[New Resource]: aws_macie2_allow_list

[timhaley94]

Description

A feature that Amazon Macie provides is the concept of an "allow list". Macie is a service which scans S3 objects in order to find data that shouldn't be there like user generated content (UGC) and personal data (PD/PII). The idea of the allow list is to allow specific values, specified by regular expression, that should always be considered safe.

For example, perhaps you want to find emails in your S3 bucket but you want to ignore foo@test.com.

My team at Trello uses Macie to detect sensitive data and we configure Macie using Terraform. We have started utilizing allow lists, however, we need to configure them manually in the console because no Terraform resource exists. The equivalent AWS API endpoint and function in the Go SDK exist already.

Requested Resource(s) and/or Data Source(s)

Resource name: aws_macie2_allow_list Attributes (just taken from the AWS API docs):

• name: string
• description: string (optional)
• tags: map(string) (optional)
• regex: string
• word_list_bucket_name: string
• word_list_object_key: string

Either regex or word_list_bucket_name and word_list_object_key would be required both options should not be present. regex allows you to allow list values via regex and word_list_bucket_name/word_list_object_key let's you provide a plain text file of delimited literal values which should be ignored.

aws_macie2_allow_list is a confusing name here since it implies a list not an entry, but that's what is used in the AWS documentation so aligning the terraform resource with it makes sense.

Potential Terraform Configuration

resource "aws_macie2_allow_list" "tester_email" {
  name        = "Tester Email"
  description = "We use this email for testing, so it shouldn't be considered PII"
  regex       = "foo@test.com"

  depends_on  = [aws_macie2_account.main]
}

References

The equivalent AWS API endpoint. The equivalent function in the Go SDK.

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[Gert25]

Any update on when this feature will be prioritized?