Skip to content

Resource: awsMacie2ClassificationJob

Provides a resource to manage an AWS Macie Classification Job.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsMacie2AccountTest = new aws.macie2Account.Macie2Account(
  this,
  "test",
  {}
);
const awsMacie2ClassificationJobTest =
  new aws.macie2ClassificationJob.Macie2ClassificationJob(this, "test_1", {
    depends_on: [`\${${awsMacie2AccountTest.fqn}}`],
    jobType: "ONE_TIME",
    name: "NAME OF THE CLASSIFICATION JOB",
    s3JobDefinition: {
      bucketDefinitions: [
        {
          accountId: "ACCOUNT ID",
          buckets: ["S3 BUCKET NAME"],
        },
      ],
    },
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsMacie2ClassificationJobTest.overrideLogicalId("test");

Argument Reference

The following arguments are supported:

  • scheduleFrequency - (Optional) The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the jobType property to ONE_TIME. (documented below)
  • customDataIdentifierIds - (Optional) The custom data identifiers to use for data analysis and classification.
  • samplingPercentage - (Optional) The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.
  • name - (Optional) A custom name for the job. The name can contain as many as 500 characters. If omitted, Terraform will assign a random, unique name. Conflicts with namePrefix.
  • namePrefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.
  • description - (Optional) A custom description of the job. The description can contain as many as 200 characters.
  • initialRun - (Optional) Specifies whether to analyze all existing, eligible objects immediately after the job is created.
  • jobType - (Required) The schedule for running the job. Valid values are: ONE_TIME - Run the job only once. If you specify this value, don't specify a value for the scheduleFrequency property. scheduled - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the scheduleFrequency property to define the recurrence pattern for the job.
  • s3JobDefinition - (Optional) The S3 buckets that contain the objects to analyze, and the scope of that analysis. (documented below)
  • tags - (Optional) A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
  • jobStatus - (Optional) The status for the job. Valid values are: cancelled, running and USER_PAUSED

The scheduleFrequency object supports the following:

  • dailySchedule - (Optional) Specifies a daily recurrence pattern for running the job.
  • weeklySchedule - (Optional) Specifies a weekly recurrence pattern for running the job.
  • monthlySchedule - (Optional) Specifies a monthly recurrence pattern for running the job.

The s3JobDefinition object supports the following:

  • bucketCriteria - (Optional) The property- and tag-based conditions that determine which S3 buckets to include or exclude from the analysis. Conflicts with bucketDefinitions. (documented below)
  • bucketDefinitions - (Optional) An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for the account. Conflicts with bucketCriteria. (documented below)
  • scoping - (Optional) The property- and tag-based conditions that determine which objects to include or exclude from the analysis. (documented below)

bucket_criteria Configuration Block

The bucketCriteria object supports the following:

  • excludes - (Optional) The property- or tag-based conditions that determine which S3 buckets to exclude from the analysis. (documented below)
  • includes - (Optional) The property- or tag-based conditions that determine which S3 buckets to include in the analysis. (documented below)

The excludes and includes object supports the following:

  • and - (Optional) An array of conditions, one for each condition that determines which S3 buckets to include or exclude from the job. (documented below)

The and object supports the following:

  • simpleCriterion - (Optional) A property-based condition that defines a property, operator, and one or more values for including or excluding an S3 buckets from the job. (documented below)
  • tagCriterion - (Optional) A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an S3 buckets from the job. (documented below)

The simpleCriterion object supports the following:

  • comparator - (Required) The operator to use in a condition. Valid combination of values are available in the AWS Documentation
  • key - (Required) The object property to use in the condition. Valid combination of values are available in the AWS Documentation
  • values - (Required) An array that lists the values to use in the condition. Valid combination of values are available in the AWS Documentation

The tagCriterion object supports the following:

  • comparator - (Required) The operator to use in the condition. Valid combination and values are available in the AWS Documentation
  • tagValues - (Required) The tag key and value pairs to use in the condition. One or more blocks are allowed. (documented below)

The tagValues object supports the following:

  • key - (Required) The tag key.
  • value - (Required) The tag value.

bucket_definitions Configuration Block

The bucketDefinitions object supports the following:

  • accountId - (Required) The unique identifier for the AWS account that owns the buckets.
  • buckets - (Required) An array that lists the names of the buckets.

scoping Configuration Block

The scoping object supports the following:

  • excludes - (Optional) The property- or tag-based conditions that determine which objects to exclude from the analysis. (documented below)
  • includes - (Optional) The property- or tag-based conditions that determine which objects to include in the analysis. (documented below)

The excludes and includes object supports the following:

  • and - (Optional) An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below)

The and object supports the following:

  • simpleScopeTerm - (Optional) A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below)
  • tagScopeTerm - (Optional) A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below)

The simpleScopeTerm object supports the following:

  • comparator - (Optional) The operator to use in a condition. Valid values are: eq, gt, gte, lt, lte, ne, contains, STARTS_WITH
  • values - (Optional) An array that lists the values to use in the condition.
  • key - (Optional) The object property to use in the condition.

The tagScopeTerm object supports the following:

  • comparator - (Optional) The operator to use in the condition.
  • tagValues - (Optional) The tag keys or tag key and value pairs to use in the condition.
  • key - (Required) The tag key to use in the condition. The only valid value is tag.
  • target - (Required) The type of object to apply the condition to. The only valid value is S3_OBJECT.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The unique identifier (ID) of the macie classification job.
  • createdAt - The date and time, in UTC and extended RFC 3339 format, when the job was created.
  • userPausedDetails - If the current status of the job is USER_PAUSED, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for jobStatus is USER_PAUSED.

Import

awsMacie2ClassificationJob can be imported using the id, e.g.,

$ terraform import aws_macie2_classification_job.example abcd1