AWS Macie Member

This page shows how to write Terraform and CloudFormation for Macie Member and write them securely.

aws_macie2_member (Terraform)

The Member in Macie can be configured in Terraform with the resource name aws_macie2_member. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • account_id - (Required) The AWS account ID for the account.
  • email - (Required) The email address for the account.
  • tags - (Optional) A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.
  • status - (Optional) Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to ENABLED. Valid values are ENABLED or PAUSED.
  • invite - (Optional) Send an invitation to a member
  • invitation_message - (Optional) A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.
  • invitation_disable_email_notification - (Optional) Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.

In addition to all arguments above, the following attributes are exported:

  • id - The unique identifier (ID) of the macie Member.
  • arn - The Amazon Resource Name (ARN) of the account.
  • relationship_status - The current status of the relationship between the account and the administrator account.
  • administrator_account_id - The AWS account ID for the administrator account.
  • invited_at - The date and time, in UTC and extended RFC 3339 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.
  • updated_at - The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the relationship between the account and the administrator account.

Explanation in Terraform Registry

Provides a resource to manage an Amazon Macie Member.

AWS::Macie::CustomDataIdentifier (CloudFormation)

The CustomDataIdentifier in Macie can be configured in CloudFormation with the resource name AWS::Macie::CustomDataIdentifier. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

macie.yml#L28
  # Type: AWS::Macie::CustomDataIdentifier
  # DependsOn: "Session"
  # Properties:
  #     Description: # String
  #     IgnoreWords:
  #         - # String
macie_demo.yml#L21
    Type: "AWS::Macie::CustomDataIdentifier"
    Properties:
      Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
      Keywords:
        - "PATIENT"
      Name: "Patient ID"
macie_demo.yml#L21
    Type: "AWS::Macie::CustomDataIdentifier"
    Properties:
      Description: "Patient ID CDI (e.g., 034e9e3b-2def-4559-bb2a-7850888ae060)"
      Keywords:
        - "PATIENT"
      Name: "Patient ID"
product.template-ap-east-1.yaml#L12
    Type: AWS::Macie::CustomDataIdentifier
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
    Properties:
      Name: !Ref 'Name'
      Regex: !Ref 'Regex'
Outputs:
product.template-eu-west-1.yaml#L12
    Type: AWS::Macie::CustomDataIdentifier
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html
    Properties:
      Name: !Ref 'Name'
      Regex: !Ref 'Regex'
Outputs:
MacieCustomDataIdentifierSpecification.json#L3
    "AWS::Macie::CustomDataIdentifier": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html",
      "Properties": {
        "Name": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-macie-customdataidentifier.html#cfn-macie-customdataidentifier-name",
          "UpdateType": "Immutable",
awsResouceIconMatches.json#L2218
        "resourceType": "AWS::Macie::CustomDataIdentifier",
        "filePath": null
      }
    ]
  },
  {
template.json#L2103
    "AWS::Macie::CustomDataIdentifier": {
      "Type": "AWS::Macie::CustomDataIdentifier",
      "Properties": {}
    },
    "AWS::ECS::TaskSet": {
      "Type": "AWS::ECS::TaskSet",

Parameters

Explanation in CloudFormation Registry

The AWS::Macie::CustomDataIdentifier resource is a set of criteria that you define to detect sensitive data in one or more data sources. Each identifier specifies a regular expression (regex) that defines a text pattern to match in the data. It can also specify character sequences, such as words and phrases, and a proximity rule that refine the analysis of a data source. By using custom data identifiers, you can tailor your analysis to meet your organization's specific needs and supplement the built-in, managed data identifiers that Amazon Macie provides.

A Session must exist for the account before you can create a CustomDataIdentifier. Use a DependsOn attribute to ensure that the Session is created before the other resources. For example, "DependsOn: Session".

Frequently asked questions

What is AWS Macie Member?

AWS Macie Member is a resource for Macie of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Macie Member?

For CloudFormation, the comp9447-team4/soar, taakmara/macie-demo and garystafford/macie-demo source code examples are useful. See the CloudFormation Example section for further details.