AWS Security ChangesHomeSearch

AWS AmazonCloudWatch medium security documentation change

Service: AmazonCloudWatch · 2025-04-23 · Security-related medium

File: AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md

Summary

Added URL and error message sanitization using SyntheticsLogHelper to redact sensitive parameters like access tokens from logs

Security assessment

The changes introduce security-focused logging practices by sanitizing sensitive URL parameters (e.g., access_token) and error messages. The addition of 'restrictedUrlParameters' configuration demonstrates explicit security controls to prevent accidental exposure of credentials in logs.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md b/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md
index b7ddb7462..5efa87ec2 100644
--- a//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md
+++ b//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md
@@ -713,0 +714,13 @@ The first step is to set the Synthetics configuration.
+    // Import SyntheticsLogHelper dependency
+    const syntheticsLogHelper = require('SyntheticsLogHelper');
+    
+    const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('URL');
+    
+    
+    
+    const urlConfig = {
+       restrictedUrlParameters = ['*']
+    };
+    const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('URL', urlConfig);
+    logger.info('My example url is: ' + sanitizedUrl);
+                  
@@ -721 +734 @@ Next, sanitize and log the URL
-    const sanitizedUrl = synthetics.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200');
+    const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200');
@@ -734 +747 @@ You can override the Synthetics configuration for a URL by passing in an optiona
-    const sanitizedUrl = synthetics.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200', urlConfig);
+    const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200', urlConfig);
@@ -785 +798 @@ Next, sanitize and log the error message
-        const sanitizedErrorMessage = synthetics.getSanitizedErrorMessage(errorMessage);
+        const sanitizedErrorMessage = syntheticsLogHelper.getSanitizedErrorMessage(errorMessage);
@@ -940 +953 @@ Example:
-    let page = synthetics.getPage();
+    let page = await synthetics.getPage();