0

I am trying to enable AWS Macie via Terraform to run scheduled jobs that scan S3 buckets for sensitive data.

I've been able to create an account and execute an initial scan of my buckets, but I would also like to specify a few managed data identifiers (e.g., address, DOB, drivers license, phone number, etc).

Looking at the HashiCorp documentation (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/macie2_classification_job), I only see information about custom data identifiers.

The AWS REST API docs suggests there is a way using the managedDataIdentifierIds property in CreateClassificationJobRequest but I am struggling to apply it within Terraform.

Defining custom data identifiers may be a workaround, but would I'd like to avoid this path if possible.

How do I use managed data identifiers via Terraform?

resource "aws_macie2_account" "test_scan" {}

resource "aws_macie2_classification_job" "test_scan" {
    job_type = "ONE_TIME"
    name     = "init_test_scan"
    s3_job_definition {
        bucket_definitions {
            account_id = var.account_id
            buckets    = var.buckets
        }
    }


sampling_percentage = 100




depends_on = [aws_macie2_account.test_scan]
}
dr Oq
  • 1

1 Answers1

1

It seems that there is no official support for it yet. This is a brand new feature released on Sep 23rd, 2021, see below:

https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-macie-managed-data-identifiers/

I have created a feature request to the community, your support will be very appreciated:

https://github.com/hashicorp/terraform-provider-aws/issues/21952

brngyn
  • 11
  • 2