AWS AmazonCloudWatch documentation change
Summary
Added new examples for conditional processing including filtering debug/trace logs and removing sensitive fields (password, api_key, ssn) in production/staging environments.
Security assessment
The change adds examples showing how to remove sensitive fields (PII/credentials) using conditional processing, which demonstrates security best practices for data protection. However, this is general documentation enhancement rather than addressing a specific security issue.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/processor-examples.md b/AmazonCloudWatch/latest/monitoring/processor-examples.md index 24cb18266..7f306fb9a 100644 --- a//AmazonCloudWatch/latest/monitoring/processor-examples.md +++ b//AmazonCloudWatch/latest/monitoring/processor-examples.md @@ -63,0 +64,35 @@ Extract user information and format for analysis: +###### Example Conditional processing with entry-level conditions + +Add different metadata based on log severity using entry-level `when` conditions: + + + processor: + - add_entries: + entries: + - key: "alert_level" + value: "critical" + when: "log.level == 'ERROR'" + - key: "alert_level" + value: "info" + when_else: "log.level == 'ERROR'" + +###### Example Drop unwanted log entries + +Filter out debug and trace log entries from a third-party source to reduce noise and storage costs: + + + processor: + - drop_events: + when: "log.level in {'DEBUG', 'TRACE'}" + handle_expression_failure: "skip" + +###### Example Processor-level conditional with delete_entries + +Remove sensitive fields only when the environment is production: + + + processor: + - delete_entries: + with_keys: ["password", "api_key", "ssn"] + when: "environment in {'prod', 'staging'}" + @@ -70 +105 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -String manipulation processors +Filter processors