files, Amazon Macie adds location data to alineRanges.Range or Page object, depending on the file type.
Type: Array of type Range (p. 121)
119
Amazon Macie REST API ReferenceProperties
Required: False
cells
An array of objects, one for each occurrence of sensitive data in a Microsoft Excel workbook, CSV file, orTSV file. Each object specifies the cell or field that contains the data. This value is null for all other typesof files.
Type: Array of type Cell (p. 105)Required: False
pages
An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Formatfile. Each object specifies the page that contains the data, and the position of the data on that page. Thisvalue is null for all other types of files.
Type: Array of type Page (p. 120)Required: False
records
An array of objects, one for each occurrence of sensitive data in an Apache Avro object container orApache Parquet file. Each object specifies the record index and the path to the field in the record thatcontains the data. This value is null for all other types of files.
Type: Array of type Record (p. 122)Required: False
PageSpecifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.
pageNumber
The page number of the page that contains the data.
Type: integerRequired: FalseFormat: int64
offsetRange
The position of the data on the page, relative to the beginning of the page.
Type: Range (p. 121)Required: False
lineRange
The line that contains the data, and the position of the data on that line.
Type: Range (p. 121)Required: False
120
Amazon Macie REST API ReferenceProperties
PolicyDetailsProvides the details of a policy finding.
actor
The entity that performed the action that produced the finding.
Type: FindingActor (p. 114)Required: False
action
The action that produced the finding.
Type: FindingAction (p. 114)Required: False
RangeProvides details about the location of an occurrence of sensitive data in an Adobe Portable DocumentFormat file, Microsoft Word document, or non-binary text file.
startColumn
The column number for the column that contains the data, if the file contains structured data.
Type: integerRequired: FalseFormat: int64
start
Possible values are:
• In an Occurrences.lineRanges array, the number of lines from the beginning of the file to thebeginning of the sensitive data.
• In an Occurrences.offsetRanges array, the number of characters from the beginning of the file tothe beginning of the sensitive data.
• In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginningof the page to the beginning of the sensitive data.
Type: integerRequired: FalseFormat: int64
end
Possible values are:
• In an Occurrences.lineRanges array, the number of lines from the beginning of the file to the endof the sensitive data.
• In an Occurrences.offsetRanges array, the number of characters from the beginning of the file tothe end of the sensitive data.
121
Amazon Macie REST API ReferenceProperties
• In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginningof the page to the end of the sensitive data.
Type: integerRequired: FalseFormat: int64
RecordSpecifies the location of an occurrence of sensitive data in an Apache Avro object container or ApacheParquet file.
jsonPath
The path, as a JSONPath expression, to the field in the record that contains the data.
If the name of an element exceeds 20 characters, Amazon Macie truncates the name by removingcharacters from the beginning of the name. If the resulting full path exceeds 250 characters, Maciealso truncates the path, starting with the first element in the path, until the path contains 250 or fewercharacters.
Type: stringRequired: False
recordIndex
The record index, starting from 0, for the record that contains the data.
Type: integerRequired: FalseFormat: int64
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourcesAffectedProvides information about the resources that a finding applies to.
s3Object
An array of objects, one for each S3 object that the finding applies to. Each object provides a set ofmetadata about an affected S3 object.
Type: S3Object (p. 124)
122
Amazon Macie REST API ReferenceProperties
Required: False
s3Bucket
An array of objects, one for each S3 bucket that the finding applies to. Each object provides a set ofmetadata about an affected S3 bucket.
Type: S3Bucket (p. 123)Required: False
S3BucketProvides information about an S3 bucket that a finding applies to.
owner
The display name and account identifier for the user who owns the bucket.
Type: S3BucketOwner (p. 124)Required: False
createdAt
The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
Type: stringRequired: FalseFormat: date-time
publicAccess
The permissions settings that determine whether the bucket is publicly accessible.
Type: BucketPublicAccess (p. 105)Required: False
name
The name of the bucket.
Type: stringRequired: False
defaultServerSideEncryption
The type of server-side encryption that's used by default to encrypt objects in the bucket.
Type: ServerSideEncryption (p. 127)Required: False
arn
The Amazon Resource Name (ARN) of the bucket.
123
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
tags
The tags that are associated with the bucket.
Type: Array of type KeyValuePair (p. 119)Required: False
S3BucketOwner
Provides information about the user who owns an S3 bucket.
displayName
The display name of the user who owns the bucket.
Type: stringRequired: False
id
The AWS account ID for the user who owns the bucket.
Type: stringRequired: False
S3Object
Provides information about an S3 object that a finding applies to.
path
The path to the object, including the full key (name).
Type: stringRequired: False
extension
The file name extension of the object. If the object doesn't have a file name extension, this value is "".
Type: stringRequired: False
versionId
The identifier for the affected version of the object.
Type: stringRequired: False
124
Amazon Macie REST API ReferenceProperties
storageClass
The storage class of the object.
Type: StorageClass (p. 130)Required: False
bucketArn
The Amazon Resource Name (ARN) of the bucket that contains the object.
Type: stringRequired: False
serverSideEncryption
The type of server-side encryption that's used for the object.
Type: ServerSideEncryption (p. 127)Required: False
size
The total storage size, in bytes, of the object.
Type: integerRequired: FalseFormat: int64
publicAccess
Specifies whether the object is publicly accessible due to the combination of permissions settings thatapply to the object.
Type: booleanRequired: False
eTag
The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten orchanged after Amazon Macie produced the finding, this value might be different from the current ETagfor the object.
Type: stringRequired: False
lastModified
The date and time, in UTC and extended ISO 8601 format, when the object was last modified.
Type: stringRequired: FalseFormat: date-time
125
Amazon Macie REST API ReferenceProperties
key
The full key (name) that's assigned to the object.
Type: stringRequired: False
tags
The tags that are associated with the object.
Type: Array of type KeyValuePair (p. 119)Required: False
SensitiveDataItemProvides information about the category, types, and occurrences of sensitive data that produced asensitive data finding.
category
The category of sensitive data that was detected. For example: CREDENTIALS, for credentials datasuch as private keys or AWS secret keys; FINANCIAL_INFORMATION, for financial data such as creditcard numbers; or, PERSONAL_INFORMATION, for personal health information, such as health insuranceidentification numbers, or personally identifiable information, such as driver's license identificationnumbers.
Type: SensitiveDataItemCategory (p. 126)Required: False
totalCount
The total number of occurrences of the sensitive data that was detected.
Type: integerRequired: FalseFormat: int64
detections
An array of objects, one for each type of sensitive data that was detected. Each object reports thenumber of occurrences of a specific type of sensitive data that was detected, and the location of up to 15of those occurrences.
Type: Array of type DefaultDetection (p. 109)Required: False
SensitiveDataItemCategoryThe category of sensitive data that was detected and produced the finding. Possible values are:
FINANCIAL_INFORMATIONPERSONAL_INFORMATION
126
Amazon Macie REST API ReferenceProperties
CREDENTIALSCUSTOM_IDENTIFIER
ServerSideEncryption
Provides information about the server-side encryption settings for an S3 bucket or S3 object.
encryptionType
The server-side encryption algorithm that's used when storing data in the bucket or object. If encryptionis disabled for the bucket or object, this value is NONE.
Type: EncryptionType (p. 110)Required: False
kmsMasterKeyId
The unique identifier for the AWS Key Management Service (AWS KMS) master key that's used to encryptthe bucket or object. This value is null if AWS KMS isn't used to encrypt the bucket or object.
Type: stringRequired: False
ServiceQuotaExceededException
Provides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
SessionContext
Provides information about a session that was created for an entity that performed an action by usingtemporary security credentials.
sessionIssuer
The source and type of credentials that were issued to the entity.
Type: SessionIssuer (p. 128)Required: False
attributes
The date and time when the credentials were issued, and whether the credentials were authenticatedwith a multi-factor authentication (MFA) device.
Type: SessionContextAttributes (p. 128)
127
Amazon Macie REST API ReferenceProperties
Required: False
SessionContextAttributesProvides information about the context in which temporary security credentials were issued to an entity.
mfaAuthenticated
Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.
Type: booleanRequired: False
creationDate
The date and time, in UTC and ISO 8601 format, when the credentials were issued.
Type: stringRequired: FalseFormat: date-time
SessionIssuerProvides information about the source and type of temporary security credentials that were issued to anentity.
accountId
The unique identifier for the AWS account that owns the entity that was used to get the credentials.
Type: stringRequired: False
principalId
The unique identifier for the entity that was used to get the credentials.
Type: stringRequired: False
userName
The name or alias of the user or role that issued the session. This value is null if the credentials wereobtained from a root account that doesn't have an alias.
Type: stringRequired: False
type
The source of the temporary security credentials, such as Root, IAMUser, or Role.
Type: stringRequired: False
128
Amazon Macie REST API ReferenceProperties
arn
The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get thecredentials.
Type: stringRequired: False
SeverityProvides the numerical and qualitative representations of a finding's severity.
score
The numerical representation of the finding's severity, ranging from 1 (least severe) to 3 (most severe).
Type: integerRequired: FalseFormat: int64
description
The qualitative representation of the finding's severity, ranging from Low (least severe) to High (mostsevere).
Type: SeverityDescription (p. 129)Required: False
SeverityDescriptionThe qualitative representation of the finding's severity. Possible values are:
LowMediumHigh
SortCriteriaSpecifies criteria for sorting the results of a request for findings.
orderBy
The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.
Type: stringRequired: FalseValues: ASC | DESC
attributeName
The name of the property to sort the results by. This value can be the name of any property that AmazonMacie defines for a finding.
129
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
StorageClassThe storage class of the S3 object. Possible values are:
STANDARDREDUCED_REDUNDANCYSTANDARD_IAINTELLIGENT_TIERINGDEEP_ARCHIVEONEZONE_IAGLACIER
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UserIdentityProvides information about the type and other characteristics of an entity that performed an action onan affected resource.
federatedUser
If the action was performed with temporary security credentials that were obtained using theGetFederationToken operation of the AWS Security Token Service (AWS STS) API, the identifiers,session context, and other details about the identity.
Type: FederatedUser (p. 110)Required: False
awsAccount
If the action was performed using the credentials for another AWS account, the details of that account.
Type: AwsAccount (p. 102)Required: False
root
If the action was performed using the credentials for your AWS account, the details of your account.
Type: UserIdentityRoot (p. 131)Required: False
130
Amazon Macie REST API ReferenceProperties
assumedRole
If the action was performed with temporary security credentials that were obtained using theAssumeRole operation of the AWS Security Token Service (AWS STS) API, the identifiers, sessioncontext, and other details about the identity.
Type: AssumedRole (p. 102)Required: False
type
The type of entity that performed the action.
Type: UserIdentityType (p. 132)Required: False
iamUser
If the action was performed using the credentials for an AWS Identity and Access Management (IAM)user, the name and other details about the user.
Type: IamUser (p. 116)Required: False
awsService
If the action was performed by an AWS account that belongs to an AWS service, the name of the service.
Type: AwsService (p. 103)Required: False
UserIdentityRootProvides information about an AWS account and entity that performed an action on an affectedresource. The action was performed using the credentials for your AWS account.
accountId
The unique identifier for the AWS account.
Type: stringRequired: False
principalId
The unique identifier for the entity that performed the action.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the principal that performed the action. The last section of theARN contains the name of the user or role that performed the action.
131
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
UserIdentityType
The type of entity that performed the action on the affected resource. Possible values are:
AssumedRoleIAMUserFederatedUserRootAWSAccountAWSService
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetFindings• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Findings SamplesThe Findings Samples resource provides a set of findings that use example data to help you understandand analyze the various types of findings that Amazon Macie can report. A finding is a detailed report of
132
Amazon Macie REST API ReferenceURI
a potential policy violation for an Amazon Simple Storage Service (Amazon S3) bucket or sensitive datain an S3 object. For more information about the types of findings that Macie can report, see Types ofAmazon Macie findings in the Amazon Macie User Guide.
If you use this resource to create sample findings, Macie generates one sample finding for eachsupported finding type that you choose to include in the set of samples. You can then view and workwith these sample findings by using the Amazon Macie API or the Amazon Macie console. To help youidentify a sample finding, Macie adds the [SAMPLE] prefix to the value for the FindingType propertyof each sample finding. It also sets the value for the sample property to true.
You can use the Findings Samples resource to create one or more sample findings. To create only certaintypes of sample findings, you can use the supported request parameter to specify each type of samplethat you want Macie to create.
URI/findings/sample
HTTP Methods
POSTOperation ID: CreateSampleFindings
Creates sample findings.
Responses
Status Code Response Model Description
200 Empty Schema (p. 134) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 134)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 134)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 134)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 134)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 134) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 135)The request failed because yousent too many requests during acertain amount of time.
133
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 135)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest BodiesExample POST
{ "findingTypes": [ enum ]}
Response BodiesExample Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{
134
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateSampleFindingsRequestSpecifies the types of findings to include in a set of sample findings that Amazon Macie creates.
findingTypes
An array that lists one or more types of findings to include in the set of sample findings. Currently, theonly supported value is Policy:IAMUser/S3BucketEncryptionDisabled.
Type: Array of type FindingType (p. 136)Required: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
135
Amazon Macie REST API ReferenceProperties
FindingTypeThe type of finding. For details about each type, see Types of Amazon Macie findings in the AmazonMacie User Guide. Valid values are:
SensitiveData:S3Object/MultipleSensitiveData:S3Object/FinancialSensitiveData:S3Object/PersonalSensitiveData:S3Object/CredentialsSensitiveData:S3Object/CustomIdentifierPolicy:IAMUser/S3BucketPublicPolicy:IAMUser/S3BucketSharedExternallyPolicy:IAMUser/S3BucketReplicatedExternallyPolicy:IAMUser/S3BucketEncryptionDisabledPolicy:IAMUser/S3BlockPublicAccessDisabled
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
136
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
CreateSampleFindings• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Findings StatisticsThe Findings Statistics resource provides aggregated statistical data about the findings for your account.This primarily includes data about the total number of findings, grouped by a key value such as severity,finding type, or affected resource. The data is available for all the findings that Amazon Macie stores foryour account.
You can use this resource to retrieve (query) aggregated statistical data about findings for your account.To customize and refine your query, you can use supported parameters that specify how to filter, group,and sort the query results.
URI/findings/statistics
137
Amazon Macie REST API ReferenceHTTP Methods
HTTP MethodsPOSTOperation ID: GetFindingStatistics
Retrieves (queries) aggregated statistical data about findings.
Responses
Status Code Response Model Description
200 GetFindingStatisticsResponse (p. 139)The request succeeded.
400 ValidationException (p. 139)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 139)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 139)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 139)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 139) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 139)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 139)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest BodiesExample POST
{ "size": integer, "findingCriteria": { "criterion": { } }, "groupBy": enum, "sortCriteria": { "orderBy": enum, "attributeName": enum }
138
Amazon Macie REST API ReferenceSchemas
}
Response BodiesExample GetFindingStatisticsResponse
{ "countsByGroup": [ { "count": integer, "groupKey": "string" } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{
139
Amazon Macie REST API ReferenceProperties
"message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.
key-value pairs
Type: object
CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.
eqExactMatch
The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.
You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.
140
Amazon Macie REST API ReferenceProperties
Type: Array of type stringRequired: False
lt
The value for the property is less than the specified value.
Type: integerRequired: FalseFormat: int64
gte
The value for the property is greater than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
neq
The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.
Type: Array of type stringRequired: False
lte
The value for the property is less than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
eq
The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.
Type: Array of type stringRequired: False
gt
The value for the property is greater than the specified value.
Type: integerRequired: FalseFormat: int64
FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.
141
Amazon Macie REST API ReferenceProperties
criterion
A condition that specifies the property, operator, and one or more values to use to filter the results.
Type: Criterion (p. 140)Required: False
FindingStatisticsSortAttributeNameThe grouping to sort the results by. Valid values are:
groupKeycount
FindingStatisticsSortCriteriaSpecifies criteria for sorting the results of a query that retrieves aggregated statistical data aboutfindings.
orderBy
The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.
Type: stringRequired: FalseValues: ASC | DESC
attributeName
The grouping to sort the results by. Valid values are: count, sort the results by the number of findings ineach group of results; and, groupKey, sort the results by the name of each group of results.
Type: FindingStatisticsSortAttributeName (p. 142)Required: False
GetFindingStatisticsRequestSpecifies criteria for filtering, grouping, sorting, and paginating the results of a query that retrievesaggregated statistical data about findings.
size
The maximum number of items to include in each page of the response.
Type: integerRequired: FalseFormat: int32
findingCriteria
The criteria to use to filter the query results.
Type: FindingCriteria (p. 141)
142
Amazon Macie REST API ReferenceProperties
Required: False
groupBy
The finding property to use to group the query results. Valid values are:
• classificationDetails.jobId - The unique identifier for the classification job that produced thefinding.
• resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to.• severity.description - The severity level of the finding, such as High or Medium.• type - The type of finding, such as Policy:IAMUser/S3BucketPublic andSensitiveData:S3Object/Personal.
Type: stringRequired: TrueValues: resourcesAffected.s3Bucket.name | type | classificationDetails.jobId |severity.description
sortCriteria
The criteria to use to sort the query results.
Type: FindingStatisticsSortCriteria (p. 142)Required: False
GetFindingStatisticsResponseProvides the results of a query that retrieved aggregated statistical data about findings.
countsByGroup
An array of objects, one for each group of findings that meet the filter criteria specified in the request.
Type: Array of type GroupCount (p. 143)Required: False
GroupCountProvides a group of results for a query that retrieved aggregated statistical data about findings.
count
The total number of findings in the group of query results.
Type: integerRequired: FalseFormat: int64
groupKey
The name of the property that defines the group in the query results, as specified by the groupByproperty in the query request.
Type: string
143
Amazon Macie REST API ReferenceProperties
Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
144
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetFindingStatistics• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Findings FiltersThe Findings Filters resource represents the repository of filters that you create and save to view,analyze, and manage findings. A findings filter, also referred to as a filter, is a set of criteria that specifieswhich findings to include in the results of a query for findings. A findings filter can also perform specificactions on findings that meet the filter's criteria. For example, you can configure a filter to suppress(automatically archive) findings that meet the filter's criteria. For more information about creating andusing filters, see Filtering findings in the Amazon Macie User Guide.
You can use the Findings Filters resource to create a new filter or retrieve information about all theexisting filters for your account. To update, delete, or retrieve detailed information about an individualfilter, use the Findings Filter (p. 155) resource.
URI/findingsfilters
HTTP MethodsGETOperation ID: ListFindingsFilters
Retrieves a subset of information about all the findings filters for an account.
Query Parameters
Name Type Required Description
nextToken String False The nextToken stringthat specifies which
145
Amazon Macie REST API ReferenceHTTP Methods
Name Type Required Description
page of results toreturn in a paginatedresponse.
maxResults String False The maximum numberof items to includein each page of apaginated response.
Responses
Status Code Response Model Description
200 ListFindingsFiltersResponse (p. 147)The request succeeded.
400 ValidationException (p. 148)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 148)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 148)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 148)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 148) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 148)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 148)The request failed due to anunknown internal server error,exception, or failure.
POSTOperation ID: CreateFindingsFilter
Creates and defines the criteria and other settings for a findings filter.
Responses
Status Code Response Model Description
200 CreateFindingsFilterResponse (p. 148)The request succeeded.
400 ValidationException (p. 148)The request failed because itcontains a syntax error.
146
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
402 ServiceQuotaExceededException (p. 148)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 148)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 148)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 148) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 148)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 148)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "findingCriteria": { "criterion": { } }, "clientToken": "string", "name": "string", "description": "string", "action": enum, "position": integer, "tags": { }}
Response Bodies
Example ListFindingsFiltersResponse
{ "nextToken": "string", "findingsFilterListItems": [ { "name": "string", "action": enum, "id": "string",
147
Amazon Macie REST API ReferenceSchemas
"arn": "string", "tags": { } } ]}
Example CreateFindingsFilterResponse
{ "id": "string", "arn": "string"}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"
148
Amazon Macie REST API ReferenceProperties
}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateFindingsFilterRequestSpecifies the criteria and other settings for a new findings filter.
findingCriteria
The criteria to use to filter findings.
Type: FindingCriteria (p. 152)Required: True
clientToken
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
Type: stringRequired: False
name
A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other usersof your account might be able to see the filter's name, depending on the actions that they're allowed toperform in Amazon Macie.
Type: stringRequired: True
149
Amazon Macie REST API ReferenceProperties
description
A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Otherusers of your account might be able to see the filter's description, depending on the actions that they'reallowed to perform in Amazon Macie.
Type: stringRequired: False
action
The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are:ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.
Type: FindingsFilterAction (p. 152)Required: True
position
The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.
Type: integerRequired: FalseFormat: int32
tags
A map of key-value pairs that specifies the tags to associate with the filter.
A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.
Type: TagMap (p. 154)Required: False
CreateFindingsFilterResponseProvides information about a findings filter that was created in response to a request.
id
The unique identifier for the filter that was created.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the filter that was created.
150
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.
key-value pairs
Type: object
CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.
eqExactMatch
The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.
You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.
Type: Array of type stringRequired: False
lt
The value for the property is less than the specified value.
Type: integerRequired: FalseFormat: int64
gte
The value for the property is greater than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
neq
The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.
151
Amazon Macie REST API ReferenceProperties
Type: Array of type stringRequired: False
lte
The value for the property is less than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
eq
The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.
Type: Array of type stringRequired: False
gt
The value for the property is greater than the specified value.
Type: integerRequired: FalseFormat: int64
FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.
criterion
A condition that specifies the property, operator, and one or more values to use to filter the results.
Type: Criterion (p. 151)Required: False
FindingsFilterActionThe action to perform on findings that meet the filter criteria. To suppress (automatically archive)findings that meet the criteria, set this value to ARCHIVE. Valid values are:
ARCHIVENOOP
FindingsFilterListItemProvides information about a findings filter.
name
The custom name of the filter.
152
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
action
The action that's performed on findings that meet the filter criteria. Possible values are: ARCHIVE,suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.
Type: FindingsFilterAction (p. 152)Required: False
id
The unique identifier for the filter.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the filter.
Type: stringRequired: False
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.
Type: TagMap (p. 154)Required: False
InternalServerException
Provides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ListFindingsFiltersResponse
Provides information about all the findings filters for an account.
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
153
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
findingsFilterListItems
An array of objects, one for each filter that's associated with the account.
Type: Array of type FindingsFilterListItem (p. 152)Required: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
154
Amazon Macie REST API ReferenceSee Also
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListFindingsFilters• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
CreateFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Findings FilterThe Findings Filter resource represents an individual filter that you created and saved to view, analyze,and manage findings. A findings filter, also referred to as a filter, is a set of criteria that specifies whichfindings to include in the results of a query for findings. A findings filter can also perform specificactions on findings that meet the filter's criteria. For example, you can configure a filter to suppress(automatically archive) findings that meet the filter's criteria. For more information about creating andusing filters, see Filtering findings in the Amazon Macie User Guide.
155
Amazon Macie REST API ReferenceURI
You can use the Findings Filter resource to update, delete, or retrieve detailed information about afindings filter. To create a new filter, use the Findings Filters (p. 145) resource.
URI/findingsfilters/id
HTTP Methods
GETOperation ID: GetFindingsFilter
Retrieves the criteria and other settings for a findings filter.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 GetFindingsFilterResponse (p. 159)The request succeeded.
400 ValidationException (p. 159)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.
156
Amazon Macie REST API ReferenceHTTP Methods
DELETEOperation ID: DeleteFindingsFilter
Deletes a findings filter.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 Empty Schema (p. 159) The request succeeded. Thespecified findings filter wasdeleted and there isn't anycontent to include in the body ofthe response (No Content).
400 ValidationException (p. 159)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.
PATCHOperation ID: UpdateFindingsFilter
Updates the criteria and other settings for a findings filter.
157
Amazon Macie REST API ReferenceSchemas
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 UpdateFindingsFilterResponse (p. 159)The request succeeded. Thespecified findings filter wasupdated.
400 ValidationException (p. 159)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example PATCH
{ "findingCriteria": { "criterion": { } }, "name": "string", "action": enum,
158
Amazon Macie REST API ReferenceSchemas
"description": "string", "position": integer}
Response BodiesExample GetFindingsFilterResponse
{ "findingCriteria": { "criterion": { } }, "name": "string", "action": enum, "description": "string", "position": integer, "id": "string", "arn": "string", "tags": { }}
Example Empty Schema
{}
Example UpdateFindingsFilterResponse
{ "id": "string", "arn": "string"}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{
159
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.
160
Amazon Macie REST API ReferenceProperties
key-value pairs
Type: object
CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.
eqExactMatch
The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.
You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.
Type: Array of type stringRequired: False
lt
The value for the property is less than the specified value.
Type: integerRequired: FalseFormat: int64
gte
The value for the property is greater than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
neq
The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.
Type: Array of type stringRequired: False
lte
The value for the property is less than or equal to the specified value.
Type: integerRequired: FalseFormat: int64
161
Amazon Macie REST API ReferenceProperties
eq
The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.
Type: Array of type stringRequired: False
gt
The value for the property is greater than the specified value.
Type: integerRequired: FalseFormat: int64
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.
criterion
A condition that specifies the property, operator, and one or more values to use to filter the results.
Type: Criterion (p. 160)Required: False
FindingsFilterActionThe action to perform on findings that meet the filter criteria. To suppress (automatically archive)findings that meet the criteria, set this value to ARCHIVE. Valid values are:
ARCHIVENOOP
GetFindingsFilterResponseProvides information about the criteria and other settings for a findings filter.
findingCriteria
The criteria that's used to filter findings.
Type: FindingCriteria (p. 162)Required: False
name
The custom name of the filter.
162
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
action
The action that's performed on findings that meet the filter criteria (findingCriteria). Possible valuesare: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.
Type: FindingsFilterAction (p. 162)Required: False
description
The custom description of the filter.
Type: stringRequired: False
position
The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.
Type: integerRequired: FalseFormat: int32
id
The unique identifier for the filter.
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the filter.
Type: stringRequired: False
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.
Type: TagMap (p. 164)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
163
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UpdateFindingsFilterRequestSpecifies the criteria and other settings for a findings filter.
164
Amazon Macie REST API ReferenceProperties
findingCriteria
The criteria to use to filter findings.
Type: FindingCriteria (p. 162)Required: False
name
A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other usersmight be able to see the filter's name, depending on the actions that they're allowed to perform inAmazon Macie.
Type: stringRequired: False
action
The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are:ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.
Type: FindingsFilterAction (p. 162)Required: False
description
A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Otherusers might be able to see the filter's description, depending on the actions that they're allowed toperform in Amazon Macie.
Type: stringRequired: False
position
The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.
Type: integerRequired: FalseFormat: int32
UpdateFindingsFilterResponseProvides information about a findings filter that was updated in response to a request.
id
The unique identifier for the filter that was updated.
165
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
arn
The Amazon Resource Name (ARN) of the filter that was updated.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
DeleteFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
166
Amazon Macie REST API ReferenceInvitation List
UpdateFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Invitation ListIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.
The Invitation List resource provides information about all the membership invitations that you'vereceived. For each invitation, this includes the unique identifier for the invitation, the AWS account ID forthe account that sent it, and the current status of the relationship between your account and the accountthat sent it. This resource also enables you to send invitations to other accounts.
Note that this resource doesn't provide information about invitations for AWS organizations. It's limitedto invitations for Macie organizations. An AWS organization is a set of AWS accounts that are managed asa group by using the AWS Organizations service. AWS Organizations is an account management servicethat enables administrators to consolidate and centrally manage multiple AWS accounts as a singleorganization. To learn more about this service, see the AWS Organizations User Guide.
You can use the Invitation List resource to retrieve information about all the Macie membershipinvitations that you've received. You can also use this resource to send a membership invitation to otheraccounts.
URI/invitations
HTTP Methods
GETOperation ID: ListInvitations
Retrieves information about all the Amazon Macie membership invitations that were received by anaccount.
Query Parameters
Name Type Required Description
nextToken String False The nextToken stringthat specifies which
167
Amazon Macie REST API ReferenceHTTP Methods
Name Type Required Description
page of results toreturn in a paginatedresponse.
maxResults String False The maximum numberof items to includein each page of apaginated response.
Responses
Status Code Response Model Description
200 ListInvitationsResponse (p. 169)The request succeeded.
400 ValidationException (p. 170)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 170)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 170)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 170)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 170) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 170)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 170)The request failed due to anunknown internal server error,exception, or failure.
POST
Operation ID: CreateInvitations
Sends an Amazon Macie membership invitation to one or more accounts.
Responses
Status Code Response Model Description
200 CreateInvitationsResponse (p. 170)The request succeeded.Processing might not becomplete.
168
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
400 ValidationException (p. 170)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 170)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 170)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 170)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 170) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 170)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 170)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "disableEmailNotification": boolean, "accountIds": [ "string" ], "message": "string"}
Response Bodies
Example ListInvitationsResponse
{ "invitations": [ { "accountId": "string", "relationshipStatus": enum, "invitationId": "string", "invitedAt": "string" } ], "nextToken": "string"
169
Amazon Macie REST API ReferenceSchemas
}
Example CreateInvitationsResponse
{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{
170
Amazon Macie REST API ReferenceProperties
"message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateInvitationsRequestSpecifies the settings for an Amazon Macie membership invitation.
disableEmailNotification
Specifies whether to send an email notification to the root user of each account that the invitation willbe sent to. This notification is in addition to an alert that the root user receives in AWS Personal HealthDashboard. To send an email notification to the root user of each account, set this value to true.
Type: booleanRequired: False
accountIds
An array that lists AWS account IDs, one for each account to send the invitation to.
Type: Array of type stringRequired: True
message
A custom message to include in the invitation. Amazon Macie adds this message to the standard contentthat it sends for an invitation.
Type: stringRequired: False
171
Amazon Macie REST API ReferenceProperties
CreateInvitationsResponseProvides information about an unprocessed request to send an Amazon Macie membership invitation toa specific account.
unprocessedAccounts
An array of objects, one for each account whose invitation hasn't been processed. Each object identifiesthe account and explains why the invitation hasn't been processed for the account.
Type: Array of type UnprocessedAccount (p. 174)Required: False
ErrorCodeThe source of an error, issue, or delay. Possible values are:
ClientErrorInternalError
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
InvitationProvides information about an Amazon Macie membership invitation that was received by an account.
accountId
The AWS account ID for the account that sent the invitation.
Type: stringRequired: False
relationshipStatus
The status of the relationship between the account that sent the invitation (inviter account) and theaccount that received the invitation (invitee account).
Type: RelationshipStatus (p. 173)Required: False
invitationId
The unique identifier for the invitation. Amazon Macie uses this identifier to validate the inviter accountwith the invitee account.
172
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
invitedAt
The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.
Type: stringRequired: FalseFormat: date-time
ListInvitationsResponseProvides information about all the Amazon Macie membership invitations that were received by anaccount.
invitations
An array of objects, one for each invitation that was received by the account.
Type: Array of type Invitation (p. 172)Required: False
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:
EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
173
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UnprocessedAccountProvides information about an account-related request that hasn't been processed.
accountId
The AWS account ID for the account that the request applies to.
Type: stringRequired: False
errorMessage
The reason why the request hasn't been processed.
Type: stringRequired: False
errorCode
The source of the issue or delay in processing the request.
Type: ErrorCode (p. 172)Required: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
174
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListInvitations• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
CreateInvitations• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Invitation AcceptanceIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to becomea member of a Macie organization. A Macie organization is a set of Amazon Macie accounts that arecreated and managed as a group by using Macie. The Invitation Acceptance resource provides access tomembership invitations that you've received and haven't responded to, and it enables you to accept oneof those invitations.
Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that are
175
Amazon Macie REST API ReferenceURI
managed as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.
You can use the Invitation Acceptance resource to accept a Macie membership invitation that youreceived. If you do this, you have to specify the AWS account ID for the account that sent the invitation,and the unique identifier for the invitation. To find these IDs, you can use the Invitation List (p. 167)resource.
URI/invitations/accept
HTTP Methods
POSTOperation ID: AcceptInvitation
Accepts an Amazon Macie membership invitation that was received from a specific account.
Responses
Status Code Response Model Description
200 Empty Schema (p. 177) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 177)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 177)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 177)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 177)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 177) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 177)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 178)The request failed due to anunknown internal server error,exception, or failure.
176
Amazon Macie REST API ReferenceSchemas
SchemasRequest Bodies
Example POST
{ "masterAccount": "string", "invitationId": "string"}
Response Bodies
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"
177
Amazon Macie REST API ReferenceProperties
}
Example InternalServerException
{ "message": "string"}
PropertiesAcceptInvitationRequestSpecifies an Amazon Macie membership invitation to accept.
masterAccount
The AWS account ID for the account that sent the invitation.
Type: stringRequired: True
invitationId
The unique identifier for the invitation to accept.
Type: stringRequired: True
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
178
Amazon Macie REST API ReferenceProperties
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
179
Amazon Macie REST API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
AcceptInvitation• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Invitation CountIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.
The Invitation Count resource reports the total number of membership invitations that you've received.If you accepted an invitation and your account is currently part of a Macie organization, this numberdoesn't include that invitation. In addition, this number doesn't include invitations that you've receivedfor AWS organizations. It's limited to invitations for Macie organizations. An AWS organization is a set ofAWS accounts that are managed as a group by using the AWS Organizations service. To learn more aboutthis service, see the AWS Organizations User Guide.
You can use the Invitation Count resource to retrieve the count of Macie membership invitations thatyou've received, not including the currently accepted invitation.
URI/invitations/count
HTTP MethodsGETOperation ID: GetInvitationsCount
Retrieves the count of Amazon Macie membership invitations that were received by an account.
Responses
Status Code Response Model Description
200 GetInvitationsCountResponse (p. 181)The request succeeded.
400 ValidationException (p. 181)The request failed because itcontains a syntax error.
180
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
402 ServiceQuotaExceededException (p. 181)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 181)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 182)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 182) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 182)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 182)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Response Bodies
Example GetInvitationsCountResponse
{ "invitationsCount": integer}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
181
Amazon Macie REST API ReferenceProperties
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
GetInvitationsCountResponseProvides the count of all the Amazon Macie membership invitations that were received by an account,not including the currently accepted invitation.
182
Amazon Macie REST API ReferenceProperties
invitationsCount
The total number of invitations that were received by the account, not including the currently acceptedinvitation.
Type: integerRequired: FalseFormat: int64
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: string
183
Amazon Macie REST API ReferenceSee Also
Required: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetInvitationsCount• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Invitation DeclineIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.
The Invitation Decline resource provides access to membership invitations that you've received andhaven't responded to, and it enables you to decline one or more of those invitations. After you decline aninvitation, you can optionally delete the invitation.
Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that aremanaged as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.
You can use the Invitation Decline resource to decline Macie membership invitations that you receivedfrom specific accounts. If you do this, you have to specify the AWS account ID for each account that sentan invitation to decline. To find these IDs, you can use the Invitation List (p. 167) resource.
184
Amazon Macie REST API ReferenceURI
URI/invitations/decline
HTTP Methods
POSTOperation ID: DeclineInvitations
Declines Amazon Macie membership invitations that were received from specific accounts.
Responses
Status Code Response Model Description
200 DeclineInvitationsResponse (p. 186)The request succeeded.Processing might not becomplete.
400 ValidationException (p. 186)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 186)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 186)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 186)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 186) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 186)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 187)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example POST
{ "accountIds": [
185
Amazon Macie REST API ReferenceSchemas
"string" ]}
Response Bodies
Example DeclineInvitationsResponse
{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
186
Amazon Macie REST API ReferenceProperties
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
DeclineInvitationsRequestSpecifies one or more accounts that sent Amazon Macie membership invitations to decline.
accountIds
An array that lists AWS account IDs, one for each account that sent an invitation to decline.
Type: Array of type stringRequired: True
DeclineInvitationsResponseProvides information about unprocessed requests to decline Amazon Macie membership invitations thatwere received from specific accounts.
unprocessedAccounts
An array of objects, one for each account whose invitation hasn't been declined. Each object identifiesthe account and explains why the request hasn't been processed for that account.
Type: Array of type UnprocessedAccount (p. 189)
187
Amazon Macie REST API ReferenceProperties
Required: False
ErrorCodeThe source of an error, issue, or delay. Possible values are:
ClientErrorInternalError
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: string
188
Amazon Macie REST API ReferenceSee Also
Required: False
UnprocessedAccountProvides information about an account-related request that hasn't been processed.
accountId
The AWS account ID for the account that the request applies to.
Type: stringRequired: False
errorMessage
The reason why the request hasn't been processed.
Type: stringRequired: False
errorCode
The source of the issue or delay in processing the request.
Type: ErrorCode (p. 188)Required: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DeclineInvitations• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3
189
Amazon Macie REST API ReferenceInvitation Deletion
• AWS SDK for Python• AWS SDK for Ruby V3
Invitation DeletionIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.
The Invitation Deletion resource provides access to membership invitations that you received anddeclined, and it enables you to delete one or more of those invitations.
Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that aremanaged as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.
You can use the Invitation Deletion resource to delete Macie membership invitations that you receivedfrom specific accounts and previously declined. If you do this, you have to specify the AWS account ID foreach account that sent an invitation to delete. To find these IDs, you can use the Invitation List (p. 167)resource.
URI/invitations/delete
HTTP MethodsPOSTOperation ID: DeleteInvitations
Deletes Amazon Macie membership invitations that were received from specific accounts.
Responses
Status Code Response Model Description
200 DeleteInvitationsResponse (p. 191)The request succeeded.Processing might not becomplete.
400 ValidationException (p. 191)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 191)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 192)The request was denied becauseyou don't have sufficient accessto the specified resource.
190
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
404 ResourceNotFoundException (p. 192)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 192) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 192)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 192)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "accountIds": [ "string" ]}
Response Bodies
Example DeleteInvitationsResponse
{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
191
Amazon Macie REST API ReferenceProperties
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
192
Amazon Macie REST API ReferenceProperties
DeleteInvitationsRequestSpecifies one or more accounts that sent Amazon Macie membership invitations to delete.
accountIds
An array that lists AWS account IDs, one for each account that sent an invitation to delete.
Type: Array of type stringRequired: True
DeleteInvitationsResponseProvides information about unprocessed requests to delete Amazon Macie membership invitations thatwere received from specific accounts.
unprocessedAccounts
An array of objects, one for each account whose invitation hasn't been deleted. Each object identifies theaccount and explains why the request hasn't been processed for that account.
Type: Array of type UnprocessedAccount (p. 194)Required: False
ErrorCodeThe source of an error, issue, or delay. Possible values are:
ClientErrorInternalError
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
193
Amazon Macie REST API ReferenceProperties
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UnprocessedAccountProvides information about an account-related request that hasn't been processed.
accountId
The AWS account ID for the account that the request applies to.
Type: stringRequired: False
errorMessage
The reason why the request hasn't been processed.
Type: stringRequired: False
errorCode
The source of the issue or delay in processing the request.
Type: ErrorCode (p. 193)Required: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
194
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DeleteInvitations• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Classification Job CreationThe Classification Job Creation resource represents the collection of settings that define the scope andschedule for a classification job. A classification job, also referred to as a sensitive data discovery job, isa job that analyzes objects in specific Amazon S3 buckets to determine whether the objects containsensitive data. Each job uses managed data identifiers that Amazon Macie provides and, optionally,custom data identifiers that you create.
When you create a classification job, you can configure it to address specific scenarios. For example, youcan use property- or tag-based conditions to perform targeted analysis of objects that meet specificcriteria. You might also define a schedule for running the job on a recurring basis, such as every day ora specific day of each week or month. This can be helpful if you want to monitor an S3 bucket for thepresence of sensitive data, or align the analysis of a bucket with periodic updates to the bucket.
You can use the Classification Job Creation resource to create and define the settings for a newclassification job. Note that you can't change any settings for a classification job after you create it. Thishelps ensure that you have an immutable history of sensitive data findings and discovery results for dataprivacy and protection audits or investigations that you perform.
URI/jobs
HTTP Methods
POSTOperation ID: CreateClassificationJob
195
Amazon Macie REST API ReferenceSchemas
Creates and defines the settings for a classification job.
Responses
Status Code Response Model Description
200 CreateClassificationJobResponse (p. 198)The request succeeded. Thespecified job was created.
400 ValidationException (p. 198)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 198)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 198)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 198)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 198) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 198)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 198)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example POST
{ "customDataIdentifierIds": [ "string" ], "scheduleFrequency": { "dailySchedule": { }, "weeklySchedule": { "dayOfWeek": enum }, "monthlySchedule": { "dayOfMonth": integer } }, "samplingPercentage": integer, "clientToken": "string",
196
Amazon Macie REST API ReferenceSchemas
"name": "string", "description": "string", "initialRun": boolean, "jobType": enum, "s3JobDefinition": { "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "scoping": { "excludes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] }, "includes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] } } }, "tags": { }
197
Amazon Macie REST API ReferenceSchemas
}
Response Bodies
Example CreateClassificationJobResponse
{ "jobId": "string", "jobArn": "string"}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{
198
Amazon Macie REST API ReferenceProperties
"message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateClassificationJobRequestSpecifies the scope, schedule, and other settings for a classification job. You can't change any settings fora classification job after you create it. This helps ensure that you have an immutable history of sensitivedata findings and discovery results for data privacy and protection audits or investigations.
customDataIdentifierIds
The custom data identifiers to use for data analysis and classification.
Type: Array of type stringRequired: False
scheduleFrequency
The recurrence pattern for running the job. To run the job only once, don't specify a value for thisproperty and set the value for the jobType property to ONE_TIME.
Type: JobScheduleFrequency (p. 202)Required: False
samplingPercentage
The sampling depth, as a percentage, to apply when processing objects. This value determines thepercentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects
199
Amazon Macie REST API ReferenceProperties
the objects to analyze at random, up to the specified percentage, and analyzes all the data in thoseobjects.
Type: integerRequired: FalseFormat: int32
clientToken
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
Type: stringRequired: True
name
A custom name for the job. The name can contain as many as 500 characters.
Type: stringRequired: True
description
A custom description of the job. The description can contain as many as 200 characters.
Type: stringRequired: False
initialRun
Specifies whether to analyze all existing, eligible objects immediately after the job is created.
Type: booleanRequired: False
jobType
The schedule for running the job. Valid values are:
• ONE_TIME - Run the job only once. If you specify this value, don't specify a value for thescheduleFrequency property.
• SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use thescheduleFrequency property to define the recurrence pattern for the job.
Type: JobType (p. 203)Required: True
s3JobDefinition
The S3 buckets that contain the objects to analyze, and the scope of that analysis.
Type: S3JobDefinition (p. 204)Required: True
200
Amazon Macie REST API ReferenceProperties
tags
A map of key-value pairs that specifies the tags to associate with the job.
A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. Themaximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
Type: TagMap (p. 206)Required: False
CreateClassificationJobResponseProvides information about a classification job that was created in response to a request.
jobId
The unique identifier for the job.
Type: stringRequired: False
jobArn
The Amazon Resource Name (ARN) of the job.
Type: stringRequired: False
DailyScheduleSpecifies that a classification job runs once a day, every day. This is an empty object.
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
JobComparatorThe operator to use in a condition. Valid values are:
EQGTGTELTLTENE
201
Amazon Macie REST API ReferenceProperties
CONTAINS
JobScheduleFrequencySpecifies the recurrence pattern for running a classification job.
dailySchedule
Specifies a daily recurrence pattern for running the job.
Type: DailySchedule (p. 201)Required: False
weeklySchedule
Specifies a weekly recurrence pattern for running the job.
Type: WeeklySchedule (p. 207)Required: False
monthlySchedule
Specifies a monthly recurrence pattern for running the job.
Type: MonthlySchedule (p. 203)Required: False
JobScopeTermSpecifies a property- or tag-based condition that defines criteria for including or excluding objects froma classification job.
simpleScopeTerm
A property-based condition that defines a property, operator, and one or more values for including orexcluding an object from the job.
Type: SimpleScopeTerm (p. 205)Required: False
tagScopeTerm
A tag-based condition that defines the operator and tag keys or tag key and value pairs for including orexcluding an object from the job.
Type: TagScopeTerm (p. 206)Required: False
JobScopingBlockSpecifies one or more property- and tag-based conditions that define criteria for including or excludingobjects from a classification job. If you specify more than one condition, Amazon Macie uses an ANDoperator to join the conditions.
202
Amazon Macie REST API ReferenceProperties
and
An array of conditions, one for each condition that determines which objects to include or exclude fromthe job.
Type: Array of type JobScopeTerm (p. 202)Required: False
JobTypeThe schedule for running a classification job. Valid values are:
ONE_TIMESCHEDULED
MonthlyScheduleSpecifies a monthly recurrence pattern for running a classification job.
dayOfMonth
The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1through 31.
If this value exceeds the number of days in a certain month, Macie runs the job on the last day of thatmonth. For example, if this value is 31 and a month has only 30 days, Macie runs the job on day 30 ofthat month.
Type: integerRequired: FalseFormat: int32
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.
accountId
The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.
Type: string
203
Amazon Macie REST API ReferenceProperties
Required: False
buckets
An array that lists the names of the buckets.
Type: Array of type stringRequired: False
S3JobDefinitionSpecifies which S3 buckets contain the objects that a classification job analyzes, and the scope of thatanalysis.
bucketDefinitions
An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies theaccount ID for an account and one or more buckets to analyze for the account.
Type: Array of type S3BucketDefinitionForJob (p. 203)Required: False
scoping
The property- and tag-based conditions that determine which objects to include or exclude from theanalysis.
Type: Scoping (p. 204)Required: False
ScopeFilterKeyThe property to use in a condition that determines which objects are analyzed by a classification job.Valid values are:
BUCKET_CREATION_DATEOBJECT_EXTENSIONOBJECT_LAST_MODIFIED_DATEOBJECT_SIZETAG
ScopingSpecifies one or more property- and tag-based conditions that refine the scope of a classification job.These conditions define criteria that determine which objects a job analyzes. Exclude conditions takeprecedence over include conditions.
excludes
The property- or tag-based conditions that determine which objects to exclude from the analysis.
Type: JobScopingBlock (p. 202)Required: False
204
Amazon Macie REST API ReferenceProperties
includes
The property- or tag-based conditions that determine which objects to include in the analysis.
Type: JobScopingBlock (p. 202)Required: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
SimpleScopeTermSpecifies a property-based condition that determines whether an object is included or excluded from aclassification job.
comparator
The operator to use in the condition. Valid operators for each supported property (key) are:
• OBJECT_EXTENSION - EQ (equals) or NE (not equals)• OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS• OBJECT_SIZE - Any operator except CONTAINS• TAG - EQ (equals) or NE (not equals)
Type: JobComparator (p. 201)Required: False
values
An array that lists the values to use in the condition. If the value for the key property isOBJECT_EXTENSION, this array can specify multiple values and Amazon Macie uses an OR operatorto join the values. Otherwise, this array can specify only one value. Valid values for each supportedproperty (key) are:
• OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: doc,docx, pdf
• OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when anobject was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z
• OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.• TAG - A string that represents a tag key for an object. For advanced options, use a TagScopeTerm
object, instead of a SimpleScopeTerm object, to define a tag-based condition for the job.
Type: Array of type stringRequired: False
205
Amazon Macie REST API ReferenceProperties
key
The object property to use in the condition.
Type: ScopeFilterKey (p. 204)Required: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
TagScopeTermSpecifies a tag-based condition that determines whether an object is included or excluded from aclassification job.
comparator
The operator to use in the condition. Valid operators are EQ (equals) or NE (not equals).
Type: JobComparator (p. 201)Required: False
tagValues
The tag keys or tag key and value pairs to use in the condition.
Type: Array of type TagValuePair (p. 207)Required: False
key
The tag key to use in the condition.
Type: stringRequired: False
target
The type of object to apply the condition to.
Type: TagTarget (p. 206)Required: False
TagTargetThe type of object to apply a tag-based condition to. Valid values are:
S3_OBJECT
206
Amazon Macie REST API ReferenceProperties
TagValuePairSpecifies a tag key or tag key and value pair to use in a tag-based condition for a classification job.
value
The tag value, associated with the specified tag key (key), to use in the condition. To specify only a tagkey for a condition, specify the tag key for the key property and set this value to an empty string.
Type: stringRequired: False
key
The value for the tag key to use in the condition.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
WeeklyScheduleSpecifies a weekly recurrence pattern for running a classification job.
dayOfWeek
The day of the week when Amazon Macie runs the job.
Type: stringRequired: FalseValues: SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY
207
Amazon Macie REST API ReferenceSee Also
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
CreateClassificationJob• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Classification Job ListThe Classification Job List resource provides a subset of information about the classification jobs for youraccount. A classification job, also referred to as a sensitive data discovery job, is a job that analyzes objectsin specific Amazon S3 buckets to determine whether the objects contain sensitive data. Each job usesmanaged data identifiers that Amazon Macie provides and, optionally, custom data identifiers that youcreate.
This resource doesn't provide access to all the data for individual classification jobs. Instead, it providesonly a subset of data. To retrieve all the data for a particular classification job, use the Classification JobDescription (p. 219) resource.
You can use the Classification Job List resource to retrieve a subset of information about one or moreclassification jobs. To customize and refine your request, you can use supported parameters to specifywhether and how to filter, sort, and paginate the results.
URI/jobs/list
HTTP MethodsPOSTOperation ID: ListClassificationJobs
Retrieves a subset of information about one or more classification jobs.
Responses
Status Code Response Model Description
200 ListClassificationJobsResponse (p. 210)The request succeeded.
400 ValidationException (p. 210)The request failed because itcontains a syntax error.
208
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
402 ServiceQuotaExceededException (p. 210)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 210)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 210)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 211) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 211)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 211)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example POST
{ "filterCriteria": { "excludes": [ { "comparator": enum, "values": [ "string" ], "key": enum } ], "includes": [ { "comparator": enum, "values": [ "string" ], "key": enum } ] }, "nextToken": "string", "maxResults": integer, "sortCriteria": { "orderBy": enum, "attributeName": enum }
209
Amazon Macie REST API ReferenceSchemas
}
Response Bodies
Example ListClassificationJobsResponse
{ "nextToken": "string", "items": [ { "userPausedDetails": { "jobImminentExpirationHealthEventArn": "string", "jobExpiresAt": "string", "jobPausedAt": "string" }, "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "jobId": "string", "createdAt": "string", "jobStatus": enum, "name": "string", "jobType": enum, "lastRunErrorStatus": { "code": enum } } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"
210
Amazon Macie REST API ReferenceProperties
}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
211
Amazon Macie REST API ReferenceProperties
JobComparatorThe operator to use in a condition. Valid values are:
EQGTGTELTLTENECONTAINS
JobStatusThe status of a classification job. Possible values are:
RUNNINGPAUSEDCANCELLEDCOMPLETEIDLEUSER_PAUSED
JobSummaryProvides information about a classification job, including the current status of the job.
userPausedDetails
If the current status of the job is USER_PAUSED, specifies when the job was paused and when the jobwill expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus isUSER_PAUSED.
Type: UserPausedDetails (p. 218)Required: False
bucketDefinitions
The S3 buckets that the job is configured to analyze.
Type: Array of type S3BucketDefinitionForJob (p. 217)Required: False
jobId
The unique identifier for the job.
Type: stringRequired: False
createdAt
The date and time, in UTC and extended ISO 8601 format, when the job was created.
Type: string
212
Amazon Macie REST API ReferenceProperties
Required: FalseFormat: date-time
jobStatus
The current status of the job. Possible values are:
• CANCELLED - You cancelled the job, or you paused the job while it had a status of RUNNING and youdidn't resume it within 30 days of pausing it.
• COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. Thisvalue doesn't apply to recurring jobs.
• IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run ispending. This value doesn't apply to one-time jobs.
• PAUSED - Amazon Macie started running the job but additional processing would exceed the monthlysensitive data discovery quota for your account or one or more member accounts that the job analyzesdata for.
• RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress.• USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and you
don't resume the job within 30 days of pausing it, the job expires and is cancelled. To check the job'sexpiration date, refer to the UserPausedDetails.jobExpiresAt property.
Type: JobStatus (p. 212)Required: False
name
The custom name of the job.
Type: stringRequired: False
jobType
The schedule for running the job. Possible values are:
• ONE_TIME - The job runs only once.• SCHEDULED - The job runs on a daily, weekly, or monthly basis.
Type: JobType (p. 213)Required: False
lastRunErrorStatus
Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run.
Type: LastRunErrorStatus (p. 214)Required: False
JobTypeThe schedule for running a classification job. Valid values are:
213
Amazon Macie REST API ReferenceProperties
ONE_TIMESCHEDULED
LastRunErrorStatusSpecifies whether any account- or bucket-level access errors occurred when a classification job ran. Forexample, the job is configured to analyze data for a member account that was suspended, or the job isconfigured to analyze an S3 bucket that Amazon Macie isn't allowed to access.
code
Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run. Possible values are:
• ERROR - One or more errors occurred. Amazon Macie didn't process all the data specified for the job.• NONE - No errors occurred. Macie processed all the data specified for the job.
Type: LastRunErrorStatusCode (p. 214)Required: False
LastRunErrorStatusCodeSpecifies whether any account- or bucket-level access errors occurred during the run of a one-timeclassification job or the most recent run of a recurring classification job. Possible values are:
NONEERROR
ListClassificationJobsRequestSpecifies criteria for filtering, sorting, and paginating the results of a request for information aboutclassification jobs.
filterCriteria
The criteria to use to filter the results.
Type: ListJobsFilterCriteria (p. 215)Required: False
nextToken
The nextToken string that specifies which page of results to return in a paginated response.
Type: stringRequired: False
maxResults
The maximum number of items to include in each page of the response.
Type: integerRequired: False
214
Amazon Macie REST API ReferenceProperties
Format: int32
sortCriteria
The criteria to use to sort the results.
Type: ListJobsSortCriteria (p. 216)Required: False
ListClassificationJobsResponseProvides the results of a request for information about one or more classification jobs.
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
items
An array of objects, one for each job that meets the filter criteria specified in the request.
Type: Array of type JobSummary (p. 212)Required: False
ListJobsFilterCriteriaSpecifies criteria for filtering the results of a request for information about classification jobs.
excludes
An array of objects, one for each condition that determines which jobs to exclude from the results.
Type: Array of type ListJobsFilterTerm (p. 216)Required: False
includes
An array of objects, one for each condition that determines which jobs to include in the results.
Type: Array of type ListJobsFilterTerm (p. 216)Required: False
ListJobsFilterKeyThe property to use to filter the results. Valid values are:
jobTypejobStatuscreatedAtname
215
Amazon Macie REST API ReferenceProperties
ListJobsFilterTermSpecifies a condition that filters the results of a request for information about classification jobs. Eachcondition consists of a property, an operator, and one or more values.
comparator
The operator to use to filter the results.
Type: JobComparator (p. 212)Required: False
values
An array that lists one or more values to use to filter the results.
Type: Array of type stringRequired: False
key
The property to use to filter the results.
Type: ListJobsFilterKey (p. 215)Required: False
ListJobsSortAttributeNameThe property to sort the results by. Valid values are:
createdAtjobStatusnamejobType
ListJobsSortCriteriaSpecifies criteria for sorting the results of a request for information about classification jobs.
orderBy
The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.
Type: stringRequired: FalseValues: ASC | DESC
attributeName
The property to sort the results by.
Type: ListJobsSortAttributeName (p. 216)
216
Amazon Macie REST API ReferenceProperties
Required: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.
accountId
The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.
Type: stringRequired: False
buckets
An array that lists the names of the buckets.
Type: Array of type stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
217
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
UserPausedDetailsProvides information about when a classification job was paused and when it will expire and be cancelledif it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. Theinformation in this object applies only to a job that was paused while it had a status of RUNNING.
jobImminentExpirationHealthEventArn
The Amazon Resource Name (ARN) of the AWS Health event that Amazon Macie sent to notify you of thejob's pending expiration and cancellation. This value is null if a job has been paused for less than 23 days.
Type: stringRequired: False
jobExpiresAt
The date and time, in UTC and extended ISO 8601 format, when the job will expire and be cancelledif you don't resume it first. If you don't resume a job within 30 days of pausing it, the job expires andAmazon Macie cancels it.
Type: stringRequired: FalseFormat: date-time
jobPausedAt
The date and time, in UTC and extended ISO 8601 format, when you paused the job.
Type: stringRequired: FalseFormat: date-time
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListClassificationJobs• AWS Command Line Interface
218
Amazon Macie REST API ReferenceClassification Job Description
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Classification Job DescriptionThe Classification Job Description resource provides comprehensive information about the classificationjobs for your account. It also provides programmatic access to the status of individual classificationjobs. A classification job, also referred to as a sensitive data discovery job, is a job that analyzes objectsin specific Amazon S3 buckets to determine whether the objects contain sensitive data. Each job usesmanaged data identifiers that Amazon Macie provides and, optionally, custom data identifiers that youcreate.
You can use this resource to pause, resume, or cancel a classification job, or retrieve detailed informationabout a classification job. To retrieve information about more than one classification job, use theClassification Job List (p. 208) resource.
URI/jobs/jobId
HTTP Methods
GETOperation ID: DescribeClassificationJob
Retrieves the status and settings for a classification job.
Path Parameters
Name Type Required Description
jobId String True The unique identifierfor the classificationjob.
Responses
Status Code Response Model Description
200 DescribeClassificationJobResponse (p. 221)The request succeeded.
400 ValidationException (p. 223)The request failed because itcontains a syntax error.
219
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
402 ServiceQuotaExceededException (p. 223)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 223)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 223)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 223) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 223)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 224)The request failed due to anunknown internal server error,exception, or failure.
PATCHOperation ID: UpdateClassificationJob
Changes the status of a classification job.
Path Parameters
Name Type Required Description
jobId String True The unique identifierfor the classificationjob.
Responses
Status Code Response Model Description
200 Empty Schema (p. 223) The request succeeded. The job'sstatus was changed and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 223)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 223)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
220
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
403 AccessDeniedException (p. 223)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 223)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 223) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 223)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 224)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example PATCH
{ "jobStatus": enum}
Response Bodies
Example DescribeClassificationJobResponse
{ "userPausedDetails": { "jobImminentExpirationHealthEventArn": "string", "jobExpiresAt": "string", "jobPausedAt": "string" }, "jobStatus": enum, "samplingPercentage": integer, "clientToken": "string", "description": "string", "jobArn": "string", "initialRun": boolean, "lastRunErrorStatus": { "code": enum }, "tags": { }, "customDataIdentifierIds": [ "string" ], "scheduleFrequency": { "dailySchedule": {
221
Amazon Macie REST API ReferenceSchemas
}, "weeklySchedule": { "dayOfWeek": enum }, "monthlySchedule": { "dayOfMonth": integer } }, "jobId": "string", "createdAt": "string", "lastRunTime": "string", "name": "string", "jobType": enum, "s3JobDefinition": { "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "scoping": { "excludes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] }, "includes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string",
222
Amazon Macie REST API ReferenceSchemas
"target": enum } } ] } } }, "statistics": { "numberOfRuns": number, "approximateNumberOfObjectsToProcess": number }}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
223
Amazon Macie REST API ReferenceProperties
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedException
Provides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictException
Provides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
DailySchedule
Specifies that a classification job runs once a day, every day. This is an empty object.
DescribeClassificationJobResponse
Provides information about a classification job, including the current configuration settings and status ofthe job.
userPausedDetails
If the current status of the job is USER_PAUSED, specifies when the job was paused and when the jobwill expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus isUSER_PAUSED.
Type: UserPausedDetails (p. 235)Required: False
jobStatus
The current status of the job. Possible values are:
224
Amazon Macie REST API ReferenceProperties
• CANCELLED - You cancelled the job, or you paused the job while it had a status of RUNNING and youdidn't resume it within 30 days of pausing it.
• COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. Thisvalue doesn't apply to recurring jobs.
• IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run ispending. This value doesn't apply to one-time jobs.
• PAUSED - Amazon Macie started running the job but additional processing would exceed the monthlysensitive data discovery quota for your account or one or more member accounts that the job analyzesdata for.
• RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress.
• USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and youdon't resume the job within 30 days of pausing it, the job expires and is cancelled. To check the job'sexpiration date, refer to the UserPausedDetails.jobExpiresAt property.
Type: JobStatus (p. 229)Required: False
samplingPercentage
The sampling depth, as a percentage, that determines the percentage of eligible objects that the jobanalyzes.
Type: integerRequired: FalseFormat: int32
clientToken
The token that was provided to ensure the idempotency of the request to create the job.
Type: stringRequired: False
description
The custom description of the job.
Type: stringRequired: False
jobArn
The Amazon Resource Name (ARN) of the job.
Type: stringRequired: False
initialRun
Specifies whether the job is configured to analyze all existing, eligible objects immediately after it'screated.
225
Amazon Macie REST API ReferenceProperties
Type: booleanRequired: False
lastRunErrorStatus
Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run.
Type: LastRunErrorStatus (p. 229)Required: False
tags
A map of key-value pairs that specifies which tags (keys and values) are associated with the classificationjob.
Type: TagMap (p. 233)Required: False
customDataIdentifierIds
The custom data identifiers that the job uses to analyze data.
Type: Array of type stringRequired: False
scheduleFrequency
The recurrence pattern for running the job. If the job is configured to run only once, this value is null.
Type: JobScheduleFrequency (p. 228)Required: False
jobId
The unique identifier for the job.
Type: stringRequired: False
createdAt
The date and time, in UTC and extended ISO 8601 format, when the job was created.
Type: stringRequired: FalseFormat: date-time
lastRunTime
The date and time, in UTC and extended ISO 8601 format, when the job started. If the job is a recurringjob, this value indicates when the most recent run started.
226
Amazon Macie REST API ReferenceProperties
Type: stringRequired: FalseFormat: date-time
name
The custom name of the job.
Type: stringRequired: False
jobType
The schedule for running the job. Possible values are:
• ONE_TIME - The job runs only once.
• SCHEDULED - The job runs on a daily, weekly, or monthly basis. The scheduleFrequency propertyindicates the recurrence pattern for the job.
Type: JobType (p. 229)Required: False
s3JobDefinition
The S3 buckets that the job is configured to analyze, and the scope of that analysis.
Type: S3JobDefinition (p. 231)Required: False
statistics
The number of times that the job has run and processing statistics for the job's current run.
Type: Statistics (p. 233)Required: False
Empty
The request succeeded and there isn't any content to include in the body of the response (No Content).
InternalServerException
Provides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
227
Amazon Macie REST API ReferenceProperties
JobComparatorThe operator to use in a condition. Valid values are:
EQGTGTELTLTENECONTAINS
JobScheduleFrequencySpecifies the recurrence pattern for running a classification job.
dailySchedule
Specifies a daily recurrence pattern for running the job.
Type: DailySchedule (p. 224)Required: False
weeklySchedule
Specifies a weekly recurrence pattern for running the job.
Type: WeeklySchedule (p. 236)Required: False
monthlySchedule
Specifies a monthly recurrence pattern for running the job.
Type: MonthlySchedule (p. 230)Required: False
JobScopeTermSpecifies a property- or tag-based condition that defines criteria for including or excluding objects froma classification job.
simpleScopeTerm
A property-based condition that defines a property, operator, and one or more values for including orexcluding an object from the job.
Type: SimpleScopeTerm (p. 232)Required: False
tagScopeTerm
A tag-based condition that defines the operator and tag keys or tag key and value pairs for including orexcluding an object from the job.
228
Amazon Macie REST API ReferenceProperties
Type: TagScopeTerm (p. 233)Required: False
JobScopingBlockSpecifies one or more property- and tag-based conditions that define criteria for including or excludingobjects from a classification job. If you specify more than one condition, Amazon Macie uses an ANDoperator to join the conditions.
and
An array of conditions, one for each condition that determines which objects to include or exclude fromthe job.
Type: Array of type JobScopeTerm (p. 228)Required: False
JobStatusThe status of a classification job. Possible values are:
RUNNINGPAUSEDCANCELLEDCOMPLETEIDLEUSER_PAUSED
JobTypeThe schedule for running a classification job. Valid values are:
ONE_TIMESCHEDULED
LastRunErrorStatusSpecifies whether any account- or bucket-level access errors occurred when a classification job ran. Forexample, the job is configured to analyze data for a member account that was suspended, or the job isconfigured to analyze an S3 bucket that Amazon Macie isn't allowed to access.
code
Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run. Possible values are:
• ERROR - One or more errors occurred. Amazon Macie didn't process all the data specified for the job.
• NONE - No errors occurred. Macie processed all the data specified for the job.
Type: LastRunErrorStatusCode (p. 230)Required: False
229
Amazon Macie REST API ReferenceProperties
LastRunErrorStatusCodeSpecifies whether any account- or bucket-level access errors occurred during the run of a one-timeclassification job or the most recent run of a recurring classification job. Possible values are:
NONEERROR
MonthlyScheduleSpecifies a monthly recurrence pattern for running a classification job.
dayOfMonth
The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1through 31.
If this value exceeds the number of days in a certain month, Macie runs the job on the last day of thatmonth. For example, if this value is 31 and a month has only 30 days, Macie runs the job on day 30 ofthat month.
Type: integerRequired: FalseFormat: int32
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.
accountId
The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.
Type: stringRequired: False
buckets
An array that lists the names of the buckets.
230
Amazon Macie REST API ReferenceProperties
Type: Array of type stringRequired: False
S3JobDefinitionSpecifies which S3 buckets contain the objects that a classification job analyzes, and the scope of thatanalysis.
bucketDefinitions
An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies theaccount ID for an account and one or more buckets to analyze for the account.
Type: Array of type S3BucketDefinitionForJob (p. 230)Required: False
scoping
The property- and tag-based conditions that determine which objects to include or exclude from theanalysis.
Type: Scoping (p. 231)Required: False
ScopeFilterKeyThe property to use in a condition that determines which objects are analyzed by a classification job.Valid values are:
BUCKET_CREATION_DATEOBJECT_EXTENSIONOBJECT_LAST_MODIFIED_DATEOBJECT_SIZETAG
ScopingSpecifies one or more property- and tag-based conditions that refine the scope of a classification job.These conditions define criteria that determine which objects a job analyzes. Exclude conditions takeprecedence over include conditions.
excludes
The property- or tag-based conditions that determine which objects to exclude from the analysis.
Type: JobScopingBlock (p. 229)Required: False
includes
The property- or tag-based conditions that determine which objects to include in the analysis.
Type: JobScopingBlock (p. 229)
231
Amazon Macie REST API ReferenceProperties
Required: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
SimpleScopeTermSpecifies a property-based condition that determines whether an object is included or excluded from aclassification job.
comparator
The operator to use in the condition. Valid operators for each supported property (key) are:
• OBJECT_EXTENSION - EQ (equals) or NE (not equals)• OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS• OBJECT_SIZE - Any operator except CONTAINS• TAG - EQ (equals) or NE (not equals)
Type: JobComparator (p. 228)Required: False
values
An array that lists the values to use in the condition. If the value for the key property isOBJECT_EXTENSION, this array can specify multiple values and Amazon Macie uses an OR operatorto join the values. Otherwise, this array can specify only one value. Valid values for each supportedproperty (key) are:
• OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: doc,docx, pdf
• OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when anobject was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z
• OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.• TAG - A string that represents a tag key for an object. For advanced options, use a TagScopeTerm
object, instead of a SimpleScopeTerm object, to define a tag-based condition for the job.
Type: Array of type stringRequired: False
key
The object property to use in the condition.
232
Amazon Macie REST API ReferenceProperties
Type: ScopeFilterKey (p. 231)Required: False
StatisticsProvides processing statistics for a classification job.
numberOfRuns
The number of times that the job has run.
Type: numberRequired: False
approximateNumberOfObjectsToProcess
The approximate number of objects that the job has yet to process during its current run.
Type: numberRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
TagScopeTermSpecifies a tag-based condition that determines whether an object is included or excluded from aclassification job.
comparator
The operator to use in the condition. Valid operators are EQ (equals) or NE (not equals).
Type: JobComparator (p. 228)Required: False
tagValues
The tag keys or tag key and value pairs to use in the condition.
Type: Array of type TagValuePair (p. 234)Required: False
key
The tag key to use in the condition.
Type: string
233
Amazon Macie REST API ReferenceProperties
Required: False
target
The type of object to apply the condition to.
Type: TagTarget (p. 234)Required: False
TagTargetThe type of object to apply a tag-based condition to. Valid values are:
S3_OBJECT
TagValuePairSpecifies a tag key or tag key and value pair to use in a tag-based condition for a classification job.
value
The tag value, associated with the specified tag key (key), to use in the condition. To specify only a tagkey for a condition, specify the tag key for the key property and set this value to an empty string.
Type: stringRequired: False
key
The value for the tag key to use in the condition.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UpdateClassificationJobRequestChanges the status of a classification job.
jobStatus
The new status for the job. Valid values are:
234
Amazon Macie REST API ReferenceProperties
• CANCELLED - Stops the job permanently and cancels it. You can't resume a job after you cancel it. Thisvalue is valid only if the job's current status is IDLE, PAUSED, RUNNING, or USER_PAUSED.
• RUNNING - Resumes the job. This value is valid only if the job's current status is USER_PAUSED.
If you specify this value and you paused the job while it was actively running, Amazon Macieimmediately resumes processing from the point where you paused the job. Otherwise, Macie resumesthe job according to the schedule and other configuration settings for the job.
• USER_PAUSED - Pauses the job. This value is valid only if the job's current status is IDLE or RUNNING.If you specify this value and the job's current status is RUNNING, Macie immediately begins to pause allprocessing tasks for the job.
If you pause a job when its status is RUNNING and you don't resume the job within 30 days, the jobexpires and Macie cancels it. You can't resume a job after it's cancelled.
Type: JobStatus (p. 229)Required: True
UserPausedDetails
Provides information about when a classification job was paused and when it will expire and be cancelledif it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. Theinformation in this object applies only to a job that was paused while it had a status of RUNNING.
jobImminentExpirationHealthEventArn
The Amazon Resource Name (ARN) of the AWS Health event that Amazon Macie sent to notify you of thejob's pending expiration and cancellation. This value is null if a job has been paused for less than 23 days.
Type: stringRequired: False
jobExpiresAt
The date and time, in UTC and extended ISO 8601 format, when the job will expire and be cancelledif you don't resume it first. If you don't resume a job within 30 days of pausing it, the job expires andAmazon Macie cancels it.
Type: stringRequired: FalseFormat: date-time
jobPausedAt
The date and time, in UTC and extended ISO 8601 format, when you paused the job.
Type: stringRequired: FalseFormat: date-time
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
235
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
WeeklySchedule
Specifies a weekly recurrence pattern for running a classification job.
dayOfWeek
The day of the week when Amazon Macie runs the job.
Type: stringRequired: FalseValues: SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DescribeClassificationJob• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
UpdateClassificationJob• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
236
Amazon Macie REST API ReferenceMacie Account Administration
Macie Account AdministrationThe Macie Account Administration resource provides access to the status and configuration settings foryour Amazon Macie account.
You can use this resource to enable Macie for your AWS account, and specify settings that enable Macieto start monitoring and analyzing sensitive data for you. When you enable Macie, the service generatesa session for your account in the current AWS Region, and it assigns a unique identifier to that session.A session is a resource that represents the Macie service for a specific account in a specific Region. Itenables Macie to become operational. An account can have only one session in each Region.
After you enable Macie, you can also use this resource to review and update the configuration settingsfor your account. This includes suspending (pausing) your account and subsequently re-enabling youraccount. If you suspend your Macie account, the service stops performing all activities for your account.However, it retains the session identifier, settings, and resources for your account. To suspend a Maciemaster account, you must first disassociate the account from all of its member accounts.
If you decide to disable your Macie account completely, you can use this resource to do so. If you disableyour Macie account, the service stops performing all activities for your account. In addition, Maciepermanently deletes all resources that it stores or maintains for you. This includes classification jobs,custom data identifiers, findings, and the session resource (and identifier) for your account. This doesn'tinclude resources that Macie created and stored in other AWS services for you, such as data classificationresults in Amazon S3 and findings in AWS Security Hub. Before you disable your Macie account, youmust disassociate the account from its Macie master account or, if it's a master account, all of its memberaccounts.
URI/macie
HTTP Methods
GETOperation ID: GetMacieSession
Retrieves the current status and configuration settings for an Amazon Macie account.
Responses
Status Code Response Model Description
200 GetMacieSessionResponse (p. 240)The request succeeded.
400 ValidationException (p. 241)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.
237
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.
POST
Operation ID: EnableMacie
Enables Amazon Macie and specifies the configuration settings for a Macie account.
Responses
Status Code Response Model Description
200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 241)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.
238
Amazon Macie REST API ReferenceHTTP Methods
DELETE
Operation ID: DisableMacie
Disables an Amazon Macie account and deletes Macie resources for the account.
Responses
Status Code Response Model Description
200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 241)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.
PATCH
Operation ID: UpdateMacieSession
Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macieaccount.
Responses
Status Code Response Model Description
200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
239
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
400 ValidationException (p. 241)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Request Bodies
Example POST
{ "clientToken": "string", "findingPublishingFrequency": enum, "status": enum}
Example PATCH
{ "findingPublishingFrequency": enum, "status": enum}
Response Bodies
Example GetMacieSessionResponse
{ "createdAt": "string", "serviceRole": "string",
240
Amazon Macie REST API ReferenceSchemas
"findingPublishingFrequency": enum, "status": enum, "updatedAt": "string"}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
241
Amazon Macie REST API ReferenceProperties
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
EnableMacieRequestEnables Amazon Macie and specifies the configuration settings for an Amazon Macie account.
clientToken
A unique, case-sensitive token that you provide to ensure the idempotency of the request.
Type: stringRequired: False
findingPublishingFrequency
Specifies how often to publish updates to policy findings for the account. This includes publishingupdates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).
Type: FindingPublishingFrequency (p. 243)Required: False
status
Specifies the status for the account. To enable Amazon Macie and start all Amazon Macie activities forthe account, set this value to ENABLED.
Type: MacieStatus (p. 244)
242
Amazon Macie REST API ReferenceProperties
Required: False
FindingPublishingFrequencyThe frequency with which Amazon Macie publishes updates to policy findings for an account. Thisincludes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called AmazonCloudWatch Events). Valid values are:
FIFTEEN_MINUTESONE_HOURSIX_HOURS
GetMacieSessionResponseProvides information about the current status and configuration settings for an Amazon Macie account.
createdAt
The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.
Type: stringRequired: FalseFormat: date-time
serviceRole
The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor andanalyze data in AWS resources for the account.
Type: stringRequired: False
findingPublishingFrequency
The frequency with which Amazon Macie publishes updates to policy findings for the account. Thisincludes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called AmazonCloudWatch Events).
Type: FindingPublishingFrequency (p. 243)Required: False
status
The current status of the Amazon Macie account. Possible values are: PAUSED, the account is enabledbut all Amazon Macie activities are suspended (paused) for the account; and, ENABLED, the account isenabled and all Amazon Macie activities are enabled for the account.
Type: MacieStatus (p. 244)Required: False
updatedAt
The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of theAmazon Macie account.
243
Amazon Macie REST API ReferenceProperties
Type: stringRequired: FalseFormat: date-time
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
MacieStatusThe status of an Amazon Macie account. Valid values are:
PAUSEDENABLED
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
244
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
UpdateMacieSessionRequest
Changes the status or configuration settings for an Amazon Macie account.
findingPublishingFrequency
Specifies how often to publish updates to policy findings for the account. This includes publishingupdates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).
Type: FindingPublishingFrequency (p. 243)Required: False
status
Specifies whether to change the status of the account. Valid values are: ENABLED, resume all AmazonMacie activities for the account; and, PAUSED, suspend all Macie activities for the account.
Type: MacieStatus (p. 244)Required: False
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetMacieSession• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
245
Amazon Macie REST API ReferenceMember Account Status
• AWS SDK for Ruby V3
EnableMacie• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DisableMacie• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
UpdateMacieSession• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Member Account StatusThe Member Account Status resource provides access to the status of an Amazon Macie member accountin your Macie organization. If you're a user of a Macie master account, you can use this resource to
246
Amazon Macie REST API ReferenceURI
suspend (pause) a member account. If you suspend an account, Macie stops performing all activities forthe account. However, it retains the session identifier, settings, and resources for the account.
As a user of a Macie master account, you can also use this resource to re-enable a member account thatyou previously suspended. When you re-enable an account, Macie resumes all activities for the account.
URI/macie/members/id
HTTP MethodsPATCHOperation ID: UpdateMemberSession
Enables an Amazon Macie master account to suspend or re-enable a member account.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 Empty Schema (p. 248) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 248)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 248)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 248)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 248)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 248) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 249)The request failed because yousent too many requests during acertain amount of time.
247
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 249)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example PATCH
{ "status": enum}
Response Bodies
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{
248
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
249
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
MacieStatusThe status of an Amazon Macie account. Valid values are:
PAUSEDENABLED
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UpdateMemberSessionRequestSuspends (pauses) or re-enables an Amazon Macie member account.
status
Specifies the new status for the account. Valid values are: ENABLED, resume all Amazon Macie activitiesfor the account; and, PAUSED, suspend all Macie activities for the account.
250
Amazon Macie REST API ReferenceSee Also
Type: MacieStatus (p. 250)Required: True
ValidationException
Provides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
UpdateMemberSession• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Master AccountThe Master Account resource provides information about the Amazon Macie master account for youraccount, as part of a Macie organization. If you joined the organization by accepting a Macie membershipinvitation, this resource also provides information about that invitation. After you join an organization,the master account can administer and manage certain Macie settings and resources on your behalf andthe behalf of other members of the same organization.
You can use the Master Account resource to retrieve information about the Macie master account foryour account. You can also use this resource to accept an invitation to join a Macie organization. If you dothis, you have to specify the unique identifier for the invitation and the AWS account ID for the accountthat sent the invitation. To find these identifiers, you can use the Invitation List (p. 167) resource.
URI/master
251
Amazon Macie REST API ReferenceHTTP Methods
HTTP Methods
GET
Operation ID: GetMasterAccount
Retrieves information about the Amazon Macie master account for an account.
Responses
Status Code Response Model Description
200 GetMasterAccountResponse (p. 252)The request succeeded.
400 ValidationException (p. 253)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 253)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 253)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 253)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 253) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 253)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 253)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Response Bodies
Example GetMasterAccountResponse
{ "master": { "accountId": "string", "relationshipStatus": enum, "invitationId": "string", "invitedAt": "string" }}
252
Amazon Macie REST API ReferenceProperties
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: string
253
Amazon Macie REST API ReferenceProperties
Required: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
GetMasterAccountResponseProvides information about the Amazon Macie master account for an account. If the accounts areassociated by a Macie membership invitation, the response also provides information about thatinvitation.
master
The AWS account ID for the master account. If the accounts are associated by a Macie membershipinvitation, this object also provides details about the invitation that was sent and accepted to establishthe relationship between the accounts.
Type: Invitation (p. 254)Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
InvitationProvides information about an Amazon Macie membership invitation that was received by an account.
accountId
The AWS account ID for the account that sent the invitation.
Type: stringRequired: False
relationshipStatus
The status of the relationship between the account that sent the invitation (inviter account) and theaccount that received the invitation (invitee account).
254
Amazon Macie REST API ReferenceProperties
Type: RelationshipStatus (p. 255)Required: False
invitationId
The unique identifier for the invitation. Amazon Macie uses this identifier to validate the inviter accountwith the invitee account.
Type: stringRequired: False
invitedAt
The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.
Type: stringRequired: FalseFormat: date-time
RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:
EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
255
Amazon Macie REST API ReferenceSee Also
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetMasterAccount• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Master DisassociationThe Master Disassociation resource provides access to the master-member association between yourAmazon Macie account and its Macie master account. You can use this resource to disassociate yourMacie account from its current Macie master account.
If you're a user of a Macie master account and you want to disassociate a member account from youraccount, use the Member Disassociation (p. 269) resource instead of this resource.
256
Amazon Macie REST API ReferenceURI
URI/master/disassociate
HTTP Methods
POSTOperation ID: DisassociateFromMasterAccount
Disassociates a member account from its Amazon Macie master account.
Responses
Status Code Response Model Description
200 Empty Schema (p. 257) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
400 ValidationException (p. 258)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 258)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 258)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 258)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 258) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 258)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 258)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Response Bodies
Example Empty Schema
{
257
Amazon Macie REST API ReferenceProperties
}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedException
Provides information about an error that occurred due to insufficient access to a specified resource.
258
Amazon Macie REST API ReferenceProperties
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: string
259
Amazon Macie REST API ReferenceSee Also
Required: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DisassociateFromMasterAccount• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Member ListThe Member List resource provides information about all the accounts that are associated with yourAmazon Macie account, typically a Macie master account. This includes member accounts, which areaccounts that are part of your Macie organization, and non-member accounts. For each account, thisresource provides details such as the AWS account ID for the account, and the current status of therelationship between your accounts. If you sent a Macie membership invitation to an account, thisresource also indicates when you sent that invitation.
260
Amazon Macie REST API ReferenceURI
The Member List resource also enables you to associate additional accounts with your Macie account.You can then invite those accounts to enable Macie and allow you to administer and manage certainMacie settings and resources on their behalf. If an invitation is accepted, your account is designated asthe master account for a Macie organization. The account that accepted the invitation then becomes amember account of your Macie organization.
You can use the Member List resource to associate one or more accounts with your Macie account. Youcan also use this resource to retrieve information about the accounts that are currently associated withyour Macie account.
URI/members
HTTP MethodsGETOperation ID: ListMembers
Retrieves information about the accounts that are associated with an Amazon Macie master account.
Query Parameters
Name Type Required Description
onlyAssociated String False Specifies whichaccounts to include inthe response, basedon the status of anaccount's relationshipwith the masteraccount. By default,the response includesonly current memberaccounts. To include allaccounts, set the valuefor this parameter tofalse.
nextToken String False The nextToken stringthat specifies whichpage of results toreturn in a paginatedresponse.
maxResults String False The maximum numberof items to includein each page of apaginated response.
Responses
Status Code Response Model Description
200 ListMembersResponse (p. 263)The request succeeded.
261
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
400 ValidationException (p. 263)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 264)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 264)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 264)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 264) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 264)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 264)The request failed due to anunknown internal server error,exception, or failure.
POSTOperation ID: CreateMember
Associates an account with an Amazon Macie master account.
Responses
Status Code Response Model Description
200 CreateMemberResponse (p. 263)The request succeeded.
400 ValidationException (p. 263)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 264)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 264)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 264)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 264) The request failed because itconflicts with the current stateof the specified resource.
262
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
429 ThrottlingException (p. 264)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 264)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "account": { "accountId": "string", "email": "string" }, "tags": { }}
Response Bodies
Example ListMembersResponse
{ "nextToken": "string", "members": [ { "accountId": "string", "relationshipStatus": enum, "arn": "string", "masterAccountId": "string", "email": "string", "tags": { }, "invitedAt": "string", "updatedAt": "string" } ]}
Example CreateMemberResponse
{ "arn": "string"}
Example ValidationException
{
263
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
264
Amazon Macie REST API ReferenceProperties
AccountDetailSpecifies details for an account to associate with an Amazon Macie master account.
accountId
The AWS account ID for the account.
Type: stringRequired: True
The email address for the account.
Type: stringRequired: True
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CreateMemberRequestSpecifies an account to associate with an Amazon Macie master account.
account
The details for the account to associate with the master account.
Type: AccountDetail (p. 265)Required: True
tags
A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.
An account can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.
Type: TagMap (p. 268)Required: False
CreateMemberResponseProvides information about a request to associate an account with an Amazon Macie master account.
265
Amazon Macie REST API ReferenceProperties
arn
The Amazon Resource Name (ARN) of the account that was associated with the master account.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ListMembersResponseProvides information about the accounts that are associated with an Amazon Macie master account.
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
members
An array of objects, one for each account that's associated with the master account and meets the criteriaspecified by the onlyAssociated request parameter.
Type: Array of type Member (p. 266)Required: False
MemberProvides information about an account that's associated with an Amazon Macie master account.
accountId
The AWS account ID for the account.
Type: stringRequired: False
relationshipStatus
The current status of the relationship between the account and the master account.
Type: RelationshipStatus (p. 267)
266
Amazon Macie REST API ReferenceProperties
Required: False
arn
The Amazon Resource Name (ARN) of the account.
Type: stringRequired: False
masterAccountId
The AWS account ID for the master account.
Type: stringRequired: False
The email address for the account.
Type: stringRequired: False
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the account inAmazon Macie.
Type: TagMap (p. 268)Required: False
invitedAt
The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membershipinvitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to theaccount.
Type: stringRequired: FalseFormat: date-time
updatedAt
The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of therelationship between the account and the master account.
Type: stringRequired: FalseFormat: date-time
RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:
267
Amazon Macie REST API ReferenceProperties
EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: string
268
Amazon Macie REST API ReferenceSee Also
Required: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListMembers• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
CreateMember• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
Member DisassociationThe Member Disassociation resource provides access to the master-member associations between yourAmazon Macie master account and its member accounts. You can use this resource to disassociate a
269
Amazon Macie REST API ReferenceURI
Macie member account from your Macie master account. If you do this, you have to specify the AWSaccount ID for the account to disassociate. To find this ID, you can use the Member List (p. 260)resource.
If you're a user of a Macie member account and you want to disassociate your account from its currentmaster account, use the Master Disassociation (p. 256) resource instead of this resource.
URI/members/disassociate/id
HTTP Methods
POSTOperation ID: DisassociateMember
Disassociates an Amazon Macie master account from a member account.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 Empty Schema (p. 271) The request succeeded.
400 ValidationException (p. 271)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 271)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 271)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 271)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 271) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 271)The request failed because yousent too many requests during acertain amount of time.
270
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 272)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Response Bodies
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"
271
Amazon Macie REST API ReferenceProperties
}
Example InternalServerException
{ "message": "string"}
Properties
AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
272
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
DisassociateMember• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go
273
Amazon Macie REST API ReferenceMember
• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
MemberThe Member resource provides information about an individual account that's associated with yourAmazon Macie account, typically a Macie master account. This information includes details such as theAWS account ID for the account, and the current status of the relationship between your accounts. Ifyou sent a Macie membership invitation to an account, this resource also indicates when you sent thatinvitation.
You can use the Member resource to retrieve information about an account that's associated with yourMacie account. You can also use this resource to delete an existing association between your Macieaccount and another account. To use this resource, you have to specify the AWS account ID for theaccount that your request applies to. To find this ID, you can use the Member List (p. 260) resource.
URI/members/id
HTTP MethodsGETOperation ID: GetMember
Retrieves information about a member account that's associated with an Amazon Macie master account.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 GetMemberResponse (p. 276) The request succeeded.
400 ValidationException (p. 276)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 276)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
274
Amazon Macie REST API ReferenceHTTP Methods
Status Code Response Model Description
403 AccessDeniedException (p. 276)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 277)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 277) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 277)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 277)The request failed due to anunknown internal server error,exception, or failure.
DELETEOperation ID: DeleteMember
Deletes the association between an Amazon Macie master account and an account.
Path Parameters
Name Type Required Description
id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.
Responses
Status Code Response Model Description
200 Empty Schema (p. 276) The request succeeded. Theassociation was deleted andthere isn't any content to includein the body of the response (NoContent).
400 ValidationException (p. 276)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 276)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 276)The request was denied becauseyou don't have sufficient accessto the specified resource.
275
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
404 ResourceNotFoundException (p. 277)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 277) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 277)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 277)The request failed due to anunknown internal server error,exception, or failure.
SchemasResponse BodiesExample GetMemberResponse
{ "accountId": "string", "relationshipStatus": enum, "arn": "string", "masterAccountId": "string", "email": "string", "tags": { }, "invitedAt": "string", "updatedAt": "string"}
Example Empty Schema
{}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{
276
Amazon Macie REST API ReferenceProperties
"message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).
277
Amazon Macie REST API ReferenceProperties
GetMemberResponseProvides information about an account that's associated with an Amazon Macie master account.
accountId
The AWS account ID for the account.
Type: stringRequired: False
relationshipStatus
The current status of the relationship between the account and the master account.
Type: RelationshipStatus (p. 279)Required: False
arn
The Amazon Resource Name (ARN) of the account.
Type: stringRequired: False
masterAccountId
The AWS account ID for the master account.
Type: stringRequired: False
The email address for the account.
Type: stringRequired: False
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the memberaccount in Amazon Macie.
Type: TagMap (p. 280)Required: False
invitedAt
The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membershipinvitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to theaccount.
Type: stringRequired: False
278
Amazon Macie REST API ReferenceProperties
Format: date-time
updatedAt
The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of therelationship between the account and the master account.
Type: stringRequired: FalseFormat: date-time
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:
EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
279
Amazon Macie REST API ReferenceSee Also
message
The explanation of the error that occurred.
Type: stringRequired: False
TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetMember• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
280
Amazon Macie REST API ReferenceTags
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
DeleteMember• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
TagsA tag is a label that you optionally define and associate with AWS resources, including certain types ofAmazon Macie resources. Tags can help you identify, organize, and manage resources in different ways,such as by purpose, owner, environment, or other criteria. You can associate tags with the followingtypes of Amazon Macie resources:
• Classification jobs
• Custom data identifiers
• Findings filters
• Member accounts
A resource can have as many as 50 tags. Each tag consists of a tag key and an associated tag value, bothof which you define. A tag key is a general label that acts as a category for more specific tag values. Atag value acts as a descriptor for a tag key. For example, you might assign an Owner tag key to eachclassification job for your organization. The value for the key might be the name of the person or teamto contact about the classification job.
You can use the Tags resource to add, retrieve, update, or remove tags from a classification job, customdata identifier, findings filter, or member account.
URI/tags/resourceArn
HTTP Methods
GETOperation ID: ListTagsForResource
281
Amazon Macie REST API ReferenceHTTP Methods
Retrieves the tags (keys and values) that are associated with a classification job, custom data identifier,findings filter, or member account.
Path Parameters
Name Type Required Description
resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.
Responses
Status Code Response Model Description
200 ListTagsForResourceResponse (p. 283)The request succeeded.
POSTOperation ID: TagResource
Adds or updates one or more tags (keys and values) that are associated with a classification job, customdata identifier, findings filter, or member account.
Path Parameters
Name Type Required Description
resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.
Responses
Status Code Response Model Description
204 TagResourceResponse (p. 284)The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
DELETEOperation ID: UntagResource
Removes one or more tags (keys and values) from a classification job, custom data identifier, findingsfilter, or member account.
282
Amazon Macie REST API ReferenceSchemas
Path Parameters
Name Type Required Description
resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.
Query Parameters
Name Type Required Description
tagKeys String True The key of the tagto remove from theresource. To removemultiple tags, appendthe tagKeys parameterand argument foreach additional tag toremove, separated byan ampersand (&).
Responses
Status Code Response Model Description
204 UntagResourceResponse (p. 284)The request succeeded and thereisn't any content to include inthe body of the response (NoContent).
Schemas
Request Bodies
Example POST
{ "tags": { }}
Response Bodies
Example ListTagsForResourceResponse
{ "tags": {
283
Amazon Macie REST API ReferenceProperties
}}
Example TagResourceResponse
{}
Example UntagResourceResponse
{}
Properties
ListTagsForResourceResponse
Provides information about the tags (keys and values) that are associated with a classification job,custom data identifier, findings filter, or member account.
tags
A map of key-value pairs that identifies the tags (keys and values) that are associated with the resource.
Type: TagMap (p. 284)Required: False
TagMap
A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.
key-value pairs
Type: string
TagResourceRequest
Specifies the tags (keys and values) to associate with a classification job, custom data identifier, findingsfilter, or member account.
tags
A map of key-value pairs that specifies the tags to associate with the resource.
A resource can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.
Type: TagMap (p. 284)Required: True
284
Amazon Macie REST API ReferenceSee Also
TagResourceResponseThe request succeeded. The specified tags were added to the resource.
UntagResourceResponseThe request succeeded. The specified tags were removed from the resource.
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
ListTagsForResource• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
TagResource• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
UntagResource• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java
• AWS SDK for JavaScript
• AWS SDK for PHP V3
285
Amazon Macie REST API ReferenceUsage Totals
• AWS SDK for Python
• AWS SDK for Ruby V3
Usage TotalsThe Usage Totals resource provides aggregated usage data for your account. This data can provideinsight into the estimated cost of using Amazon Macie to monitor and analyze sensitive data for youraccount during the past 30 days.
You can use this resource to retrieve (query) aggregated usage data for your Macie account duringthe past 30 days. For a master account, the data reports cumulative usage for all the accounts in yourorganization. To query additional usage-related data or build a custom query for a select set of accounts,use the Usage Statistics (p. 291) resource.
URI/usage
HTTP Methods
GETOperation ID: GetUsageTotals
Retrieves (queries) aggregated usage data for an account.
Responses
Status Code Response Model Description
200 GetUsageTotalsResponse (p. 287)The request succeeded.
400 ValidationException (p. 287)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 287)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 287)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 287)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 287) The request failed because itconflicts with the current stateof the specified resource.
429 ThrottlingException (p. 288)The request failed because yousent too many requests during acertain amount of time.
286
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
500 InternalServerException (p. 288)The request failed due to anunknown internal server error,exception, or failure.
Schemas
Response Bodies
Example GetUsageTotalsResponse
{ "usageTotals": [ { "currency": enum, "estimatedCost": "string", "type": enum } ]}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
287
Amazon Macie REST API ReferenceProperties
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CurrencyThe type of currency that data for a usage metric is reported in. Possible values are:
USD
GetUsageTotalsResponseProvides the results of a query that retrieved aggregated usage data for an account during the past 30days.
usageTotals
An array of objects that contains the results of the query. Each object contains the data for a specificusage metric.
Type: Array of type UsageTotal (p. 289)
288
Amazon Macie REST API ReferenceProperties
Required: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UsageTotalProvides aggregated data for a usage metric. The value for the metric reports usage data for an accountduring the past 30 days.
289
Amazon Macie REST API ReferenceSee Also
currency
The type of currency that the value for the metric (estimatedCost) is reported in.
Type: Currency (p. 288)Required: False
estimatedCost
The estimated value for the metric.
Type: stringRequired: False
type
The name of the metric. Possible values are: DATA_INVENTORY_EVALUATION, for monitoring S3buckets; and, SENSITIVE_DATA_DISCOVERY, for analyzing sensitive data.
Type: UsageType (p. 290)Required: False
UsageTypeThe name of a usage metric for an account. Possible values are:
DATA_INVENTORY_EVALUATIONSENSITIVE_DATA_DISCOVERY
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
GetUsageTotals• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java
290
Amazon Macie REST API ReferenceUsage Statistics
• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
Usage StatisticsThe Usage Statistics resource provides information about current quotas and usage statistics for anaccount. This includes data for metrics that report the estimated cost of using Amazon Macie to performspecific types of tasks, and the current account quotas for those tasks. The data can help you trackyour use of the service and determine whether to adjust your quotas or use of the service. If you'reparticipating in a free trial of Macie, this resource also provides information about your free trial.
You can use the Usage Statistics resource to retrieve (query) aggregated data for usage metrics and thequotas that correspond to those metrics. The query results provide data for the past 30 days. You cancustomize your query and the query results by using supported parameters to filter and sort the data. Ifyou're a user of a master account, this means that you can use this resource to get a breakdown of thedata for each account in your Macie organization.
URI/usage/statistics
HTTP MethodsPOSTOperation ID: GetUsageStatistics
Retrieves (queries) quotas and aggregated usage data for one or more accounts.
Responses
Status Code Response Model Description
200 GetUsageStatisticsResponse (p. 292)The request succeeded.
400 ValidationException (p. 293)The request failed because itcontains a syntax error.
402 ServiceQuotaExceededException (p. 293)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.
403 AccessDeniedException (p. 293)The request was denied becauseyou don't have sufficient accessto the specified resource.
404 ResourceNotFoundException (p. 293)The request failed because thespecified resource wasn't found.
409 ConflictException (p. 293) The request failed because itconflicts with the current stateof the specified resource.
291
Amazon Macie REST API ReferenceSchemas
Status Code Response Model Description
429 ThrottlingException (p. 293)The request failed because yousent too many requests during acertain amount of time.
500 InternalServerException (p. 293)The request failed due to anunknown internal server error,exception, or failure.
SchemasRequest Bodies
Example POST
{ "nextToken": "string", "maxResults": integer, "sortBy": { "orderBy": enum, "key": enum }, "filterBy": [ { "comparator": enum, "values": [ "string" ], "key": enum } ]}
Response Bodies
Example GetUsageStatisticsResponse
{ "records": [ { "accountId": "string", "freeTrialStartDate": "string", "usage": [ { "serviceLimit": { "unit": enum, "isServiceLimited": boolean, "value": integer }, "currency": enum, "estimatedCost": "string", "type": enum } ] } ], "nextToken": "string"
292
Amazon Macie REST API ReferenceProperties
}
Example ValidationException
{ "message": "string"}
Example ServiceQuotaExceededException
{ "message": "string"}
Example AccessDeniedException
{ "message": "string"}
Example ResourceNotFoundException
{ "message": "string"}
Example ConflictException
{ "message": "string"}
Example ThrottlingException
{ "message": "string"}
Example InternalServerException
{ "message": "string"}
PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.
message
The explanation of the error that occurred.
293
Amazon Macie REST API ReferenceProperties
Type: stringRequired: False
ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.
message
The explanation of the error that occurred.
Type: stringRequired: False
CurrencyThe type of currency that data for a usage metric is reported in. Possible values are:
USD
GetUsageStatisticsRequestSpecifies criteria for filtering, sorting, and paginating the results of a query for quotas and aggregatedusage data for one or more accounts.
nextToken
The nextToken string that specifies which page of results to return in a paginated response.
Type: stringRequired: False
maxResults
The maximum number of items to include in each page of the response.
Type: integerRequired: FalseFormat: int32
sortBy
The criteria to use to sort the query results.
Type: UsageStatisticsSortBy (p. 299)Required: False
filterBy
An array of objects, one for each condition to use to filter the query results. If the array contains morethan one object, Amazon Macie uses an AND operator to join the conditions specified by the objects.
Type: Array of type UsageStatisticsFilter (p. 297)Required: False
294
Amazon Macie REST API ReferenceProperties
GetUsageStatisticsResponseProvides the results of a query that retrieved quotas and aggregated usage data for one or moreaccounts.
records
An array of objects that contains the results of the query. Each object contains the data for an accountthat meets the filter criteria specified in the request.
Type: Array of type UsageRecord (p. 297)Required: False
nextToken
The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.
Type: stringRequired: False
InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.
message
The explanation of the error that occurred.
Type: stringRequired: False
ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.
message
The explanation of the error that occurred.
Type: stringRequired: False
ServiceLimitSpecifies a current quota for an account.
unit
The unit of measurement for the value specified by the value field.
Type: stringRequired: FalseValues: TERABYTES
295
Amazon Macie REST API ReferenceProperties
isServiceLimited
Specifies whether the account has met the quota that corresponds to the metric specified by theUsageByAccount.type field in the response.
Type: booleanRequired: False
value
The value for the metric specified by the UsageByAccount.type field in the response.
Type: integerRequired: FalseFormat: int64
ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.
message
The explanation of the error that occurred.
Type: stringRequired: False
ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.
message
The explanation of the error that occurred.
Type: stringRequired: False
UsageByAccountProvides data for a specific usage metric and the corresponding quota for an account. The value for themetric is an aggregated value that reports usage during the past 30 days.
serviceLimit
The current value for the quota that corresponds to the metric specified by the type field.
Type: ServiceLimit (p. 295)Required: False
currency
The type of currency that the value for the metric (estimatedCost) is reported in.
296
Amazon Macie REST API ReferenceProperties
Type: Currency (p. 294)Required: False
estimatedCost
The estimated value for the metric.
Type: stringRequired: False
type
The name of the metric. Possible values are: DATA_INVENTORY_EVALUATION, for monitoring S3buckets; and, SENSITIVE_DATA_DISCOVERY, for analyzing sensitive data.
Type: UsageType (p. 299)Required: False
UsageRecordProvides quota and aggregated usage data for an account.
accountId
The unique identifier for the AWS account that the data applies to.
Type: stringRequired: False
freeTrialStartDate
The date and time, in UTC and extended ISO 8601 format, when the free trial started for the account.
Type: stringRequired: FalseFormat: date-time
usage
An array of objects that contains usage data and quotas for the account. Each object contains the datafor a specific usage metric and the corresponding quota.
Type: Array of type UsageByAccount (p. 296)Required: False
UsageStatisticsFilterSpecifies a condition for filtering the results of a query for account quotas and usage data.
comparator
The operator to use in the condition. If the value for the key property is accountId, this value must beCONTAINS. If the value for the key property is any other supported field, this value can be EQ, GT, GTE,LT, LTE, or NE.
297
Amazon Macie REST API ReferenceProperties
Type: UsageStatisticsFilterComparator (p. 298)Required: False
values
An array that lists values to use in the condition, based on the value for the field specified by thekey property. If the value for the key property is accountId, this array can specify multiple values.Otherwise, this array can specify only one value.
Valid values for each supported field are:
• accountId - The unique identifier for an AWS account.
• freeTrialStartDate - The date and time, in UTC and extended ISO 8601 format, when the freetrial started for an account.
• serviceLimit - A Boolean (true or false) value that indicates whether an account has reached itsmonthly quota.
• total - A string that represents the current, estimated month-to-date cost for an account.
Type: Array of type stringRequired: False
key
The field to use in the condition.
Type: UsageStatisticsFilterKey (p. 298)Required: False
UsageStatisticsFilterComparatorThe operator to use in a condition that filters the results of a query for account quotas and usage data.Valid values are:
GTGTELTLTEEQNECONTAINS
UsageStatisticsFilterKeyThe field to use in a condition that filters the results of a query for account quotas and usage data. Validvalues are:
accountIdserviceLimitfreeTrialStartDate
298
Amazon Macie REST API ReferenceSee Also
total
UsageStatisticsSortBySpecifies criteria for sorting the results of a query for account quotas and usage data.
orderBy
The sort order to apply to the results, based on the value for the field specified by the key property.Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.
Type: stringRequired: FalseValues: ASC | DESC
key
The field to sort the results by.
Type: UsageStatisticsSortKey (p. 299)Required: False
UsageStatisticsSortKeyThe field to use to sort the results of a query for account quotas and usage data. Valid values are:
accountIdtotalserviceLimitValuefreeTrialStartDate
UsageTypeThe name of a usage metric for an account. Possible values are:
DATA_INVENTORY_EVALUATIONSENSITIVE_DATA_DISCOVERY
ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.
message
The explanation of the error that occurred.
Type: stringRequired: False
See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:
299
Amazon Macie REST API ReferenceSee Also
GetUsageStatistics• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3
300
Amazon Macie REST API Reference
AWS glossaryFor the latest AWS terminology, see the AWS glossary in the AWS General Reference.
301
Amazon Macie REST API Reference
Document historyThe following table describes the important changes to the documentation since the last release ofAmazon Macie. For notification about updates to this documentation, you can subscribe to an RSS feed.
• API version: 2020-01-01 (latest)• Latest documentation update: November 20, 2020
update-history-change update-history-description update-history-date
API addition (p. 302) Added S3 bucket metadata thatindicates whether any one-timeor recurring classification jobsare configured to analyze data ina bucket.
November 20, 2020
API change (p. 302) Added support forpausing and resumingclassification jobs by usingthe UpdateClassificationJoboperation. Also, sensitive datafindings now include locationdata for up to 15 occurrences ofsensitive data in an affected S3object.
October 15, 2020
API addition (p. 302) Added S3 bucket metadataand statistics that indicate thesize and count of objects thatMacie can analyze as part of aclassification job.
September 2, 2020
API addition (p. 302) Added criteria for sortingand filtering query results foraccount quotas and usagestatistics.
July 24, 2020
API removal (p. 302) Removed support forthe ArchiveFindings andUnarchiveFindings operations.To suppress findings, usethe action property of theCreateFindingsFilterRequest andUpdateFindingsFilterRequestobjects.
June 11, 2020
General availability (p. 302) This release introduces version2020-01-01 of the AmazonMacie API.
May 13, 2020
302