LLM Capability

Data Classification

Using LLMs to categorize, tag, or label S3-stored objects based on content analysis — by topic, sensitivity level, or compliance category.

7 connections 2 resources

Summary

What it is

Using LLMs to categorize, tag, or label S3-stored objects based on content analysis — by topic, sensitivity level, or compliance category.

Where it fits

Data classification enables governance over S3 data lakes. It identifies PII, classifies documents by sensitivity, and routes data to appropriate processing pipelines — all of which are critical at scale where manual review is impossible.

Misconceptions / Traps
  • Classification accuracy varies by data type and domain. General-purpose LLMs may misclassify domain-specific content. Fine-tuned or domain-adapted models improve accuracy.
  • Classification is not a substitute for proper access controls. Tagging data as "sensitive" does not protect it — IAM policies and encryption must enforce the classification.
Key Connections
  • depends_on General-Purpose LLM — requires content understanding
  • augments Apache Iceberg — enriches table metadata with classification tags
  • constrained_by High Cloud Inference Cost — per-object processing is expensive
  • scoped_to LLM-Assisted Data Systems, Metadata Management

Definition

What it is

Using LLMs to categorize, tag, or label S3-stored objects based on content analysis — classifying documents by topic, sensitivity level, or compliance category.

Why it exists

S3 buckets accumulate vast quantities of unlabeled data. Classification enables governance (identifying PII), organization (routing data to correct processing pipelines), and discovery (finding relevant data across a large lake).

Primary use cases

PII detection in S3-stored documents, automated data governance tagging, content-based routing in data lake ingestion.

Recent developments

Latest signals
  • Amazon Macie is the AWS-managed S3 PII-detection default. ML + pattern-matching automatically discovers, classifies, and protects sensitive data in S3 buckets — covers PII, PHI, credentials, financial info — with built-in managed data identifiers for many country-specific data types (US SSN, EU VAT, UK NI, etc.). Per AWS docs — Macie data classification.
  • LLM-powered PII detection achieves 92% precision / 95% recall. Databricks's LogSentinel architecture combines multi-tier labeling + smart prompt engineering + multi-model orchestration. The improved precision is being integrated back into Databricks's data-governance product to benefit all customers. Per Databricks Blog — LogSentinel LLM-Powered PII Detection.
  • Macie ↔ EventBridge integration enables custom remediation pipelines. Macie sends all classification findings to Amazon EventBridge — operators build custom remediation + alert-management workflows (auto-quarantine, ticket creation, encryption uplift) on top. Per Stormit — Amazon Macie Detect PII in S3.
  • EU Data Act expands classification + governance requirements (effective Sept 2025). AWS published guidance specifically on navigating EU Data Act for IoT solutions, including data-discovery + classification + governance pieces. Classification becomes the upstream prerequisite for the Data Act's data-portability + data-sharing obligations. Per AWS — Navigating EU Data Act for IoT Solutions.
  • Managed Data Identifiers cover GDPR / HIPAA / PCI-DSS regulatory regimes. Amazon Macie's managed data identifiers cover a large and growing list of sensitive data types for many countries and regions — credentials, financial, PHI, PII — mapped to specific compliance regimes. Per AWS docs — Macie managed data identifiers.
  • Cross-database classification: Macie + RDS integration. AWS published guidance on extending Macie's classification model to Amazon RDS databases — Macie's ML model + identifiers work against structured database content, not just S3 objects. Per AWS Security Blog — Enabling Data Classification for RDS with Macie.

Connections 7

Outbound 5
Inbound 2

Resources 2