AWS Macie Member Account Association
This page shows how to write Terraform and CloudFormation for Macie Member Account Association and write them securely.
aws_macie_member_account_association (Terraform)
The Member Account Association in Macie can be configured in Terraform with the resource name aws_macie_member_account_association
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_macie_member_account_association" "example" {
member_account_id = data.aws_caller_identity.current.account_id
}
# https://docs.aws.amazon.com/macie/latest/userguide/macie-setting-up.html#macie-setting-up-enable
resource "aws_macie_member_account_association" "example" {
member_account_id = var.member_account_id
}
resource "aws_macie_s3_bucket_association" "example" {
bucket_name = var.bucket_name
resource "aws_macie_member_account_association" "macie_member_account_association" {
count = var.enable_macie_member_account_association ? 1 : 0
member_account_id = var.macie_member_account_association_member_account_id
lifecycle {
resource "aws_macie_member_account_association" "this" {
member_account_id = var.member_account_id
}
Parameters
-
id
optional computed - string -
member_account_id
required - string
Explanation in Terraform Registry
NOTE: This resource interacts with Amazon Macie Classic. Macie Classic cannot be activated in new accounts. See the FAQ for more details. Associates an AWS account with Amazon Macie as a member account. NOTE: Before using Amazon Macie for the first time it must be enabled manually. Instructions are here.
AWS::Macie::CustomDataIdentifier (CloudFormation)
The CustomDataIdentifier in Macie can be configured in CloudFormation with the resource name AWS::Macie::CustomDataIdentifier
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
# Type: AWS::Macie::CustomDataIdentifier
# DependsOn: "Session"
# Properties:
# Description: # String
# IgnoreWords:
# - # String
Type: "AWS::Macie::CustomDataIdentifier"
Properties:
Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
Keywords:
- "PATIENT"
Name: "Patient ID"
Type: "AWS::Macie::CustomDataIdentifier"
Properties:
Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
Keywords:
- "PATIENT"
Name: "Patient ID"
Type: AWS::Macie::CustomDataIdentifier
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
Properties:
Name: !Ref 'Name'
Regex: !Ref 'Regex'
Outputs:
Type: AWS::Macie::CustomDataIdentifier
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
Properties:
Name: !Ref 'Name'
Regex: !Ref 'Regex'
Outputs:
"AWS::Macie::CustomDataIdentifier": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html",
"Properties": {
"Name": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html#cfn-macie-customdataidentifier-name",
"UpdateType": "Immutable",
"resourceType": "AWS::Macie::CustomDataIdentifier",
"filePath": null
}
]
},
{
"AWS::Macie::CustomDataIdentifier": {
"Type": "AWS::Macie::CustomDataIdentifier",
"Properties": {}
},
"AWS::ECS::TaskSet": {
"Type": "AWS::ECS::TaskSet",
Parameters
-
Name
required - String -
Description
optional - String -
Regex
required - String -
MaximumMatchDistance
optional - Integer -
Keywords
optional - List -
IgnoreWords
optional - List
Explanation in CloudFormation Registry
The
AWS::Macie::CustomDataIdentifier
resource is a set of criteria that you define to detect sensitive data in one or more data sources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in the data. It can also specify character sequences, such as words and phrases, and a proximity rule that refine the analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet your organization's specific needs and supplement the built-in, managed data identifiers that Amazon Macie provides.A
Session
must exist for the account before you can create aCustomDataIdentifier
. Use a DependsOn attribute to ensure that theSession
is created before the other resources. For example,"DependsOn: Session"
.
Frequently asked questions
What is AWS Macie Member Account Association?
AWS Macie Member Account Association is a resource for Macie of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Macie Member Account Association?
For Terraform, the tesera/terraform-modules, gauravgitdir/Jack and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the comp9447-team4/soar, taakmara/macie-demo and garystafford/macie-demo source code examples are useful. See the CloudFormation Example section for further details.