Feature Request: Amazon Macie2 Support

[kamirendawkins]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

As of May 13th a new Version of AWS Macie is available that is incompatible with existing Macie resources.

New or Affected Resource(s)

• aws_macie2_classification_job
• aws_macie2_custom_data_identifier
• aws_macie2_findings_filter

Potential Terraform Configuration

# New Resource - not implemented
resource "aws_macie2_classification_job" "example" {
  name = ""
  description = ""
  job-type = ""
  custom_data_identifier_ids = []
  s3_job_definition = ""
  sampling_percentage = ""
  schedule_frequency = ""
  tags = ""
}

# New Resource - not implemented
resource "aws_macie2_custom_data_identifier" "example" {
  # ...
}

# New Resource - not implemented
resource "aws_macie2_findings_filter" "example" {
  # ...
}

References

• https://aws.amazon.com/about-aws/whats-new/2020/05/announcing-major-enhancements-to-amazon-macie-an-80-percent-plus-price-reduction-and-global-region-expansion/
• https://awscli.amazonaws.com/v2/documentation/api/latest/reference/macie2/index.html#cli-aws-macie2

[ewbankkit]

From the Macie Classic FAQ:

Q: Can I still activate Macie Classic in new accounts?

No, you cannot activate Macie Classic in new accounts. However, you can still use Macie Classic with already activated accounts. You can reach out to AWS support if you have a unique situation and would like to activate Macie Classic in new accounts.

A first step is to note this in the current Macie resource documentation (and maybe rename the category to "Macie Classic" as that's how AWS are now branding Macie v1).

[cparmar]

The pricing for the service has been significantly reduced and the ability to administrate it using the terraform AWS provider would be great.

[anGie44]

Support for the macie2 service client has been merged and will be released with 3.9.0 of the Terraform AWS provider, likely out tomorrow.

[toddmichael]

Support for the macie2 service client has been merged and will be released with 3.9.0 of the Terraform AWS provider, likely out tomorrow.

@anGie44 appears this didn't make it into 3.9.0 or 3.10.0. Trying to sort out the reason, but I'm apparently not bright enough to do that today. Any ideas? Thank you!

[anGie44]

Hi @toddmichael and others following this issue! The support included in v3.9.0 of the Terraform AWS Provider is for the macie2 service client (merged in #15256 per New Service Implementation) but this does not include any new resources/data sources that may relate to this issue. At this time support for new resource/data-sources, such as that in #15408 (Custom Data Identifier), doesn’t have enough community support for the internal team to prioritize; nevertheless, we will continue to monitor the community interest in the features, and once enough support is demonstrated, the team will queue the PR(s) up for review.

[huntersneed]

Hey @anGie44 - thank you for helping drive this over the past few months. I can see it's been a while since there has been any update. Are you still waiting for community support in order to prioritize or is this now on the roadmap with a release in mind? Any information on the future state of this would be greatly appreciated!

[Zordrak]

When this comes I will be very pleased, but I will not be able to make significant use of it unless the cross-account membership resources come with it. It has taken a very long time for SecurityHub cross-account membership to arrive, and I had to use the shell_script provider in a very suboptimal way to manage that relationship until recently. I really want to avoid re-introducing the shell script provider to manage macie2 cross-account membership.

AWS Organizations support for Macie2 is not an answer for me as AWS Organizations management of services is generally sub-standard, and is not manageable on a per-OU level.

So.. really looking forward to this, but please remember to copy and paste the guardduty/securityhub cross-account membership resources.

[ghost]

This has been released in version 3.41.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.