Remember, telling users or developers “don’t store your sensitive information here” is not as useful as explicitly telling them where to store each type of sensitive information, that avoids confusion, users or developers might find a worse place to host that data if you do not specify where it’s safe.
Activating Amazon Macie you will see how many buckets are open to the world, how many are shared outside your organization, how many of them are encrypted and you will be able to identify which ones need corrections to align with your security policy
The QuickWin around Amazon Macie is only enabling it and viewing periodically the dashboard to ensure that all your S3 buckets are configured properly and there is no misconfiguration that could lead to a security event. Only costs 0.10 USD per bucket per month, can be implemented in a few clicks, and will help you to identify when your data security policies are not properly set up.
The service has a 30-day trial period (free trial) for the assessment of Buckets and Access Controls (data security posture), and 1 GB per month of free data discovery included in Free Tier. If you only activate the service (Quick win) and do not set up discovery jobs greater than 1 GB, you will not be charged during the trial period.
The service has a page to verify current usage and estimate future usage.