Skip to content

(custom-resources): log statement exposes pre-signed url information #31320

Closed
#31322
Closed
(custom-resources): log statement exposes pre-signed url information#31320
#31322
Labels
@aws-cdk/custom-resourcesRelated to AWS CDK Custom ResourcesbugThis issue is a bug.p1
@Endlessio

Description

@Endlessio
Endlessio
opened on Sep 4, 2024

Describe the bug

summary:

Previously, this ticket, reference id, D122668413, discussed the issue: Throttling CDK constructs logs S3 pre-signed Urls, according to the ticket, upgrade cdk to a newer version (version > 2.132.0) can fix the issue.

actions:

we successfully upgrade to ^2.132.0, and we see some pre-signed url is removed, but some are not for the same deployment

issue:

aws ticket:

V1507107822

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

no more pre-signed url written to log

Current Behavior

we successfully upgrade to ^2.132.0, and we see some pre-signed url is removed, but some are not for the same deployment

Reproduction Steps

deploy the stack and check log in the cloudwatch with

fields @timestamp, @message, @log, @logStream | filter @message like /(?i)X-Amz-Algorithm.*X-Amz-Credential.*Signature/ and @message not like /fields @timestamp, @message, @log, @logStream/

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.132.0

Framework Version

No response

Node.js Version

NA

OS

macos

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/custom-resourcesRelated to AWS CDK Custom ResourcesbugThis issue is a bug.p1

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions