AWS Macie Custom Data Identifier
This page shows how to write Terraform and CloudFormation for Macie Custom Data Identifier and write them securely.
aws_macie2_custom_data_identifier (Terraform)
The Custom Data Identifier in Macie can be configured in Terraform with the resource name aws_macie2_custom_data_identifier
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_macie2_custom_data_identifier" "stripe_identifier" {
name = "Stripe secret"
regex = "STRIPE_SECRET"
depends_on = [ aws_macie2_account.macie_account ]
Parameters
The following arguments are supported:
regex
- (Optional) The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.keywords
- (Optional) An array that lists specific character sequences (keywords), one of which must be within proximity (maximum_match_distance
) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.ignore_words
- (Optional) An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.name
- (Optional) A custom name for the custom data identifier. The name can contain as many as 128 characters. If omitted, Terraform will assign a random, unique name. Conflicts withname_prefix
.name_prefix
- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname
.description
- (Optional) A custom description of the custom data identifier. The description can contain as many as 512 characters.maximum_match_distance
- (Optional) The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.tags
- (Optional) A map of key-value pairs that specifies the tags to associate with the custom data identifier.
In addition to all arguments above, the following attributes are exported:
id
- The unique identifier (ID) of the macie custom data identifier.deleted
- Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.created_at
- The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.arn
- The Amazon Resource Name (ARN) of the custom data identifier.
Explanation in Terraform Registry
Provides a resource to manage an AWS Macie Custom Data Identifier.
AWS::Macie::CustomDataIdentifier (CloudFormation)
The CustomDataIdentifier in Macie can be configured in CloudFormation with the resource name AWS::Macie::CustomDataIdentifier
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
# Type: AWS::Macie::CustomDataIdentifier
# DependsOn: "Session"
# Properties:
# Description: # String
# IgnoreWords:
# - # String
Type: "AWS::Macie::CustomDataIdentifier"
Properties:
Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
Keywords:
- "PATIENT"
Name: "Patient ID"
Type: "AWS::Macie::CustomDataIdentifier"
Properties:
Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
Keywords:
- "PATIENT"
Name: "Patient ID"
Type: AWS::Macie::CustomDataIdentifier
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
Properties:
Name: !Ref 'Name'
Regex: !Ref 'Regex'
Outputs:
Type: AWS::Macie::CustomDataIdentifier
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
Properties:
Name: !Ref 'Name'
Regex: !Ref 'Regex'
Outputs:
"AWS::Macie::CustomDataIdentifier": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html",
"Properties": {
"Name": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html#cfn-macie-customdataidentifier-name",
"UpdateType": "Immutable",
"resourceType": "AWS::Macie::CustomDataIdentifier",
"filePath": null
}
]
},
{
"AWS::Macie::CustomDataIdentifier": {
"Type": "AWS::Macie::CustomDataIdentifier",
"Properties": {}
},
"AWS::ECS::TaskSet": {
"Type": "AWS::ECS::TaskSet",
Parameters
-
Name
required - String -
Description
optional - String -
Regex
required - String -
MaximumMatchDistance
optional - Integer -
Keywords
optional - List -
IgnoreWords
optional - List
Explanation in CloudFormation Registry
The
AWS::Macie::CustomDataIdentifier
resource is a set of criteria that you define to detect sensitive data in one or more data sources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in the data. It can also specify character sequences, such as words and phrases, and a proximity rule that refine the analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet your organization's specific needs and supplement the built-in, managed data identifiers that Amazon Macie provides.A
Session
must exist for the account before you can create aCustomDataIdentifier
. Use a DependsOn attribute to ensure that theSession
is created before the other resources. For example,"DependsOn: Session"
.
Frequently asked questions
What is AWS Macie Custom Data Identifier?
AWS Macie Custom Data Identifier is a resource for Macie of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Macie Custom Data Identifier?
For Terraform, the rutkowskib/repository-security-macie source code example is useful. See the Terraform Example section for further details.
For CloudFormation, the comp9447-team4/soar, taakmara/macie-demo and garystafford/macie-demo source code examples are useful. See the CloudFormation Example section for further details.