- Newest
- Most votes
- Most comments
Implementing Amazon Macie across multiple AWS accounts, especially in an AWS Organizations setup with different OUs, can be efficiently done by following these best practices:
- Enable Macie at the Organization Level from the organization's management account.
- Utilizing AWS Organizations will automatically enroll new and existing accounts into Macie.
- Select a delegated administrator account for Macie within your AWS Organization for centralized management of Macie settings and monitoring.
- Apply SCPs at the root or OU level to enforce the use of Macie or prevent its disablement across your organization.
- From the delegated administrator account, configure Macie's settings and policies to be applied across all accounts.
- Use the central account to monitor for findings across all accounts and implement automated responses to alerts for swift remediation.
If this has answered your question or was helpful, accepting the answer would be greatly appreciated. Thank you!
Definitely worth a read to the official documentation: https://docs.aws.amazon.com/macie/latest/user/accounts-mgmt-ao.html
What you do is to use a designated account as the delegated Macie administrator account for the organization, then you enable Macie for other accounts in the organization as Macie member account. Below are the documentations on how to manage Macie with AWS Organization and best practices.
https://docs.aws.amazon.com/macie/latest/user/accounts-mgmt-ao.html
https://aws.github.io/aws-security-services-best-practices/guides/macie/
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago