Implementing Data Protection in AWS with Ionic Machina

How does an organization ensure its data is protected as it moves to the cloud? AWS provides a proven secure cloud environment, which is a great data security foundation. However, that’s where their responsibility for security ends. Responsibility for protecting and verifying data within AWS shifts to you, the owner of the data. So, where do you start? First, encrypt the data using external key management to significantly decrease single-company risk. Then apply global policies and define who can access it. Through the AWS Marketplace you’ve found a solution that answers these data security concerns and more — Ionic MachinaTM.

Machina provides you full control over how your data is accessed and handled with just a few lines of code. You can define and enforce data protection policies in real-time with configurable and granular, attribute-based access control (ABAC) and streamlined auditing. Having a single view of all your data activities leveraging real-time analytics enables you to stay on top of how your data is accessed and handled, no matter where it lives.

Now that you’re ready to sign-up, how do you determine which solution offering will best address your needs? 

Let us break down the details.


Machina S3 Unlimited

Machina — S3 UnlimitedUnlimited access to Machina protecting S3 data with on-ramp assistance$18,000$36,000$54,000

Our most popular AWS offering, Machina — S3 Unlimited, is perfect for any client who is migrating data from an on-premises environment to Amazon Simple Storage Service (S3). This offering allows for an unlimited number of Machina policy transactions for data within an S3 cloud environment. 

With the complexity of hybrid systems and differing policy requirements today, it is common for organizations to misconfigure S3 buckets unknowingly. These errors create data vulnerabilities that hackers are now targeting. Leveraging Machina – S3 Unlimited provides the assurance that even if your bucket is misconfigured in S3, it cannot be accessed unless a sophisticated, yet simple-to-create set of policies and attributes are verified at the time of the request. 

Machina All-Access 50

Machina — All-Access 50Machina for up to 50,000 txns/mo, on-ramp assistance, overages apply$36,000$69,000$96,000

Clients looking for protection beyond Amazon S3 with more complex or hybrid environments should consider Machina All-Access 50. This offering was developed for an organization that needs to protect data across multiple environments; on-premises and hybrid cloud architectures. Once Machina is enabled to protect your data, your organization can request 50,000 policy transactions per month. All transactions beyond the 50,000 transaction limit will be charged at $0.10 per transaction. 

If you are unsure of how many transactions your organization would run in a month, below are a few examples to help you estimate.

Example Pricing- A) Multi-Cloud Storage: You have an application that backs up a database every night, and you want to securely store copies of that backup in Amazon S3, Google Cloud Storage, and Azure Blob Storage. You want to use separate keys for the backups you place in each cloud provider for extra security. You expect to require access to these backups less than once per month. 30 backups * 3 cloud providers = 90 key creates per month TOTAL = 90 TRANSACTIONS PER MONTH B) Financial Reporting Application: You have an application that you use to share sensitive company financial details to company leadership, board members, and other key stakeholders. The 10 financial reports are generated in CSV format nightly and displayed on a webpage. The 50 people allowed to view this information only access the reports on average five times per month. 10 reports * 30 days = 300 encrypt transactions 10 reports * 50 people * 5 views = 2500 decrypt transactions TOTAL = 2800 TRANSACTIONS PER MONTH C) Secure Video Streaming: You have a video streaming application that manages video streams from 50 cameras in a facility. You want to rotate the key used for encryption every 30 mins. These video streams will be decrypted for viewing on two different displays. 50 video streams * 1440 30-min periods per month = 72K encrypt transactions 50 video streams * 1440 30-min periods per month * 2 displays = 144K decrypt transactions TOTAL = 216,000 TRANSACTIONS PER MONTH
Machina Transaction Estimates

Machina – All-Access

Machina — All-AccessMachina for custom txns/mo, on-ramp assistance, overages apply$144,000$288,000$432,000

Machina All-Access was developed for highly regulated industries such as financial services, healthcare and government sectors that require more granular policy enforcement. This solution allows for an externally negotiated number of transactions across any environment.

If you determine that your usage exceeds the limits of your current package or your requirements have evolved, you may upgrade to another package at any point during your contract.


Now that you have determined the right Machina offering for you, let’s walk through an easy step-by-step guide to help get you up and running.

Once you’ve completed purchasing Ionic Machina on the AWS Marketplace, you will be redirected to to finish setting up your Machina account.

Step 1:

Once you are redirected to, fill out the form pictured below and agree to the Ionic Security Terms of Use. Next, click on “Get Machina”. screenshot: Spend Less Time Worrying About Data Protection and More Time Building Killer Apps. Machina™ gives you the ability to enforce powerful data access policy with just a few lines of code, providing a consistent, seamless way to assure the ongoing security of data underlying your applications. You can experience the power of Machina for free, in four easy steps: 1. Sign Up Fill out the form on this page to register for and create your free Machina instance. 2. Create Device Credentials Create device API credentials for secure communication with Machina. 3. Install Machina Tools Download the proper SDK for your language of choice to your newly registered device. 4. Create “Hello, World!” Follow simple step-by-step instructions to see the Machina data protection engine in action! Get Machina Now (form fields: Name, Company, Company Email, opt-in) Button: "Get Machina"
Step 1: Fill out form on

Step 2:

Congratulations! We will be in touch within one business day to schedule your personalized onboarding. However, if you would like to get a head start, feel free to proceed with getting Machina access up and running on your system.

Welcome page screenshot: Welcome to Machina™, We're Glad You're Here. Thank you — your AWS Marketplace transaction is now complete. Your instance, which we also refer to as a tenant, is being prepared. You will be contacted by Ionic within one business day to schedule your personalized onboarding. Shortly you will receive two emails from Ionic that you can follow if you’d like to get a head start: 1/2) Welcome to Ionic Machina — Getting Started Email: Overview of the entire onboarding process, including step-by-step instructions on how to get everything configured to leverage Machina and execute the "Hello, World!" sample application. 1. Set your Machina password (via Create Password email) 2. Create device API credentials for secure communication 3. Install the SDK of your choice 4. Run the "Hello, World!" sample application 5. Return to Machina Console to view sample data 2/2) Ionic Machina — Create Password Email: 1. Follow the link in this email to set the password for your new Machina account. 2. Simply bookmark the Machina Console page. You'll come back here after you complete "Hello, World!"
Step 2: Wait for Personalized Onboarding or Get Started Right Away

Step 3:

Review email 1 of 2 with the subject line: “Welcome to Ionic Machina — Getting Started Email

This email provides two primary steps to help you get up and running with Machina. 

Step 3: Review the Getting Started Email
Step 3: Review the Getting Started Email

Step 4:

Review email 2 of 2 with the subject line: “Machina – Create Password”

Follow the provided link and prompts to set up your Machina password.

Step 4: Set Up Machina Password
Step 4: Set Up Machina Password

Step 5:

Now that your password is set, click the link in the second step of the original “Welcome to Ionic Machina” email to create device credentials

Step 5: Create Device Credentials
Step 5: Create Device Credentials

Step 6:

Sit back, relax, and wait for a call from Ionic to schedule your personalized onboarding session. You will be contacted within one business day of registering for Machina.