feat(logs): support data protection custom data identifiers#28553
feat(logs): support data protection custom data identifiers#28553mergify[bot] merged 11 commits intoaws:mainfrom
Conversation
f11b794 to
59054de
Compare
lpizzinidev
left a comment
There was a problem hiding this comment.
Thanks 👍
I left a couple of suggestions for changes in the implementation.
| public static readonly ZIPCODE_US = new DataIdentifier('ZipCode-US'); | ||
|
|
||
| constructor(private readonly identifier: string) { } | ||
| constructor(public readonly name: string, public readonly regex?: string) { } |
There was a problem hiding this comment.
What about declaring a separate CustomDataIdentifier class extending DataIdentifier instead?
There was a problem hiding this comment.
Done, thanks for the suggestion.
| /** | ||
| * Configuration of the data protection policy. Currently supports custom data identifiers | ||
| */ | ||
| readonly configuration: any; |
There was a problem hiding this comment.
It's better to define an interface for the configuration, something like:
interface Configuration {
customDataIdentifier?: CustomDataIdentifier[];
}
lpizzinidev
left a comment
There was a problem hiding this comment.
Thanks for the changes 👍
I left some notes for some minor adjustments.
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
lpizzinidev
left a comment
There was a problem hiding this comment.
Thanks 👍 (please fix the typo in the documentation)
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
paulhcsun
left a comment
There was a problem hiding this comment.
Overall looks good to me, just one merge conflict that needs to be resolved @kchg.
Thanks for reviewing @lpizzinidev!
paulhcsun
left a comment
There was a problem hiding this comment.
Overall looks good to me, just one merge conflict that needs to be resolved @kchg.
Thanks for reviewing @lpizzinidev!
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Feature
Support the newly launched custom data identifiers feature for CloudWatch Logs sensitive data protection.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html
Use Case
Custom data identifiers (CDIs) let you define your own custom regular expressions that can be used in your data protection policy. Using custom data identifiers, you can target business-specific personally identifiable information (PII) use cases that managed data identifiers can't provide. For example, you can use a custom data identifier to look for company-specific employee IDs. Custom data identifiers can be used in conjunction with managed data identifiers.
Solution
Users can now supply a
regexfield to theDataIdentifiersconstructor. Supplying this field will enable the named identifier as a custom data identifier.Closes #28430.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license