AWS Macie Member Account Association

This page shows how to write Terraform and CloudFormation for Macie Member Account Association and write them securely.

aws_macie_member_account_association (Terraform)

The Member Account Association in Macie can be configured in Terraform with the resource name aws_macie_member_account_association. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L4
resource "aws_macie_member_account_association" "example" {
  member_account_id = data.aws_caller_identity.current.account_id
}

# https://docs.aws.amazon.com/macie/latest/userguide/macie-setting-up.html#macie-setting-up-enable

main.tf#L1
resource "aws_macie_member_account_association" "example" {
  member_account_id = var.member_account_id
}

resource "aws_macie_s3_bucket_association" "example" {
  bucket_name = var.bucket_name
macie_member_account_association.tf#L4
resource "aws_macie_member_account_association" "macie_member_account_association" {
  count = var.enable_macie_member_account_association ? 1 : 0

  member_account_id = var.macie_member_account_association_member_account_id

  lifecycle {
main.tf#L7
resource "aws_macie_member_account_association" "this" {
  member_account_id = var.member_account_id
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

NOTE: This resource interacts with Amazon Macie Classic. Macie Classic cannot be activated in new accounts. See the FAQ for more details. Associates an AWS account with Amazon Macie as a member account. NOTE: Before using Amazon Macie for the first time it must be enabled manually. Instructions are here.

AWS::Macie::CustomDataIdentifier (CloudFormation)

The CustomDataIdentifier in Macie can be configured in CloudFormation with the resource name AWS::Macie::CustomDataIdentifier. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

macie.yml#L28
  # Type: AWS::Macie::CustomDataIdentifier
  # DependsOn: "Session"
  # Properties:
  #     Description: # String
  #     IgnoreWords:
  #         - # String
macie_demo.yml#L21
    Type: "AWS::Macie::CustomDataIdentifier"
    Properties:
      Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
      Keywords:
        - "PATIENT"
      Name: "Patient ID"
macie_demo.yml#L21
    Type: "AWS::Macie::CustomDataIdentifier"
    Properties:
      Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
      Keywords:
        - "PATIENT"
      Name: "Patient ID"
product.template-eu-central-1.yaml#L12
    Type: AWS::Macie::CustomDataIdentifier
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
    Properties:
      Name: !Ref 'Name'
      Regex: !Ref 'Regex'
Outputs:
product.template-eu-west-2.yaml#L12
    Type: AWS::Macie::CustomDataIdentifier
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
    Properties:
      Name: !Ref 'Name'
      Regex: !Ref 'Regex'
Outputs:
MacieCustomDataIdentifierSpecification.json#L3
    "AWS::Macie::CustomDataIdentifier": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html",
      "Properties": {
        "Name": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html#cfn-macie-customdataidentifier-name",
          "UpdateType": "Immutable",
awsResouceIconMatches.json#L2218
        "resourceType": "AWS::Macie::CustomDataIdentifier",
        "filePath": null
      }
    ]
  },
  {
template.json#L2103
    "AWS::Macie::CustomDataIdentifier": {
      "Type": "AWS::Macie::CustomDataIdentifier",
      "Properties": {}
    },
    "AWS::ECS::TaskSet": {
      "Type": "AWS::ECS::TaskSet",

Parameters

Explanation in CloudFormation Registry

The AWS::Macie::CustomDataIdentifier resource is a set of criteria that you define to detect sensitive data in one or more data sources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in the data. It can also specify character sequences, such as words and phrases, and a proximity rule that refine the analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet your organization's specific needs and supplement the built-in, managed data identifiers that Amazon Macie provides.

A Session must exist for the account before you can create a CustomDataIdentifier. Use a DependsOn attribute to ensure that the Session is created before the other resources. For example, "DependsOn: Session".

Frequently asked questions

What is AWS Macie Member Account Association?

AWS Macie Member Account Association is a resource for Macie of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Macie Member Account Association?

For Terraform, the tesera/terraform-modules, gauravgitdir/Jack and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the comp9447-team4/soar, garystafford/macie-demo and taakmara/macie-demo source code examples are useful. See the CloudFormation Example section for further details.