Control: 2.1.4 Ensure all data in Amazon S3 has been discovered, classified and secured when required
Macie along with other 3rd party tools can be used to discover, monitor, classify, and inventory S3 buckets.
Using a Cloud service or 3rd Party software to continuously monitor and automate the process of data discovery and classification for S3 buckets using machine learning and pattern matching is a strong defense in protecting that information.
- Enable Macie through the Macie console.
- Create an S3 bucket to use as a repository for sensitive data discovery results.
- Select the buckets you want Macie to analyze and then create a job.
- After the job has run, review the findings by selecting Findings in the left pane.
Run the control in your terminal:
steampipe check aws_compliance.control.cis_v140_2_1_4
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.control.cis_v140_2_1_4
This control uses a named query:s3_bucket_protected_by_macie