Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-logs: support DataProtectionPolicy in LogGroup construct #23399

Closed
1 of 2 tasks
kchg opened this issue Dec 19, 2022 · 2 comments · Fixed by #23402
Closed
1 of 2 tasks

aws-logs: support DataProtectionPolicy in LogGroup construct #23399

kchg opened this issue Dec 19, 2022 · 2 comments · Fixed by #23402
Assignees
@comcalvi
Labels
@aws-cdk/aws-logs Related to Amazon CloudWatch Logs effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@kchg
Copy link
Contributor

kchg commented Dec 19, 2022

Describe the feature

Sensitive data protection for CloudWatch Logs was launched at re:Invent 2022 (Blogpost). This feature will enable that property under DataProtectionPolicy as a JSON object in the LogGroup construct.

Use Case

I am an SDE on CloudWatch Logs, I've received several requests to support this as an L2 construct. This will allow customers to integrate data protection for their logs in new and existing workflows.

Proposed Solution

The L1 construct, generated from CloudFormation, was recently released. I will build this property using the CfnLogGroup construct.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.55.1

Environment details (OS name and version, etc.)

macOS
@kchg kchg added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Dec 19, 2022
@github-actions github-actions bot added the @aws-cdk/aws-logs Related to Amazon CloudWatch Logs label Dec 19, 2022
@kchg kchg mentioned this issue Dec 20, 2022
Merged
4 tasks
@peterwoodworth peterwoodworth added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Dec 20, 2022
@nikhilenmudi
Copy link

Is there any update on this feature? When is it planned to be released?

@mergify mergify bot closed this as completed in #23402 May 8, 2023
mergify bot pushed a commit that referenced this issue May 8, 2023
@kchg
feat(logs): support DataProtectionPolicy in LogGroup construct (#23402)
ed3962a 
Sensitive data protection for CloudWatch Logs was launched at re:Invent 2022. This feature will enable that property under DataProtectionPolicy as a JSON object in the LogGroup construct.

Use case: A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.

closes #23399

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented May 8, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@comcalvi comcalvi

Labels
@aws-cdk/aws-logs Related to Amazon CloudWatch Logs effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(logs): support DataProtectionPolicy in LogGroup construct kchg/aws-cdk
4 participants
@nikhilenmudi @kchg @peterwoodworth @comcalvi