From f0aeebec73c52959de1c2ac728947b0c1de35e4a Mon Sep 17 00:00:00 2001 From: Sumanth Kesireddy Date: Fri, 12 May 2023 10:48:07 +1000 Subject: [PATCH 1/2] remove logging of api and app keys --- aws_organizations/main_organizations.yaml | 1 - aws_quickstart/datadog_integration_api_call.yaml | 1 - aws_quickstart/datadog_integration_api_call_v2.yaml | 1 - 3 files changed, 3 deletions(-) diff --git a/aws_organizations/main_organizations.yaml b/aws_organizations/main_organizations.yaml index bc2444f7..9c54b651 100644 --- a/aws_organizations/main_organizations.yaml +++ b/aws_organizations/main_organizations.yaml @@ -147,7 +147,6 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: - LOGGER.info('REQUEST RECEIVED:\n %s', event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.') diff --git a/aws_quickstart/datadog_integration_api_call.yaml b/aws_quickstart/datadog_integration_api_call.yaml index 9ba9b4d6..637cb29d 100644 --- a/aws_quickstart/datadog_integration_api_call.yaml +++ b/aws_quickstart/datadog_integration_api_call.yaml @@ -140,7 +140,6 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: - LOGGER.info('REQUEST RECEIVED:\n %s', event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.') diff --git a/aws_quickstart/datadog_integration_api_call_v2.yaml b/aws_quickstart/datadog_integration_api_call_v2.yaml index 0bb7dc88..a1b676f7 100644 --- a/aws_quickstart/datadog_integration_api_call_v2.yaml +++ b/aws_quickstart/datadog_integration_api_call_v2.yaml @@ -141,7 +141,6 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: - LOGGER.info('REQUEST RECEIVED:\n %s', event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.') From b43c92d011289c86a42d1ff9f4a85169a8f61a69 Mon Sep 17 00:00:00 2001 From: Sumanth Kesireddy Date: Fri, 12 May 2023 12:15:41 +1000 Subject: [PATCH 2/2] keep event logging in place but sanitise it --- aws_organizations/main_organizations.yaml | 7 +++++++ aws_quickstart/datadog_integration_api_call.yaml | 7 +++++++ aws_quickstart/datadog_integration_api_call_v2.yaml | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/aws_organizations/main_organizations.yaml b/aws_organizations/main_organizations.yaml index 9c54b651..73f1975f 100644 --- a/aws_organizations/main_organizations.yaml +++ b/aws_organizations/main_organizations.yaml @@ -147,6 +147,13 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: + sanitized_event = event.copy() + if 'ResourceProperties' in sanitized_event: + if 'APIKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APIKey'] = '***' # replace APIKey value with *** + if 'APPKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APPKey'] = '***' # replace APPKey value with *** + LOGGER.info('REQUEST RECEIVED:\n %s', sanitized_event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.') diff --git a/aws_quickstart/datadog_integration_api_call.yaml b/aws_quickstart/datadog_integration_api_call.yaml index 637cb29d..b99f89cd 100644 --- a/aws_quickstart/datadog_integration_api_call.yaml +++ b/aws_quickstart/datadog_integration_api_call.yaml @@ -140,6 +140,13 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: + sanitized_event = event.copy() + if 'ResourceProperties' in sanitized_event: + if 'APIKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APIKey'] = '***' # replace APIKey value with *** + if 'APPKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APPKey'] = '***' # replace APPKey value with *** + LOGGER.info('REQUEST RECEIVED:\n %s', sanitized_event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.') diff --git a/aws_quickstart/datadog_integration_api_call_v2.yaml b/aws_quickstart/datadog_integration_api_call_v2.yaml index a1b676f7..35b0b3f0 100644 --- a/aws_quickstart/datadog_integration_api_call_v2.yaml +++ b/aws_quickstart/datadog_integration_api_call_v2.yaml @@ -141,6 +141,13 @@ Resources: def handler(event, context): '''Handle Lambda event from AWS''' try: + sanitized_event = event.copy() + if 'ResourceProperties' in sanitized_event: + if 'APIKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APIKey'] = '***' # replace APIKey value with *** + if 'APPKey' in sanitized_event['ResourceProperties']: + sanitized_event['ResourceProperties']['APPKey'] = '***' # replace APPKey value with *** + LOGGER.info('REQUEST RECEIVED:\n %s', sanitized_event) LOGGER.info('REQUEST RECEIVED:\n %s', context) if event['RequestType'] == 'Create': LOGGER.info('Received Create request.')