A company wants to automatically detect whether sensitive data such as personal information is present inside the S3 buckets used for model training and inference, and to understand what needs protection. Which AWS service is the MOST suitable?
A question about choosing the AWS service that detects sensitive data in S3.
Amazon Macie
Correct. Amazon Macie is a data security service that automatically detects and classifies sensitive data (such as personal information and credentials) in S3 using machine learning. It makes the location of sensitive data visible.
AWS CloudTrail
AWS CloudTrail is an audit log service that records who called which API and when.
It is not a service that detects the contents of sensitive data in S3, so this is incorrect.
AWS Config
AWS Config is a service that records the configuration state and change history of resources and evaluates compliance.
It is not a service that detects the contents of sensitive data in S3, so this is incorrect.
Amazon Inspector
Amazon Inspector is a service that scans for vulnerabilities in EC2, containers, and similar resources.
It is not a service that detects the contents of sensitive data in S3, so this is incorrect.
Note how the correct answer, Amazon Macie, works.
- It automatically detects and classifies sensitive data (such as PII) in S3 using machine learning and makes its location visible.
- It can be used to check whether training/inference data contains sensitive data.
CloudTrail (API logs), Config (configuration compliance), and Inspector (vulnerabilities) are not for detecting the contents of data.