0

we're planning to use AWS Step Functions. We've done some tests and we see that AWS is logging a lot of information in the Execution Details and Step Details section of the Step Functions console. We're planning to have some PII data there that we don't want to be logged.

Is there any way to control what's logged in those sections? Or can we tell AWS to not log anything there?

Thanks, Vicenç

vgaltes
  • 1,150
  • 11
  • 18

2 Answers2

2

We've talked with Amazon and it looks like that there's no way to hide this information from the console. The alternative is to limit what gets sent to the Lambda functions at each step, so you can ensure that only non-PII subsets of the input data are seen by certain functions. The usual workaround is to not passing PII data in at all and instead of that, place the PII data in an encrypted data stores, such as an S3 bucket or encrypted RDS database table, and pass a reference to that object through the state machine.

Cheers,

vgaltes
  • 1,150
  • 11
  • 18
0

There is a stop-logging command which sounds exactly like what you are looking for.

Milk
  • 2,469
  • 5
  • 31
  • 54
  • I don't think so. I don't have any trail now that I can stop but I can see that information in the Step Functions console. – vgaltes Aug 05 '17 at 16:01
  • @vgaltes Have you seen this SO question? https://stackoverflow.com/questions/39208258/how-to-stop-aws-lambda-function-to-log-on-cloudwatch This question is for Lambda but might be able to help you – Milk Aug 06 '17 at 19:09