Amazon Macie (IAM)

aws security

Amazon Macie is a fully managed data security and data privacy service that uses machine learning to discover, monitor, and protect sensitive data in AWS.

Common permissions

macie2:ListFindingsmacie2:GetFindingsmacie2:GetFindingStatisticsmacie2:DescribeBucketsmacie2:GetBucketStatisticsmacie2:ListClassificationJobsmacie2:GetMacieSessionmacie2:GetUsageTotals

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "macie2:ListFindings",
        "macie2:GetFindings",
        "macie2:GetFindingStatistics",
        "macie2:DescribeBuckets",
        "macie2:GetBucketStatistics",
        "macie2:ListClassificationJobs",
        "macie2:GetMacieSession",
        "macie2:GetUsageTotals"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid macie2:* — grants full control including delete and modify operations.
Avoid macie2:DeleteMember — can remove accounts from Macie organization.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/macie2/macie2.json ↗

API

full doc /v1/iam/macie2