Macie2 / Client / get_reveal_configuration

get_reveal_configuration#

Macie2.Client.get_reveal_configuration()#

Retrieves the status and configuration settings for retrieving occurrences of sensitive data reported by findings.

See also: AWS API Documentation

Request Syntax

response = client.get_reveal_configuration()
Return type:

dict

Returns:

Response Syntax

{
    'configuration': {
        'kmsKeyId': 'string',
        'status': 'ENABLED'|'DISABLED'
    },
    'retrievalConfiguration': {
        'externalId': 'string',
        'retrievalMode': 'CALLER_CREDENTIALS'|'ASSUME_ROLE',
        'roleName': 'string'
    }
}

Response Structure

  • (dict) –

    The request succeeded.

    • configuration (dict) –

      The KMS key that’s used to encrypt the sensitive data, and the status of the configuration for the Amazon Macie account.

      • kmsKeyId (string) –

        The Amazon Resource Name (ARN), ID, or alias of the KMS key to use to encrypt sensitive data that’s retrieved. The key must be an existing, customer managed, symmetric encryption key that’s enabled in the same Amazon Web Services Region as the Amazon Macie account.

        If this value specifies an alias, it must include the following prefix: alias/. If this value specifies a key that’s owned by another Amazon Web Services account, it must specify the ARN of the key or the ARN of the key’s alias.

      • status (string) –

        The status of the configuration for the Amazon Macie account. In a request, valid values are: ENABLED, enable the configuration for the account; and, DISABLED, disable the configuration for the account. In a response, possible values are: ENABLED, the configuration is currently enabled for the account; and, DISABLED, the configuration is currently disabled for the account.

    • retrievalConfiguration (dict) –

      The access method and settings that are used to retrieve the sensitive data.

      • externalId (string) –

        The external ID to specify in the trust policy for the IAM role to assume when retrieving sensitive data from affected S3 objects (roleName). The trust policy must include an sts:ExternalId condition that requires this ID.

        This ID is a unique alphanumeric string that Amazon Macie generates automatically after you configure it to assume a role. This value is null if the value for retrievalMode is CALLER_CREDENTIALS.

      • retrievalMode (string) –

        The access method that’s used when retrieving sensitive data from affected S3 objects. Valid values are: ASSUME_ROLE, assume an IAM role that is in the affected Amazon Web Services account and delegates access to Amazon Macie (roleName); and, CALLER_CREDENTIALS, use the credentials of the IAM user who requests the sensitive data.

      • roleName (string) –

        The name of the IAM role that is in the affected Amazon Web Services account and Amazon Macie is allowed to assume when retrieving sensitive data from affected S3 objects for the account. This value is null if the value for retrievalMode is CALLER_CREDENTIALS.

Exceptions

  • Macie2.Client.exceptions.ThrottlingException

  • Macie2.Client.exceptions.ValidationException

  • Macie2.Client.exceptions.InternalServerException

  • Macie2.Client.exceptions.AccessDeniedException