AWS AmazonCloudWatch medium security documentation change
Summary
Added URL and error message sanitization using SyntheticsLogHelper to redact sensitive parameters like access tokens from logs
Security assessment
The changes introduce security-focused logging practices by sanitizing sensitive URL parameters (e.g., access_token) and error messages. The addition of 'restrictedUrlParameters' configuration demonstrates explicit security controls to prevent accidental exposure of credentials in logs.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md b/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md index b7ddb7462..5efa87ec2 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library_Nodejs.md @@ -713,0 +714,13 @@ The first step is to set the Synthetics configuration. + // Import SyntheticsLogHelper dependency + const syntheticsLogHelper = require('SyntheticsLogHelper'); + + const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('URL'); + + + + const urlConfig = { + restrictedUrlParameters = ['*'] + }; + const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('URL', urlConfig); + logger.info('My example url is: ' + sanitizedUrl); + @@ -721 +734 @@ Next, sanitize and log the URL - const sanitizedUrl = synthetics.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200'); + const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200'); @@ -734 +747 @@ You can override the Synthetics configuration for a URL by passing in an optiona - const sanitizedUrl = synthetics.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200', urlConfig); + const sanitizedUrl = syntheticsLogHelper.getSanitizedUrl('https://example.com/learn/home?access_token=12345&token_type=Bearer&expires_in=1200', urlConfig); @@ -785 +798 @@ Next, sanitize and log the error message - const sanitizedErrorMessage = synthetics.getSanitizedErrorMessage(errorMessage); + const sanitizedErrorMessage = syntheticsLogHelper.getSanitizedErrorMessage(errorMessage); @@ -940 +953 @@ Example: - let page = synthetics.getPage(); + let page = await synthetics.getPage();