Hide sensitive data from cloudwatch logs

Question

We are using AWS cognito for our mobile app and log all the communication between the the app and the server to cloudwatch (loglevel: INFO)

I have an endpoint which takes user's password (POST via ssl) to verify authenticity. This password gets logged to cloudwatch logs.

I want all other communications logged so I can't turn off Log full requests/responses data. Is there anyway to hide this specific data from cloudwatch logs?

you said: "I have an endpoint which takes user's password (POST via ssl) to verify authenticity. This password gets logged to cloudwatch logs." this is using cognito or a custom code? — Alessandro Oliveira, Aug 13 '18 at 22:39
If you have un-redacted logs that you want to send to a third party, you can use Sublime Text to retrospectively redact them - see https://codingrob.medium.com/how-to-redact-text-from-hundreds-of-text-files-in-less-than-60-seconds-511b4b91c2d8 — RobbiewOnline, Mar 15 '22 at 12:13

score 1 · Answer 1 · answered Aug 28 '18 at 09:35

1

yes, you can use the Advance security feature of AWS cognito user pool using console to hide all sensitive data i.e hide specific data from the logs

answered Aug 28 '18 at 09:35

Ak S

97
1
8

Hide sensitive data from cloudwatch logs

1 Answers1