+ All Categories
Home > Documents > Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie...

Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie...

Date post: 26-Aug-2020
Category:
Upload: others
View: 149 times
Download: 0 times
Share this document with a friend
308
Amazon Macie REST API Reference
Transcript
Page 1: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon MacieREST API Reference

Page 2: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

Amazon Macie: REST API ReferenceCopyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.

Page 3: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

Table of ContentsWelcome .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Finding regional endpoints ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Managing multiple accounts .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Signing requests ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Logging API calls ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Operations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Resources .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

AWS Organization Administrator ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

AWS Organization Administration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Export Configuration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Custom Data Identifier Creation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Custom Data Identifier Descriptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Custom Data Identifier List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Custom Data Identifier Testing .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Custom Data Identifier ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

iii

Page 4: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Data Sources - S3 .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Data Sources - S3 Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

Findings List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Findings Descriptions .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93URI ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Findings Samples .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Findings Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Findings Filters ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Findings Filter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166

Invitation List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

Invitation Acceptance .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

iv

Page 5: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

Invitation Count .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

Invitation Decline .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Invitation Deletion .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

Classification Job Creation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Classification Job List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Classification Job Description .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Macie Account Administration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Member Account Status .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Master Account .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

v

Page 6: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256Master Disassociation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Member List ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Member Disassociation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Member .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Tags .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

Usage Totals ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290

Usage Statistics ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291URI .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291HTTP Methods .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291Schemas .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292Properties ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293See Also .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

AWS glossary .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Document history .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

vi

Page 7: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceFinding regional endpoints

WelcomeAmazon Macie is a fully managed data security and data privacy service that uses machine learning andpattern matching to help you discover, monitor, and protect your sensitive data in AWS.

Macie automates the discovery of sensitive data, such as personally identifiable information (PII) andfinancial information, to provide you with a better understanding of the data that your organizationstores in Amazon Simple Storage Service (Amazon S3). Macie also provides you with an inventory of yourAmazon S3 buckets, and it automatically evaluates and monitors those buckets for security and accesscontrol. If Macie detects sensitive data or potential issues with the security or privacy of your data, itcreates detailed findings for you to review and remediate as necessary.

This guide, the Amazon Macie REST API Reference, provides information about the Amazon Macie API.This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Macie, youmight find it helpful to also review the Amazon Macie User Guide. The Amazon Macie User Guide explainskey concepts and provides procedures that demonstrate how to use Macie features. It also providesinformation about topics such as integrating Macie with other AWS services.

In addition to interacting with Macie by making RESTful calls to the Amazon Macie API, you can usea current version of an AWS command line tool or SDK. AWS provides tools and SDKs that consist oflibraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python,C++, and .NET. These tools and SDKs provide convenient, programmatic access to Macie and otherAWS services. They also handle tasks such as signing requests, managing errors, and retrying requestsautomatically. For information about installing and using the AWS tools and SDKs, see Tools to Build onAWS.

Finding regional endpointsThe Amazon Macie API is available in most AWS Regions and it provides an endpoint for each of theseRegions. For a list of Regions and endpoints where the API is currently available, see Amazon Macieendpoints and quotas in the Amazon Web Services General Reference. To learn more about AWS Regions,see Managing AWS Regions in the Amazon Web Services General Reference.

When you send a request to the Amazon Macie API, the request applies only to the AWS Regionthat’s currently active for your account or specified in the request. If your request submits changes toconfiguration or other settings for your account, the changes apply only to that Region. To make thesame changes in other Regions, send the request to each additional Region that you want to apply thechanges to.

Managing multiple accountsYou can centrally manage multiple accounts in Amazon Macie. To do this, you designate a single AWSaccount as the master account for Macie. You then associate other AWS accounts with the masteraccount as member accounts. You can do this in two ways, by using AWS Organizations or by sendingmembership invitations directly from Amazon Macie.

If you're a user of a master account, you can view and manage certain Macie resources for your ownaccount and all of its member accounts. You can also perform certain administrative tasks and choosecertain settings for all the accounts.

1

Page 8: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSigning requests

If you're a user of a member account, you can view and manage Macie resources only for your ownaccount. You can't view or otherwise access Macie resources for other member accounts or the masteraccount. For this reason, you might not be able to use certain operations of the Amazon Macie API.

For detailed information about the primary tasks that master and member accounts can perform, seeManaging multiple accounts in the Amazon Macie User Guide.

Signing requestsWhen you send an HTTPS request to the Amazon Macie API, you have to sign the request by using yourAWS access key, which consists of an access key ID and a secret access key. For everyday work with Macie,we strongly recommend that you not use the access key ID and secret key for your AWS root account.Instead, use the access key ID and secret access key for an AWS Identity and Access Management (IAM)user. You can also use the AWS Security Token Service to generate temporary security credentials thatyou can use to sign requests. All Amazon Macie operations require Signature Version 4.

For more information about using credentials and signing requests, see the following resources:

• AWS security credentials – This section of the AWS General Reference provides information about thetypes of credentials that can be used to access AWS.

• Temporary security credentials – This section of the IAM User Guide describes how to create and usetemporary security credentials.

• Signing AWS API requests – This section of the AWS General Reference explains and guides you throughthe process of signing a request using an access key ID and secret access key.

Logging API callsAmazon Macie integrates with AWS CloudTrail, which is a service that provides a record of actions thatwere taken in Macie by a user, a role, or another AWS service. This includes actions that were performedusing the Macie console and programmatic calls to Amazon Macie API operations.

By using the information collected by CloudTrail, you can determine which requests were successfullysent to Macie. For each request, you can identify when it was made, the IP address from which it wasmade, who made it, and additional details. To learn more about CloudTrail, see the AWS CloudTrail UserGuide.

2

Page 9: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

OperationsThe Amazon Macie REST API includes the following operations.

• AcceptInvitation (p. 176)

Accepts an Amazon Macie membership invitation that was received from a specific account.• BatchGetCustomDataIdentifiers (p. 35)

Retrieves information about one or more custom data identifiers.• CreateClassificationJob (p. 195)

Creates and defines the settings for a classification job.• CreateCustomDataIdentifier (p. 29)

Creates and defines the criteria and other settings for a custom data identifier.• CreateFindingsFilter (p. 146)

Creates and defines the criteria and other settings for a findings filter.• CreateInvitations (p. 168)

Sends an Amazon Macie membership invitation to one or more accounts.• CreateMember (p. 262)

Associates an account with an Amazon Macie master account.• CreateSampleFindings (p. 133)

Creates sample findings.• DeclineInvitations (p. 185)

Declines Amazon Macie membership invitations that were received from specific accounts.• DeleteCustomDataIdentifier (p. 53)

Soft deletes a custom data identifier.• DeleteFindingsFilter (p. 157)

Deletes a findings filter.• DeleteInvitations (p. 190)

Deletes Amazon Macie membership invitations that were received from specific accounts.• DeleteMember (p. 275)

Deletes the association between an Amazon Macie master account and an account.• DescribeBuckets (p. 59)

Retrieves (queries) statistical data and other information about one or more S3 buckets that AmazonMacie monitors and analyzes.

• DescribeClassificationJob (p. 219)

Retrieves the status and settings for a classification job.• DescribeOrganizationConfiguration (p. 16)

Retrieves the Amazon Macie configuration settings for an AWS organization.

3

Page 10: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

• DisableMacie (p. 239)

Disables an Amazon Macie account and deletes Macie resources for the account.• DisableOrganizationAdminAccount (p. 10)

Disables an account as the delegated Amazon Macie administrator account for an AWS organization.• DisassociateFromMasterAccount (p. 257)

Disassociates a member account from its Amazon Macie master account.• DisassociateMember (p. 270)

Disassociates an Amazon Macie master account from a member account.• EnableMacie (p. 238)

Enables Amazon Macie and specifies the configuration settings for a Macie account.• EnableOrganizationAdminAccount (p. 9)

Designates an account as the delegated Amazon Macie administrator account for an AWS organization.• GetBucketStatistics (p. 77)

Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors andanalyzes.

• GetClassificationExportConfiguration (p. 22)

Retrieves the configuration settings for storing data classification results.• GetCustomDataIdentifier (p. 52)

Retrieves the criteria and other settings for a custom data identifier.• GetFindings (p. 93)

Retrieves the details of one or more findings.• GetFindingsFilter (p. 156)

Retrieves the criteria and other settings for a findings filter.• GetFindingStatistics (p. 138)

Retrieves (queries) aggregated statistical data about findings.• GetInvitationsCount (p. 180)

Retrieves the count of Amazon Macie membership invitations that were received by an account.• GetMacieSession (p. 237)

Retrieves the current status and configuration settings for an Amazon Macie account.• GetMasterAccount (p. 252)

Retrieves information about the Amazon Macie master account for an account.• GetMember (p. 274)

Retrieves information about a member account that's associated with an Amazon Macie masteraccount.

• GetUsageStatistics (p. 291)

Retrieves (queries) quotas and aggregated usage data for one or more accounts.• GetUsageTotals (p. 286)

Retrieves (queries) aggregated usage data for an account.

4

Page 11: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

• ListClassificationJobs (p. 208)

Retrieves a subset of information about one or more classification jobs.

• ListCustomDataIdentifiers (p. 41)

Retrieves a subset of information about all the custom data identifiers for an account.

• ListFindings (p. 86)

Retrieves a subset of information about one or more findings.

• ListFindingsFilters (p. 145)

Retrieves a subset of information about all the findings filters for an account.

• ListInvitations (p. 167)

Retrieves information about all the Amazon Macie membership invitations that were received by anaccount.

• ListMembers (p. 261)

Retrieves information about the accounts that are associated with an Amazon Macie master account.

• ListOrganizationAdminAccounts (p. 8)

Retrieves information about the delegated Amazon Macie administrator account for an AWSorganization.

• ListTagsForResource (p. 281)

Retrieves the tags (keys and values) that are associated with a classification job, custom data identifier,findings filter, or member account.

• PutClassificationExportConfiguration (p. 23)

Creates or updates the configuration settings for storing data classification results.

• TagResource (p. 282)

Adds or updates one or more tags (keys and values) that are associated with a classification job,custom data identifier, findings filter, or member account.

• TestCustomDataIdentifier (p. 46)

Tests a custom data identifier.

• UntagResource (p. 282)

Removes one or more tags (keys and values) from a classification job, custom data identifier, findingsfilter, or member account.

• UpdateClassificationJob (p. 220)

Changes the status of a classification job.

• UpdateFindingsFilter (p. 157)

Updates the criteria and other settings for a findings filter.

• UpdateMacieSession (p. 239)

Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macieaccount.

• UpdateMemberSession (p. 247)

Enables an Amazon Macie master account to suspend or re-enable a member account.

• UpdateOrganizationConfiguration (p. 17)

5

Page 12: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

Updates the Amazon Macie configuration settings for an AWS organization.

6

Page 13: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceAWS Organization Administrator

ResourcesThe Amazon Macie REST API includes the following resources.

Topics• AWS Organization Administrator (p. 7)• AWS Organization Administration (p. 16)• Export Configuration (p. 22)• Custom Data Identifier Creation (p. 29)• Custom Data Identifier Descriptions (p. 35)• Custom Data Identifier List (p. 40)• Custom Data Identifier Testing (p. 46)• Custom Data Identifier (p. 52)• Data Sources - S3 (p. 59)• Data Sources - S3 Statistics (p. 76)• Findings List (p. 86)• Findings Descriptions (p. 93)• Findings Samples (p. 132)• Findings Statistics (p. 137)• Findings Filters (p. 145)• Findings Filter (p. 155)• Invitation List (p. 167)• Invitation Acceptance (p. 175)• Invitation Count (p. 180)• Invitation Decline (p. 184)• Invitation Deletion (p. 190)• Classification Job Creation (p. 195)• Classification Job List (p. 208)• Classification Job Description (p. 219)• Macie Account Administration (p. 237)• Member Account Status (p. 246)• Master Account (p. 251)• Master Disassociation (p. 256)• Member List (p. 260)• Member Disassociation (p. 269)• Member (p. 274)• Tags (p. 281)• Usage Totals (p. 286)• Usage Statistics (p. 291)

AWS Organization AdministratorThe AWS Organization Administrator resource provides settings that specify which account is thedelegated Amazon Macie administrator account for an AWS organization. To use this resource, you mustbe a user of the management account for the AWS organization.

7

Page 14: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

An AWS organization is a set of AWS accounts that are managed as a group by using the AWSOrganizations service. AWS Organizations is an account management service that enables administratorsto consolidate and centrally manage multiple AWS accounts as a single organization. To learn moreabout this service, see the AWS Organizations User Guide.

If you're a user of the management account for an AWS organization, you can use this resource todesignate a delegated Macie administrator account for the organization. You can also use this resourceto retrieve information about and change that designation. Note that an AWS organization can have onlyone delegated Macie administrator account.

URI/admin

HTTP Methods

GET

Operation ID: ListOrganizationAdminAccounts

Retrieves information about the delegated Amazon Macie administrator account for an AWSorganization.

Query Parameters

Name Type Required Description

nextToken String False The nextToken stringthat specifies whichpage of results toreturn in a paginatedresponse.

maxResults String False The maximum numberof items to includein each page of apaginated response.

Responses

Status Code Response Model Description

200 ListOrganizationAdminAccountsResponse (p. 11)The request succeeded.

400 ValidationException (p. 11)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.

8

Page 15: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.

POST

Operation ID: EnableOrganizationAdminAccount

Designates an account as the delegated Amazon Macie administrator account for an AWS organization.

Responses

Status Code Response Model Description

200 Empty Schema (p. 11) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 11)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.

9

Page 16: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

DELETEOperation ID: DisableOrganizationAdminAccount

Disables an account as the delegated Amazon Macie administrator account for an AWS organization.

Query Parameters

Name Type Required Description

adminAccountId String True The AWS accountID of the delegatedadministrator account.

Responses

Status Code Response Model Description

200 Empty Schema (p. 11) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 11)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 11)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 11)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 11)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 11) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 12)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 12)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest BodiesExample POST

{

10

Page 17: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"clientToken": "string", "adminAccountId": "string"}

Response Bodies

Example ListOrganizationAdminAccountsResponse

{ "nextToken": "string", "adminAccounts": [ { "accountId": "string", "status": enum } ]}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"

11

Page 18: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

AdminAccountProvides information about the delegated Amazon Macie administrator account for an AWS organization.

accountId

The AWS account ID for the account.

Type: stringRequired: False

status

The current status of the account as a delegated administrator of Amazon Macie for the organization.

Type: AdminStatus (p. 12)Required: False

AdminStatusThe current status of an account as the delegated Amazon Macie administrator account for an AWSorganization.

ENABLED

12

Page 19: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

DISABLING_IN_PROGRESS

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

EnableOrganizationAdminAccountRequestSpecifies an account to designate as a delegated Amazon Macie administrator account for an AWSorganization. To submit this request, you must be a user of the management account for the AWSorganization.

clientToken

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Type: stringRequired: False

adminAccountId

The AWS account ID for the account to designate as the delegated Amazon Macie administrator accountfor the organization.

Type: stringRequired: True

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ListOrganizationAdminAccountsResponseProvides information about the delegated Amazon Macie administrator accounts for an AWSorganization.

13

Page 20: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

adminAccounts

An array of objects, one for each delegated Amazon Macie administrator account for the organization.Only one of these accounts can have a status of ENABLED.

Type: Array of type AdminAccount (p. 12)Required: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

14

Page 21: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListOrganizationAdminAccounts• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

EnableOrganizationAdminAccount• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DisableOrganizationAdminAccount• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

15

Page 22: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceAWS Organization Administration

• AWS SDK for Ruby V3

AWS Organization AdministrationThe AWS Organization Administration resource provides access to the Amazon Macie configurationsettings for an AWS organization. This includes the setting that determines whether Macie is enabledautomatically for accounts that are added to an AWS organization. To use this resource, you must be thedelegated Macie administrator for your AWS organization.

An AWS organization is a set of AWS accounts that are managed as a group by using the AWSOrganizations service. AWS Organizations is an account management service that enables administratorsto consolidate and centrally manage multiple AWS accounts as a single organization. To learn moreabout this service, see the AWS Organizations User Guide.

If you're the delegated Macie administrator for an AWS organization, you can use this resource to retrieveinformation about and update the Macie configuration settings for the organization.

URI/admin/configuration

HTTP MethodsGETOperation ID: DescribeOrganizationConfiguration

Retrieves the Amazon Macie configuration settings for an AWS organization.

Responses

Status Code Response Model Description

200 DescribeOrganizationConfigurationResponse (p. 18)The request succeeded.

400 ValidationException (p. 18)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 18)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 18)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 18)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 18) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 18)The request failed because yousent too many requests during acertain amount of time.

16

Page 23: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 19)The request failed due to anunknown internal server error,exception, or failure.

PATCHOperation ID: UpdateOrganizationConfiguration

Updates the Amazon Macie configuration settings for an AWS organization.

Responses

Status Code Response Model Description

200 Empty Schema (p. 18) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 18)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 18)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 18)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 18)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 18) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 18)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 19)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example PATCH

{

17

Page 24: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"autoEnable": boolean}

Response Bodies

Example DescribeOrganizationConfigurationResponse

{ "autoEnable": boolean, "maxAccountLimitReached": boolean}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{

18

Page 25: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

DescribeOrganizationConfigurationResponseProvides information about the Amazon Macie configuration settings for an AWS organization.

autoEnable

Specifies whether Amazon Macie is enabled automatically for accounts that are added to the AWSorganization.

Type: booleanRequired: False

maxAccountLimitReached

Specifies whether the maximum number of Amazon Macie member accounts are part of the AWSorganization.

Type: booleanRequired: False

19

Page 26: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UpdateOrganizationConfigurationRequestSpecifies whether Amazon Macie is enabled automatically for accounts that are added to an AWSorganization.

20

Page 27: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

autoEnable

Specifies whether Amazon Macie is enabled automatically for each account, when the account is addedto the AWS organization.

Type: booleanRequired: True

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DescribeOrganizationConfiguration• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

UpdateOrganizationConfiguration• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

21

Page 28: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceExport Configuration

Export ConfigurationThe Export Configuration resource provides settings for storing data classification results in an AmazonSimple Storage Service (Amazon S3) bucket. A data classification result, also referred to as a sensitivedata discovery result, is a record that logs details about the analysis of each Amazon S3 object that youconfigure a classification job to analyze. This includes objects that don't contain sensitive data, andtherefore don't produce a finding, and objects that Amazon Macie can't analyze due to issues such aspermissions settings. Macie automatically creates these records for each (and every) classification jobthat you create and run. You can configure Macie to store these records in an S3 bucket that you specify,and encrypt them using an AWS Key Management Service (AWS KMS) key that you also specify.

If you use Macie in multiple AWS Regions, you need to configure these settings for each Region in whichyou use Macie. If you prefer to store all classification results for all Regions in one S3 bucket, you cando this by specifying the same bucket, located in one specific Region, for each Region in which you useMacie.

You can use the Export Configuration resource to create, retrieve information about, or update settingsfor storing data classification results in an S3 bucket.

URI/classification-export-configuration

HTTP Methods

GET

Operation ID: GetClassificationExportConfiguration

Retrieves the configuration settings for storing data classification results.

Responses

Status Code Response Model Description

200 GetClassificationExportConfigurationResponse (p. 24)The request succeeded.

400 ValidationException (p. 24)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 24)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 24)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 24)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 25) The request failed because itconflicts with the current stateof the specified resource.

22

Page 29: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

429 ThrottlingException (p. 25)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 25)The request failed due to anunknown internal server error,exception, or failure.

PUTOperation ID: PutClassificationExportConfiguration

Creates or updates the configuration settings for storing data classification results.

Responses

Status Code Response Model Description

200 PutClassificationExportConfigurationResponse (p. 24)The request succeeded.

400 ValidationException (p. 24)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 24)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 24)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 24)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 25) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 25)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 25)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example PUT

{

23

Page 30: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}

Response Bodies

Example GetClassificationExportConfigurationResponse

{ "configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}

Example PutClassificationExportConfigurationResponse

{ "configuration": { "s3Destination": { "bucketName": "string", "kmsKeyArn": "string", "keyPrefix": "string" } }}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{

24

Page 31: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ClassificationExportConfiguration

Specifies where to store data classification results, and the encryption settings to use when storingresults in that location. Currently, you can store classification results only in an S3 bucket.

s3Destination

The S3 bucket to store data classification results in, and the encryption settings to use when storingresults in that bucket.

Type: S3Destination (p. 27)Required: False

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

25

Page 32: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

GetClassificationExportConfigurationResponseProvides information about the current configuration settings for storing data classification results.

configuration

The location where data classification results are stored, and the encryption settings that are used whenstoring results in that location.

Type: ClassificationExportConfiguration (p. 25)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

PutClassificationExportConfigurationRequestSpecifies where to store data classification results, and the encryption settings to use when storingresults in that location. Currently, you can store classification results only in an S3 bucket.

configuration

The location to store data classification results in, and the encryption settings to use when storing resultsin that location.

Type: ClassificationExportConfiguration (p. 25)Required: True

PutClassificationExportConfigurationResponseProvides information about updated settings for storing data classification results.

configuration

The location where the data classification results are stored, and the encryption settings that are usedwhen storing results in that location.

Type: ClassificationExportConfiguration (p. 25)Required: False

26

Page 33: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

S3DestinationSpecifies an S3 bucket to store data classification results in, and the encryption settings to use whenstoring results in that bucket.

bucketName

The name of the bucket.

Type: stringRequired: True

kmsKeyArn

The Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) customer masterkey (CMK) to use for encryption of the results. This must be the ARN of an existing CMK that's in thesame AWS Region as the bucket.

Type: stringRequired: True

keyPrefix

The path prefix to use in the path to the location in the bucket. This prefix specifies where to storeclassification results in the bucket.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

27

Page 34: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetClassificationExportConfiguration• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

PutClassificationExportConfiguration• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

28

Page 35: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceCustom Data Identifier Creation

Custom Data Identifier CreationA custom data identifier is a set of criteria that you define to detect sensitive data in one or more datasources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in thedata. It can also specify character sequences, such as words and phrases, and a proximity rule that refinethe analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet yourorganization's specific needs, and supplement the built-in data identifiers that Amazon Macie provides.

You can use the Custom Data Identifier Creation resource to create a new custom data identifier. Notethat you can't change a custom data identifier after you create it. This helps ensure that you have animmutable history of sensitive data findings and discovery results for data privacy and protection auditsor investigations that you perform. To test and refine a custom data identifier before you create it, usethe Custom Data Identifier Testing (p. 46) resource.

URI/custom-data-identifiers

HTTP Methods

POSTOperation ID: CreateCustomDataIdentifier

Creates and defines the criteria and other settings for a custom data identifier.

Responses

Status Code Response Model Description

200 CreateCustomDataIdentifierResponse (p. 30)The request succeeded. Thespecified custom data identifierwas created.

400 ValidationException (p. 30)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 30)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 30)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 31)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 31) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 31)The request failed because yousent too many requests during acertain amount of time.

29

Page 36: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 31)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "regex": "string", "keywords": [ "string" ], "clientToken": "string", "ignoreWords": [ "string" ], "name": "string", "description": "string", "maximumMatchDistance": integer, "tags": { }}

Response Bodies

Example CreateCustomDataIdentifierResponse

{ "customDataIdentifierId": "string"}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

30

Page 37: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateCustomDataIdentifierRequestSpecifies the criteria and other settings for a new custom data identifier. You can't change a customdata identifier after you create it. This helps ensure that you have an immutable history of sensitive datafindings and discovery results for data privacy and protection audits or investigations.

31

Page 38: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

regex

The regular expression (regex) that defines the pattern to match. The expression can contain as many as512 characters.

Type: stringRequired: False

keywords

An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. The array can contain as many as 50keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.

Type: Array of type stringRequired: False

clientToken

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Type: stringRequired: False

ignoreWords

An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Thearray can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignorewords are case sensitive.

Type: Array of type stringRequired: False

name

A custom name for the custom data identifier. The name can contain as many as 128 characters.

We strongly recommend that you avoid including any sensitive data in the name of a custom dataidentifier. Other users of your account might be able to see the identifier's name, depending on theactions that they're allowed to perform in Amazon Macie.

Type: stringRequired: False

description

A custom description of the custom data identifier. The description can contain as many as 512characters.

We strongly recommend that you avoid including any sensitive data in the description of a custom dataidentifier. Other users of your account might be able to see the identifier's description, depending on theactions that they're allowed to perform in Amazon Macie.

Type: stringRequired: False

32

Page 39: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

maximumMatchDistance

The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters.The default value is 50.

Type: integerRequired: FalseFormat: int32

tags

A map of key-value pairs that specifies the tags to associate with the custom data identifier.

A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and anassociated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tagvalue is 256 characters.

Type: TagMap (p. 34)Required: False

CreateCustomDataIdentifierResponseProvides information about a custom data identifier that was created in response to a request.

customDataIdentifierId

The unique identifier for the custom data identifier that was created.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

33

Page 40: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

CreateCustomDataIdentifier• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++

34

Page 41: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceCustom Data Identifier Descriptions

• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Custom Data Identifier DescriptionsA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier Descriptions resource provides access to the repository of customdata identifiers for your account. It provides information about each custom data identifier that you canuse in Amazon Macie.

You can use this resource to retrieve information about one or more custom data identifiers for youraccount. To refine your request, you can use the supported request parameter to specify which customdata identifiers to retrieve information about. To retrieve detailed information about the criteria andother settings for an individual custom data identifier, use the Custom Data Identifier (p. 52) resource.

URI/custom-data-identifiers/get

HTTP MethodsPOSTOperation ID: BatchGetCustomDataIdentifiers

Retrieves information about one or more custom data identifiers.

Responses

Status Code Response Model Description

200 BatchGetCustomDataIdentifiersResponse (p. 36)The request succeeded.

400 ValidationException (p. 36)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 36)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 37)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 37)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 37) The request failed because itconflicts with the current stateof the specified resource.

35

Page 42: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

429 ThrottlingException (p. 37)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 37)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example POST

{ "ids": [ "string" ]}

Response Bodies

Example BatchGetCustomDataIdentifiersResponse

{ "customDataIdentifiers": [ { "createdAt": "string", "deleted": boolean, "name": "string", "description": "string", "id": "string", "arn": "string" } ], "notFoundIdentifierIds": [ "string" ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

36

Page 43: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

BatchGetCustomDataIdentifierSummaryProvides information about a custom data identifier.

createdAt

The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.

Type: stringRequired: FalseFormat: date-time

37

Page 44: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

deleted

Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, AmazonMacie doesn't delete it permanently. Instead, it soft deletes the identifier.

Type: booleanRequired: False

name

The custom name of the custom data identifier.

Type: stringRequired: False

description

The custom description of the custom data identifier.

Type: stringRequired: False

id

The unique identifier for the custom data identifier.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the custom data identifier.

Type: stringRequired: False

BatchGetCustomDataIdentifiersRequestSpecifies one or more custom data identifiers to retrieve information about.

ids

An array of strings that lists the unique identifiers for the custom data identifiers to retrieve informationabout.

Type: Array of type stringRequired: False

BatchGetCustomDataIdentifiersResponseProvides information about one or more custom data identifiers.

customDataIdentifiers

An array of objects, one for each custom data identifier that meets the criteria specified in the request.

38

Page 45: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Array of type BatchGetCustomDataIdentifierSummary (p. 37)Required: False

notFoundIdentifierIds

An array of identifiers, one for each identifier that was specified in the request, but doesn't correlate toan existing custom data identifier.

Type: Array of type stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

39

Page 46: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

BatchGetCustomDataIdentifiers• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Custom Data Identifier ListA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier List resource represents the repository of custom data identifiers foryour account. It provides a subset of information about each custom data identifier that you can use inAmazon Macie.

You can use this resource to retrieve a subset of information about all the custom data identifiers foryour account. To retrieve detailed information about the criteria and other settings for an individualcustom data identifier, use the Custom Data Identifier (p. 52) resource.

40

Page 47: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

URI/custom-data-identifiers/list

HTTP MethodsPOSTOperation ID: ListCustomDataIdentifiers

Retrieves a subset of information about all the custom data identifiers for an account.

Responses

Status Code Response Model Description

200 ListCustomDataIdentifiersResponse (p. 42)The request succeeded.

400 ValidationException (p. 42)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 42)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 42)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 42)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 42) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 42)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 43)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "nextToken": "string", "maxResults": integer}

41

Page 48: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Response Bodies

Example ListCustomDataIdentifiersResponse

{ "nextToken": "string", "items": [ { "createdAt": "string", "name": "string", "description": "string", "id": "string", "arn": "string" } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

42

Page 49: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CustomDataIdentifierSummaryProvides information about a custom data identifier.

createdAt

The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.

Type: stringRequired: FalseFormat: date-time

name

The custom name of the custom data identifier.

Type: stringRequired: False

description

The custom description of the custom data identifier.

Type: stringRequired: False

43

Page 50: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

id

The unique identifier for the custom data identifier.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the custom data identifier.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ListCustomDataIdentifiersRequestSpecifies criteria for paginating the results of a request for information about custom data identifiers.

nextToken

The nextToken string that specifies which page of results to return in a paginated response.

Type: stringRequired: False

maxResults

The maximum number of items to include in each page of the response.

Type: integerRequired: FalseFormat: int32

ListCustomDataIdentifiersResponseProvides the results of a request for information about custom data identifiers.

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: string

44

Page 51: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

items

An array of objects, one for each custom data identifier.

Type: Array of type CustomDataIdentifierSummary (p. 43)Required: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

45

Page 52: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListCustomDataIdentifiers• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Custom Data Identifier TestingThe Custom Data Identifier Testing resource provides an environment for developing, testing, andrefining a custom data identifier. A custom data identifier is a set of criteria that you define to detectsensitive data in one or more data sources.

When you develop a customer data identifier, you specify a regular expression (regex) that defines a textpattern to match in a data source. You can also specify character sequences, such as words and phrases,and a proximity rule to refine the analysis. By using custom data identifiers, you can tailor your dataanalysis to meet your organization's specific needs, and supplement the built-in data identifiers thatAmazon Macie provides.

You can use the Custom Data Identifier Testing resource to develop, test, and refine a custom dataidentifier. Note that this resource doesn't create a persistent data identifier that you can subsequentlyaccess and use in Amazon Macie. Instead, it provides a test environment that can help you optimize andrefine a data identifier by using sample data. When you finish developing and testing a custom dataidentifier, use the Custom Data Identifier Creation (p. 29) resource to create it.

URI/custom-data-identifiers/test

HTTP MethodsPOSTOperation ID: TestCustomDataIdentifier

Tests a custom data identifier.

Responses

Status Code Response Model Description

200 TestCustomDataIdentifierResponse (p. 48)The request succeeded.

46

Page 53: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

400 ValidationException (p. 48)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 48)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 48)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 48)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 48) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 48)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 48)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "regex": "string", "keywords": [ "string" ], "ignoreWords": [ "string" ], "maximumMatchDistance": integer, "sampleText": "string"}

Example POST

{ "regex": "string", "keywords": [ "string" ], "ignoreWords": [ "string" ], "maximumMatchDistance": integer,

47

Page 54: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"sampleText": "string"}

Response Bodies

Example TestCustomDataIdentifierResponse

{ "matchCount": integer}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"

48

Page 55: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

49

Page 56: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

TestCustomDataIdentifierRequestSpecifies the detection criteria of a custom data identifier to test.

regex

The regular expression (regex) that defines the pattern to match. The expression can contain as many as512 characters.

Type: stringRequired: True

keywords

An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. The array can contain as many as 50keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.

Type: Array of type stringRequired: False

ignoreWords

An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Thearray can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignorewords are case sensitive.

Type: Array of type stringRequired: False

maximumMatchDistance

The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters.The default value is 50.

Type: integerRequired: FalseFormat: int32

sampleText

The sample text to inspect by using the custom data identifier. The text can contain as many as 1,000characters.

Type: stringRequired: True

50

Page 57: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

TestCustomDataIdentifierResponseProvides test results for a custom data identifier.

matchCount

The number of instances of sample text that matched the detection criteria specified in the custom dataidentifier.

Type: integerRequired: FalseFormat: int32

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

TestCustomDataIdentifier• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

51

Page 58: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceCustom Data Identifier

Custom Data IdentifierA custom data identifier is a set of criteria that you defined to detect sensitive data in one or more datasources. The Custom Data Identifier resource provides access to the repository of custom data identifiersfor your account. It provides comprehensive, detailed information about each custom data identifierthat you can use in Amazon Macie. This includes the criteria and other settings for each custom dataidentifier. The Custom Data Identifier resource also enables you to delete a custom data identifier.

When you use this resource to delete or retrieve information about a custom data identifier, you have tospecify the unique identifier for the customer data identifier. To find this identifier, use the Custom DataIdentifier List (p. 40) resource.

You can use the Custom Data Identifier resource to retrieve detailed information about a custom dataidentifier. You can also use this resource to delete a custom data identifier.

URI/custom-data-identifiers/id

HTTP MethodsGETOperation ID: GetCustomDataIdentifier

Retrieves the criteria and other settings for a custom data identifier.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 GetCustomDataIdentifierResponse (p. 54)The request succeeded.

400 ValidationException (p. 54)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 54)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 54)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 55)The request failed because thespecified resource wasn't found.

52

Page 59: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

409 ConflictException (p. 55) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 55)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 55)The request failed due to anunknown internal server error,exception, or failure.

DELETEOperation ID: DeleteCustomDataIdentifier

Soft deletes a custom data identifier.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 Empty Schema (p. 54) The request succeeded. Thespecified custom data identifierwas deleted and there isn't anycontent to include in the body ofthe response (No Content).

400 ValidationException (p. 54)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 54)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 54)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 55)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 55) The request failed because itconflicts with the current stateof the specified resource.

53

Page 60: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

429 ThrottlingException (p. 55)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 55)The request failed due to anunknown internal server error,exception, or failure.

SchemasResponse Bodies

Example GetCustomDataIdentifierResponse

{ "createdAt": "string", "regex": "string", "deleted": boolean, "keywords": [ "string" ], "ignoreWords": [ "string" ], "name": "string", "description": "string", "maximumMatchDistance": integer, "id": "string", "arn": "string", "tags": { }}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{

54

Page 61: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

55

Page 62: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

GetCustomDataIdentifierResponseProvides information about the criteria and other settings for a custom data identifier.

createdAt

The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.

Type: stringRequired: FalseFormat: date-time

regex

The regular expression (regex) that defines the pattern to match.

Type: stringRequired: False

deleted

Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, AmazonMacie doesn't delete it permanently. Instead, it soft deletes the identifier.

Type: booleanRequired: False

keywords

An array that lists specific character sequences (keywords), one of which must be within proximity(maximumMatchDistance) of the regular expression to match. Keywords aren't case sensitive.

Type: Array of type stringRequired: False

ignoreWords

An array that lists specific character sequences (ignore words) to exclude from the results. If the textmatched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Ignorewords are case sensitive.

Type: Array of type stringRequired: False

name

The custom name of the custom data identifier.

Type: stringRequired: False

description

The custom description of the custom data identifier.

56

Page 63: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

maximumMatchDistance

The maximum number of characters that can exist between text that matches the regex pattern and thecharacter sequences specified by the keywords array. Macie includes or excludes a result based on theproximity of a keyword to text that matches the regex pattern.

Type: integerRequired: FalseFormat: int32

id

The unique identifier for the custom data identifier.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the custom data identifier.

Type: stringRequired: False

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the customdata identifier.

Type: TagMap (p. 58)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

57

Page 64: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetCustomDataIdentifier• AWS Command Line Interface

58

Page 65: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceData Sources - S3

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteCustomDataIdentifier• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Data Sources - S3The S3 Data Sources resource provides statistical data and other information about the Amazon SimpleStorage Service (Amazon S3) buckets that you configured Amazon Macie to monitor and analyze. Thisincludes data such as the number of objects that are in an S3 bucket and how many of those objectsMacie can analyze. This also includes information about the settings that define who can access data inan S3 bucket and how that data can be accessed. The data is available for all the S3 buckets that youconfigured Macie to monitor and analyze.

You can use this resource to retrieve (query) statistical data and other information about the settings andcontents of one or more S3 buckets that Macie monitors and analyzes. To customize and refine a query,you can use supported parameters that specify whether and how to filter, sort, and paginate the queryresults.

URI/datasources/s3

HTTP Methods

POSTOperation ID: DescribeBuckets

Retrieves (queries) statistical data and other information about one or more S3 buckets that AmazonMacie monitors and analyzes.

59

Page 66: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Responses

Status Code Response Model Description

200 DescribeBucketsResponse (p. 60)The request succeeded.

400 ValidationException (p. 62)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 62)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 62)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 62)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 62) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 62)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 62)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "criteria": { }, "nextToken": "string", "maxResults": integer, "sortCriteria": { "orderBy": enum, "attributeName": "string" }}

Response Bodies

Example DescribeBucketsResponse

{ "nextToken": "string", "buckets": [

60

Page 67: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

{ "bucketName": "string", "objectCount": integer, "sizeInBytes": integer, "versioning": boolean, "classifiableObjectCount": integer, "publicAccess": { "effectivePermission": enum, "permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "objectCountByEncryptionType": { "kmsManaged": integer, "s3Managed": integer, "customerManaged": integer, "unencrypted": integer }, "classifiableSizeInBytes": integer, "tags": [ { "value": "string", "key": "string" } ], "unclassifiableObjectCount": { "total": integer, "storageClass": integer, "fileType": integer }, "lastUpdated": "string", "accountId": "string", "bucketArn": "string", "bucketCreatedAt": "string", "replicationDetails": { "replicationAccounts": [ "string" ], "replicatedExternally": boolean, "replicated": boolean }, "unclassifiableObjectSizeInBytes": { "total": integer,

61

Page 68: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"storageClass": integer, "fileType": integer }, "sharedAccess": enum, "region": "string", "jobDetails": { "lastJobId": "string", "lastJobRunTime": "string", "isDefinedInJob": enum, "isMonitoredByJob": enum }, "sizeInBytesCompressed": integer } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"

62

Page 69: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

PropertiesAccessControlListProvides information about the permissions settings of the bucket-level access control list (ACL) for anS3 bucket.

allowsPublicReadAccess

Specifies whether the ACL grants the general public with read access permissions for the bucket.

Type: booleanRequired: False

allowsPublicWriteAccess

Specifies whether the ACL grants the general public with write access permissions for the bucket.

Type: booleanRequired: False

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

AccountLevelPermissionsProvides information about account-level permissions settings that apply to an S3 bucket.

blockPublicAccess

The block public access settings for the bucket.

Type: BlockPublicAccess (p. 63)Required: False

BlockPublicAccessProvides information about the block public access settings for an S3 bucket. These settings can applyto a bucket at the account level or bucket level. For detailed information about each setting, see UsingAmazon S3 block public access in the Amazon Simple Storage Service Developer Guide.

blockPublicPolicy

Specifies whether Amazon S3 blocks public bucket policies for the bucket.

63

Page 70: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: booleanRequired: False

restrictPublicBuckets

Specifies whether Amazon S3 restricts public bucket policies for the bucket.

Type: booleanRequired: False

blockPublicAcls

Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in thebucket.

Type: booleanRequired: False

ignorePublicAcls

Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.

Type: booleanRequired: False

BucketCriteriaSpecifies, as a map, one or more attribute-based conditions that filter the results of a query forinformation about S3 buckets.

key-value pairs

Type: object

BucketCriteriaAdditionalPropertiesSpecifies the operator to use in an attribute-based condition that filters the results of a query forinformation about S3 buckets.

prefix

The prefix of the buckets to include in the results.

Type: stringRequired: False

lt

A less than condition to apply to a specified attribute value for buckets.

Type: integerRequired: FalseFormat: int64

64

Page 71: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

gte

A greater than or equal to condition to apply to a specified attribute value for buckets.

Type: integerRequired: FalseFormat: int64

neq

A not equal to condition to apply to a specified attribute value for buckets.

Type: Array of type stringRequired: False

lte

A less than or equal to condition to apply to a specified attribute value for buckets.

Type: integerRequired: FalseFormat: int64

eq

An equal to condition to apply to a specified attribute value for buckets.

Type: Array of type stringRequired: False

gt

A greater than condition to apply to a specified attribute value for buckets.

Type: integerRequired: FalseFormat: int64

BucketLevelPermissionsProvides information about the bucket-level permissions settings for an S3 bucket.

accessControlList

The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn'tbeen defined for the bucket.

Type: AccessControlList (p. 63)Required: False

blockPublicAccess

The block public access settings for the bucket.

65

Page 72: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: BlockPublicAccess (p. 63)Required: False

bucketPolicy

The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn'tbeen defined for the bucket.

Type: BucketPolicy (p. 69)Required: False

BucketMetadataProvides information about an S3 bucket that Amazon Macie monitors and analyzes.

bucketName

The name of the bucket.

Type: stringRequired: False

objectCount

The total number of objects in the bucket.

Type: integerRequired: FalseFormat: int64

sizeInBytes

The total storage size, in bytes, of the bucket.

Type: integerRequired: FalseFormat: int64

versioning

Specifies whether versioning is enabled for the bucket.

Type: booleanRequired: False

classifiableObjectCount

The total number of objects that Amazon Macie can analyze in the bucket. These objects use a supportedstorage class and have a file name extension for a supported file or storage format.

Type: integerRequired: FalseFormat: int64

66

Page 73: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

publicAccess

Specifies whether the bucket is publicly accessible. If this value is true, an access control list (ACL),bucket policy, or block public access settings allow the bucket to be accessed by the general public.

Type: BucketPublicAccess (p. 70)Required: False

objectCountByEncryptionType

The total number of objects that are in the bucket, grouped by server-side encryption type. This includesa grouping that reports the total number of objects that aren't encrypted or use client-side encryption.

Type: ObjectCountByEncryptionType (p. 73)Required: False

classifiableSizeInBytes

The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. Theseobjects use a supported storage class and have a file name extension for a supported file or storageformat.

Type: integerRequired: FalseFormat: int64

tags

An array that specifies the tags (keys and values) that are associated with the bucket.

Type: Array of type KeyValuePair (p. 73)Required: False

unclassifiableObjectCount

The total number of objects that Amazon Macie can't analyze in the bucket. These objects don't use asupported storage class or don't have a file name extension for a supported file or storage format.

Type: ObjectLevelStatistics (p. 74)Required: False

lastUpdated

The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieveddata about the bucket from Amazon S3.

Type: stringRequired: FalseFormat: date-time

accountId

The unique identifier for the AWS account that owns the bucket.

Type: string

67

Page 74: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

bucketArn

The Amazon Resource Name (ARN) of the bucket.

Type: stringRequired: False

bucketCreatedAt

The date and time, in UTC and extended ISO 8601 format, when the bucket was created.

Type: stringRequired: FalseFormat: date-time

replicationDetails

Specifies whether the bucket is configured to replicate one or more objects to buckets for other AWSaccounts and, if so, which accounts.

Type: ReplicationDetails (p. 75)Required: False

unclassifiableObjectSizeInBytes

The total storage size, in bytes, of the objects that Amazon Macie can't analyze in the bucket. Theseobjects don't use a supported storage class or don't have a file name extension for a supported file orstorage format.

Type: ObjectLevelStatistics (p. 74)Required: False

sharedAccess

Specifies whether the bucket is shared with another AWS account. Possible values are:

• EXTERNAL - The bucket is shared with an AWS account that isn't part of the same Amazon Macieorganization.

• INTERNAL - The bucket is shared with an AWS account that's part of the same Amazon Macieorganization.

• NOT_SHARED - The bucket isn't shared with other AWS accounts.

• UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.

Type: stringRequired: FalseValues: EXTERNAL | INTERNAL | NOT_SHARED | UNKNOWN

region

The AWS Region that hosts the bucket.

68

Page 75: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

jobDetails

Specifies whether any one-time or recurring classification jobs are configured to analyze data in thebucket, and, if so, the details of the job that ran most recently.

Type: JobDetails (p. 72)Required: False

sizeInBytesCompressed

The total compressed storage size, in bytes, of the bucket.

Type: integerRequired: FalseFormat: int64

BucketPermissionConfigurationProvides information about the account-level and bucket-level permissions settings for an S3 bucket.

accountLevelPermissions

The account-level permissions settings that apply to the bucket.

Type: AccountLevelPermissions (p. 63)Required: False

bucketLevelPermissions

The bucket-level permissions settings for the bucket.

Type: BucketLevelPermissions (p. 65)Required: False

BucketPolicyProvides information about the permissions settings of a bucket policy for an S3 bucket.

allowsPublicReadAccess

Specifies whether the bucket policy allows the general public to have read access to the bucket.

Type: booleanRequired: False

allowsPublicWriteAccess

Specifies whether the bucket policy allows the general public to have write access to the bucket.

Type: boolean

69

Page 76: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

BucketPublicAccessProvides information about the permissions settings that determine whether an S3 bucket is publiclyaccessible.

effectivePermission

Specifies whether the bucket is publicly accessible due to the combination of permissions settings thatapply to the bucket. Possible values are:

• NOT_PUBLIC - The bucket isn't publicly accessible.• PUBLIC - The bucket is publicly accessible.• UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.

Type: stringRequired: FalseValues: PUBLIC | NOT_PUBLIC | UNKNOWN

permissionConfiguration

The account-level and bucket-level permissions for the bucket.

Type: BucketPermissionConfiguration (p. 69)Required: False

BucketSortCriteriaSpecifies criteria for sorting the results of a query for information about S3 buckets.

orderBy

The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.

Type: stringRequired: FalseValues: ASC | DESC

attributeName

The name of the attribute to sort the results by. This value can be the name of any property that AmazonMacie defines as bucket metadata, such as bucketName or accountId.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

70

Page 77: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

DescribeBucketsRequestSpecifies criteria for filtering, sorting, and paginating the results of a query for information about S3buckets.

criteria

The criteria to use to filter the query results.

Type: BucketCriteria (p. 64)Required: False

nextToken

The nextToken string that specifies which page of results to return in a paginated response.

Type: stringRequired: False

maxResults

The maximum number of items to include in each page of the response. The default value is 50.

Type: integerRequired: FalseFormat: int32

sortCriteria

The criteria to use to sort the query results.

Type: BucketSortCriteria (p. 70)Required: False

DescribeBucketsResponseProvides the results of a query that retrieved statistical data and other information about one or more S3buckets that Amazon Macie monitors and analyzes.

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

71

Page 78: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

buckets

An array of objects, one for each bucket that meets the filter criteria specified in the request.

Type: Array of type BucketMetadata (p. 66)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

JobDetailsSpecifies whether any one-time or recurring classification jobs are configured to analyze data in an S3bucket, and, if so, the details of the job that ran most recently.

lastJobId

The unique identifier for the job that ran most recently (either the latest run of a recurring job or theonly run of a one-time job) and is configured to analyze data in the bucket.

This value is null if the value for the isDefinedInJob property is FALSE or UNKNOWN.

Type: stringRequired: False

lastJobRunTime

The date and time, in UTC and extended ISO 8601 format, when the job (lastJobId) started. If the jobis a recurring job, this value indicates when the most recent run started.

This value is null if the value for the isDefinedInJob property is FALSE or UNKNOWN.

Type: stringRequired: FalseFormat: date-time

isDefinedInJob

Specifies whether any one-time or recurring jobs are configured to analyze data in the bucket. Possiblevalues are:

• TRUE - One or more jobs is configured to analyze data in the bucket, and at least one of those jobs hasa status other than CANCELLED.

• FALSE - No jobs are configured to analyze data in the bucket, or all the jobs that are configured toanalyze data in the bucket have a status of CANCELLED.

• UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.

72

Page 79: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: FalseValues: TRUE | FALSE | UNKNOWN

isMonitoredByJob

Specifies whether any recurring jobs are configured to analyze data in the bucket. Possible values are:

• TRUE - One or more recurring jobs is configured to analyze data in the bucket, and at least one ofthose jobs has a status other than CANCELLED.

• FALSE - No recurring jobs are configured to analyze data in the bucket, or all the recurring jobs thatare configured to analyze data in the bucket have a status of CANCELLED.

• UNKNOWN - An exception occurred when Amazon Macie attempted to retrieve job data for the bucket.

Type: stringRequired: FalseValues: TRUE | FALSE | UNKNOWN

KeyValuePairProvides information about the tags that are associated with an S3 bucket or object. Each tag consists ofa required tag key and an associated tag value.

value

One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tagvalue can be an empty string.

Type: stringRequired: False

key

One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category formore specific tag values.

Type: stringRequired: False

ObjectCountByEncryptionTypeProvides information about the number of objects that are in an S3 bucket and use certain types ofserver-side encryption, use client-side encryption, or aren't encrypted.

kmsManaged

The total number of objects that are encrypted using an AWS Key Management Service (AWS KMS)customer master key (CMK). The objects use AWS managed AWS KMS (AWS-KMS) encryption orcustomer managed AWS KMS (SSE-KMS) encryption.

Type: integerRequired: FalseFormat: int64

73

Page 80: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

s3Managed

The total number of objects that are encrypted using an Amazon S3 managed key. The objects useAmazon S3 managed (SSE-S3) encryption.

Type: integerRequired: FalseFormat: int64

customerManaged

The total number of objects that are encrypted using a customer-managed key. The objects usecustomer-provided server-side (SSE-C) encryption.

Type: integerRequired: FalseFormat: int64

unencrypted

The total number of objects that aren't encrypted or use client-side encryption.

Type: integerRequired: FalseFormat: int64

ObjectLevelStatisticsProvides information about the total storage size (in bytes) or number of objects that Amazon Maciecan't analyze in one or more S3 buckets. In a BucketMetadata object, this data is for a specific bucket.In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the queryresults.

total

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class or don't have a file name extension for a supported file orstorage format.

Type: integerRequired: FalseFormat: int64

storageClass

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class.

Type: integerRequired: FalseFormat: int64

fileType

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects don't have a file name extension for a supported file or storage format.

74

Page 81: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: integerRequired: FalseFormat: int64

ReplicationDetailsProvides information about settings that define whether one or more objects in an S3 bucket arereplicated to S3 buckets for other AWS accounts and, if so, which accounts.

replicationAccounts

An array of AWS account IDs, one for each AWS account that the bucket is configured to replicate one ormore objects to.

Type: Array of type stringRequired: False

replicatedExternally

Specifies whether the bucket is configured to replicate one or more objects to an AWS account that isn'tpart of the same Amazon Macie organization.

Type: booleanRequired: False

replicated

Specifies whether the bucket is configured to replicate one or more objects to any destination.

Type: booleanRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

75

Page 82: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DescribeBuckets• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Data Sources - S3 StatisticsThe S3 Data Source Statistics resource provides aggregated statistical data for all the Amazon SimpleStorage Service (Amazon S3) buckets that you configured Amazon Macie to monitor and analyze. Thisincludes data for key metrics such as the number of S3 buckets that Macie monitors and analyzes, thenumber of objects in those buckets, and the number of buckets that use each server-side encryptiontype.

You can use this resource to retrieve (query) aggregated data for key metrics that apply to all the S3buckets that you configured Amazon Macie to monitor and analyze. To retrieve additional types of datafor these buckets, use the S3 Data Sources (p. 59) resource.

76

Page 83: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

URI/datasources/s3/statistics

HTTP MethodsPOSTOperation ID: GetBucketStatistics

Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors andanalyzes.

Responses

Status Code Response Model Description

200 GetBucketStatisticsResponse (p. 78)The request succeeded.

400 ValidationException (p. 78)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 78)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 78)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 79)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 79) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 79)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 79)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "accountId": "string"}

77

Page 84: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Response Bodies

Example GetBucketStatisticsResponse

{ "bucketCountByEffectivePermission": { "publiclyWritable": integer, "publiclyReadable": integer, "publiclyAccessible": integer, "unknown": integer }, "lastUpdated": "string", "objectCount": integer, "sizeInBytes": integer, "classifiableObjectCount": integer, "bucketCount": integer, "bucketCountByEncryptionType": { "kmsManaged": integer, "s3Managed": integer, "unencrypted": integer }, "unclassifiableObjectSizeInBytes": { "total": integer, "storageClass": integer, "fileType": integer }, "classifiableSizeInBytes": integer, "bucketCountBySharedAccessType": { "internal": integer, "external": integer, "notShared": integer, "unknown": integer }, "unclassifiableObjectCount": { "total": integer, "storageClass": integer, "fileType": integer }, "sizeInBytesCompressed": integer}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

78

Page 85: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

BucketCountByEffectivePermissionProvides information about the number of S3 buckets that are publicly accessible based on acombination of permissions settings for each bucket.

publiclyWritable

The total number of buckets that allow the general public to have write access to the bucket.

Type: integerRequired: FalseFormat: int64

publiclyReadable

The total number of buckets that allow the general public to have read access to the bucket.

79

Page 86: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: integerRequired: FalseFormat: int64

publiclyAccessible

The total number of buckets that allow the general public to have read or write access to the bucket.

Type: integerRequired: FalseFormat: int64

unknown

The total number of buckets that Amazon Macie wasn't able to evaluate permissions settings for. Maciecan't determine whether these buckets are publicly accessible.

Type: integerRequired: FalseFormat: int64

BucketCountByEncryptionTypeProvides information about the number of S3 buckets that use certain types of server-side encryption ordon't encrypt objects by default.

kmsManaged

The total number of buckets that use an AWS Key Management Service (AWS KMS) customer master key(CMK) to encrypt objects. These buckets use AWS managed AWS KMS (AWS-KMS) encryption or customermanaged AWS KMS (SSE-KMS) encryption.

Type: integerRequired: FalseFormat: int64

s3Managed

The total number of buckets that use an Amazon S3 managed key to encrypt objects. These buckets useAmazon S3 managed (SSE-S3) encryption.

Type: integerRequired: FalseFormat: int64

unencrypted

The total number of buckets that don't encrypt objects by default. Default encryption is disabled forthese buckets.

Type: integerRequired: FalseFormat: int64

80

Page 87: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

BucketCountBySharedAccessTypeProvides information about the number of S3 buckets that are shared with other AWS accounts.

internal

The total number of buckets that are shared with an AWS account that's part of the same Amazon Macieorganization.

Type: integerRequired: FalseFormat: int64

external

The total number of buckets that are shared with an AWS account that isn't part of the same AmazonMacie organization.

Type: integerRequired: FalseFormat: int64

notShared

The total number of buckets that aren't shared with other AWS accounts.

Type: integerRequired: FalseFormat: int64

unknown

The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. Maciecan't determine whether these buckets are shared with other AWS accounts.

Type: integerRequired: FalseFormat: int64

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

GetBucketStatisticsRequestSpecifies the account that owns the S3 buckets to retrieve aggregated statistical data for.

81

Page 88: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

accountId

The unique identifier for the AWS account.

Type: stringRequired: False

GetBucketStatisticsResponse

Provides the results of a query that retrieved aggregated statistical data for the S3 buckets that areowned by an account.

bucketCountByEffectivePermission

The total number of buckets that are publicly accessible based on a combination of permissions settingsfor each bucket.

Type: BucketCountByEffectivePermission (p. 79)Required: False

lastUpdated

The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieveddata about the buckets from Amazon S3.

Type: stringRequired: FalseFormat: date-time

objectCount

The total number of objects in the buckets.

Type: integerRequired: FalseFormat: int64

sizeInBytes

The total storage size, in bytes, of the buckets.

Type: integerRequired: FalseFormat: int64

classifiableObjectCount

The total number of objects that Amazon Macie can analyze in the buckets. These objects use asupported storage class and have a file name extension for a supported file or storage format.

Type: integerRequired: FalseFormat: int64

82

Page 89: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

bucketCount

The total number of buckets.

Type: integerRequired: FalseFormat: int64

bucketCountByEncryptionType

The total number of buckets, grouped by server-side encryption type. This object also reports the totalnumber of buckets that don't encrypt objects by default.

Type: BucketCountByEncryptionType (p. 80)Required: False

unclassifiableObjectSizeInBytes

The total storage size, in bytes, of all the objects that Amazon Macie can't analyze in the buckets. Theseobjects don't use a supported storage class or don't have a file name extension for a supported file orstorage format.

Type: ObjectLevelStatistics (p. 84)Required: False

classifiableSizeInBytes

The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. Theseobjects use a supported storage class and have a file name extension for a supported file or storageformat.

Type: integerRequired: FalseFormat: int64

bucketCountBySharedAccessType

The total number of buckets that are shared with another AWS account.

Type: BucketCountBySharedAccessType (p. 81)Required: False

unclassifiableObjectCount

The total number of objects that Amazon Macie can't analyze in the buckets. These objects don't use asupported storage class or don't have a file name extension for a supported file or storage format.

Type: ObjectLevelStatistics (p. 84)Required: False

sizeInBytesCompressed

The total compressed storage size, in bytes, of the buckets.

Type: integer

83

Page 90: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: FalseFormat: int64

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ObjectLevelStatisticsProvides information about the total storage size (in bytes) or number of objects that Amazon Maciecan't analyze in one or more S3 buckets. In a BucketMetadata object, this data is for a specific bucket.In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the queryresults.

total

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class or don't have a file name extension for a supported file orstorage format.

Type: integerRequired: FalseFormat: int64

storageClass

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects use an unsupported storage class.

Type: integerRequired: FalseFormat: int64

fileType

The total storage size (in bytes) or number of objects that Amazon Macie can't analyze because theobjects don't have a file name extension for a supported file or storage format.

Type: integerRequired: FalseFormat: int64

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

84

Page 91: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetBucketStatistics• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

85

Page 92: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceFindings List

• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Findings ListThe Findings List resource provides a subset of information about the findings for your account. A findingis a detailed report of a potential policy violation for an Amazon Simple Storage Service (Amazon S3)bucket or sensitive data in an S3 object.

Note that this resource doesn't provide access to all the data for a finding. Instead, it provides only asubset of metadata, such as the finding identifier. To retrieve all the data for one or more findings, usethe Findings Descriptions (p. 93) resource.

You can use the Findings List resource to retrieve a subset of information about one or more findings.To customize and refine your query, you can use supported parameters that specify whether and how tofilter, sort, and paginate the results.

URI/findings

HTTP Methods

POSTOperation ID: ListFindings

Retrieves a subset of information about one or more findings.

Responses

Status Code Response Model Description

200 ListFindingsResponse (p. 87)The request succeeded.

400 ValidationException (p. 87)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 87)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 88)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 88)The request failed because thespecified resource wasn't found.

86

Page 93: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

409 ConflictException (p. 88) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 88)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 88)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest BodiesExample POST

{ "nextToken": "string", "maxResults": integer, "findingCriteria": { "criterion": { } }, "sortCriteria": { "orderBy": enum, "attributeName": "string" }}

Response BodiesExample ListFindingsResponse

{ "findingIds": [ "string" ], "nextToken": "string"}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

87

Page 94: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

88

Page 95: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.

key-value pairs

Type: object

CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.

eqExactMatch

The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.

You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.

Type: Array of type stringRequired: False

lt

The value for the property is less than the specified value.

Type: integerRequired: FalseFormat: int64

gte

The value for the property is greater than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

neq

The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.

Type: Array of type stringRequired: False

89

Page 96: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

lte

The value for the property is less than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

eq

The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.

Type: Array of type stringRequired: False

gt

The value for the property is greater than the specified value.

Type: integerRequired: FalseFormat: int64

FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.

criterion

A condition that specifies the property, operator, and one or more values to use to filter the results.

Type: Criterion (p. 89)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ListFindingsRequestSpecifies criteria for filtering, sorting, and paginating the results of a request for information aboutfindings.

nextToken

The nextToken string that specifies which page of results to return in a paginated response.

90

Page 97: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

maxResults

The maximum number of items to include in each page of the response.

Type: integerRequired: FalseFormat: int32

findingCriteria

The criteria to use to filter the results.

Type: FindingCriteria (p. 90)Required: False

sortCriteria

The criteria to use to sort the results.

Type: SortCriteria (p. 92)Required: False

ListFindingsResponseProvides the results of a request for information about one or more findings.

findingIds

An array of strings, where each string is the unique identifier for a finding that meets the filter criteriaspecified in the request.

Type: Array of type stringRequired: False

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: string

91

Page 98: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

SortCriteriaSpecifies criteria for sorting the results of a request for findings.

orderBy

The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.

Type: stringRequired: FalseValues: ASC | DESC

attributeName

The name of the property to sort the results by. This value can be the name of any property that AmazonMacie defines for a finding.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

92

Page 99: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListFindings• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Findings DescriptionsThe Findings Descriptions resource represents the repository of findings for your account. A finding is adetailed report of a potential policy violation for an Amazon Simple Storage Service (Amazon S3) bucketor sensitive data in an S3 object. Each finding provides a severity rating, information about the affectedresource, and additional details, such as when and how Macie found the issue. For information about thetypes of findings that Macie can report, see Types of Amazon Macie findings in the Amazon Macie UserGuide.

You can use this resource to retrieve the details of one or more findings. To customize and refine yourquery, you can use supported parameters to specify which findings to retrieve and how to sort theresults.

URI/findings/describe

HTTP Methods

POSTOperation ID: GetFindings

Retrieves the details of one or more findings.

Responses

Status Code Response Model Description

200 GetFindingsResponse (p. 94)The request succeeded.

93

Page 100: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

400 ValidationException (p. 99)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 99)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 99)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 100)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 100) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 100)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 100)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "findingIds": [ "string" ], "sortCriteria": { "orderBy": enum, "attributeName": "string" }}

Response Bodies

Example GetFindingsResponse

{ "findings": [ { "severity": { "score": integer, "description": enum }, "schemaVersion": "string",

94

Page 101: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"count": integer, "description": "string", "title": "string", "type": enum, "sample": boolean, "archived": boolean, "accountId": "string", "createdAt": "string", "partition": "string", "classificationDetails": { "result": { "customDataIdentifiers": { "totalCount": integer, "detections": [ { "occurrences": { "lineRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "offsetRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "cells": [ { "column": integer, "row": integer, "columnName": "string", "cellReference": "string" } ], "pages": [ { "pageNumber": integer, "offsetRange": { "startColumn": integer, "start": integer, "end": integer }, "lineRange": { "startColumn": integer, "start": integer, "end": integer } } ], "records": [ { "jsonPath": "string", "recordIndex": integer } ] }, "count": integer, "name": "string", "arn": "string" } ] },

95

Page 102: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"sensitiveData": [ { "category": enum, "totalCount": integer, "detections": [ { "occurrences": { "lineRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "offsetRanges": [ { "startColumn": integer, "start": integer, "end": integer } ], "cells": [ { "column": integer, "row": integer, "columnName": "string", "cellReference": "string" } ], "pages": [ { "pageNumber": integer, "offsetRange": { "startColumn": integer, "start": integer, "end": integer }, "lineRange": { "startColumn": integer, "start": integer, "end": integer } } ], "records": [ { "jsonPath": "string", "recordIndex": integer } ] }, "count": integer, "type": "string" } ] } ], "sizeClassified": integer, "mimeType": "string", "additionalOccurrences": boolean, "status": { "reason": "string", "code": "string" } }, "jobId": "string",

96

Page 103: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"detailedResultsLocation": "string", "jobArn": "string" }, "policyDetails": { "actor": { "domainDetails": { "domainName": "string" }, "ipAddressDetails": { "ipOwner": { "org": "string", "asnOrg": "string", "isp": "string", "asn": "string" }, "ipCity": { "name": "string" }, "ipAddressV4": "string", "ipCountry": { "code": "string", "name": "string" }, "ipGeoLocation": { "lon": number, "lat": number } }, "userIdentity": { "federatedUser": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string" }, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "awsAccount": { "accountId": "string", "principalId": "string" }, "root": { "accountId": "string", "principalId": "string", "arn": "string" }, "assumedRole": { "accessKeyId": "string", "sessionContext": { "sessionIssuer": { "accountId": "string", "principalId": "string", "userName": "string", "type": "string", "arn": "string"

97

Page 104: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}, "attributes": { "mfaAuthenticated": boolean, "creationDate": "string" } }, "accountId": "string", "principalId": "string", "arn": "string" }, "type": enum, "iamUser": { "accountId": "string", "principalId": "string", "userName": "string", "arn": "string" }, "awsService": { "invokedBy": "string" } } }, "action": { "actionType": enum, "apiCallDetails": { "lastSeen": "string", "firstSeen": "string", "apiServiceName": "string", "api": "string" } } }, "id": "string", "category": enum, "region": "string", "resourcesAffected": { "s3Object": { "path": "string", "extension": "string", "versionId": "string", "storageClass": enum, "bucketArn": "string", "serverSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "size": integer, "publicAccess": boolean, "eTag": "string", "lastModified": "string", "key": "string", "tags": [ { "value": "string", "key": "string" } ] }, "s3Bucket": { "owner": { "displayName": "string", "id": "string" }, "createdAt": "string", "publicAccess": { "effectivePermission": enum,

98

Page 105: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"permissionConfiguration": { "accountLevelPermissions": { "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean } }, "bucketLevelPermissions": { "accessControlList": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean }, "blockPublicAccess": { "blockPublicPolicy": boolean, "restrictPublicBuckets": boolean, "blockPublicAcls": boolean, "ignorePublicAcls": boolean }, "bucketPolicy": { "allowsPublicReadAccess": boolean, "allowsPublicWriteAccess": boolean } } } }, "name": "string", "defaultServerSideEncryption": { "encryptionType": enum, "kmsMasterKeyId": "string" }, "arn": "string", "tags": [ { "value": "string", "key": "string" } ] } }, "updatedAt": "string" } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{

99

Page 106: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessControlListProvides information about the permissions settings of the bucket-level access control list (ACL) for anS3 bucket.

allowsPublicReadAccess

Specifies whether the ACL grants the general public with read access permissions for the bucket.

Type: booleanRequired: False

allowsPublicWriteAccess

Specifies whether the ACL grants the general public with write access permissions for the bucket.

Type: booleanRequired: False

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

100

Page 107: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

AccountLevelPermissionsProvides information about account-level permissions settings that apply to an S3 bucket.

blockPublicAccess

The block public access settings for the bucket.

Type: BlockPublicAccess (p. 103)Required: False

ApiCallDetailsProvides information about an API operation that an entity invoked for an affected resource.

lastSeen

The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation(api) was invoked and produced the finding.

Type: stringRequired: FalseFormat: date-time

firstSeen

The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked andproduced the finding.

Type: stringRequired: FalseFormat: date-time

apiServiceName

The URL of the AWS service that provides the operation, for example: s3.amazonaws.com.

Type: stringRequired: False

api

The name of the operation that was invoked most recently and produced the finding.

Type: stringRequired: False

101

Page 108: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

AssumedRole

Provides information about an identity that performed an action on an affected resource by usingtemporary security credentials. The credentials were obtained using the AssumeRole operation of theAWS Security Token Service (AWS STS) API.

accessKeyId

The AWS access key ID that identifies the credentials.

Type: stringRequired: False

sessionContext

The details of the session that was created for the credentials, including the entity that issued thesession.

Type: SessionContext (p. 127)Required: False

accountId

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

Type: stringRequired: False

principalId

The unique identifier for the entity that was used to get the credentials.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the entity that was used to get the credentials.

Type: stringRequired: False

AwsAccount

Provides information about an AWS account and entity that performed an action on an affectedresource. The action was performed using the credentials for an AWS account other than your ownaccount.

accountId

The unique identifier for the AWS account.

Type: string

102

Page 109: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

principalId

The unique identifier for the entity that performed the action.

Type: stringRequired: False

AwsServiceProvides information about an AWS service that performed an action on an affected resource.

invokedBy

The name of the AWS service that performed the action.

Type: stringRequired: False

BlockPublicAccessProvides information about the block public access settings for an S3 bucket. These settings can applyto a bucket at the account level or bucket level. For detailed information about each setting, see UsingAmazon S3 block public access in the Amazon Simple Storage Service Developer Guide.

blockPublicPolicy

Specifies whether Amazon S3 blocks public bucket policies for the bucket.

Type: booleanRequired: False

restrictPublicBuckets

Specifies whether Amazon S3 restricts public bucket policies for the bucket.

Type: booleanRequired: False

blockPublicAcls

Specifies whether Amazon S3 blocks public access control lists (ACLs) for the bucket and objects in thebucket.

Type: booleanRequired: False

ignorePublicAcls

Specifies whether Amazon S3 ignores public ACLs for the bucket and objects in the bucket.

Type: booleanRequired: False

103

Page 110: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

BucketLevelPermissionsProvides information about the bucket-level permissions settings for an S3 bucket.

accessControlList

The permissions settings of the access control list (ACL) for the bucket. This value is null if an ACL hasn'tbeen defined for the bucket.

Type: AccessControlList (p. 100)Required: False

blockPublicAccess

The block public access settings for the bucket.

Type: BlockPublicAccess (p. 103)Required: False

bucketPolicy

The permissions settings of the bucket policy for the bucket. This value is null if a bucket policy hasn'tbeen defined for the bucket.

Type: BucketPolicy (p. 104)Required: False

BucketPermissionConfigurationProvides information about the account-level and bucket-level permissions settings for an S3 bucket.

accountLevelPermissions

The account-level permissions settings that apply to the bucket.

Type: AccountLevelPermissions (p. 101)Required: False

bucketLevelPermissions

The bucket-level permissions settings for the bucket.

Type: BucketLevelPermissions (p. 104)Required: False

BucketPolicyProvides information about the permissions settings of a bucket policy for an S3 bucket.

allowsPublicReadAccess

Specifies whether the bucket policy allows the general public to have read access to the bucket.

Type: boolean

104

Page 111: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

allowsPublicWriteAccess

Specifies whether the bucket policy allows the general public to have write access to the bucket.

Type: booleanRequired: False

BucketPublicAccessProvides information about the permissions settings that determine whether an S3 bucket is publiclyaccessible.

effectivePermission

Specifies whether the bucket is publicly accessible due to the combination of permissions settings thatapply to the bucket. Possible values are:

• NOT_PUBLIC - The bucket isn't publicly accessible.

• PUBLIC - The bucket is publicly accessible.

• UNKNOWN - Amazon Macie can't determine whether the bucket is publicly accessible.

Type: stringRequired: FalseValues: PUBLIC | NOT_PUBLIC | UNKNOWN

permissionConfiguration

The account-level and bucket-level permissions for the bucket.

Type: BucketPermissionConfiguration (p. 104)Required: False

CellSpecifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSVfile.

column

The column number of the column that contains the data. For a Microsoft Excel workbook, this valuecorrelates to the alphabetical character(s) for a column identifier. For example, 1 for column A, 2 forcolumn B, and so on.

Type: integerRequired: FalseFormat: int64

row

The row number of the row that contains the data.

105

Page 112: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: integerRequired: FalseFormat: int64

columnName

The name of the column that contains the data, if available.

Type: stringRequired: False

cellReference

The location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5for cell C5 on Sheet2 in a Microsoft Excel workbook. This value is null for CSV and TSV files.

Type: stringRequired: False

ClassificationDetailsProvides information about a sensitive data finding, including the classification job that produced thefinding.

result

The status and other details for the finding.

Type: ClassificationResult (p. 107)Required: False

jobId

The unique identifier for the classification job that produced the finding.

Type: stringRequired: False

detailedResultsLocation

The path to the folder or file (in Amazon S3) that contains the corresponding sensitive data discoveryresult for the finding. If a finding applies to a large archive or compressed file, this value is the path to afolder. Otherwise, this value is the path to a file.

Type: stringRequired: False

jobArn

The Amazon Resource Name (ARN) of the classification job that produced the finding.

Type: stringRequired: False

106

Page 113: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ClassificationResultProvides the details of a sensitive data finding, including the types, number of occurrences, and locationsof the sensitive data that was detected.

customDataIdentifiers

The custom data identifiers that detected the sensitive data and the number of occurrences of the datathat they detected.

Type: CustomDataIdentifiers (p. 108)Required: False

sensitiveData

The category, types, and number of occurrences of the sensitive data that produced the finding.

Type: Array of type SensitiveDataItem (p. 126)Required: False

sizeClassified

The total size, in bytes, of the data that the finding applies to.

Type: integerRequired: FalseFormat: int64

mimeType

The type of content, as a MIME type, that the finding applies to. For example, application/gzip, for aGNU Gzip compressed archive file, or application/pdf, for an Adobe Portable Document Format file.

Type: stringRequired: False

additionalOccurrences

Specifies whether Amazon Macie detected additional occurrences of sensitive data in the S3 object. Afinding includes location data for a maximum of 15 occurrences of sensitive data.

This value can help you determine whether to investigate additional occurrences of sensitive data in anobject. You can do this by referring to the corresponding sensitive data discovery result for the finding(ClassificationDetails.detailedResultsLocation).

Type: booleanRequired: False

status

The status of the finding.

Type: ClassificationResultStatus (p. 108)Required: False

107

Page 114: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ClassificationResultStatusProvides information about the status of a sensitive data finding.

reason

A brief description of the status of the finding. Amazon Macie uses this value to notify you of any errors,warnings, or considerations that might impact your analysis of the finding.

Type: stringRequired: False

code

The status of the finding. Possible values are:

• COMPLETE - Amazon Macie successfully completed its analysis of the object that the finding applies to.• PARTIAL - Macie analyzed only a subset of the data in the object that the finding applies to. For

example, the object is an archive file that contains files in an unsupported format.• SKIPPED - Macie wasn't able to analyze the object that the finding applies to. For example, the object

is a malformed file or a file that uses an unsupported format.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CustomDataIdentifiersProvides information about custom data identifiers that produced a sensitive data finding, and thenumber of occurrences of the data that they detected for the finding.

totalCount

The total number of occurrences of the data that was detected by the custom data identifiers andproduced the finding.

Type: integerRequired: FalseFormat: int64

detections

The custom data identifiers that detected the data, and the number of occurrences of the data that eachidentifier detected.

108

Page 115: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Array of type CustomDetection (p. 109)Required: False

CustomDetectionProvides information about a custom data identifier that produced a sensitive data finding, and thesensitive data that it detected for the finding.

occurrences

The location of 1-15 occurrences of the sensitive data that the custom data identifier detected. A findingincludes location data for a maximum of 15 occurrences of sensitive data.

Type: Occurrences (p. 119)Required: False

count

The total number of occurrences of the sensitive data that the custom data identifier detected.

Type: integerRequired: FalseFormat: int64

name

The name of the custom data identifier.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the custom data identifier.

Type: stringRequired: False

DefaultDetectionProvides information about a type of sensitive data that was detected by managed data identifiers andproduced a sensitive data finding.

occurrences

The location of 1-15 occurrences of the sensitive data that was detected. A finding includes location datafor a maximum of 15 occurrences of sensitive data.

Type: Occurrences (p. 119)Required: False

count

The total number of occurrences of the type of sensitive data that was detected.

109

Page 116: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: integerRequired: FalseFormat: int64

type

The type of sensitive data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, orADDRESS.

Type: stringRequired: False

DomainDetailsProvides information about the domain name of the device that an entity used to perform an action onan affected resource.

domainName

The name of the domain.

Type: stringRequired: False

EncryptionTypeThe type of server-side encryption that's used to encrypt an S3 object or objects in an S3 bucket. Validvalues are:

NONEAES256aws:kmsUNKNOWN

FederatedUserProvides information about an identity that performed an action on an affected resource by usingtemporary security credentials. The credentials were obtained using the GetFederationTokenoperation of the AWS Security Token Service (AWS STS) API.

accessKeyId

The AWS access key ID that identifies the credentials.

Type: stringRequired: False

sessionContext

The details of the session that was created for the credentials, including the entity that issued thesession.

Type: SessionContext (p. 127)

110

Page 117: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

accountId

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

Type: stringRequired: False

principalId

The unique identifier for the entity that was used to get the credentials.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the entity that was used to get the credentials.

Type: stringRequired: False

FindingProvides the details of a finding.

severity

The severity level and score for the finding.

Type: Severity (p. 129)Required: False

schemaVersion

The version of the schema that was used to define the data structures in the finding.

Type: stringRequired: False

count

The total number of occurrences of the finding. For sensitive data findings, this value is always 1. Allsensitive data findings are considered new (unique) because they derive from individual classificationjobs.

Type: integerRequired: FalseFormat: int64

description

The description of the finding.

111

Page 118: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

title

The brief description of the finding.

Type: stringRequired: False

type

The type of the finding.

Type: FindingType (p. 115)Required: False

sample

Specifies whether the finding is a sample finding. A sample finding is a finding that uses example data todemonstrate what a finding might contain.

Type: booleanRequired: False

archived

Specifies whether the finding is archived.

Type: booleanRequired: False

accountId

The unique identifier for the AWS account that the finding applies to. This is typically the account thatowns the affected resource.

Type: stringRequired: False

createdAt

The date and time, in UTC and extended ISO 8601 format, when the finding was created.

Type: stringRequired: FalseFormat: date-time

partition

The AWS partition that Amazon Macie created the finding in.

Type: string

112

Page 119: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

classificationDetails

The details of a sensitive data finding. This value is null for a policy finding.

Type: ClassificationDetails (p. 106)Required: False

policyDetails

The details of a policy finding. This value is null for a sensitive data finding.

Type: PolicyDetails (p. 121)Required: False

id

The unique identifier for the finding. This is a random string that Amazon Macie generates and assigns toa finding when it creates the finding.

Type: stringRequired: False

category

The category of the finding. Possible values are: CLASSIFICATION, for a sensitive data finding; and,POLICY, for a policy finding.

Type: FindingCategory (p. 115)Required: False

region

The AWS Region that Amazon Macie created the finding in.

Type: stringRequired: False

resourcesAffected

The resources that the finding applies to.

Type: ResourcesAffected (p. 122)Required: False

updatedAt

The date and time, in UTC and extended ISO 8601 format, when the finding was last updated. Forsensitive data findings, this value is the same as the value for the createdAt property. All sensitive datafindings are considered new (unique) because they derive from individual classification jobs.

Type: stringRequired: False

113

Page 120: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Format: date-time

FindingActionProvides information about an action that occurred for a resource and produced a policy finding.

actionType

The type of action that occurred for the affected resource. This value is typically AWS_API_CALL, whichindicates that an entity invoked an API operation for the resource.

Type: FindingActionType (p. 114)Required: False

apiCallDetails

The invocation details of the API operation that an entity invoked for the affected resource, if the valuefor the actionType property is AWS_API_CALL.

Type: ApiCallDetails (p. 101)Required: False

FindingActionTypeThe type of action that occurred for the resource and produced the policy finding:

AWS_API_CALL

FindingActorProvides information about an entity that performed an action that produced a policy finding for aresource.

domainDetails

The domain name of the device that the entity used to perform the action on the affected resource.

Type: DomainDetails (p. 110)Required: False

ipAddressDetails

The IP address of the device that the entity used to perform the action on the affected resource. Thisobject also provides information such as the owner and geographic location for the IP address.

Type: IpAddressDetails (p. 116)Required: False

userIdentity

The type and other characteristics of the entity that performed the action on the affected resource.

Type: UserIdentity (p. 130)

114

Page 121: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

FindingCategoryThe category of the finding. Valid values are:

CLASSIFICATIONPOLICY

FindingTypeThe type of finding. For details about each type, see Types of Amazon Macie findings in the AmazonMacie User Guide. Valid values are:

SensitiveData:S3Object/MultipleSensitiveData:S3Object/FinancialSensitiveData:S3Object/PersonalSensitiveData:S3Object/CredentialsSensitiveData:S3Object/CustomIdentifierPolicy:IAMUser/S3BucketPublicPolicy:IAMUser/S3BucketSharedExternallyPolicy:IAMUser/S3BucketReplicatedExternallyPolicy:IAMUser/S3BucketEncryptionDisabledPolicy:IAMUser/S3BlockPublicAccessDisabled

GetFindingsRequestSpecifies one or more findings to retrieve.

findingIds

An array of strings that lists the unique identifiers for the findings to retrieve.

Type: Array of type stringRequired: True

sortCriteria

The criteria for sorting the results of the request.

Type: SortCriteria (p. 129)Required: False

GetFindingsResponseProvides the results of a request for one or more findings.

findings

An array of objects, one for each finding that meets the criteria specified in the request.

Type: Array of type Finding (p. 111)

115

Page 122: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

IamUserProvides information about an AWS Identity and Access Management (IAM) user who performed anaction on an affected resource.

accountId

The unique identifier for the AWS account that's associated with the IAM user who performed the action.

Type: stringRequired: False

principalId

The unique identifier for the IAM user who performed the action.

Type: stringRequired: False

userName

The user name of the IAM user who performed the action.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the principal that performed the action. The last section of theARN contains the name of the user who performed the action.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

IpAddressDetailsProvides information about the IP address of the device that an entity used to perform an action on anaffected resource.

116

Page 123: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ipOwner

The registered owner of the IP address.

Type: IpOwner (p. 118)Required: False

ipCity

The city that the IP address originated from.

Type: IpCity (p. 117)Required: False

ipAddressV4

The Internet Protocol version 4 (IPv4) address of the device.

Type: stringRequired: False

ipCountry

The country that the IP address originated from.

Type: IpCountry (p. 117)Required: False

ipGeoLocation

The geographic coordinates of the location that the IP address originated from.

Type: IpGeoLocation (p. 118)Required: False

IpCityProvides information about the city that an IP address originated from.

name

The name of the city.

Type: stringRequired: False

IpCountryProvides information about the country that an IP address originated from.

code

The two-character code, in ISO 3166-1 alpha-2 format, for the country that the IP address originatedfrom. For example, US for the United States.

117

Page 124: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

name

The name of the country that the IP address originated from.

Type: stringRequired: False

IpGeoLocationProvides geographic coordinates that indicate where a specified IP address originated from.

lon

The longitude coordinate of the location, rounded to four decimal places.

Type: numberRequired: False

lat

The latitude coordinate of the location, rounded to four decimal places.

Type: numberRequired: False

IpOwnerProvides information about the registered owner of an IP address.

org

The name of the organization that owned the IP address.

Type: stringRequired: False

asnOrg

The organization identifier that's associated with the autonomous system number (ASN) for theautonomous system that included the IP address.

Type: stringRequired: False

isp

The name of the internet service provider (ISP) that owned the IP address.

Type: stringRequired: False

118

Page 125: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

asn

The autonomous system number (ASN) for the autonomous system that included the IP address.

Type: stringRequired: False

KeyValuePairProvides information about the tags that are associated with an S3 bucket or object. Each tag consists ofa required tag key and an associated tag value.

value

One part of a key-value pair that comprises a tag. A tag value acts as a descriptor for a tag key. A tagvalue can be an empty string.

Type: stringRequired: False

key

One part of a key-value pair that comprises a tag. A tag key is a general label that acts as a category formore specific tag values.

Type: stringRequired: False

OccurrencesProvides the location of 1-15 occurrences of sensitive data that was detected by managed dataidentifiers or a custom data identifier and produced a sensitive data finding.

lineRanges

An array of objects, one for each occurrence of sensitive data in a Microsoft Word document or non-binary text file, such as an HTML, JSON, TXT, or XML file. Each object specifies the line that contains thedata, and the position of the data on that line.

This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptionsare the locations of: data in unstructured sections of an otherwise structured file, such as a comment in afile; and, data in a malformed file that Amazon Macie analyzes as plain text.

Type: Array of type Range (p. 121)Required: False

offsetRanges

An array of objects, one for each occurrence of sensitive data in a binary text file. Each object specifiesthe position of the data relative to the beginning of the file.

This value is typically null. For binary text files, Amazon Macie adds location data to alineRanges.Range or Page object, depending on the file type.

Type: Array of type Range (p. 121)

119

Page 126: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

cells

An array of objects, one for each occurrence of sensitive data in a Microsoft Excel workbook, CSV file, orTSV file. Each object specifies the cell or field that contains the data. This value is null for all other typesof files.

Type: Array of type Cell (p. 105)Required: False

pages

An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Formatfile. Each object specifies the page that contains the data, and the position of the data on that page. Thisvalue is null for all other types of files.

Type: Array of type Page (p. 120)Required: False

records

An array of objects, one for each occurrence of sensitive data in an Apache Avro object container orApache Parquet file. Each object specifies the record index and the path to the field in the record thatcontains the data. This value is null for all other types of files.

Type: Array of type Record (p. 122)Required: False

PageSpecifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.

pageNumber

The page number of the page that contains the data.

Type: integerRequired: FalseFormat: int64

offsetRange

The position of the data on the page, relative to the beginning of the page.

Type: Range (p. 121)Required: False

lineRange

The line that contains the data, and the position of the data on that line.

Type: Range (p. 121)Required: False

120

Page 127: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

PolicyDetailsProvides the details of a policy finding.

actor

The entity that performed the action that produced the finding.

Type: FindingActor (p. 114)Required: False

action

The action that produced the finding.

Type: FindingAction (p. 114)Required: False

RangeProvides details about the location of an occurrence of sensitive data in an Adobe Portable DocumentFormat file, Microsoft Word document, or non-binary text file.

startColumn

The column number for the column that contains the data, if the file contains structured data.

Type: integerRequired: FalseFormat: int64

start

Possible values are:

• In an Occurrences.lineRanges array, the number of lines from the beginning of the file to thebeginning of the sensitive data.

• In an Occurrences.offsetRanges array, the number of characters from the beginning of the file tothe beginning of the sensitive data.

• In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginningof the page to the beginning of the sensitive data.

Type: integerRequired: FalseFormat: int64

end

Possible values are:

• In an Occurrences.lineRanges array, the number of lines from the beginning of the file to the endof the sensitive data.

• In an Occurrences.offsetRanges array, the number of characters from the beginning of the file tothe end of the sensitive data.

121

Page 128: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

• In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginningof the page to the end of the sensitive data.

Type: integerRequired: FalseFormat: int64

RecordSpecifies the location of an occurrence of sensitive data in an Apache Avro object container or ApacheParquet file.

jsonPath

The path, as a JSONPath expression, to the field in the record that contains the data.

If the name of an element exceeds 20 characters, Amazon Macie truncates the name by removingcharacters from the beginning of the name. If the resulting full path exceeds 250 characters, Maciealso truncates the path, starting with the first element in the path, until the path contains 250 or fewercharacters.

Type: stringRequired: False

recordIndex

The record index, starting from 0, for the record that contains the data.

Type: integerRequired: FalseFormat: int64

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourcesAffectedProvides information about the resources that a finding applies to.

s3Object

An array of objects, one for each S3 object that the finding applies to. Each object provides a set ofmetadata about an affected S3 object.

Type: S3Object (p. 124)

122

Page 129: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

s3Bucket

An array of objects, one for each S3 bucket that the finding applies to. Each object provides a set ofmetadata about an affected S3 bucket.

Type: S3Bucket (p. 123)Required: False

S3BucketProvides information about an S3 bucket that a finding applies to.

owner

The display name and account identifier for the user who owns the bucket.

Type: S3BucketOwner (p. 124)Required: False

createdAt

The date and time, in UTC and extended ISO 8601 format, when the bucket was created.

Type: stringRequired: FalseFormat: date-time

publicAccess

The permissions settings that determine whether the bucket is publicly accessible.

Type: BucketPublicAccess (p. 105)Required: False

name

The name of the bucket.

Type: stringRequired: False

defaultServerSideEncryption

The type of server-side encryption that's used by default to encrypt objects in the bucket.

Type: ServerSideEncryption (p. 127)Required: False

arn

The Amazon Resource Name (ARN) of the bucket.

123

Page 130: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

tags

The tags that are associated with the bucket.

Type: Array of type KeyValuePair (p. 119)Required: False

S3BucketOwner

Provides information about the user who owns an S3 bucket.

displayName

The display name of the user who owns the bucket.

Type: stringRequired: False

id

The AWS account ID for the user who owns the bucket.

Type: stringRequired: False

S3Object

Provides information about an S3 object that a finding applies to.

path

The path to the object, including the full key (name).

Type: stringRequired: False

extension

The file name extension of the object. If the object doesn't have a file name extension, this value is "".

Type: stringRequired: False

versionId

The identifier for the affected version of the object.

Type: stringRequired: False

124

Page 131: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

storageClass

The storage class of the object.

Type: StorageClass (p. 130)Required: False

bucketArn

The Amazon Resource Name (ARN) of the bucket that contains the object.

Type: stringRequired: False

serverSideEncryption

The type of server-side encryption that's used for the object.

Type: ServerSideEncryption (p. 127)Required: False

size

The total storage size, in bytes, of the object.

Type: integerRequired: FalseFormat: int64

publicAccess

Specifies whether the object is publicly accessible due to the combination of permissions settings thatapply to the object.

Type: booleanRequired: False

eTag

The entity tag (ETag) that identifies the affected version of the object. If the object was overwritten orchanged after Amazon Macie produced the finding, this value might be different from the current ETagfor the object.

Type: stringRequired: False

lastModified

The date and time, in UTC and extended ISO 8601 format, when the object was last modified.

Type: stringRequired: FalseFormat: date-time

125

Page 132: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

key

The full key (name) that's assigned to the object.

Type: stringRequired: False

tags

The tags that are associated with the object.

Type: Array of type KeyValuePair (p. 119)Required: False

SensitiveDataItemProvides information about the category, types, and occurrences of sensitive data that produced asensitive data finding.

category

The category of sensitive data that was detected. For example: CREDENTIALS, for credentials datasuch as private keys or AWS secret keys; FINANCIAL_INFORMATION, for financial data such as creditcard numbers; or, PERSONAL_INFORMATION, for personal health information, such as health insuranceidentification numbers, or personally identifiable information, such as driver's license identificationnumbers.

Type: SensitiveDataItemCategory (p. 126)Required: False

totalCount

The total number of occurrences of the sensitive data that was detected.

Type: integerRequired: FalseFormat: int64

detections

An array of objects, one for each type of sensitive data that was detected. Each object reports thenumber of occurrences of a specific type of sensitive data that was detected, and the location of up to 15of those occurrences.

Type: Array of type DefaultDetection (p. 109)Required: False

SensitiveDataItemCategoryThe category of sensitive data that was detected and produced the finding. Possible values are:

FINANCIAL_INFORMATIONPERSONAL_INFORMATION

126

Page 133: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

CREDENTIALSCUSTOM_IDENTIFIER

ServerSideEncryption

Provides information about the server-side encryption settings for an S3 bucket or S3 object.

encryptionType

The server-side encryption algorithm that's used when storing data in the bucket or object. If encryptionis disabled for the bucket or object, this value is NONE.

Type: EncryptionType (p. 110)Required: False

kmsMasterKeyId

The unique identifier for the AWS Key Management Service (AWS KMS) master key that's used to encryptthe bucket or object. This value is null if AWS KMS isn't used to encrypt the bucket or object.

Type: stringRequired: False

ServiceQuotaExceededException

Provides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

SessionContext

Provides information about a session that was created for an entity that performed an action by usingtemporary security credentials.

sessionIssuer

The source and type of credentials that were issued to the entity.

Type: SessionIssuer (p. 128)Required: False

attributes

The date and time when the credentials were issued, and whether the credentials were authenticatedwith a multi-factor authentication (MFA) device.

Type: SessionContextAttributes (p. 128)

127

Page 134: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

SessionContextAttributesProvides information about the context in which temporary security credentials were issued to an entity.

mfaAuthenticated

Specifies whether the credentials were authenticated with a multi-factor authentication (MFA) device.

Type: booleanRequired: False

creationDate

The date and time, in UTC and ISO 8601 format, when the credentials were issued.

Type: stringRequired: FalseFormat: date-time

SessionIssuerProvides information about the source and type of temporary security credentials that were issued to anentity.

accountId

The unique identifier for the AWS account that owns the entity that was used to get the credentials.

Type: stringRequired: False

principalId

The unique identifier for the entity that was used to get the credentials.

Type: stringRequired: False

userName

The name or alias of the user or role that issued the session. This value is null if the credentials wereobtained from a root account that doesn't have an alias.

Type: stringRequired: False

type

The source of the temporary security credentials, such as Root, IAMUser, or Role.

Type: stringRequired: False

128

Page 135: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

arn

The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get thecredentials.

Type: stringRequired: False

SeverityProvides the numerical and qualitative representations of a finding's severity.

score

The numerical representation of the finding's severity, ranging from 1 (least severe) to 3 (most severe).

Type: integerRequired: FalseFormat: int64

description

The qualitative representation of the finding's severity, ranging from Low (least severe) to High (mostsevere).

Type: SeverityDescription (p. 129)Required: False

SeverityDescriptionThe qualitative representation of the finding's severity. Possible values are:

LowMediumHigh

SortCriteriaSpecifies criteria for sorting the results of a request for findings.

orderBy

The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.

Type: stringRequired: FalseValues: ASC | DESC

attributeName

The name of the property to sort the results by. This value can be the name of any property that AmazonMacie defines for a finding.

129

Page 136: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

StorageClassThe storage class of the S3 object. Possible values are:

STANDARDREDUCED_REDUNDANCYSTANDARD_IAINTELLIGENT_TIERINGDEEP_ARCHIVEONEZONE_IAGLACIER

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UserIdentityProvides information about the type and other characteristics of an entity that performed an action onan affected resource.

federatedUser

If the action was performed with temporary security credentials that were obtained using theGetFederationToken operation of the AWS Security Token Service (AWS STS) API, the identifiers,session context, and other details about the identity.

Type: FederatedUser (p. 110)Required: False

awsAccount

If the action was performed using the credentials for another AWS account, the details of that account.

Type: AwsAccount (p. 102)Required: False

root

If the action was performed using the credentials for your AWS account, the details of your account.

Type: UserIdentityRoot (p. 131)Required: False

130

Page 137: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

assumedRole

If the action was performed with temporary security credentials that were obtained using theAssumeRole operation of the AWS Security Token Service (AWS STS) API, the identifiers, sessioncontext, and other details about the identity.

Type: AssumedRole (p. 102)Required: False

type

The type of entity that performed the action.

Type: UserIdentityType (p. 132)Required: False

iamUser

If the action was performed using the credentials for an AWS Identity and Access Management (IAM)user, the name and other details about the user.

Type: IamUser (p. 116)Required: False

awsService

If the action was performed by an AWS account that belongs to an AWS service, the name of the service.

Type: AwsService (p. 103)Required: False

UserIdentityRootProvides information about an AWS account and entity that performed an action on an affectedresource. The action was performed using the credentials for your AWS account.

accountId

The unique identifier for the AWS account.

Type: stringRequired: False

principalId

The unique identifier for the entity that performed the action.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the principal that performed the action. The last section of theARN contains the name of the user or role that performed the action.

131

Page 138: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

UserIdentityType

The type of entity that performed the action on the affected resource. Possible values are:

AssumedRoleIAMUserFederatedUserRootAWSAccountAWSService

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetFindings• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Findings SamplesThe Findings Samples resource provides a set of findings that use example data to help you understandand analyze the various types of findings that Amazon Macie can report. A finding is a detailed report of

132

Page 139: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

a potential policy violation for an Amazon Simple Storage Service (Amazon S3) bucket or sensitive datain an S3 object. For more information about the types of findings that Macie can report, see Types ofAmazon Macie findings in the Amazon Macie User Guide.

If you use this resource to create sample findings, Macie generates one sample finding for eachsupported finding type that you choose to include in the set of samples. You can then view and workwith these sample findings by using the Amazon Macie API or the Amazon Macie console. To help youidentify a sample finding, Macie adds the [SAMPLE] prefix to the value for the FindingType propertyof each sample finding. It also sets the value for the sample property to true.

You can use the Findings Samples resource to create one or more sample findings. To create only certaintypes of sample findings, you can use the supported request parameter to specify each type of samplethat you want Macie to create.

URI/findings/sample

HTTP Methods

POSTOperation ID: CreateSampleFindings

Creates sample findings.

Responses

Status Code Response Model Description

200 Empty Schema (p. 134) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 134)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 134)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 134)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 134)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 134) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 135)The request failed because yousent too many requests during acertain amount of time.

133

Page 140: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 135)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest BodiesExample POST

{ "findingTypes": [ enum ]}

Response BodiesExample Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{

134

Page 141: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateSampleFindingsRequestSpecifies the types of findings to include in a set of sample findings that Amazon Macie creates.

findingTypes

An array that lists one or more types of findings to include in the set of sample findings. Currently, theonly supported value is Policy:IAMUser/S3BucketEncryptionDisabled.

Type: Array of type FindingType (p. 136)Required: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

135

Page 142: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

FindingTypeThe type of finding. For details about each type, see Types of Amazon Macie findings in the AmazonMacie User Guide. Valid values are:

SensitiveData:S3Object/MultipleSensitiveData:S3Object/FinancialSensitiveData:S3Object/PersonalSensitiveData:S3Object/CredentialsSensitiveData:S3Object/CustomIdentifierPolicy:IAMUser/S3BucketPublicPolicy:IAMUser/S3BucketSharedExternallyPolicy:IAMUser/S3BucketReplicatedExternallyPolicy:IAMUser/S3BucketEncryptionDisabledPolicy:IAMUser/S3BlockPublicAccessDisabled

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

136

Page 143: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

CreateSampleFindings• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Findings StatisticsThe Findings Statistics resource provides aggregated statistical data about the findings for your account.This primarily includes data about the total number of findings, grouped by a key value such as severity,finding type, or affected resource. The data is available for all the findings that Amazon Macie stores foryour account.

You can use this resource to retrieve (query) aggregated statistical data about findings for your account.To customize and refine your query, you can use supported parameters that specify how to filter, group,and sort the query results.

URI/findings/statistics

137

Page 144: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

HTTP MethodsPOSTOperation ID: GetFindingStatistics

Retrieves (queries) aggregated statistical data about findings.

Responses

Status Code Response Model Description

200 GetFindingStatisticsResponse (p. 139)The request succeeded.

400 ValidationException (p. 139)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 139)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 139)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 139)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 139) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 139)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 139)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest BodiesExample POST

{ "size": integer, "findingCriteria": { "criterion": { } }, "groupBy": enum, "sortCriteria": { "orderBy": enum, "attributeName": enum }

138

Page 145: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}

Response BodiesExample GetFindingStatisticsResponse

{ "countsByGroup": [ { "count": integer, "groupKey": "string" } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{

139

Page 146: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.

key-value pairs

Type: object

CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.

eqExactMatch

The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.

You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.

140

Page 147: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Array of type stringRequired: False

lt

The value for the property is less than the specified value.

Type: integerRequired: FalseFormat: int64

gte

The value for the property is greater than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

neq

The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.

Type: Array of type stringRequired: False

lte

The value for the property is less than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

eq

The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.

Type: Array of type stringRequired: False

gt

The value for the property is greater than the specified value.

Type: integerRequired: FalseFormat: int64

FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.

141

Page 148: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

criterion

A condition that specifies the property, operator, and one or more values to use to filter the results.

Type: Criterion (p. 140)Required: False

FindingStatisticsSortAttributeNameThe grouping to sort the results by. Valid values are:

groupKeycount

FindingStatisticsSortCriteriaSpecifies criteria for sorting the results of a query that retrieves aggregated statistical data aboutfindings.

orderBy

The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.

Type: stringRequired: FalseValues: ASC | DESC

attributeName

The grouping to sort the results by. Valid values are: count, sort the results by the number of findings ineach group of results; and, groupKey, sort the results by the name of each group of results.

Type: FindingStatisticsSortAttributeName (p. 142)Required: False

GetFindingStatisticsRequestSpecifies criteria for filtering, grouping, sorting, and paginating the results of a query that retrievesaggregated statistical data about findings.

size

The maximum number of items to include in each page of the response.

Type: integerRequired: FalseFormat: int32

findingCriteria

The criteria to use to filter the query results.

Type: FindingCriteria (p. 141)

142

Page 149: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

groupBy

The finding property to use to group the query results. Valid values are:

• classificationDetails.jobId - The unique identifier for the classification job that produced thefinding.

• resourcesAffected.s3Bucket.name - The name of the S3 bucket that the finding applies to.• severity.description - The severity level of the finding, such as High or Medium.• type - The type of finding, such as Policy:IAMUser/S3BucketPublic andSensitiveData:S3Object/Personal.

Type: stringRequired: TrueValues: resourcesAffected.s3Bucket.name | type | classificationDetails.jobId |severity.description

sortCriteria

The criteria to use to sort the query results.

Type: FindingStatisticsSortCriteria (p. 142)Required: False

GetFindingStatisticsResponseProvides the results of a query that retrieved aggregated statistical data about findings.

countsByGroup

An array of objects, one for each group of findings that meet the filter criteria specified in the request.

Type: Array of type GroupCount (p. 143)Required: False

GroupCountProvides a group of results for a query that retrieved aggregated statistical data about findings.

count

The total number of findings in the group of query results.

Type: integerRequired: FalseFormat: int64

groupKey

The name of the property that defines the group in the query results, as specified by the groupByproperty in the query request.

Type: string

143

Page 150: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

144

Page 151: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetFindingStatistics• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Findings FiltersThe Findings Filters resource represents the repository of filters that you create and save to view,analyze, and manage findings. A findings filter, also referred to as a filter, is a set of criteria that specifieswhich findings to include in the results of a query for findings. A findings filter can also perform specificactions on findings that meet the filter's criteria. For example, you can configure a filter to suppress(automatically archive) findings that meet the filter's criteria. For more information about creating andusing filters, see Filtering findings in the Amazon Macie User Guide.

You can use the Findings Filters resource to create a new filter or retrieve information about all theexisting filters for your account. To update, delete, or retrieve detailed information about an individualfilter, use the Findings Filter (p. 155) resource.

URI/findingsfilters

HTTP MethodsGETOperation ID: ListFindingsFilters

Retrieves a subset of information about all the findings filters for an account.

Query Parameters

Name Type Required Description

nextToken String False The nextToken stringthat specifies which

145

Page 152: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Name Type Required Description

page of results toreturn in a paginatedresponse.

maxResults String False The maximum numberof items to includein each page of apaginated response.

Responses

Status Code Response Model Description

200 ListFindingsFiltersResponse (p. 147)The request succeeded.

400 ValidationException (p. 148)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 148)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 148)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 148)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 148) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 148)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 148)The request failed due to anunknown internal server error,exception, or failure.

POSTOperation ID: CreateFindingsFilter

Creates and defines the criteria and other settings for a findings filter.

Responses

Status Code Response Model Description

200 CreateFindingsFilterResponse (p. 148)The request succeeded.

400 ValidationException (p. 148)The request failed because itcontains a syntax error.

146

Page 153: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

402 ServiceQuotaExceededException (p. 148)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 148)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 148)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 148) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 148)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 148)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "findingCriteria": { "criterion": { } }, "clientToken": "string", "name": "string", "description": "string", "action": enum, "position": integer, "tags": { }}

Response Bodies

Example ListFindingsFiltersResponse

{ "nextToken": "string", "findingsFilterListItems": [ { "name": "string", "action": enum, "id": "string",

147

Page 154: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"arn": "string", "tags": { } } ]}

Example CreateFindingsFilterResponse

{ "id": "string", "arn": "string"}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"

148

Page 155: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateFindingsFilterRequestSpecifies the criteria and other settings for a new findings filter.

findingCriteria

The criteria to use to filter findings.

Type: FindingCriteria (p. 152)Required: True

clientToken

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Type: stringRequired: False

name

A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64characters.

We strongly recommend that you avoid including any sensitive data in the name of a filter. Other usersof your account might be able to see the filter's name, depending on the actions that they're allowed toperform in Amazon Macie.

Type: stringRequired: True

149

Page 156: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

description

A custom description of the filter. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a filter. Otherusers of your account might be able to see the filter's description, depending on the actions that they'reallowed to perform in Amazon Macie.

Type: stringRequired: False

action

The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are:ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.

Type: FindingsFilterAction (p. 152)Required: True

position

The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.

Type: integerRequired: FalseFormat: int32

tags

A map of key-value pairs that specifies the tags to associate with the filter.

A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.

Type: TagMap (p. 154)Required: False

CreateFindingsFilterResponseProvides information about a findings filter that was created in response to a request.

id

The unique identifier for the filter that was created.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the filter that was created.

150

Page 157: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.

key-value pairs

Type: object

CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.

eqExactMatch

The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.

You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.

Type: Array of type stringRequired: False

lt

The value for the property is less than the specified value.

Type: integerRequired: FalseFormat: int64

gte

The value for the property is greater than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

neq

The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.

151

Page 158: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Array of type stringRequired: False

lte

The value for the property is less than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

eq

The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.

Type: Array of type stringRequired: False

gt

The value for the property is greater than the specified value.

Type: integerRequired: FalseFormat: int64

FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.

criterion

A condition that specifies the property, operator, and one or more values to use to filter the results.

Type: Criterion (p. 151)Required: False

FindingsFilterActionThe action to perform on findings that meet the filter criteria. To suppress (automatically archive)findings that meet the criteria, set this value to ARCHIVE. Valid values are:

ARCHIVENOOP

FindingsFilterListItemProvides information about a findings filter.

name

The custom name of the filter.

152

Page 159: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

action

The action that's performed on findings that meet the filter criteria. Possible values are: ARCHIVE,suppress (automatically archive) the findings; and, NOOP, don't perform any action on the findings.

Type: FindingsFilterAction (p. 152)Required: False

id

The unique identifier for the filter.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the filter.

Type: stringRequired: False

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.

Type: TagMap (p. 154)Required: False

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ListFindingsFiltersResponse

Provides information about all the findings filters for an account.

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

153

Page 160: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

findingsFilterListItems

An array of objects, one for each filter that's associated with the account.

Type: Array of type FindingsFilterListItem (p. 152)Required: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

154

Page 161: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListFindingsFilters• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

CreateFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Findings FilterThe Findings Filter resource represents an individual filter that you created and saved to view, analyze,and manage findings. A findings filter, also referred to as a filter, is a set of criteria that specifies whichfindings to include in the results of a query for findings. A findings filter can also perform specificactions on findings that meet the filter's criteria. For example, you can configure a filter to suppress(automatically archive) findings that meet the filter's criteria. For more information about creating andusing filters, see Filtering findings in the Amazon Macie User Guide.

155

Page 162: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

You can use the Findings Filter resource to update, delete, or retrieve detailed information about afindings filter. To create a new filter, use the Findings Filters (p. 145) resource.

URI/findingsfilters/id

HTTP Methods

GETOperation ID: GetFindingsFilter

Retrieves the criteria and other settings for a findings filter.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 GetFindingsFilterResponse (p. 159)The request succeeded.

400 ValidationException (p. 159)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.

156

Page 163: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

DELETEOperation ID: DeleteFindingsFilter

Deletes a findings filter.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 Empty Schema (p. 159) The request succeeded. Thespecified findings filter wasdeleted and there isn't anycontent to include in the body ofthe response (No Content).

400 ValidationException (p. 159)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.

PATCHOperation ID: UpdateFindingsFilter

Updates the criteria and other settings for a findings filter.

157

Page 164: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 UpdateFindingsFilterResponse (p. 159)The request succeeded. Thespecified findings filter wasupdated.

400 ValidationException (p. 159)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 159)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 159)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 159)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 160) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 160)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 160)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example PATCH

{ "findingCriteria": { "criterion": { } }, "name": "string", "action": enum,

158

Page 165: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"description": "string", "position": integer}

Response BodiesExample GetFindingsFilterResponse

{ "findingCriteria": { "criterion": { } }, "name": "string", "action": enum, "description": "string", "position": integer, "id": "string", "arn": "string", "tags": { }}

Example Empty Schema

{}

Example UpdateFindingsFilterResponse

{ "id": "string", "arn": "string"}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{

159

Page 166: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CriterionSpecifies a condition that defines a property, operator, and one or more values to filter the results ofa query for findings. The number of values depends on the property and operator specified by thecondition. For information about defining filter conditions, see Fundamentals of filtering findings in theAmazon Macie User Guide.

160

Page 167: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

key-value pairs

Type: object

CriterionAdditionalPropertiesSpecifies the operator to use in a property-based condition that filters the results of a query for findings.For detailed information and examples of each operator, see Fundamentals of filtering findings in theAmazon Macie User Guide.

eqExactMatch

The value for the property exclusively matches (equals an exact match for) all the specified values. If youspecify multiple values, Amazon Macie uses AND logic to join the values.

You can use this operator with the following properties: customDataIdentifiers.detections.arn,customDataIdentifiers.detections.name, resourcesAffected.s3Bucket.tags.key,resourcesAffected.s3Bucket.tags.value, resourcesAffected.s3Object.tags.key,resourcesAffected.s3Object.tags.value, sensitiveData.category, andsensitiveData.detections.type.

Type: Array of type stringRequired: False

lt

The value for the property is less than the specified value.

Type: integerRequired: FalseFormat: int64

gte

The value for the property is greater than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

neq

The value for the property doesn't match (doesn't equal) any specified value. If you specify multiplevalues, Macie uses OR logic to join the values.

Type: Array of type stringRequired: False

lte

The value for the property is less than or equal to the specified value.

Type: integerRequired: FalseFormat: int64

161

Page 168: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

eq

The value for the property matches (equals) any specified value. If you specify multiple values, Macieuses OR logic to join the values.

Type: Array of type stringRequired: False

gt

The value for the property is greater than the specified value.

Type: integerRequired: FalseFormat: int64

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

FindingCriteriaSpecifies, as a map, one or more property-based conditions that filter the results of a query for findings.

criterion

A condition that specifies the property, operator, and one or more values to use to filter the results.

Type: Criterion (p. 160)Required: False

FindingsFilterActionThe action to perform on findings that meet the filter criteria. To suppress (automatically archive)findings that meet the criteria, set this value to ARCHIVE. Valid values are:

ARCHIVENOOP

GetFindingsFilterResponseProvides information about the criteria and other settings for a findings filter.

findingCriteria

The criteria that's used to filter findings.

Type: FindingCriteria (p. 162)Required: False

name

The custom name of the filter.

162

Page 169: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

action

The action that's performed on findings that meet the filter criteria (findingCriteria). Possible valuesare: ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.

Type: FindingsFilterAction (p. 162)Required: False

description

The custom description of the filter.

Type: stringRequired: False

position

The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.

Type: integerRequired: FalseFormat: int32

id

The unique identifier for the filter.

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the filter.

Type: stringRequired: False

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the filter.

Type: TagMap (p. 164)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

163

Page 170: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UpdateFindingsFilterRequestSpecifies the criteria and other settings for a findings filter.

164

Page 171: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

findingCriteria

The criteria to use to filter findings.

Type: FindingCriteria (p. 162)Required: False

name

A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64characters.

We strongly recommend that you avoid including any sensitive data in the name of a filter. Other usersmight be able to see the filter's name, depending on the actions that they're allowed to perform inAmazon Macie.

Type: stringRequired: False

action

The action to perform on findings that meet the filter criteria (findingCriteria). Valid values are:ARCHIVE, suppress (automatically archive) the findings; and, NOOP, don't perform any action on thefindings.

Type: FindingsFilterAction (p. 162)Required: False

description

A custom description of the filter. The description can contain as many as 512 characters.

We strongly recommend that you avoid including any sensitive data in the description of a filter. Otherusers might be able to see the filter's description, depending on the actions that they're allowed toperform in Amazon Macie.

Type: stringRequired: False

position

The position of the filter in the list of saved filters on the Amazon Macie console. This value alsodetermines the order in which the filter is applied to findings, relative to other filters that are alsoapplied to the findings.

Type: integerRequired: FalseFormat: int32

UpdateFindingsFilterResponseProvides information about a findings filter that was updated in response to a request.

id

The unique identifier for the filter that was updated.

165

Page 172: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

arn

The Amazon Resource Name (ARN) of the filter that was updated.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

DeleteFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

166

Page 173: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceInvitation List

UpdateFindingsFilter• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Invitation ListIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.

The Invitation List resource provides information about all the membership invitations that you'vereceived. For each invitation, this includes the unique identifier for the invitation, the AWS account ID forthe account that sent it, and the current status of the relationship between your account and the accountthat sent it. This resource also enables you to send invitations to other accounts.

Note that this resource doesn't provide information about invitations for AWS organizations. It's limitedto invitations for Macie organizations. An AWS organization is a set of AWS accounts that are managed asa group by using the AWS Organizations service. AWS Organizations is an account management servicethat enables administrators to consolidate and centrally manage multiple AWS accounts as a singleorganization. To learn more about this service, see the AWS Organizations User Guide.

You can use the Invitation List resource to retrieve information about all the Macie membershipinvitations that you've received. You can also use this resource to send a membership invitation to otheraccounts.

URI/invitations

HTTP Methods

GETOperation ID: ListInvitations

Retrieves information about all the Amazon Macie membership invitations that were received by anaccount.

Query Parameters

Name Type Required Description

nextToken String False The nextToken stringthat specifies which

167

Page 174: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Name Type Required Description

page of results toreturn in a paginatedresponse.

maxResults String False The maximum numberof items to includein each page of apaginated response.

Responses

Status Code Response Model Description

200 ListInvitationsResponse (p. 169)The request succeeded.

400 ValidationException (p. 170)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 170)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 170)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 170)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 170) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 170)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 170)The request failed due to anunknown internal server error,exception, or failure.

POST

Operation ID: CreateInvitations

Sends an Amazon Macie membership invitation to one or more accounts.

Responses

Status Code Response Model Description

200 CreateInvitationsResponse (p. 170)The request succeeded.Processing might not becomplete.

168

Page 175: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

400 ValidationException (p. 170)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 170)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 170)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 170)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 170) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 170)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 170)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "disableEmailNotification": boolean, "accountIds": [ "string" ], "message": "string"}

Response Bodies

Example ListInvitationsResponse

{ "invitations": [ { "accountId": "string", "relationshipStatus": enum, "invitationId": "string", "invitedAt": "string" } ], "nextToken": "string"

169

Page 176: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}

Example CreateInvitationsResponse

{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{

170

Page 177: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateInvitationsRequestSpecifies the settings for an Amazon Macie membership invitation.

disableEmailNotification

Specifies whether to send an email notification to the root user of each account that the invitation willbe sent to. This notification is in addition to an alert that the root user receives in AWS Personal HealthDashboard. To send an email notification to the root user of each account, set this value to true.

Type: booleanRequired: False

accountIds

An array that lists AWS account IDs, one for each account to send the invitation to.

Type: Array of type stringRequired: True

message

A custom message to include in the invitation. Amazon Macie adds this message to the standard contentthat it sends for an invitation.

Type: stringRequired: False

171

Page 178: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

CreateInvitationsResponseProvides information about an unprocessed request to send an Amazon Macie membership invitation toa specific account.

unprocessedAccounts

An array of objects, one for each account whose invitation hasn't been processed. Each object identifiesthe account and explains why the invitation hasn't been processed for the account.

Type: Array of type UnprocessedAccount (p. 174)Required: False

ErrorCodeThe source of an error, issue, or delay. Possible values are:

ClientErrorInternalError

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

InvitationProvides information about an Amazon Macie membership invitation that was received by an account.

accountId

The AWS account ID for the account that sent the invitation.

Type: stringRequired: False

relationshipStatus

The status of the relationship between the account that sent the invitation (inviter account) and theaccount that received the invitation (invitee account).

Type: RelationshipStatus (p. 173)Required: False

invitationId

The unique identifier for the invitation. Amazon Macie uses this identifier to validate the inviter accountwith the invitee account.

172

Page 179: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

invitedAt

The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.

Type: stringRequired: FalseFormat: date-time

ListInvitationsResponseProvides information about all the Amazon Macie membership invitations that were received by anaccount.

invitations

An array of objects, one for each invitation that was received by the account.

Type: Array of type Invitation (p. 172)Required: False

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:

EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

173

Page 180: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UnprocessedAccountProvides information about an account-related request that hasn't been processed.

accountId

The AWS account ID for the account that the request applies to.

Type: stringRequired: False

errorMessage

The reason why the request hasn't been processed.

Type: stringRequired: False

errorCode

The source of the issue or delay in processing the request.

Type: ErrorCode (p. 172)Required: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

174

Page 181: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListInvitations• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

CreateInvitations• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Invitation AcceptanceIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to becomea member of a Macie organization. A Macie organization is a set of Amazon Macie accounts that arecreated and managed as a group by using Macie. The Invitation Acceptance resource provides access tomembership invitations that you've received and haven't responded to, and it enables you to accept oneof those invitations.

Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that are

175

Page 182: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

managed as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.

You can use the Invitation Acceptance resource to accept a Macie membership invitation that youreceived. If you do this, you have to specify the AWS account ID for the account that sent the invitation,and the unique identifier for the invitation. To find these IDs, you can use the Invitation List (p. 167)resource.

URI/invitations/accept

HTTP Methods

POSTOperation ID: AcceptInvitation

Accepts an Amazon Macie membership invitation that was received from a specific account.

Responses

Status Code Response Model Description

200 Empty Schema (p. 177) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 177)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 177)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 177)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 177)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 177) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 177)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 178)The request failed due to anunknown internal server error,exception, or failure.

176

Page 183: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

SchemasRequest Bodies

Example POST

{ "masterAccount": "string", "invitationId": "string"}

Response Bodies

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"

177

Page 184: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example InternalServerException

{ "message": "string"}

PropertiesAcceptInvitationRequestSpecifies an Amazon Macie membership invitation to accept.

masterAccount

The AWS account ID for the account that sent the invitation.

Type: stringRequired: True

invitationId

The unique identifier for the invitation to accept.

Type: stringRequired: True

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

178

Page 185: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

179

Page 186: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

AcceptInvitation• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Invitation CountIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.

The Invitation Count resource reports the total number of membership invitations that you've received.If you accepted an invitation and your account is currently part of a Macie organization, this numberdoesn't include that invitation. In addition, this number doesn't include invitations that you've receivedfor AWS organizations. It's limited to invitations for Macie organizations. An AWS organization is a set ofAWS accounts that are managed as a group by using the AWS Organizations service. To learn more aboutthis service, see the AWS Organizations User Guide.

You can use the Invitation Count resource to retrieve the count of Macie membership invitations thatyou've received, not including the currently accepted invitation.

URI/invitations/count

HTTP MethodsGETOperation ID: GetInvitationsCount

Retrieves the count of Amazon Macie membership invitations that were received by an account.

Responses

Status Code Response Model Description

200 GetInvitationsCountResponse (p. 181)The request succeeded.

400 ValidationException (p. 181)The request failed because itcontains a syntax error.

180

Page 187: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

402 ServiceQuotaExceededException (p. 181)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 181)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 182)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 182) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 182)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 182)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Response Bodies

Example GetInvitationsCountResponse

{ "invitationsCount": integer}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

181

Page 188: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

GetInvitationsCountResponseProvides the count of all the Amazon Macie membership invitations that were received by an account,not including the currently accepted invitation.

182

Page 189: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

invitationsCount

The total number of invitations that were received by the account, not including the currently acceptedinvitation.

Type: integerRequired: FalseFormat: int64

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: string

183

Page 190: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Required: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetInvitationsCount• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Invitation DeclineIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.

The Invitation Decline resource provides access to membership invitations that you've received andhaven't responded to, and it enables you to decline one or more of those invitations. After you decline aninvitation, you can optionally delete the invitation.

Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that aremanaged as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.

You can use the Invitation Decline resource to decline Macie membership invitations that you receivedfrom specific accounts. If you do this, you have to specify the AWS account ID for each account that sentan invitation to decline. To find these IDs, you can use the Invitation List (p. 167) resource.

184

Page 191: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

URI/invitations/decline

HTTP Methods

POSTOperation ID: DeclineInvitations

Declines Amazon Macie membership invitations that were received from specific accounts.

Responses

Status Code Response Model Description

200 DeclineInvitationsResponse (p. 186)The request succeeded.Processing might not becomplete.

400 ValidationException (p. 186)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 186)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 186)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 186)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 186) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 186)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 187)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example POST

{ "accountIds": [

185

Page 192: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"string" ]}

Response Bodies

Example DeclineInvitationsResponse

{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

186

Page 193: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

DeclineInvitationsRequestSpecifies one or more accounts that sent Amazon Macie membership invitations to decline.

accountIds

An array that lists AWS account IDs, one for each account that sent an invitation to decline.

Type: Array of type stringRequired: True

DeclineInvitationsResponseProvides information about unprocessed requests to decline Amazon Macie membership invitations thatwere received from specific accounts.

unprocessedAccounts

An array of objects, one for each account whose invitation hasn't been declined. Each object identifiesthe account and explains why the request hasn't been processed for that account.

Type: Array of type UnprocessedAccount (p. 189)

187

Page 194: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

ErrorCodeThe source of an error, issue, or delay. Possible values are:

ClientErrorInternalError

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: string

188

Page 195: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Required: False

UnprocessedAccountProvides information about an account-related request that hasn't been processed.

accountId

The AWS account ID for the account that the request applies to.

Type: stringRequired: False

errorMessage

The reason why the request hasn't been processed.

Type: stringRequired: False

errorCode

The source of the issue or delay in processing the request.

Type: ErrorCode (p. 188)Required: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DeclineInvitations• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3

189

Page 196: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceInvitation Deletion

• AWS SDK for Python• AWS SDK for Ruby V3

Invitation DeletionIn Amazon Macie, an invitation, also referred to as a membership invitation, is a request to become amember of a Macie organization. A Macie organization is a set of Amazon Macie accounts that are createdand managed as a group by using Macie.

The Invitation Deletion resource provides access to membership invitations that you received anddeclined, and it enables you to delete one or more of those invitations.

Note that this resource doesn't provide access to invitations for AWS organizations. It provides accessonly to invitations for Macie organizations. An AWS organization is a set of AWS accounts that aremanaged as a group by using the AWS Organizations service. AWS Organizations is an accountmanagement service that enables administrators to consolidate and centrally manage multiple AWSaccounts as a single organization. To learn more about this service, see the AWS Organizations UserGuide.

You can use the Invitation Deletion resource to delete Macie membership invitations that you receivedfrom specific accounts and previously declined. If you do this, you have to specify the AWS account ID foreach account that sent an invitation to delete. To find these IDs, you can use the Invitation List (p. 167)resource.

URI/invitations/delete

HTTP MethodsPOSTOperation ID: DeleteInvitations

Deletes Amazon Macie membership invitations that were received from specific accounts.

Responses

Status Code Response Model Description

200 DeleteInvitationsResponse (p. 191)The request succeeded.Processing might not becomplete.

400 ValidationException (p. 191)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 191)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 192)The request was denied becauseyou don't have sufficient accessto the specified resource.

190

Page 197: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

404 ResourceNotFoundException (p. 192)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 192) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 192)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 192)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "accountIds": [ "string" ]}

Response Bodies

Example DeleteInvitationsResponse

{ "unprocessedAccounts": [ { "accountId": "string", "errorMessage": "string", "errorCode": enum } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

191

Page 198: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

192

Page 199: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

DeleteInvitationsRequestSpecifies one or more accounts that sent Amazon Macie membership invitations to delete.

accountIds

An array that lists AWS account IDs, one for each account that sent an invitation to delete.

Type: Array of type stringRequired: True

DeleteInvitationsResponseProvides information about unprocessed requests to delete Amazon Macie membership invitations thatwere received from specific accounts.

unprocessedAccounts

An array of objects, one for each account whose invitation hasn't been deleted. Each object identifies theaccount and explains why the request hasn't been processed for that account.

Type: Array of type UnprocessedAccount (p. 194)Required: False

ErrorCodeThe source of an error, issue, or delay. Possible values are:

ClientErrorInternalError

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

193

Page 200: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UnprocessedAccountProvides information about an account-related request that hasn't been processed.

accountId

The AWS account ID for the account that the request applies to.

Type: stringRequired: False

errorMessage

The reason why the request hasn't been processed.

Type: stringRequired: False

errorCode

The source of the issue or delay in processing the request.

Type: ErrorCode (p. 193)Required: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

194

Page 201: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DeleteInvitations• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Classification Job CreationThe Classification Job Creation resource represents the collection of settings that define the scope andschedule for a classification job. A classification job, also referred to as a sensitive data discovery job, isa job that analyzes objects in specific Amazon S3 buckets to determine whether the objects containsensitive data. Each job uses managed data identifiers that Amazon Macie provides and, optionally,custom data identifiers that you create.

When you create a classification job, you can configure it to address specific scenarios. For example, youcan use property- or tag-based conditions to perform targeted analysis of objects that meet specificcriteria. You might also define a schedule for running the job on a recurring basis, such as every day ora specific day of each week or month. This can be helpful if you want to monitor an S3 bucket for thepresence of sensitive data, or align the analysis of a bucket with periodic updates to the bucket.

You can use the Classification Job Creation resource to create and define the settings for a newclassification job. Note that you can't change any settings for a classification job after you create it. Thishelps ensure that you have an immutable history of sensitive data findings and discovery results for dataprivacy and protection audits or investigations that you perform.

URI/jobs

HTTP Methods

POSTOperation ID: CreateClassificationJob

195

Page 202: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Creates and defines the settings for a classification job.

Responses

Status Code Response Model Description

200 CreateClassificationJobResponse (p. 198)The request succeeded. Thespecified job was created.

400 ValidationException (p. 198)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 198)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 198)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 198)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 198) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 198)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 198)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example POST

{ "customDataIdentifierIds": [ "string" ], "scheduleFrequency": { "dailySchedule": { }, "weeklySchedule": { "dayOfWeek": enum }, "monthlySchedule": { "dayOfMonth": integer } }, "samplingPercentage": integer, "clientToken": "string",

196

Page 203: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"name": "string", "description": "string", "initialRun": boolean, "jobType": enum, "s3JobDefinition": { "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "scoping": { "excludes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] }, "includes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] } } }, "tags": { }

197

Page 204: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}

Response Bodies

Example CreateClassificationJobResponse

{ "jobId": "string", "jobArn": "string"}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{

198

Page 205: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateClassificationJobRequestSpecifies the scope, schedule, and other settings for a classification job. You can't change any settings fora classification job after you create it. This helps ensure that you have an immutable history of sensitivedata findings and discovery results for data privacy and protection audits or investigations.

customDataIdentifierIds

The custom data identifiers to use for data analysis and classification.

Type: Array of type stringRequired: False

scheduleFrequency

The recurrence pattern for running the job. To run the job only once, don't specify a value for thisproperty and set the value for the jobType property to ONE_TIME.

Type: JobScheduleFrequency (p. 202)Required: False

samplingPercentage

The sampling depth, as a percentage, to apply when processing objects. This value determines thepercentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects

199

Page 206: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

the objects to analyze at random, up to the specified percentage, and analyzes all the data in thoseobjects.

Type: integerRequired: FalseFormat: int32

clientToken

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Type: stringRequired: True

name

A custom name for the job. The name can contain as many as 500 characters.

Type: stringRequired: True

description

A custom description of the job. The description can contain as many as 200 characters.

Type: stringRequired: False

initialRun

Specifies whether to analyze all existing, eligible objects immediately after the job is created.

Type: booleanRequired: False

jobType

The schedule for running the job. Valid values are:

• ONE_TIME - Run the job only once. If you specify this value, don't specify a value for thescheduleFrequency property.

• SCHEDULED - Run the job on a daily, weekly, or monthly basis. If you specify this value, use thescheduleFrequency property to define the recurrence pattern for the job.

Type: JobType (p. 203)Required: True

s3JobDefinition

The S3 buckets that contain the objects to analyze, and the scope of that analysis.

Type: S3JobDefinition (p. 204)Required: True

200

Page 207: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

tags

A map of key-value pairs that specifies the tags to associate with the job.

A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. Themaximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.

Type: TagMap (p. 206)Required: False

CreateClassificationJobResponseProvides information about a classification job that was created in response to a request.

jobId

The unique identifier for the job.

Type: stringRequired: False

jobArn

The Amazon Resource Name (ARN) of the job.

Type: stringRequired: False

DailyScheduleSpecifies that a classification job runs once a day, every day. This is an empty object.

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

JobComparatorThe operator to use in a condition. Valid values are:

EQGTGTELTLTENE

201

Page 208: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

CONTAINS

JobScheduleFrequencySpecifies the recurrence pattern for running a classification job.

dailySchedule

Specifies a daily recurrence pattern for running the job.

Type: DailySchedule (p. 201)Required: False

weeklySchedule

Specifies a weekly recurrence pattern for running the job.

Type: WeeklySchedule (p. 207)Required: False

monthlySchedule

Specifies a monthly recurrence pattern for running the job.

Type: MonthlySchedule (p. 203)Required: False

JobScopeTermSpecifies a property- or tag-based condition that defines criteria for including or excluding objects froma classification job.

simpleScopeTerm

A property-based condition that defines a property, operator, and one or more values for including orexcluding an object from the job.

Type: SimpleScopeTerm (p. 205)Required: False

tagScopeTerm

A tag-based condition that defines the operator and tag keys or tag key and value pairs for including orexcluding an object from the job.

Type: TagScopeTerm (p. 206)Required: False

JobScopingBlockSpecifies one or more property- and tag-based conditions that define criteria for including or excludingobjects from a classification job. If you specify more than one condition, Amazon Macie uses an ANDoperator to join the conditions.

202

Page 209: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

and

An array of conditions, one for each condition that determines which objects to include or exclude fromthe job.

Type: Array of type JobScopeTerm (p. 202)Required: False

JobTypeThe schedule for running a classification job. Valid values are:

ONE_TIMESCHEDULED

MonthlyScheduleSpecifies a monthly recurrence pattern for running a classification job.

dayOfMonth

The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1through 31.

If this value exceeds the number of days in a certain month, Macie runs the job on the last day of thatmonth. For example, if this value is 31 and a month has only 30 days, Macie runs the job on day 30 ofthat month.

Type: integerRequired: FalseFormat: int32

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.

accountId

The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.

Type: string

203

Page 210: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

buckets

An array that lists the names of the buckets.

Type: Array of type stringRequired: False

S3JobDefinitionSpecifies which S3 buckets contain the objects that a classification job analyzes, and the scope of thatanalysis.

bucketDefinitions

An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies theaccount ID for an account and one or more buckets to analyze for the account.

Type: Array of type S3BucketDefinitionForJob (p. 203)Required: False

scoping

The property- and tag-based conditions that determine which objects to include or exclude from theanalysis.

Type: Scoping (p. 204)Required: False

ScopeFilterKeyThe property to use in a condition that determines which objects are analyzed by a classification job.Valid values are:

BUCKET_CREATION_DATEOBJECT_EXTENSIONOBJECT_LAST_MODIFIED_DATEOBJECT_SIZETAG

ScopingSpecifies one or more property- and tag-based conditions that refine the scope of a classification job.These conditions define criteria that determine which objects a job analyzes. Exclude conditions takeprecedence over include conditions.

excludes

The property- or tag-based conditions that determine which objects to exclude from the analysis.

Type: JobScopingBlock (p. 202)Required: False

204

Page 211: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

includes

The property- or tag-based conditions that determine which objects to include in the analysis.

Type: JobScopingBlock (p. 202)Required: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

SimpleScopeTermSpecifies a property-based condition that determines whether an object is included or excluded from aclassification job.

comparator

The operator to use in the condition. Valid operators for each supported property (key) are:

• OBJECT_EXTENSION - EQ (equals) or NE (not equals)• OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS• OBJECT_SIZE - Any operator except CONTAINS• TAG - EQ (equals) or NE (not equals)

Type: JobComparator (p. 201)Required: False

values

An array that lists the values to use in the condition. If the value for the key property isOBJECT_EXTENSION, this array can specify multiple values and Amazon Macie uses an OR operatorto join the values. Otherwise, this array can specify only one value. Valid values for each supportedproperty (key) are:

• OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: doc,docx, pdf

• OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when anobject was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z

• OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.• TAG - A string that represents a tag key for an object. For advanced options, use a TagScopeTerm

object, instead of a SimpleScopeTerm object, to define a tag-based condition for the job.

Type: Array of type stringRequired: False

205

Page 212: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

key

The object property to use in the condition.

Type: ScopeFilterKey (p. 204)Required: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

TagScopeTermSpecifies a tag-based condition that determines whether an object is included or excluded from aclassification job.

comparator

The operator to use in the condition. Valid operators are EQ (equals) or NE (not equals).

Type: JobComparator (p. 201)Required: False

tagValues

The tag keys or tag key and value pairs to use in the condition.

Type: Array of type TagValuePair (p. 207)Required: False

key

The tag key to use in the condition.

Type: stringRequired: False

target

The type of object to apply the condition to.

Type: TagTarget (p. 206)Required: False

TagTargetThe type of object to apply a tag-based condition to. Valid values are:

S3_OBJECT

206

Page 213: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

TagValuePairSpecifies a tag key or tag key and value pair to use in a tag-based condition for a classification job.

value

The tag value, associated with the specified tag key (key), to use in the condition. To specify only a tagkey for a condition, specify the tag key for the key property and set this value to an empty string.

Type: stringRequired: False

key

The value for the tag key to use in the condition.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

WeeklyScheduleSpecifies a weekly recurrence pattern for running a classification job.

dayOfWeek

The day of the week when Amazon Macie runs the job.

Type: stringRequired: FalseValues: SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY

207

Page 214: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

CreateClassificationJob• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Classification Job ListThe Classification Job List resource provides a subset of information about the classification jobs for youraccount. A classification job, also referred to as a sensitive data discovery job, is a job that analyzes objectsin specific Amazon S3 buckets to determine whether the objects contain sensitive data. Each job usesmanaged data identifiers that Amazon Macie provides and, optionally, custom data identifiers that youcreate.

This resource doesn't provide access to all the data for individual classification jobs. Instead, it providesonly a subset of data. To retrieve all the data for a particular classification job, use the Classification JobDescription (p. 219) resource.

You can use the Classification Job List resource to retrieve a subset of information about one or moreclassification jobs. To customize and refine your request, you can use supported parameters to specifywhether and how to filter, sort, and paginate the results.

URI/jobs/list

HTTP MethodsPOSTOperation ID: ListClassificationJobs

Retrieves a subset of information about one or more classification jobs.

Responses

Status Code Response Model Description

200 ListClassificationJobsResponse (p. 210)The request succeeded.

400 ValidationException (p. 210)The request failed because itcontains a syntax error.

208

Page 215: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

402 ServiceQuotaExceededException (p. 210)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 210)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 210)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 211) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 211)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 211)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example POST

{ "filterCriteria": { "excludes": [ { "comparator": enum, "values": [ "string" ], "key": enum } ], "includes": [ { "comparator": enum, "values": [ "string" ], "key": enum } ] }, "nextToken": "string", "maxResults": integer, "sortCriteria": { "orderBy": enum, "attributeName": enum }

209

Page 216: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}

Response Bodies

Example ListClassificationJobsResponse

{ "nextToken": "string", "items": [ { "userPausedDetails": { "jobImminentExpirationHealthEventArn": "string", "jobExpiresAt": "string", "jobPausedAt": "string" }, "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "jobId": "string", "createdAt": "string", "jobStatus": enum, "name": "string", "jobType": enum, "lastRunErrorStatus": { "code": enum } } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"

210

Page 217: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

211

Page 218: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

JobComparatorThe operator to use in a condition. Valid values are:

EQGTGTELTLTENECONTAINS

JobStatusThe status of a classification job. Possible values are:

RUNNINGPAUSEDCANCELLEDCOMPLETEIDLEUSER_PAUSED

JobSummaryProvides information about a classification job, including the current status of the job.

userPausedDetails

If the current status of the job is USER_PAUSED, specifies when the job was paused and when the jobwill expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus isUSER_PAUSED.

Type: UserPausedDetails (p. 218)Required: False

bucketDefinitions

The S3 buckets that the job is configured to analyze.

Type: Array of type S3BucketDefinitionForJob (p. 217)Required: False

jobId

The unique identifier for the job.

Type: stringRequired: False

createdAt

The date and time, in UTC and extended ISO 8601 format, when the job was created.

Type: string

212

Page 219: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: FalseFormat: date-time

jobStatus

The current status of the job. Possible values are:

• CANCELLED - You cancelled the job, or you paused the job while it had a status of RUNNING and youdidn't resume it within 30 days of pausing it.

• COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. Thisvalue doesn't apply to recurring jobs.

• IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run ispending. This value doesn't apply to one-time jobs.

• PAUSED - Amazon Macie started running the job but additional processing would exceed the monthlysensitive data discovery quota for your account or one or more member accounts that the job analyzesdata for.

• RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress.• USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and you

don't resume the job within 30 days of pausing it, the job expires and is cancelled. To check the job'sexpiration date, refer to the UserPausedDetails.jobExpiresAt property.

Type: JobStatus (p. 212)Required: False

name

The custom name of the job.

Type: stringRequired: False

jobType

The schedule for running the job. Possible values are:

• ONE_TIME - The job runs only once.• SCHEDULED - The job runs on a daily, weekly, or monthly basis.

Type: JobType (p. 213)Required: False

lastRunErrorStatus

Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run.

Type: LastRunErrorStatus (p. 214)Required: False

JobTypeThe schedule for running a classification job. Valid values are:

213

Page 220: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ONE_TIMESCHEDULED

LastRunErrorStatusSpecifies whether any account- or bucket-level access errors occurred when a classification job ran. Forexample, the job is configured to analyze data for a member account that was suspended, or the job isconfigured to analyze an S3 bucket that Amazon Macie isn't allowed to access.

code

Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run. Possible values are:

• ERROR - One or more errors occurred. Amazon Macie didn't process all the data specified for the job.• NONE - No errors occurred. Macie processed all the data specified for the job.

Type: LastRunErrorStatusCode (p. 214)Required: False

LastRunErrorStatusCodeSpecifies whether any account- or bucket-level access errors occurred during the run of a one-timeclassification job or the most recent run of a recurring classification job. Possible values are:

NONEERROR

ListClassificationJobsRequestSpecifies criteria for filtering, sorting, and paginating the results of a request for information aboutclassification jobs.

filterCriteria

The criteria to use to filter the results.

Type: ListJobsFilterCriteria (p. 215)Required: False

nextToken

The nextToken string that specifies which page of results to return in a paginated response.

Type: stringRequired: False

maxResults

The maximum number of items to include in each page of the response.

Type: integerRequired: False

214

Page 221: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Format: int32

sortCriteria

The criteria to use to sort the results.

Type: ListJobsSortCriteria (p. 216)Required: False

ListClassificationJobsResponseProvides the results of a request for information about one or more classification jobs.

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

items

An array of objects, one for each job that meets the filter criteria specified in the request.

Type: Array of type JobSummary (p. 212)Required: False

ListJobsFilterCriteriaSpecifies criteria for filtering the results of a request for information about classification jobs.

excludes

An array of objects, one for each condition that determines which jobs to exclude from the results.

Type: Array of type ListJobsFilterTerm (p. 216)Required: False

includes

An array of objects, one for each condition that determines which jobs to include in the results.

Type: Array of type ListJobsFilterTerm (p. 216)Required: False

ListJobsFilterKeyThe property to use to filter the results. Valid values are:

jobTypejobStatuscreatedAtname

215

Page 222: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

ListJobsFilterTermSpecifies a condition that filters the results of a request for information about classification jobs. Eachcondition consists of a property, an operator, and one or more values.

comparator

The operator to use to filter the results.

Type: JobComparator (p. 212)Required: False

values

An array that lists one or more values to use to filter the results.

Type: Array of type stringRequired: False

key

The property to use to filter the results.

Type: ListJobsFilterKey (p. 215)Required: False

ListJobsSortAttributeNameThe property to sort the results by. Valid values are:

createdAtjobStatusnamejobType

ListJobsSortCriteriaSpecifies criteria for sorting the results of a request for information about classification jobs.

orderBy

The sort order to apply to the results, based on the value for the property specified by theattributeName property. Valid values are: ASC, sort the results in ascending order; and, DESC, sort theresults in descending order.

Type: stringRequired: FalseValues: ASC | DESC

attributeName

The property to sort the results by.

Type: ListJobsSortAttributeName (p. 216)

216

Page 223: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.

accountId

The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.

Type: stringRequired: False

buckets

An array that lists the names of the buckets.

Type: Array of type stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

217

Page 224: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

UserPausedDetailsProvides information about when a classification job was paused and when it will expire and be cancelledif it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. Theinformation in this object applies only to a job that was paused while it had a status of RUNNING.

jobImminentExpirationHealthEventArn

The Amazon Resource Name (ARN) of the AWS Health event that Amazon Macie sent to notify you of thejob's pending expiration and cancellation. This value is null if a job has been paused for less than 23 days.

Type: stringRequired: False

jobExpiresAt

The date and time, in UTC and extended ISO 8601 format, when the job will expire and be cancelledif you don't resume it first. If you don't resume a job within 30 days of pausing it, the job expires andAmazon Macie cancels it.

Type: stringRequired: FalseFormat: date-time

jobPausedAt

The date and time, in UTC and extended ISO 8601 format, when you paused the job.

Type: stringRequired: FalseFormat: date-time

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListClassificationJobs• AWS Command Line Interface

218

Page 225: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceClassification Job Description

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Classification Job DescriptionThe Classification Job Description resource provides comprehensive information about the classificationjobs for your account. It also provides programmatic access to the status of individual classificationjobs. A classification job, also referred to as a sensitive data discovery job, is a job that analyzes objectsin specific Amazon S3 buckets to determine whether the objects contain sensitive data. Each job usesmanaged data identifiers that Amazon Macie provides and, optionally, custom data identifiers that youcreate.

You can use this resource to pause, resume, or cancel a classification job, or retrieve detailed informationabout a classification job. To retrieve information about more than one classification job, use theClassification Job List (p. 208) resource.

URI/jobs/jobId

HTTP Methods

GETOperation ID: DescribeClassificationJob

Retrieves the status and settings for a classification job.

Path Parameters

Name Type Required Description

jobId String True The unique identifierfor the classificationjob.

Responses

Status Code Response Model Description

200 DescribeClassificationJobResponse (p. 221)The request succeeded.

400 ValidationException (p. 223)The request failed because itcontains a syntax error.

219

Page 226: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

402 ServiceQuotaExceededException (p. 223)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 223)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 223)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 223) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 223)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 224)The request failed due to anunknown internal server error,exception, or failure.

PATCHOperation ID: UpdateClassificationJob

Changes the status of a classification job.

Path Parameters

Name Type Required Description

jobId String True The unique identifierfor the classificationjob.

Responses

Status Code Response Model Description

200 Empty Schema (p. 223) The request succeeded. The job'sstatus was changed and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 223)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 223)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

220

Page 227: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

403 AccessDeniedException (p. 223)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 223)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 223) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 223)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 224)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example PATCH

{ "jobStatus": enum}

Response Bodies

Example DescribeClassificationJobResponse

{ "userPausedDetails": { "jobImminentExpirationHealthEventArn": "string", "jobExpiresAt": "string", "jobPausedAt": "string" }, "jobStatus": enum, "samplingPercentage": integer, "clientToken": "string", "description": "string", "jobArn": "string", "initialRun": boolean, "lastRunErrorStatus": { "code": enum }, "tags": { }, "customDataIdentifierIds": [ "string" ], "scheduleFrequency": { "dailySchedule": {

221

Page 228: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

}, "weeklySchedule": { "dayOfWeek": enum }, "monthlySchedule": { "dayOfMonth": integer } }, "jobId": "string", "createdAt": "string", "lastRunTime": "string", "name": "string", "jobType": enum, "s3JobDefinition": { "bucketDefinitions": [ { "accountId": "string", "buckets": [ "string" ] } ], "scoping": { "excludes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string", "target": enum } } ] }, "includes": { "and": [ { "simpleScopeTerm": { "comparator": enum, "values": [ "string" ], "key": enum }, "tagScopeTerm": { "comparator": enum, "tagValues": [ { "value": "string", "key": "string" } ], "key": "string",

222

Page 229: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"target": enum } } ] } } }, "statistics": { "numberOfRuns": number, "approximateNumberOfObjectsToProcess": number }}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

223

Page 230: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictException

Provides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

DailySchedule

Specifies that a classification job runs once a day, every day. This is an empty object.

DescribeClassificationJobResponse

Provides information about a classification job, including the current configuration settings and status ofthe job.

userPausedDetails

If the current status of the job is USER_PAUSED, specifies when the job was paused and when the jobwill expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus isUSER_PAUSED.

Type: UserPausedDetails (p. 235)Required: False

jobStatus

The current status of the job. Possible values are:

224

Page 231: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

• CANCELLED - You cancelled the job, or you paused the job while it had a status of RUNNING and youdidn't resume it within 30 days of pausing it.

• COMPLETE - For a one-time job, Amazon Macie finished processing the data specified for the job. Thisvalue doesn't apply to recurring jobs.

• IDLE - For a recurring job, the previous scheduled run is complete and the next scheduled run ispending. This value doesn't apply to one-time jobs.

• PAUSED - Amazon Macie started running the job but additional processing would exceed the monthlysensitive data discovery quota for your account or one or more member accounts that the job analyzesdata for.

• RUNNING - For a one-time job, the job is in progress. For a recurring job, a scheduled run is in progress.

• USER_PAUSED - You paused the job. If you paused the job while it had a status of RUNNING and youdon't resume the job within 30 days of pausing it, the job expires and is cancelled. To check the job'sexpiration date, refer to the UserPausedDetails.jobExpiresAt property.

Type: JobStatus (p. 229)Required: False

samplingPercentage

The sampling depth, as a percentage, that determines the percentage of eligible objects that the jobanalyzes.

Type: integerRequired: FalseFormat: int32

clientToken

The token that was provided to ensure the idempotency of the request to create the job.

Type: stringRequired: False

description

The custom description of the job.

Type: stringRequired: False

jobArn

The Amazon Resource Name (ARN) of the job.

Type: stringRequired: False

initialRun

Specifies whether the job is configured to analyze all existing, eligible objects immediately after it'screated.

225

Page 232: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: booleanRequired: False

lastRunErrorStatus

Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run.

Type: LastRunErrorStatus (p. 229)Required: False

tags

A map of key-value pairs that specifies which tags (keys and values) are associated with the classificationjob.

Type: TagMap (p. 233)Required: False

customDataIdentifierIds

The custom data identifiers that the job uses to analyze data.

Type: Array of type stringRequired: False

scheduleFrequency

The recurrence pattern for running the job. If the job is configured to run only once, this value is null.

Type: JobScheduleFrequency (p. 228)Required: False

jobId

The unique identifier for the job.

Type: stringRequired: False

createdAt

The date and time, in UTC and extended ISO 8601 format, when the job was created.

Type: stringRequired: FalseFormat: date-time

lastRunTime

The date and time, in UTC and extended ISO 8601 format, when the job started. If the job is a recurringjob, this value indicates when the most recent run started.

226

Page 233: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: FalseFormat: date-time

name

The custom name of the job.

Type: stringRequired: False

jobType

The schedule for running the job. Possible values are:

• ONE_TIME - The job runs only once.

• SCHEDULED - The job runs on a daily, weekly, or monthly basis. The scheduleFrequency propertyindicates the recurrence pattern for the job.

Type: JobType (p. 229)Required: False

s3JobDefinition

The S3 buckets that the job is configured to analyze, and the scope of that analysis.

Type: S3JobDefinition (p. 231)Required: False

statistics

The number of times that the job has run and processing statistics for the job's current run.

Type: Statistics (p. 233)Required: False

Empty

The request succeeded and there isn't any content to include in the body of the response (No Content).

InternalServerException

Provides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

227

Page 234: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

JobComparatorThe operator to use in a condition. Valid values are:

EQGTGTELTLTENECONTAINS

JobScheduleFrequencySpecifies the recurrence pattern for running a classification job.

dailySchedule

Specifies a daily recurrence pattern for running the job.

Type: DailySchedule (p. 224)Required: False

weeklySchedule

Specifies a weekly recurrence pattern for running the job.

Type: WeeklySchedule (p. 236)Required: False

monthlySchedule

Specifies a monthly recurrence pattern for running the job.

Type: MonthlySchedule (p. 230)Required: False

JobScopeTermSpecifies a property- or tag-based condition that defines criteria for including or excluding objects froma classification job.

simpleScopeTerm

A property-based condition that defines a property, operator, and one or more values for including orexcluding an object from the job.

Type: SimpleScopeTerm (p. 232)Required: False

tagScopeTerm

A tag-based condition that defines the operator and tag keys or tag key and value pairs for including orexcluding an object from the job.

228

Page 235: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: TagScopeTerm (p. 233)Required: False

JobScopingBlockSpecifies one or more property- and tag-based conditions that define criteria for including or excludingobjects from a classification job. If you specify more than one condition, Amazon Macie uses an ANDoperator to join the conditions.

and

An array of conditions, one for each condition that determines which objects to include or exclude fromthe job.

Type: Array of type JobScopeTerm (p. 228)Required: False

JobStatusThe status of a classification job. Possible values are:

RUNNINGPAUSEDCANCELLEDCOMPLETEIDLEUSER_PAUSED

JobTypeThe schedule for running a classification job. Valid values are:

ONE_TIMESCHEDULED

LastRunErrorStatusSpecifies whether any account- or bucket-level access errors occurred when a classification job ran. Forexample, the job is configured to analyze data for a member account that was suspended, or the job isconfigured to analyze an S3 bucket that Amazon Macie isn't allowed to access.

code

Specifies whether any account- or bucket-level access errors occurred when the job ran. For a recurringjob, this value indicates the error status of the job's most recent run. Possible values are:

• ERROR - One or more errors occurred. Amazon Macie didn't process all the data specified for the job.

• NONE - No errors occurred. Macie processed all the data specified for the job.

Type: LastRunErrorStatusCode (p. 230)Required: False

229

Page 236: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

LastRunErrorStatusCodeSpecifies whether any account- or bucket-level access errors occurred during the run of a one-timeclassification job or the most recent run of a recurring classification job. Possible values are:

NONEERROR

MonthlyScheduleSpecifies a monthly recurrence pattern for running a classification job.

dayOfMonth

The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1through 31.

If this value exceeds the number of days in a certain month, Macie runs the job on the last day of thatmonth. For example, if this value is 31 and a month has only 30 days, Macie runs the job on day 30 ofthat month.

Type: integerRequired: FalseFormat: int32

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

S3BucketDefinitionForJobSpecifies which AWS account owns the S3 buckets that a classification job analyzes, and the buckets toanalyze for the account.

accountId

The unique identifier for the AWS account that owns the buckets. If you specify this value and don'tspecify a value for the buckets array, the job analyzes objects in all the buckets that are owned by theaccount and meet other conditions specified for the job.

Type: stringRequired: False

buckets

An array that lists the names of the buckets.

230

Page 237: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Array of type stringRequired: False

S3JobDefinitionSpecifies which S3 buckets contain the objects that a classification job analyzes, and the scope of thatanalysis.

bucketDefinitions

An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies theaccount ID for an account and one or more buckets to analyze for the account.

Type: Array of type S3BucketDefinitionForJob (p. 230)Required: False

scoping

The property- and tag-based conditions that determine which objects to include or exclude from theanalysis.

Type: Scoping (p. 231)Required: False

ScopeFilterKeyThe property to use in a condition that determines which objects are analyzed by a classification job.Valid values are:

BUCKET_CREATION_DATEOBJECT_EXTENSIONOBJECT_LAST_MODIFIED_DATEOBJECT_SIZETAG

ScopingSpecifies one or more property- and tag-based conditions that refine the scope of a classification job.These conditions define criteria that determine which objects a job analyzes. Exclude conditions takeprecedence over include conditions.

excludes

The property- or tag-based conditions that determine which objects to exclude from the analysis.

Type: JobScopingBlock (p. 229)Required: False

includes

The property- or tag-based conditions that determine which objects to include in the analysis.

Type: JobScopingBlock (p. 229)

231

Page 238: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

SimpleScopeTermSpecifies a property-based condition that determines whether an object is included or excluded from aclassification job.

comparator

The operator to use in the condition. Valid operators for each supported property (key) are:

• OBJECT_EXTENSION - EQ (equals) or NE (not equals)• OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS• OBJECT_SIZE - Any operator except CONTAINS• TAG - EQ (equals) or NE (not equals)

Type: JobComparator (p. 228)Required: False

values

An array that lists the values to use in the condition. If the value for the key property isOBJECT_EXTENSION, this array can specify multiple values and Amazon Macie uses an OR operatorto join the values. Otherwise, this array can specify only one value. Valid values for each supportedproperty (key) are:

• OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: doc,docx, pdf

• OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when anobject was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z

• OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.• TAG - A string that represents a tag key for an object. For advanced options, use a TagScopeTerm

object, instead of a SimpleScopeTerm object, to define a tag-based condition for the job.

Type: Array of type stringRequired: False

key

The object property to use in the condition.

232

Page 239: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: ScopeFilterKey (p. 231)Required: False

StatisticsProvides processing statistics for a classification job.

numberOfRuns

The number of times that the job has run.

Type: numberRequired: False

approximateNumberOfObjectsToProcess

The approximate number of objects that the job has yet to process during its current run.

Type: numberRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

TagScopeTermSpecifies a tag-based condition that determines whether an object is included or excluded from aclassification job.

comparator

The operator to use in the condition. Valid operators are EQ (equals) or NE (not equals).

Type: JobComparator (p. 228)Required: False

tagValues

The tag keys or tag key and value pairs to use in the condition.

Type: Array of type TagValuePair (p. 234)Required: False

key

The tag key to use in the condition.

Type: string

233

Page 240: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

target

The type of object to apply the condition to.

Type: TagTarget (p. 234)Required: False

TagTargetThe type of object to apply a tag-based condition to. Valid values are:

S3_OBJECT

TagValuePairSpecifies a tag key or tag key and value pair to use in a tag-based condition for a classification job.

value

The tag value, associated with the specified tag key (key), to use in the condition. To specify only a tagkey for a condition, specify the tag key for the key property and set this value to an empty string.

Type: stringRequired: False

key

The value for the tag key to use in the condition.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UpdateClassificationJobRequestChanges the status of a classification job.

jobStatus

The new status for the job. Valid values are:

234

Page 241: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

• CANCELLED - Stops the job permanently and cancels it. You can't resume a job after you cancel it. Thisvalue is valid only if the job's current status is IDLE, PAUSED, RUNNING, or USER_PAUSED.

• RUNNING - Resumes the job. This value is valid only if the job's current status is USER_PAUSED.

If you specify this value and you paused the job while it was actively running, Amazon Macieimmediately resumes processing from the point where you paused the job. Otherwise, Macie resumesthe job according to the schedule and other configuration settings for the job.

• USER_PAUSED - Pauses the job. This value is valid only if the job's current status is IDLE or RUNNING.If you specify this value and the job's current status is RUNNING, Macie immediately begins to pause allprocessing tasks for the job.

If you pause a job when its status is RUNNING and you don't resume the job within 30 days, the jobexpires and Macie cancels it. You can't resume a job after it's cancelled.

Type: JobStatus (p. 229)Required: True

UserPausedDetails

Provides information about when a classification job was paused and when it will expire and be cancelledif it isn't resumed. This object is present only if a job's current status (jobStatus) is USER_PAUSED. Theinformation in this object applies only to a job that was paused while it had a status of RUNNING.

jobImminentExpirationHealthEventArn

The Amazon Resource Name (ARN) of the AWS Health event that Amazon Macie sent to notify you of thejob's pending expiration and cancellation. This value is null if a job has been paused for less than 23 days.

Type: stringRequired: False

jobExpiresAt

The date and time, in UTC and extended ISO 8601 format, when the job will expire and be cancelledif you don't resume it first. If you don't resume a job within 30 days of pausing it, the job expires andAmazon Macie cancels it.

Type: stringRequired: FalseFormat: date-time

jobPausedAt

The date and time, in UTC and extended ISO 8601 format, when you paused the job.

Type: stringRequired: FalseFormat: date-time

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

235

Page 242: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

WeeklySchedule

Specifies a weekly recurrence pattern for running a classification job.

dayOfWeek

The day of the week when Amazon Macie runs the job.

Type: stringRequired: FalseValues: SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY | FRIDAY | SATURDAY

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DescribeClassificationJob• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

UpdateClassificationJob• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

236

Page 243: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceMacie Account Administration

Macie Account AdministrationThe Macie Account Administration resource provides access to the status and configuration settings foryour Amazon Macie account.

You can use this resource to enable Macie for your AWS account, and specify settings that enable Macieto start monitoring and analyzing sensitive data for you. When you enable Macie, the service generatesa session for your account in the current AWS Region, and it assigns a unique identifier to that session.A session is a resource that represents the Macie service for a specific account in a specific Region. Itenables Macie to become operational. An account can have only one session in each Region.

After you enable Macie, you can also use this resource to review and update the configuration settingsfor your account. This includes suspending (pausing) your account and subsequently re-enabling youraccount. If you suspend your Macie account, the service stops performing all activities for your account.However, it retains the session identifier, settings, and resources for your account. To suspend a Maciemaster account, you must first disassociate the account from all of its member accounts.

If you decide to disable your Macie account completely, you can use this resource to do so. If you disableyour Macie account, the service stops performing all activities for your account. In addition, Maciepermanently deletes all resources that it stores or maintains for you. This includes classification jobs,custom data identifiers, findings, and the session resource (and identifier) for your account. This doesn'tinclude resources that Macie created and stored in other AWS services for you, such as data classificationresults in Amazon S3 and findings in AWS Security Hub. Before you disable your Macie account, youmust disassociate the account from its Macie master account or, if it's a master account, all of its memberaccounts.

URI/macie

HTTP Methods

GETOperation ID: GetMacieSession

Retrieves the current status and configuration settings for an Amazon Macie account.

Responses

Status Code Response Model Description

200 GetMacieSessionResponse (p. 240)The request succeeded.

400 ValidationException (p. 241)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.

237

Page 244: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.

POST

Operation ID: EnableMacie

Enables Amazon Macie and specifies the configuration settings for a Macie account.

Responses

Status Code Response Model Description

200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 241)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.

238

Page 245: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

DELETE

Operation ID: DisableMacie

Disables an Amazon Macie account and deletes Macie resources for the account.

Responses

Status Code Response Model Description

200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 241)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.

PATCH

Operation ID: UpdateMacieSession

Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macieaccount.

Responses

Status Code Response Model Description

200 Empty Schema (p. 241) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

239

Page 246: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

400 ValidationException (p. 241)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 241)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 241)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 241)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 241) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 241)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 241)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Request Bodies

Example POST

{ "clientToken": "string", "findingPublishingFrequency": enum, "status": enum}

Example PATCH

{ "findingPublishingFrequency": enum, "status": enum}

Response Bodies

Example GetMacieSessionResponse

{ "createdAt": "string", "serviceRole": "string",

240

Page 247: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

"findingPublishingFrequency": enum, "status": enum, "updatedAt": "string"}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

241

Page 248: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

EnableMacieRequestEnables Amazon Macie and specifies the configuration settings for an Amazon Macie account.

clientToken

A unique, case-sensitive token that you provide to ensure the idempotency of the request.

Type: stringRequired: False

findingPublishingFrequency

Specifies how often to publish updates to policy findings for the account. This includes publishingupdates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

Type: FindingPublishingFrequency (p. 243)Required: False

status

Specifies the status for the account. To enable Amazon Macie and start all Amazon Macie activities forthe account, set this value to ENABLED.

Type: MacieStatus (p. 244)

242

Page 249: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

FindingPublishingFrequencyThe frequency with which Amazon Macie publishes updates to policy findings for an account. Thisincludes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called AmazonCloudWatch Events). Valid values are:

FIFTEEN_MINUTESONE_HOURSIX_HOURS

GetMacieSessionResponseProvides information about the current status and configuration settings for an Amazon Macie account.

createdAt

The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.

Type: stringRequired: FalseFormat: date-time

serviceRole

The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor andanalyze data in AWS resources for the account.

Type: stringRequired: False

findingPublishingFrequency

The frequency with which Amazon Macie publishes updates to policy findings for the account. Thisincludes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called AmazonCloudWatch Events).

Type: FindingPublishingFrequency (p. 243)Required: False

status

The current status of the Amazon Macie account. Possible values are: PAUSED, the account is enabledbut all Amazon Macie activities are suspended (paused) for the account; and, ENABLED, the account isenabled and all Amazon Macie activities are enabled for the account.

Type: MacieStatus (p. 244)Required: False

updatedAt

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of theAmazon Macie account.

243

Page 250: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: FalseFormat: date-time

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

MacieStatusThe status of an Amazon Macie account. Valid values are:

PAUSEDENABLED

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

244

Page 251: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

UpdateMacieSessionRequest

Changes the status or configuration settings for an Amazon Macie account.

findingPublishingFrequency

Specifies how often to publish updates to policy findings for the account. This includes publishingupdates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).

Type: FindingPublishingFrequency (p. 243)Required: False

status

Specifies whether to change the status of the account. Valid values are: ENABLED, resume all AmazonMacie activities for the account; and, PAUSED, suspend all Macie activities for the account.

Type: MacieStatus (p. 244)Required: False

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetMacieSession• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

245

Page 252: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceMember Account Status

• AWS SDK for Ruby V3

EnableMacie• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DisableMacie• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

UpdateMacieSession• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Member Account StatusThe Member Account Status resource provides access to the status of an Amazon Macie member accountin your Macie organization. If you're a user of a Macie master account, you can use this resource to

246

Page 253: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

suspend (pause) a member account. If you suspend an account, Macie stops performing all activities forthe account. However, it retains the session identifier, settings, and resources for the account.

As a user of a Macie master account, you can also use this resource to re-enable a member account thatyou previously suspended. When you re-enable an account, Macie resumes all activities for the account.

URI/macie/members/id

HTTP MethodsPATCHOperation ID: UpdateMemberSession

Enables an Amazon Macie master account to suspend or re-enable a member account.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 Empty Schema (p. 248) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 248)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 248)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 248)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 248)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 248) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 249)The request failed because yousent too many requests during acertain amount of time.

247

Page 254: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 249)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example PATCH

{ "status": enum}

Response Bodies

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{

248

Page 255: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

249

Page 256: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

MacieStatusThe status of an Amazon Macie account. Valid values are:

PAUSEDENABLED

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UpdateMemberSessionRequestSuspends (pauses) or re-enables an Amazon Macie member account.

status

Specifies the new status for the account. Valid values are: ENABLED, resume all Amazon Macie activitiesfor the account; and, PAUSED, suspend all Macie activities for the account.

250

Page 257: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: MacieStatus (p. 250)Required: True

ValidationException

Provides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

UpdateMemberSession• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Master AccountThe Master Account resource provides information about the Amazon Macie master account for youraccount, as part of a Macie organization. If you joined the organization by accepting a Macie membershipinvitation, this resource also provides information about that invitation. After you join an organization,the master account can administer and manage certain Macie settings and resources on your behalf andthe behalf of other members of the same organization.

You can use the Master Account resource to retrieve information about the Macie master account foryour account. You can also use this resource to accept an invitation to join a Macie organization. If you dothis, you have to specify the unique identifier for the invitation and the AWS account ID for the accountthat sent the invitation. To find these identifiers, you can use the Invitation List (p. 167) resource.

URI/master

251

Page 258: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

HTTP Methods

GET

Operation ID: GetMasterAccount

Retrieves information about the Amazon Macie master account for an account.

Responses

Status Code Response Model Description

200 GetMasterAccountResponse (p. 252)The request succeeded.

400 ValidationException (p. 253)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 253)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 253)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 253)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 253) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 253)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 253)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Response Bodies

Example GetMasterAccountResponse

{ "master": { "accountId": "string", "relationshipStatus": enum, "invitationId": "string", "invitedAt": "string" }}

252

Page 259: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: string

253

Page 260: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

GetMasterAccountResponseProvides information about the Amazon Macie master account for an account. If the accounts areassociated by a Macie membership invitation, the response also provides information about thatinvitation.

master

The AWS account ID for the master account. If the accounts are associated by a Macie membershipinvitation, this object also provides details about the invitation that was sent and accepted to establishthe relationship between the accounts.

Type: Invitation (p. 254)Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

InvitationProvides information about an Amazon Macie membership invitation that was received by an account.

accountId

The AWS account ID for the account that sent the invitation.

Type: stringRequired: False

relationshipStatus

The status of the relationship between the account that sent the invitation (inviter account) and theaccount that received the invitation (invitee account).

254

Page 261: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: RelationshipStatus (p. 255)Required: False

invitationId

The unique identifier for the invitation. Amazon Macie uses this identifier to validate the inviter accountwith the invitee account.

Type: stringRequired: False

invitedAt

The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.

Type: stringRequired: FalseFormat: date-time

RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:

EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

255

Page 262: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetMasterAccount• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Master DisassociationThe Master Disassociation resource provides access to the master-member association between yourAmazon Macie account and its Macie master account. You can use this resource to disassociate yourMacie account from its current Macie master account.

If you're a user of a Macie master account and you want to disassociate a member account from youraccount, use the Member Disassociation (p. 269) resource instead of this resource.

256

Page 263: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

URI/master/disassociate

HTTP Methods

POSTOperation ID: DisassociateFromMasterAccount

Disassociates a member account from its Amazon Macie master account.

Responses

Status Code Response Model Description

200 Empty Schema (p. 257) The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

400 ValidationException (p. 258)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 258)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 258)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 258)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 258) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 258)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 258)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Response Bodies

Example Empty Schema

{

257

Page 264: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedException

Provides information about an error that occurred due to insufficient access to a specified resource.

258

Page 265: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: string

259

Page 266: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Required: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DisassociateFromMasterAccount• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Member ListThe Member List resource provides information about all the accounts that are associated with yourAmazon Macie account, typically a Macie master account. This includes member accounts, which areaccounts that are part of your Macie organization, and non-member accounts. For each account, thisresource provides details such as the AWS account ID for the account, and the current status of therelationship between your accounts. If you sent a Macie membership invitation to an account, thisresource also indicates when you sent that invitation.

260

Page 267: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

The Member List resource also enables you to associate additional accounts with your Macie account.You can then invite those accounts to enable Macie and allow you to administer and manage certainMacie settings and resources on their behalf. If an invitation is accepted, your account is designated asthe master account for a Macie organization. The account that accepted the invitation then becomes amember account of your Macie organization.

You can use the Member List resource to associate one or more accounts with your Macie account. Youcan also use this resource to retrieve information about the accounts that are currently associated withyour Macie account.

URI/members

HTTP MethodsGETOperation ID: ListMembers

Retrieves information about the accounts that are associated with an Amazon Macie master account.

Query Parameters

Name Type Required Description

onlyAssociated String False Specifies whichaccounts to include inthe response, basedon the status of anaccount's relationshipwith the masteraccount. By default,the response includesonly current memberaccounts. To include allaccounts, set the valuefor this parameter tofalse.

nextToken String False The nextToken stringthat specifies whichpage of results toreturn in a paginatedresponse.

maxResults String False The maximum numberof items to includein each page of apaginated response.

Responses

Status Code Response Model Description

200 ListMembersResponse (p. 263)The request succeeded.

261

Page 268: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

400 ValidationException (p. 263)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 264)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 264)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 264)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 264) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 264)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 264)The request failed due to anunknown internal server error,exception, or failure.

POSTOperation ID: CreateMember

Associates an account with an Amazon Macie master account.

Responses

Status Code Response Model Description

200 CreateMemberResponse (p. 263)The request succeeded.

400 ValidationException (p. 263)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 264)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 264)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 264)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 264) The request failed because itconflicts with the current stateof the specified resource.

262

Page 269: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

429 ThrottlingException (p. 264)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 264)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "account": { "accountId": "string", "email": "string" }, "tags": { }}

Response Bodies

Example ListMembersResponse

{ "nextToken": "string", "members": [ { "accountId": "string", "relationshipStatus": enum, "arn": "string", "masterAccountId": "string", "email": "string", "tags": { }, "invitedAt": "string", "updatedAt": "string" } ]}

Example CreateMemberResponse

{ "arn": "string"}

Example ValidationException

{

263

Page 270: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

264

Page 271: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

AccountDetailSpecifies details for an account to associate with an Amazon Macie master account.

accountId

The AWS account ID for the account.

Type: stringRequired: True

email

The email address for the account.

Type: stringRequired: True

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CreateMemberRequestSpecifies an account to associate with an Amazon Macie master account.

account

The details for the account to associate with the master account.

Type: AccountDetail (p. 265)Required: True

tags

A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.

An account can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.

Type: TagMap (p. 268)Required: False

CreateMemberResponseProvides information about a request to associate an account with an Amazon Macie master account.

265

Page 272: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

arn

The Amazon Resource Name (ARN) of the account that was associated with the master account.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ListMembersResponseProvides information about the accounts that are associated with an Amazon Macie master account.

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

members

An array of objects, one for each account that's associated with the master account and meets the criteriaspecified by the onlyAssociated request parameter.

Type: Array of type Member (p. 266)Required: False

MemberProvides information about an account that's associated with an Amazon Macie master account.

accountId

The AWS account ID for the account.

Type: stringRequired: False

relationshipStatus

The current status of the relationship between the account and the master account.

Type: RelationshipStatus (p. 267)

266

Page 273: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

arn

The Amazon Resource Name (ARN) of the account.

Type: stringRequired: False

masterAccountId

The AWS account ID for the master account.

Type: stringRequired: False

email

The email address for the account.

Type: stringRequired: False

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the account inAmazon Macie.

Type: TagMap (p. 268)Required: False

invitedAt

The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membershipinvitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to theaccount.

Type: stringRequired: FalseFormat: date-time

updatedAt

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of therelationship between the account and the master account.

Type: stringRequired: FalseFormat: date-time

RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:

267

Page 274: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: string

268

Page 275: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

Required: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListMembers• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

CreateMember• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

Member DisassociationThe Member Disassociation resource provides access to the master-member associations between yourAmazon Macie master account and its member accounts. You can use this resource to disassociate a

269

Page 276: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceURI

Macie member account from your Macie master account. If you do this, you have to specify the AWSaccount ID for the account to disassociate. To find this ID, you can use the Member List (p. 260)resource.

If you're a user of a Macie member account and you want to disassociate your account from its currentmaster account, use the Master Disassociation (p. 256) resource instead of this resource.

URI/members/disassociate/id

HTTP Methods

POSTOperation ID: DisassociateMember

Disassociates an Amazon Macie master account from a member account.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 Empty Schema (p. 271) The request succeeded.

400 ValidationException (p. 271)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 271)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 271)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 271)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 271) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 271)The request failed because yousent too many requests during acertain amount of time.

270

Page 277: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 272)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Response Bodies

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"

271

Page 278: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example InternalServerException

{ "message": "string"}

Properties

AccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

272

Page 279: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

DisassociateMember• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go

273

Page 280: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceMember

• AWS SDK for Java• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

MemberThe Member resource provides information about an individual account that's associated with yourAmazon Macie account, typically a Macie master account. This information includes details such as theAWS account ID for the account, and the current status of the relationship between your accounts. Ifyou sent a Macie membership invitation to an account, this resource also indicates when you sent thatinvitation.

You can use the Member resource to retrieve information about an account that's associated with yourMacie account. You can also use this resource to delete an existing association between your Macieaccount and another account. To use this resource, you have to specify the AWS account ID for theaccount that your request applies to. To find this ID, you can use the Member List (p. 260) resource.

URI/members/id

HTTP MethodsGETOperation ID: GetMember

Retrieves information about a member account that's associated with an Amazon Macie master account.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 GetMemberResponse (p. 276) The request succeeded.

400 ValidationException (p. 276)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 276)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

274

Page 281: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Status Code Response Model Description

403 AccessDeniedException (p. 276)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 277)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 277) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 277)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 277)The request failed due to anunknown internal server error,exception, or failure.

DELETEOperation ID: DeleteMember

Deletes the association between an Amazon Macie master account and an account.

Path Parameters

Name Type Required Description

id String True The unique identifierfor the Amazon Macieresource or account thatthe request applies to.

Responses

Status Code Response Model Description

200 Empty Schema (p. 276) The request succeeded. Theassociation was deleted andthere isn't any content to includein the body of the response (NoContent).

400 ValidationException (p. 276)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 276)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 276)The request was denied becauseyou don't have sufficient accessto the specified resource.

275

Page 282: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

404 ResourceNotFoundException (p. 277)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 277) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 277)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 277)The request failed due to anunknown internal server error,exception, or failure.

SchemasResponse BodiesExample GetMemberResponse

{ "accountId": "string", "relationshipStatus": enum, "arn": "string", "masterAccountId": "string", "email": "string", "tags": { }, "invitedAt": "string", "updatedAt": "string"}

Example Empty Schema

{}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{

276

Page 283: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

"message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

EmptyThe request succeeded and there isn't any content to include in the body of the response (No Content).

277

Page 284: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

GetMemberResponseProvides information about an account that's associated with an Amazon Macie master account.

accountId

The AWS account ID for the account.

Type: stringRequired: False

relationshipStatus

The current status of the relationship between the account and the master account.

Type: RelationshipStatus (p. 279)Required: False

arn

The Amazon Resource Name (ARN) of the account.

Type: stringRequired: False

masterAccountId

The AWS account ID for the master account.

Type: stringRequired: False

email

The email address for the account.

Type: stringRequired: False

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the memberaccount in Amazon Macie.

Type: TagMap (p. 280)Required: False

invitedAt

The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membershipinvitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to theaccount.

Type: stringRequired: False

278

Page 285: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Format: date-time

updatedAt

The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of therelationship between the account and the master account.

Type: stringRequired: FalseFormat: date-time

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

RelationshipStatusThe current status of the relationship between an account and an associated Amazon Macie masteraccount (inviter account). Possible values are:

EnabledPausedInvitedCreatedRemovedResignedEmailVerificationInProgressEmailVerificationFailedRegionDisabledAccountSuspended

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

279

Page 286: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

message

The explanation of the error that occurred.

Type: stringRequired: False

TagMapA string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetMember• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

280

Page 287: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceTags

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

DeleteMember• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

TagsA tag is a label that you optionally define and associate with AWS resources, including certain types ofAmazon Macie resources. Tags can help you identify, organize, and manage resources in different ways,such as by purpose, owner, environment, or other criteria. You can associate tags with the followingtypes of Amazon Macie resources:

• Classification jobs

• Custom data identifiers

• Findings filters

• Member accounts

A resource can have as many as 50 tags. Each tag consists of a tag key and an associated tag value, bothof which you define. A tag key is a general label that acts as a category for more specific tag values. Atag value acts as a descriptor for a tag key. For example, you might assign an Owner tag key to eachclassification job for your organization. The value for the key might be the name of the person or teamto contact about the classification job.

You can use the Tags resource to add, retrieve, update, or remove tags from a classification job, customdata identifier, findings filter, or member account.

URI/tags/resourceArn

HTTP Methods

GETOperation ID: ListTagsForResource

281

Page 288: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceHTTP Methods

Retrieves the tags (keys and values) that are associated with a classification job, custom data identifier,findings filter, or member account.

Path Parameters

Name Type Required Description

resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.

Responses

Status Code Response Model Description

200 ListTagsForResourceResponse (p. 283)The request succeeded.

POSTOperation ID: TagResource

Adds or updates one or more tags (keys and values) that are associated with a classification job, customdata identifier, findings filter, or member account.

Path Parameters

Name Type Required Description

resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.

Responses

Status Code Response Model Description

204 TagResourceResponse (p. 284)The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

DELETEOperation ID: UntagResource

Removes one or more tags (keys and values) from a classification job, custom data identifier, findingsfilter, or member account.

282

Page 289: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Path Parameters

Name Type Required Description

resourceArn String True The Amazon ResourceName (ARN) of theclassification job,custom data identifier,findings filter, ormember account.

Query Parameters

Name Type Required Description

tagKeys String True The key of the tagto remove from theresource. To removemultiple tags, appendthe tagKeys parameterand argument foreach additional tag toremove, separated byan ampersand (&).

Responses

Status Code Response Model Description

204 UntagResourceResponse (p. 284)The request succeeded and thereisn't any content to include inthe body of the response (NoContent).

Schemas

Request Bodies

Example POST

{ "tags": { }}

Response Bodies

Example ListTagsForResourceResponse

{ "tags": {

283

Page 290: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}}

Example TagResourceResponse

{}

Example UntagResourceResponse

{}

Properties

ListTagsForResourceResponse

Provides information about the tags (keys and values) that are associated with a classification job,custom data identifier, findings filter, or member account.

tags

A map of key-value pairs that identifies the tags (keys and values) that are associated with the resource.

Type: TagMap (p. 284)Required: False

TagMap

A string-to-string map of key-value pairs that specifies the tags (keys and values) for a classification job,custom data identifier, findings filter, or member account.

key-value pairs

Type: string

TagResourceRequest

Specifies the tags (keys and values) to associate with a classification job, custom data identifier, findingsfilter, or member account.

tags

A map of key-value pairs that specifies the tags to associate with the resource.

A resource can have a maximum of 50 tags. Each tag consists of a tag key and an associated tagvalue. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256characters.

Type: TagMap (p. 284)Required: True

284

Page 291: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

TagResourceResponseThe request succeeded. The specified tags were added to the resource.

UntagResourceResponseThe request succeeded. The specified tags were removed from the resource.

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

ListTagsForResource• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

TagResource• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3

UntagResource• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java

• AWS SDK for JavaScript

• AWS SDK for PHP V3

285

Page 292: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceUsage Totals

• AWS SDK for Python

• AWS SDK for Ruby V3

Usage TotalsThe Usage Totals resource provides aggregated usage data for your account. This data can provideinsight into the estimated cost of using Amazon Macie to monitor and analyze sensitive data for youraccount during the past 30 days.

You can use this resource to retrieve (query) aggregated usage data for your Macie account duringthe past 30 days. For a master account, the data reports cumulative usage for all the accounts in yourorganization. To query additional usage-related data or build a custom query for a select set of accounts,use the Usage Statistics (p. 291) resource.

URI/usage

HTTP Methods

GETOperation ID: GetUsageTotals

Retrieves (queries) aggregated usage data for an account.

Responses

Status Code Response Model Description

200 GetUsageTotalsResponse (p. 287)The request succeeded.

400 ValidationException (p. 287)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 287)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 287)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 287)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 287) The request failed because itconflicts with the current stateof the specified resource.

429 ThrottlingException (p. 288)The request failed because yousent too many requests during acertain amount of time.

286

Page 293: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

500 InternalServerException (p. 288)The request failed due to anunknown internal server error,exception, or failure.

Schemas

Response Bodies

Example GetUsageTotalsResponse

{ "usageTotals": [ { "currency": enum, "estimatedCost": "string", "type": enum } ]}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

287

Page 294: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CurrencyThe type of currency that data for a usage metric is reported in. Possible values are:

USD

GetUsageTotalsResponseProvides the results of a query that retrieved aggregated usage data for an account during the past 30days.

usageTotals

An array of objects that contains the results of the query. Each object contains the data for a specificusage metric.

Type: Array of type UsageTotal (p. 289)

288

Page 295: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Required: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UsageTotalProvides aggregated data for a usage metric. The value for the metric reports usage data for an accountduring the past 30 days.

289

Page 296: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

currency

The type of currency that the value for the metric (estimatedCost) is reported in.

Type: Currency (p. 288)Required: False

estimatedCost

The estimated value for the metric.

Type: stringRequired: False

type

The name of the metric. Possible values are: DATA_INVENTORY_EVALUATION, for monitoring S3buckets; and, SENSITIVE_DATA_DISCOVERY, for analyzing sensitive data.

Type: UsageType (p. 290)Required: False

UsageTypeThe name of a usage metric for an account. Possible values are:

DATA_INVENTORY_EVALUATIONSENSITIVE_DATA_DISCOVERY

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

GetUsageTotals• AWS Command Line Interface• AWS SDK for .NET• AWS SDK for C++• AWS SDK for Go• AWS SDK for Java

290

Page 297: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceUsage Statistics

• AWS SDK for JavaScript• AWS SDK for PHP V3• AWS SDK for Python• AWS SDK for Ruby V3

Usage StatisticsThe Usage Statistics resource provides information about current quotas and usage statistics for anaccount. This includes data for metrics that report the estimated cost of using Amazon Macie to performspecific types of tasks, and the current account quotas for those tasks. The data can help you trackyour use of the service and determine whether to adjust your quotas or use of the service. If you'reparticipating in a free trial of Macie, this resource also provides information about your free trial.

You can use the Usage Statistics resource to retrieve (query) aggregated data for usage metrics and thequotas that correspond to those metrics. The query results provide data for the past 30 days. You cancustomize your query and the query results by using supported parameters to filter and sort the data. Ifyou're a user of a master account, this means that you can use this resource to get a breakdown of thedata for each account in your Macie organization.

URI/usage/statistics

HTTP MethodsPOSTOperation ID: GetUsageStatistics

Retrieves (queries) quotas and aggregated usage data for one or more accounts.

Responses

Status Code Response Model Description

200 GetUsageStatisticsResponse (p. 292)The request succeeded.

400 ValidationException (p. 293)The request failed because itcontains a syntax error.

402 ServiceQuotaExceededException (p. 293)The request failed becausefulfilling the request wouldexceed one or more servicequotas for your account.

403 AccessDeniedException (p. 293)The request was denied becauseyou don't have sufficient accessto the specified resource.

404 ResourceNotFoundException (p. 293)The request failed because thespecified resource wasn't found.

409 ConflictException (p. 293) The request failed because itconflicts with the current stateof the specified resource.

291

Page 298: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSchemas

Status Code Response Model Description

429 ThrottlingException (p. 293)The request failed because yousent too many requests during acertain amount of time.

500 InternalServerException (p. 293)The request failed due to anunknown internal server error,exception, or failure.

SchemasRequest Bodies

Example POST

{ "nextToken": "string", "maxResults": integer, "sortBy": { "orderBy": enum, "key": enum }, "filterBy": [ { "comparator": enum, "values": [ "string" ], "key": enum } ]}

Response Bodies

Example GetUsageStatisticsResponse

{ "records": [ { "accountId": "string", "freeTrialStartDate": "string", "usage": [ { "serviceLimit": { "unit": enum, "isServiceLimited": boolean, "value": integer }, "currency": enum, "estimatedCost": "string", "type": enum } ] } ], "nextToken": "string"

292

Page 299: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

}

Example ValidationException

{ "message": "string"}

Example ServiceQuotaExceededException

{ "message": "string"}

Example AccessDeniedException

{ "message": "string"}

Example ResourceNotFoundException

{ "message": "string"}

Example ConflictException

{ "message": "string"}

Example ThrottlingException

{ "message": "string"}

Example InternalServerException

{ "message": "string"}

PropertiesAccessDeniedExceptionProvides information about an error that occurred due to insufficient access to a specified resource.

message

The explanation of the error that occurred.

293

Page 300: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: stringRequired: False

ConflictExceptionProvides information about an error that occurred due to a versioning conflict for a specified resource.

message

The explanation of the error that occurred.

Type: stringRequired: False

CurrencyThe type of currency that data for a usage metric is reported in. Possible values are:

USD

GetUsageStatisticsRequestSpecifies criteria for filtering, sorting, and paginating the results of a query for quotas and aggregatedusage data for one or more accounts.

nextToken

The nextToken string that specifies which page of results to return in a paginated response.

Type: stringRequired: False

maxResults

The maximum number of items to include in each page of the response.

Type: integerRequired: FalseFormat: int32

sortBy

The criteria to use to sort the query results.

Type: UsageStatisticsSortBy (p. 299)Required: False

filterBy

An array of objects, one for each condition to use to filter the query results. If the array contains morethan one object, Amazon Macie uses an AND operator to join the conditions specified by the objects.

Type: Array of type UsageStatisticsFilter (p. 297)Required: False

294

Page 301: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

GetUsageStatisticsResponseProvides the results of a query that retrieved quotas and aggregated usage data for one or moreaccounts.

records

An array of objects that contains the results of the query. Each object contains the data for an accountthat meets the filter criteria specified in the request.

Type: Array of type UsageRecord (p. 297)Required: False

nextToken

The string to use in a subsequent request to get the next page of results in a paginated response. Thisvalue is null if there are no additional pages.

Type: stringRequired: False

InternalServerExceptionProvides information about an error that occurred due to an unknown internal server error, exception, orfailure.

message

The explanation of the error that occurred.

Type: stringRequired: False

ResourceNotFoundExceptionProvides information about an error that occurred because a specified resource wasn't found.

message

The explanation of the error that occurred.

Type: stringRequired: False

ServiceLimitSpecifies a current quota for an account.

unit

The unit of measurement for the value specified by the value field.

Type: stringRequired: FalseValues: TERABYTES

295

Page 302: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

isServiceLimited

Specifies whether the account has met the quota that corresponds to the metric specified by theUsageByAccount.type field in the response.

Type: booleanRequired: False

value

The value for the metric specified by the UsageByAccount.type field in the response.

Type: integerRequired: FalseFormat: int64

ServiceQuotaExceededExceptionProvides information about an error that occurred due to one or more service quotas for an account.

message

The explanation of the error that occurred.

Type: stringRequired: False

ThrottlingExceptionProvides information about an error that occurred because too many requests were sent during a certainamount of time.

message

The explanation of the error that occurred.

Type: stringRequired: False

UsageByAccountProvides data for a specific usage metric and the corresponding quota for an account. The value for themetric is an aggregated value that reports usage during the past 30 days.

serviceLimit

The current value for the quota that corresponds to the metric specified by the type field.

Type: ServiceLimit (p. 295)Required: False

currency

The type of currency that the value for the metric (estimatedCost) is reported in.

296

Page 303: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: Currency (p. 294)Required: False

estimatedCost

The estimated value for the metric.

Type: stringRequired: False

type

The name of the metric. Possible values are: DATA_INVENTORY_EVALUATION, for monitoring S3buckets; and, SENSITIVE_DATA_DISCOVERY, for analyzing sensitive data.

Type: UsageType (p. 299)Required: False

UsageRecordProvides quota and aggregated usage data for an account.

accountId

The unique identifier for the AWS account that the data applies to.

Type: stringRequired: False

freeTrialStartDate

The date and time, in UTC and extended ISO 8601 format, when the free trial started for the account.

Type: stringRequired: FalseFormat: date-time

usage

An array of objects that contains usage data and quotas for the account. Each object contains the datafor a specific usage metric and the corresponding quota.

Type: Array of type UsageByAccount (p. 296)Required: False

UsageStatisticsFilterSpecifies a condition for filtering the results of a query for account quotas and usage data.

comparator

The operator to use in the condition. If the value for the key property is accountId, this value must beCONTAINS. If the value for the key property is any other supported field, this value can be EQ, GT, GTE,LT, LTE, or NE.

297

Page 304: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceProperties

Type: UsageStatisticsFilterComparator (p. 298)Required: False

values

An array that lists values to use in the condition, based on the value for the field specified by thekey property. If the value for the key property is accountId, this array can specify multiple values.Otherwise, this array can specify only one value.

Valid values for each supported field are:

• accountId - The unique identifier for an AWS account.

• freeTrialStartDate - The date and time, in UTC and extended ISO 8601 format, when the freetrial started for an account.

• serviceLimit - A Boolean (true or false) value that indicates whether an account has reached itsmonthly quota.

• total - A string that represents the current, estimated month-to-date cost for an account.

Type: Array of type stringRequired: False

key

The field to use in the condition.

Type: UsageStatisticsFilterKey (p. 298)Required: False

UsageStatisticsFilterComparatorThe operator to use in a condition that filters the results of a query for account quotas and usage data.Valid values are:

GTGTELTLTEEQNECONTAINS

UsageStatisticsFilterKeyThe field to use in a condition that filters the results of a query for account quotas and usage data. Validvalues are:

accountIdserviceLimitfreeTrialStartDate

298

Page 305: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API ReferenceSee Also

total

UsageStatisticsSortBySpecifies criteria for sorting the results of a query for account quotas and usage data.

orderBy

The sort order to apply to the results, based on the value for the field specified by the key property.Valid values are: ASC, sort the results in ascending order; and, DESC, sort the results in descending order.

Type: stringRequired: FalseValues: ASC | DESC

key

The field to sort the results by.

Type: UsageStatisticsSortKey (p. 299)Required: False

UsageStatisticsSortKeyThe field to use to sort the results of a query for account quotas and usage data. Valid values are:

accountIdtotalserviceLimitValuefreeTrialStartDate

UsageTypeThe name of a usage metric for an account. Possible values are:

DATA_INVENTORY_EVALUATIONSENSITIVE_DATA_DISCOVERY

ValidationExceptionProvides information about an error that occurred due to a syntax error in a request.

message

The explanation of the error that occurred.

Type: stringRequired: False

See AlsoFor more information about using this API in one of the language-specific AWS SDKs and references, seethe following:

299

Page 307: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

AWS glossaryFor the latest AWS terminology, see the AWS glossary in the AWS General Reference.

301

Page 308: Amazon Macie - REST API Reference · Amazon Macie REST API Reference Operations The Amazon Macie REST API includes the following operations. •AcceptInvitation (p. 164) Accepts an

Amazon Macie REST API Reference

Document historyThe following table describes the important changes to the documentation since the last release ofAmazon Macie. For notification about updates to this documentation, you can subscribe to an RSS feed.

• API version: 2020-01-01 (latest)• Latest documentation update: November 20, 2020

update-history-change update-history-description update-history-date

API addition (p. 302) Added S3 bucket metadata thatindicates whether any one-timeor recurring classification jobsare configured to analyze data ina bucket.

November 20, 2020

API change (p. 302) Added support forpausing and resumingclassification jobs by usingthe UpdateClassificationJoboperation. Also, sensitive datafindings now include locationdata for up to 15 occurrences ofsensitive data in an affected S3object.

October 15, 2020

API addition (p. 302) Added S3 bucket metadataand statistics that indicate thesize and count of objects thatMacie can analyze as part of aclassification job.

September 2, 2020

API addition (p. 302) Added criteria for sortingand filtering query results foraccount quotas and usagestatistics.

July 24, 2020

API removal (p. 302) Removed support forthe ArchiveFindings andUnarchiveFindings operations.To suppress findings, usethe action property of theCreateFindingsFilterRequest andUpdateFindingsFilterRequestobjects.

June 11, 2020

General availability (p. 302) This release introduces version2020-01-01 of the AmazonMacie API.

May 13, 2020

302


Recommended