feat(logs): support data protection custom data identifiers #28553
Conversation
github-actions
bot
added
beginning-contributor
kchg
force-pushed
the
logs-cdi
branch
2 times, most recently
from
f11b794 to
59054de
Compare
aws-cdk-automation
added
the
pr/needs-community-review
| @@ -274,9 +299,9 @@ export class DataIdentifier { | |||
| public static readonly VEHICLEIDENTIFICATIONNUMBER = new DataIdentifier('VehicleIdentificationNumber'); | |||
| public static readonly ZIPCODE_US = new DataIdentifier('ZipCode-US'); | |||
|
|
|||
| constructor(private readonly identifier: string) { } | |||
| constructor(public readonly name: string, public readonly regex?: string) { } | |||
There was a problem hiding this comment.
What about declaring a separate CustomDataIdentifier class extending DataIdentifier instead?
There was a problem hiding this comment.
Done, thanks for the suggestion.
| /** | ||
| * Configuration of the data protection policy. Currently supports custom data identifiers | ||
| */ | ||
| readonly configuration: any; |
There was a problem hiding this comment.
It's better to define an interface for the configuration, something like:
interface Configuration {
customDataIdentifier?: CustomDataIdentifier[];
}
aws-cdk-automation
removed
the
pr/needs-community-review
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
aws-cdk-automation
added
the
pr/needs-maintainer-review
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
There was a problem hiding this comment.
Overall looks good to me, just one merge conflict that needs to be resolved @kchg.
Thanks for reviewing @lpizzinidev!
There was a problem hiding this comment.
Overall looks good to me, just one merge conflict that needs to be resolved @kchg.
Thanks for reviewing @lpizzinidev!
mergify
bot
dismissed
paulhcsun’s stale review
Pull request has been modified.
aws-cdk-automation
removed
the
pr/needs-maintainer-review
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Feature
Support the newly launched custom data identifiers feature for CloudWatch Logs sensitive data protection.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html
Use Case
Custom data identifiers (CDIs) let you define your own custom regular expressions that can be used in your data protection policy. Using custom data identifiers, you can target business-specific personally identifiable information (PII) use cases that managed data identifiers can't provide. For example, you can use a custom data identifier to look for company-specific employee IDs. Custom data identifiers can be used in conjunction with managed data identifiers.
Solution
Users can now supply a
regexfield to theDataIdentifiersconstructor. Supplying this field will enable the named identifier as a custom data identifier.Closes #28430.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license