lambda-powertools-middleware-obfuscater
A Middy middleware that will enable debug logging for a configurable % of invocations. Defaults is 1%.
Main features:
- records an error log message with the invocation event as attribute when an invocation errors. These invocation errors may be obfuscated to avoid the leaking of Personal Identifiable Information.
Getting Started
Install from NPM: npm install @dazn/lambda-powertools-middleware-obfuscater
Alternatively, if you use the template @dazn/lambda-powertools-pattern-obfuscate
then this would be configured for you.
API
Accepts a configuration object of the following shape:
{
obfuscationFilter: string array formatted like ["object.key.to.obfuscate"]
}
{
Records: [
{ firstName: "personal" secondName: "identifiable" email: "inform@ti.on" },
{ firstName: "second" secondName: "personal" email: "inform@ti.on" }
]
}
// To filter the above object you would pass
const obfuscationFilter = ["Records.*.firstName", "Records.*.secondName", "Records.*.email"]
The output would be...
{
Records: [
{ firstName: "********" secondName: "************" email: "******@**.**" },
{ firstName: "******" secondName: "********" email: "******@**.**" }
]
}
similarly, you can filter entire objects, for instance.
const obfuscationFilter = ["Records.*.personal"]
{
Records: [
{ personal: { firstName: "********" secondName: "************" email: "******@**.**" } }.
{ personal: { firstName: "******" secondName: "********" email: "******@**.**", address: { postcode: "******", street: "* ****** ***", country: "**" }}}
]
}
This will recursively filter every object and subobjects
const middy = require('middy')
const obfuscatedLogging = require('@dazn/lambda-powertools-middleware-obfuscater')
const handler = async (event, context) => {
return 42
}
module.exports = middy(handler)
.use(obfuscatedLogging({ sampleRate: 0.01, obfuscationFilters: ["example.example"] }))
}
This middleware is often used alongside the @dazn/lambda-powertools-middleware-correlation-ids
middleware to implement sample logging. It's recommended that you use the @dazn/lambda-powertools-pattern-obfuscate
which configures both to enable debug logging at 1% of invocations.