This workflow template helps organizations automate the task of monitoring Amazon Macie for unencrypted S3 buckets. On a set schedule, it retrieves Macie data, based on custom queries for each specified AWS region. The results are then summarized and reported via Slack, ensuring that security teams can quickly stay informed about encryption status and adhere to compliance requirements such as CC6 and SOC2. This essential process aids in Cloud Security Posture Management (CSPM), fostering a culture of proactive security practices.
Optional Triggers
Webhook
Use Cases
CSPM
Workflow Breakdown
Setup specific Macie queries in the Macie Bucket Queries variable step. Unencrypted buckets are configured as an example query.
Add specific regions to query in the Set Workflow Variables step by modifying the region array.
Loop over each region and provide a summary via Slack
In each region, use the criteria to search for specific findings and report via the Slack thread if found.
Vendors
AWS, Slack, Utils
Workflow Output
Daily update via Slack on S3 bucket encryption status.
Tips
Use the links in the workflow to use different search criteria