How long does it take for the Macie heatmap to accurately reflect changes made to the automated discovery identifiers? As an example, let's say that on the 1st I make a change to which managed data identifiers are selected, and also add some Custom Data Identifiers.

I'm presuming that it'll start to change at the next execution after the change and be somewhat dependent on size of bucket content. I'm hoping/trying to get any kind of feel for what time frame (i.e. a few days?, week?, month(s)?) I can expect that the heatmap will accurately reflect these changes? Or at least be accurate enough to consider it 'good enough' to be reflective of the new terms?

The Macie S3 bucket sensitivity score reflects Automated Sensitive Data Discovery activities that Macie preforms for the bucket, which uses sampling techniques to run automated daily queries on samples of your data. This means that the heat map does not reflect Sensitive Data Discovery Jobs that you've created and run. Therefore, the heat map does not reflect jobs from managed data identifiers that are explicitly selected or custom data identifiers.

The heat map updates daily and the exact time can be viewed in your Macie dashboard under the “S3 buckets” tab.

Additionally, here are some resources you can explore more in depth on Automated Data Discovery and the Heat Map:

  • I'm aware of how it works, I know that terms used during scan do not impact heatmap. My question is -- once I make a change to the automated template (the terms that Macie uses in the automated sampling and thus the heatmapping), how long of a time period has to elapse before the heatmapping is generally reflective of the change.

