Package-level declarations

Provides information about the permissions settings of the bucket-level access control list (ACL) for an S3 bucket.

Provides information about an error that occurred due to insufficient access to a specified resource.

Specifies the details of an account to associate with an Amazon Macie administrator account.

Provides information about the account-level permissions settings that apply to an S3 bucket.

Provides information about the delegated Amazon Macie administrator account for an organization in Organizations.

The current status of an account as the delegated Amazon Macie administrator account for an organization in Organizations. Possible values are:

Specifies the criteria for an allow list. The criteria must specify a regular expression (regex) or an S3 object (s3WordsList). It can't specify both.

Provides information about the current status of an allow list, which indicates whether Amazon Macie can access and use the list's criteria.

Indicates the current status of an allow list. Depending on the type of criteria that the list specifies, possible values are:

Provides a subset of information about an allow list.

Provides information about an API operation that an entity invoked for an affected resource.

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the AssumeRole operation of the Security Token Service (STS) API.

Specifies whether to automatically enable automated sensitive data discovery for accounts that are part of an organization in Amazon Macie. Valid values are:

Provides information about the status of automated sensitive data discovery for an Amazon Macie account.

The status of automated sensitive data discovery for an Amazon Macie account. Valid values are:

Changes the status of automated sensitive data discovery for an Amazon Macie account.

Provides information about a request that failed to change the status of automated sensitive data discovery for an Amazon Macie account.

The error code that indicates why a request failed to change the status of automated sensitive data discovery for an Amazon Macie account. Possible values are:

Specifies whether automated sensitive data discovery is currently configured to analyze objects in an S3 bucket. Possible values are:

The status of the automated sensitive data discovery configuration for an organization in Amazon Macie or a standalone Macie account. Valid values are:

Specifies whether occurrences of sensitive data can be retrieved for a finding. Possible values are:

Provides information about an Amazon Web Services account and entity that performed an action on an affected resource. The action was performed using the credentials for an Amazon Web Services account other than your own account.

Provides information about an Amazon Web Service that performed an action on an affected resource.

Provides information about a custom data identifier.

Provides information about the block public access settings for an S3 bucket. These settings can apply to a bucket at the account or bucket level. For detailed information about each setting, see Blocking public access to your Amazon S3 storage in the Amazon Simple Storage Service User Guide.

Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.

Provides information about the number of S3 buckets whose settings do or don't specify default server-side encryption behavior for objects that are added to the buckets. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.

Provides information about the number of S3 buckets whose bucket policies do or don't require server-side encryption of objects when objects are added to the buckets.

Specifies the operator to use in a property-based condition that filters the results of a query for information about S3 buckets.

Provides information about the bucket-level permissions settings for an S3 bucket.

Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.

The code for an error or issue that prevented Amazon Macie from retrieving and processing information about an S3 bucket and the bucket's objects.

Provides information about the account-level and bucket-level permissions settings for an S3 bucket.

Provides information about the permissions settings of the bucket policy for an S3 bucket.

Provides information about the permissions settings that determine whether an S3 bucket is publicly accessible.

Provides information about the default server-side encryption settings for an S3 bucket. For detailed information about these settings, see Setting default server-side encryption behavior for Amazon S3 buckets in the Amazon Simple Storage Service User Guide.

Specifies criteria for sorting the results of a query for information about S3 buckets.

Provides aggregated statistical data for sensitive data discovery metrics that apply to S3 buckets, grouped by bucket sensitivity score (sensitivityScore). If automated sensitive data discovery is currently disabled for your account, the value for most of these metrics is 0.

Specifies the location of an occurrence of sensitive data in a Microsoft Excel workbook, CSV file, or TSV file.

Provides information about a sensitive data finding and the details of the finding.

Specifies where to store data classification results, and the encryption settings to use when storing results in that location. The location must be an S3 general purpose bucket.

Provides the details of a sensitive data finding, including the types, number of occurrences, and locations of the sensitive data that was detected.

Provides information about the status of a sensitive data finding.

Provides information about the classification scope for an Amazon Macie account. Macie uses the scope's settings when it performs automated sensitive data discovery for the account.

Specifies how to apply changes to the S3 bucket exclusion list defined by the classification scope for an Amazon Macie account. Valid values are:

Provides information about an error that occurred due to a versioning conflict for a specified resource.

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job.

Specifies a property- or tag-based condition that defines criteria for including or excluding S3 buckets from a classification job.

Specifies the operator to use in a property-based condition that filters the results of a query for findings. For detailed information and examples of each operator, see Fundamentals of filtering findings in the Amazon Macie User Guide.

The type of currency that the data for an Amazon Macie usage metric is reported in. Possible values are:

Provides information about custom data identifiers that produced a sensitive data finding, and the number of occurrences of the data that they detected for the finding.

Provides information about a custom data identifier.

Provides information about a custom data identifier that produced a sensitive data finding, and the sensitive data that it detected for the finding.

Specifies that a classification job runs once a day, every day. This is an empty object.

The severity of a finding, ranging from LOW, for least severe, to HIGH, for most severe. Valid values are:

The type of data identifier that detected a specific type of sensitive data in an S3 bucket. Possible values are:

Provides information about a type of sensitive data that was detected by a managed data identifier and produced a sensitive data finding.

Specifies 1-10 occurrences of a specific type of sensitive data reported by a finding.

Provides information about a type of sensitive data that Amazon Macie found in an S3 bucket while performing automated sensitive data discovery for an account. The information also specifies the custom or managed data identifier that detected the data. This information is available only if automated sensitive data discovery has been enabled for the account.

Provides information about the domain name of the device that an entity used to perform an action on an affected resource.

The server-side encryption algorithm that was used to encrypt an S3 object or is used by default to encrypt objects that are added to an S3 bucket. Possible values are:

The source of an issue or delay. Possible values are:

Provides information about an identity that performed an action on an affected resource by using temporary security credentials. The credentials were obtained using the GetFederationToken operation of the Security Token Service (STS) API.

Provides the details of a finding.

Provides information about an action that occurred for a resource and produced a policy finding.

The type of action that occurred for the resource and produced the policy finding:

Provides information about an entity that performed an action that produced a policy finding for a resource.

The category of the finding. Possible values are:

Specifies, as a map, one or more property-based conditions that filter the results of a query for findings.

The frequency with which Amazon Macie publishes updates to policy findings for an account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly Amazon CloudWatch Events). For more information, see Monitoring and processing findings in the Amazon Macie User Guide. Valid values are:

The action to perform on findings that match the filter criteria. To suppress (automatically archive) findings that match the criteria, set this value to ARCHIVE. Valid values are:

Provides information about a findings filter.

The grouping to sort the results by. Valid values are:

Specifies criteria for sorting the results of a query that retrieves aggregated statistical data about findings.

The type of finding. For details about each type, see Types of findings in the Amazon Macie User Guide. Possible values are:

Provides a group of results for a query that retrieved aggregated statistical data about findings.

Provides information about an Identity and Access Management (IAM) user who performed an action on an affected resource.

Provides information about an error that occurred due to an unknown internal server error, exception, or failure.

Provides information about an Amazon Macie membership invitation.

Provides information about the IP address of the device that an entity used to perform an action on an affected resource.

Provides information about the city that an IP address originated from.

Provides information about the country that an IP address originated from.

Provides geographic coordinates that indicate where a specified IP address originated from.

Provides information about the registered owner of an IP address.

The operator to use in a condition. Depending on the type of condition, possible values are:

Specifies whether any one-time or recurring classification jobs are configured to analyze objects in an S3 bucket, and, if so, the details of the job that ran most recently.

Specifies the recurrence pattern for running a classification job.

Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job. A JobScopeTerm object can contain only one simpleScopeTerm object or one tagScopeTerm object.

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.

The status of a classification job. Possible values are:

Provides information about a classification job, including the current status of the job.

The schedule for running a classification job. Valid values are:

Provides information about the tags that are associated with an S3 bucket or object. Each tag consists of a required tag key and an associated tag value.

Specifies whether any account- or bucket-level access errors occurred when a classification job ran. For information about using logging data to investigate these errors, see Monitoring sensitive data discovery jobs in the Amazon Macie User Guide.

Specifies whether any account- or bucket-level access errors occurred during the run of a one-time classification job or the most recent run of a recurring classification job. Possible values are:

Specifies criteria for filtering the results of a request for information about classification jobs.

The property to use to filter the results. Valid values are:

Specifies a condition that filters the results of a request for information about classification jobs. Each condition consists of a property, an operator, and one or more values.

The property to sort the results by. Valid values are:

Specifies criteria for sorting the results of a request for information about classification jobs.

Base class for all service related exceptions thrown by the Macie2 client

The status of an Amazon Macie account. Valid values are:

The selection type that determines which managed data identifiers a classification job uses to analyze data. Valid values are:

Provides information about a managed data identifier. For additional information, see Using managed data identifiers in the Amazon Macie User Guide.

Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.

Provides statistical data and other information about an Amazon Web Services resource that Amazon Macie monitors and analyzes for your account.

Provides information about an account that's associated with an Amazon Macie administrator account.

Specifies a monthly recurrence pattern for running a classification job.

Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.

Provides information about the total storage size (in bytes) or number of objects that Amazon Macie can't analyze in one or more S3 buckets. In a BucketMetadata or MatchingBucket object, this data is for a specific bucket. In a GetBucketStatisticsResponse object, this data is aggregated for all the buckets in the query results. If versioning is enabled for a bucket, storage size values are based on the size of the latest version of each applicable object in the bucket.

Specifies the location of 1-15 occurrences of sensitive data that was detected by a managed data identifier or a custom data identifier and produced a sensitive data finding.

Specifies how Amazon Macie found the sensitive data that produced a finding. Possible values are:

Specifies the location of an occurrence of sensitive data in an Adobe Portable Document Format file.

Provides the details of a policy finding.

Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.

Specifies the location of an occurrence of sensitive data in an Apache Avro object container, Apache Parquet file, JSON file, or JSON Lines file.

The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:

Provides information about settings that define whether one or more objects in an S3 bucket are replicated to S3 buckets for other Amazon Web Services accounts and, if so, which accounts.

Provides information about an error that occurred because a specified resource wasn't found.

Provides information about an S3 object that Amazon Macie selected for analysis while performing automated sensitive data discovery for an account, and the status and results of the analysis. This information is available only if automated sensitive data discovery has been enabled for the account.

Provides information about the resources that a finding applies to.

Provides statistical data for sensitive data discovery metrics that apply to an S3 bucket that Amazon Macie monitors and analyzes for an account, if automated sensitive data discovery has been enabled for the account. The data captures the results of automated sensitive data discovery activities that Macie has performed for the bucket.

Provides information about the access method and settings that are used to retrieve occurrences of sensitive data reported by findings.

The access method to use when retrieving occurrences of sensitive data reported by findings. Valid values are:

Specifies the status of the Amazon Macie configuration for retrieving occurrences of sensitive data reported by findings, and the Key Management Service (KMS) key to use to encrypt sensitive data that's retrieved. When you enable the configuration for the first time, your request must specify an KMS key. Otherwise, an error occurs.

The status of a request to retrieve occurrences of sensitive data reported by a finding. Possible values are:

The status of the configuration for retrieving occurrences of sensitive data reported by findings. Valid values are:

Provides information about the S3 bucket that a finding applies to. If a quota prevented Amazon Macie from retrieving and processing all the bucket's information prior to generating the finding, the following values are UNKNOWN or null: allowsUnencryptedObjectUploads, defaultServerSideEncryption, publicAccess, and tags.

Specifies property- and tag-based conditions that define criteria for including or excluding S3 buckets from a classification job. Exclude conditions take precedence over include conditions.

Specifies an Amazon Web Services account that owns S3 buckets for a classification job to analyze, and one or more specific buckets to analyze for that account.

Provides information about the Amazon Web Services account that owns an S3 bucket.

Specifies the S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Specifies the names of the S3 buckets that are excluded from automated sensitive data discovery.

Specifies S3 buckets to add or remove from the exclusion list defined by the classification scope for an Amazon Macie account.

Specifies changes to the list of S3 buckets that are excluded from automated sensitive data discovery for an Amazon Macie account.

Specifies an S3 bucket to store data classification results in, and the encryption settings to use when storing results in that bucket.

Specifies which S3 buckets contain the objects that a classification job analyzes, and the scope of that analysis. The bucket specification can be static (bucketDefinitions) or dynamic (bucketCriteria). If it's static, the job analyzes objects in the same predefined set of buckets each time the job runs. If it's dynamic, the job analyzes objects in any buckets that match the specified criteria each time the job starts to run.

Provides information about the S3 object that a finding applies to.

Provides information about an S3 object that lists specific text to ignore.

The property to use in a condition that determines whether an S3 object is included or excluded from a classification job. Valid values are:

Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.

Specifies property- and tag-based conditions that define filter criteria for including or excluding S3 buckets from the query results. Exclude conditions take precedence over include conditions.

The operator to use in a condition that filters the results of a query. Valid values are:

Specifies a property- or tag-based filter condition for including or excluding Amazon Web Services resources from the query results.

Specifies property- and tag-based conditions that define filter criteria for including or excluding Amazon Web Services resources from the query results.

Specifies a property-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

The property to use in a condition that filters the query results. Valid values are:

The property to sort the query results by. Valid values are:

Specifies criteria for sorting the results of a query for information about Amazon Web Services resources that Amazon Macie monitors and analyzes.

Specifies a tag-based filter condition that determines which Amazon Web Services resources are included or excluded from the query results.

Specifies a tag key, a tag value, or a tag key and value (as a pair) to use in a tag-based filter condition for a query. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based filter conditions.

Specifies configuration settings that determine which findings are published to Security Hub automatically. For information about how Macie publishes findings to Security Hub, see Evaluating findings with Security Hub in the Amazon Macie User Guide.