Is there a way to delete old AWS Macie Jobs?


In my use case, we create our jobs via terraform, and the growing list of now obsolete jobs is getting cumbersome. While I can create new .tf when needed, I cannot delete the old ones as the tool throws an error saying (paraphrased) that completed jobs cannot be deleted or modified. I fully endorse not allowing someone to modify an already completed job. However, I'd like to be able to remove jobs that are completed and whos results are no longer being tracked in tool (90 days). Is this possible? or will I have an ever growing list of completed jobs?

asked 8 months ago177 views
2 Answers
Accepted Answer

Unfortunately, AWS Macie does not provide a built-in mechanism to delete old Macie jobs. The Macie jobs are designed to be immutable, meaning that once a job is created, it cannot be modified or deleted.

This is a limitation of the Macie service, as it is intended to maintain a complete historical record of all the Macie jobs that have been run, even if they are no longer actively being used.

However, there are a few workarounds you can consider to manage the growing list of old Macie jobs:

  1. Implement job archiving: You can create a custom script or Lambda function that runs periodically (e.g., weekly or monthly) to archive old Macie jobs that are no longer needed. This can be done by creating a new Macie job that includes the old jobs as the data source, and then deleting the original old jobs. This allows you to maintain a historical record while reducing the clutter in the Macie console.

  2. Use a custom state management solution: Instead of relying solely on the Macie jobs listed in the Macie console, you can maintain a separate state management system (e.g., a database, a file, or a custom application) to keep track of the Macie jobs that are still relevant. This allows you to reference the relevant jobs without having to interact with the Macie console directly.

  3. Leverage AWS Config: You can use AWS Config to track and manage the Macie jobs in your environment. AWS Config can automatically detect changes to your Macie jobs and store a history of those changes, which you can then use to identify and manage the old jobs.

  4. Use a Macie-specific tool or service: There may be third-party tools or services available that can help you manage and clean up old Macie jobs. These tools may provide additional functionality beyond what is available in the Macie console.

While the inability to delete old Macie jobs can be a challenge, these workarounds can help you manage the growing list of completed jobs and maintain a more organized and efficient Macie deployment. Ultimately, the best approach will depend on your specific requirements and the resources available to you.

answered 3 months ago

Was hoping not to have to have a tool to watch the tool, but guess I'm forced to........

answered 4 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions