Update Macie support - CORE-387

[arsci]

Description

Closes CORE-387

Updated ability to nuke Macie resources

Macie itself is simply enabled/disabled for each region, however each instance must be cleared of Member Account links and administrator account links.

Added support for the use of time filter, but does not support the use of configObj regex filtering

Additional testing was done manually with multiple AWS accounts to ensure the proper functionality of the member disassociation/deletion and administrator deletion.

TODOs

Read the Gruntwork contribution guidelines.

• Update the docs.
• Run the relevant tests successfully, including pre-commit checks.
• Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
• Include release notes. If this PR is backward incompatible, include a migration guide.
• Attention Grunts - if this PR adds support for a new resource, ensure the nuke_sandbox and nuke_phxdevops jobs in .circleci/config.yml have been updated with appropriate exclusions (either directly in the job or via the .circleci/nuke_config.yml file) to prevent nuking IAM roles, groups, resources, etc that are important for the test accounts.

Release Notes

Updated Macie nuke support

[zackproser]

Could we key off the error's numeric code instead of string matching? My fear is that AWS changes the value out from under us without us knowing and this starts to break.

[arsci]

@zackproser I thought about using it, unfortunately it's just a generic ResourceNotFoundException (which is the same error that gets returned if Macie isn't enabled). I figured it might be better to key off of the specific message in this case, but I am definitely open to going the other way, I could see AWS potentially changing the error message breaking this.

[zackproser]

@arsci No problem - I was thinking this could be the case. Let's not obsess over it in that case! 👍

[zackproser]

Nicely done!

[zackproser]

LGTM!