View unmasked data
To view unmasked data, a user must have the logs:Unmask
permission. Users with this permission
can see the unmasked data in the following ways:
When viewing the events in a log stream, choose Display, Unmask.
Use a CloudWatch Logs Insights query that includes the unmask(@message) command. The following example query displays the 20 most recent log events in the stream, unmasked:
fields @timestamp, @message, unmask(@message) | sort @timestamp desc | limit 20
For more information about CloudWatch Logs Insights commands, see CloudWatch Logs Insights query syntax.
Use a GetLogEvents or FilterLogEvents operation with the
unmask
parameter.
The CloudWatchLogsFullAccess policy includes the logs:Unmask
permission. To grant
logs:Unmask
to a user
who does not have CloudWatchLogsFullAccess, you can attach a custom IAM policy to that user.
For more information, see
Adding permissions to a user (console).