Skip to main content
All CollectionsTemplatesBasic
Retrieve Daily Unencrypted Bucket Summary (AWS Macie) - Workflow Template
Retrieve Daily Unencrypted Bucket Summary (AWS Macie) - Workflow Template

On a daily schedule retrieve data from Amazon Macie on specific criteria and deliver to a Slack user or Channel.

Updated over a week ago

This workflow template helps organizations automate the task of monitoring Amazon Macie for unencrypted S3 buckets. On a set schedule, it retrieves Macie data, based on custom queries for each specified AWS region. The results are then summarized and reported via Slack, ensuring that security teams can quickly stay informed about encryption status and adhere to compliance requirements such as CC6 and SOC2. This essential process aids in Cloud Security Posture Management (CSPM), fostering a culture of proactive security practices.

Take Me to the Template

Optional Triggers

Webhook

Use Cases

CSPM

Workflow Breakdown

  1. Setup specific Macie queries in the Macie Bucket Queries variable step. Unencrypted buckets are configured as an example query.

  2. Add specific regions to query in the Set Workflow Variables step by modifying the region array.

  3. Loop over each region and provide a summary via Slack

  4. In each region, use the criteria to search for specific findings and report via the Slack thread if found.

Vendors

AWS, Slack, Utils

Workflow Output

Daily update via Slack on S3 bucket encryption status.

Tips

Use the links in the workflow to use different search criteria

Related Articles
Enable AWS S3 Bucket Versioning on Orca Alert - Workflow Template
Enable AWS S3 Bucket Encryption on Alert (PrismaCloud) - Workflow Template
Enable Encryption on AWS S3 Bucket on Alert from Orca - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Handle Wiz Alert for Public AWS S3 Bucket with Sensitive Data - Workflow Template
Did this answer your question?