Among the organization controls there the definition of which data is more sensitive for the organization (the “crown jewels”), and identify where such data should be hosted.
However, we often find sensitive data in additional places than where we expected it to be. Amazon Macie has data identifiers managed by AWS, i.e. rules/patterns to detect sensitive data (e.g. credit cards, id numbers, access keys, contact details and other personally identifiable information, etc.) that allow you to quickly find this data.
Use Amazon Macie to perform sensitive data discovery on your accounts using managed data identifiers to find information that is sensitive for any organization, and supplement searches with custom data identifiers (built using regular expressions) to identify information that is particularly sensitive in your company, industry, country or region.
The service has a 30-day trial period (free trial) for the assessment of Buckets and Access Controls (data security posture), and 1 GB per month of free data discovery included in Free Tier. If you only activate the service (Quick win) and do not set up discovery jobs greater than 1 GB, you will not be charged during the trial period.
The service has a site to verify current usage and estimate future usage.