By using AWS re:Post, you agree to the AWS re:Post Terms of Use

What's the best way to implement Macie across multiple accounts and manage them?

0

I'm looking to implement Macie in multiple accounts. The accounts are structured in AWS organizations and we have different OUs. Wondering the best way to implement these. If these should be implemented at root or OU level, and so forth.

Is there documentation on the steps for implementing this and best practices?

3 Answers
1

Implementing Amazon Macie across multiple AWS accounts, especially in an AWS Organizations setup with different OUs, can be efficiently done by following these best practices:

  • Enable Macie at the Organization Level from the organization's management account.
  • Utilizing AWS Organizations will automatically enroll new and existing accounts into Macie.
  • Select a delegated administrator account for Macie within your AWS Organization for centralized management of Macie settings and monitoring.
  • Apply SCPs at the root or OU level to enforce the use of Macie or prevent its disablement across your organization.
  • From the delegated administrator account, configure Macie's settings and policies to be applied across all accounts.
  • Use the central account to monitor for findings across all accounts and implement automated responses to alerts for swift remediation.

If this has answered your question or was helpful, accepting the answer would be greatly appreciated. Thank you!

profile picture
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
profile picture
EXPERT
reviewed 8 months ago
1

Definitely worth a read to the official documentation: https://docs.aws.amazon.com/macie/latest/user/accounts-mgmt-ao.html

profile picture
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
profile picture
EXPERT
reviewed 8 months ago
1

What you do is to use a designated account as the delegated Macie administrator account for the organization, then you enable Macie for other accounts in the organization as Macie member account. Below are the documentations on how to manage Macie with AWS Organization and best practices.

https://docs.aws.amazon.com/macie/latest/user/accounts-mgmt-ao.html

https://aws.github.io/aws-security-services-best-practices/guides/macie/

https://aws.amazon.com/blogs/security/best-practices-for-setting-up-amazon-macie-with-aws-organizations/

profile pictureAWS
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
profile picture
EXPERT
reviewed 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions