aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard
verified publisher icon aws

fix(custom-resources): provider framework will always log all data including confidential data

Open GavinZZ opened this issue 1 year ago • 2 comments

Issue # (if applicable)

Closes #30275.

Reason for this change

When using a Provider to create a custom resource, the request and response objects are logged by the provider function. There is no apparent way to prevent or redact this logging, resulting in secrets being logged if returned in the custom resource's Data object. By extension, if secret values are passed in the resource's ResourceProperties they will be logged as well.

Description of changes

Allow NoEcho fields to mask the data response to *****.

Description of how you validated changes

Integ test covering this and verifeid in the log stream that redacted is included in the message.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

GavinZZ avatar Jun 26 '24 20:06 GavinZZ

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify[bot] avatar Jun 28 '24 00:06 mergify[bot]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify[bot] avatar Jul 02 '24 16:07 mergify[bot]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify[bot] avatar Jul 16 '24 00:07 mergify[bot]

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 026c1a75649d65654b7dd11d0bf8ebd488128fff
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

aws-cdk-automation avatar Jul 16 '24 00:07 aws-cdk-automation

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify[bot] avatar Jul 16 '24 00:07 mergify[bot]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

aws-cdk-automation avatar Jul 25 '24 17:07 aws-cdk-automation