Remember, telling users or developers “don’t store your sensitive information here” is not as useful as explicitly telling them where to store each type of sensitive information, that avoids confusion, users or developers might find a worse place to host that data if you do not specify where it’s safe.
Activating Amazon Macie you will see how many buckets are open to the world, how many are shared outside your organization, how many of them are encrypted and you will be able to identify which ones need corrections to align with your security policy
The QuickWin around Amazon Macie is only enabling it and viewing periodically the dashboard to ensure that all your S3 buckets are configured properly and there is no misconfiguration that could lead to a security event. Only costs 0.10 USD per bucket per month, can be implemented in a few clicks, and will help you to identify when your data security policies are not properly set up. If you enable Automated Data Sensitivity Discovery you will gain additional insights regarding which kind of data is stored on each bucket and has a free trial that will allow you to estimate the cost.
https://www.xmind.net/m/BDQYjp
There are solutions for data discovery and classification in AWS Marketplace , such as Data Sunrise and Varonis.
https://aws.amazon.com/macie/pricing
The service has a 30-day trial period (free trial) for the assessment of Buckets and Access Controls (data security posture) and for Automatic data sensitivity discovery, and 1 GB per month of free data discovery included in the Free Tier.
If you only activate the service (Quick win) and do not set up discovery jobs greater than 1 GB, you will not be charged during the trial period.
The service has a page to verify usage during and estimate future usage (leverage the free-trial to estimate the next month’s cost).