fuwa07
Reputation: 93
CustomDataIdentifier AWS-Loggroup
I got the following lambda cdk-code
{
functionName: 'myCustomDataProtIdentLambda',
entry: 'lambdas/sqs/customSub.ts',
..
logGroup: new logGroup(this, 'MyCustomDataProtLogGrp', {
logGroupName: 'aws/lambdas/myCustomSubTest',
removalPolicy: RemovalPolicy.Destroy,
dataProtectionPolicy: new DataProtectionPolicy({
name:'credentials',
identifiers: [DataIdentifier.AWSSECRETKEY, new CustomDataIdentifier('to-redact-field','"to-redact-field"\\s*:\\s*"([^"]+)"')]
})
My issue is that the complete attribute row will be masked instead of only the value which makes the log a bit unreadable, since it's no longer a valid json. What I get is {"a": "bar..",**********"c":{"d": "foo"}} What I'm trying to achieve is
{
"a": "bar..",
"to-redact-field":"**********",
"c":{
"d": "foo"
}
}
Upvotes: 1
Views: 17
Answers (0)
Related Questions
- How to download complete AWS CloudWatch log
- CloudWatch Insights query: Format a DateTime string for grouping
- AWS Log Insights query with string contains
- AWS Cloudwatch list-metrics in CDK
- Cross Account access for Code Pipeline in CDK
- AWS CDK - How to run API and Lambdas locally?
- IAM permission boundary for CDK apps with conditions
- Extract value from AWS Cloudwatch logstream using CDK
- Automatically Add CloudWatch LogGroup to another LogGroup?