Menu
We are using AWS cognito for our mobile app and log all the communication between the the app and the server to cloudwatch (loglevel: INFO)
I have an endpoint which takes user's password (POST via ssl) to verify authenticity. This password gets logged to cloudwatch logs.
I want all other communications logged so I can't turn off Log full requests/responses data.
Is there anyway to hide this specific data from cloudwatch logs?
781
CloudWatch Logs protects data at rest using encryption. All log groups are encrypted. By default, the CloudWatch Logs service manages the server-side encryption keys. If you want to manage the keys used for encrypting and decrypting your logs, use customer master keys (CMK) from AWS Key Management Service.
Audit AWS KMS API invocations through AWS CloudTrail. Record configuration changes to keys and enforce key specification compliance through AWS Config. Generate high-entropy keys in an AWS KMS hardware security module (HSM) as required by NIST. Store RSA private keys securely, without the ability to export.
yes, you can use the Advance security feature of AWS cognito user pool using console to hide all sensitive data i.e hide specific data from the logs
87
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
