CustomDataIdentifier

class aws_cdk.aws_logs.CustomDataIdentifier(name, regex)

Bases: DataIdentifier

A custom data identifier.

Include a custom data identifier name and regular expression in the JSON policy used to define the data protection policy.

ExampleMetadata:

infused

Example:

import aws_cdk.aws_kinesisfirehose_alpha as kinesisfirehose
import aws_cdk.aws_kinesisfirehose_destinations_alpha as destinations


log_group_destination = logs.LogGroup(self, "LogGroupLambdaAudit",
    log_group_name="auditDestinationForCDK"
)

bucket = s3.Bucket(self, "audit-bucket")
s3_destination = destinations.S3Bucket(bucket)

delivery_stream = kinesisfirehose.DeliveryStream(self, "Delivery Stream",
    destinations=[s3_destination]
)

data_protection_policy = logs.DataProtectionPolicy(
    name="data protection policy",
    description="policy description",
    identifiers=[logs.DataIdentifier.DRIVERSLICENSE_US,  # managed data identifier
        logs.DataIdentifier("EmailAddress"),  # forward compatibility for new managed data identifiers
        logs.CustomDataIdentifier("EmployeeId", "EmployeeId-\d{9}")
    ],  # custom data identifier
    log_group_audit_destination=log_group_destination,
    s3_bucket_audit_destination=bucket,
    delivery_stream_name_audit_destination=delivery_stream.delivery_stream_name
)

logs.LogGroup(self, "LogGroupLambda",
    log_group_name="cdkIntegLogGroup",
    data_protection_policy=data_protection_policy
)

Create a custom data identifier.

Parameters:

• name (str) –

  • the name of the custom data identifier. This cannot share the same name as a managed data identifier.

• regex (str) –

  • the regular expression to detect and mask log events for.

Methods

to_string()

String representation of a CustomDataIdentifier.

Return type:

str

Returns:

the name and RegEx of the custom data identifier

Attributes

ADDRESS = <aws_cdk.aws_logs.DataIdentifier object>

AWSSECRETKEY = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_DE = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_FR = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_IT = <aws_cdk.aws_logs.DataIdentifier object>

BANKACCOUNTNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

CEPCODE_BR = <aws_cdk.aws_logs.DataIdentifier object>

CNPJ_BR = <aws_cdk.aws_logs.DataIdentifier object>

CPFCODE_BR = <aws_cdk.aws_logs.DataIdentifier object>

CREDITCARDEXPIRATION = <aws_cdk.aws_logs.DataIdentifier object>

CREDITCARDNUMBER = <aws_cdk.aws_logs.DataIdentifier object>

CREDITCARDSECURITYCODE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_AT = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_AU = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_BE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_BG = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_CA = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_CY = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_CZ = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_DE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_DK = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_EE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_ES = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_FI = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_FR = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_GB = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_GR = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_HR = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_HU = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_IE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_IT = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_LT = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_LU = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_LV = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_MT = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_NL = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_PL = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_PT = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_RO = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_SE = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_SI = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_SK = <aws_cdk.aws_logs.DataIdentifier object>

DRIVERSLICENSE_US = <aws_cdk.aws_logs.DataIdentifier object>

DRUGENFORCEMENTAGENCYNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

ELECTORALROLLNUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

EMAILADDRESS = <aws_cdk.aws_logs.DataIdentifier object>

HEALTHCAREPROCEDURECODE_US = <aws_cdk.aws_logs.DataIdentifier object>

HEALTHINSURANCECARDNUMBER_EU = <aws_cdk.aws_logs.DataIdentifier object>

HEALTHINSURANCECLAIMNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

HEALTHINSURANCENUMBER_FR = <aws_cdk.aws_logs.DataIdentifier object>

INDIVIDUALTAXIDENTIFICATIONNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

INSEECODE_FR = <aws_cdk.aws_logs.DataIdentifier object>

IPADDRESS = <aws_cdk.aws_logs.DataIdentifier object>

LATLONG = <aws_cdk.aws_logs.DataIdentifier object>

MEDICAREBENEFICIARYNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

NAME = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALDRUGCODE_US = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALIDENTIFICATIONNUMBER_DE = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALIDENTIFICATIONNUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALIDENTIFICATIONNUMBER_IT = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALINSURANCENUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

NATIONALPROVIDERID_US = <aws_cdk.aws_logs.DataIdentifier object>

NHSNUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

NIENUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

NIFNUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

OPENSSHPRIVATEKEY = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_CA = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_DE = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_FR = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_IT = <aws_cdk.aws_logs.DataIdentifier object>

PASSPORTNUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

PERMANENTRESIDENCENUMBER_CA = <aws_cdk.aws_logs.DataIdentifier object>

PERSONALHEALTHNUMBER_CA = <aws_cdk.aws_logs.DataIdentifier object>

PGPPRIVATEKEY = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_BR = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_DE = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_ES = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_FR = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_GB = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_IT = <aws_cdk.aws_logs.DataIdentifier object>

PHONENUMBER_US = <aws_cdk.aws_logs.DataIdentifier object>

PKCSPRIVATEKEY = <aws_cdk.aws_logs.DataIdentifier object>

POSTALCODE_CA = <aws_cdk.aws_logs.DataIdentifier object>

PUTTYPRIVATEKEY = <aws_cdk.aws_logs.DataIdentifier object>

RGNUMBER_BR = <aws_cdk.aws_logs.DataIdentifier object>

SOCIALINSURANCENUMBER_CA = <aws_cdk.aws_logs.DataIdentifier object>

SSN_ES = <aws_cdk.aws_logs.DataIdentifier object>

SSN_US = <aws_cdk.aws_logs.DataIdentifier object>

TAXID_DE = <aws_cdk.aws_logs.DataIdentifier object>

TAXID_ES = <aws_cdk.aws_logs.DataIdentifier object>

TAXID_FR = <aws_cdk.aws_logs.DataIdentifier object>

TAXID_GB = <aws_cdk.aws_logs.DataIdentifier object>

VEHICLEIDENTIFICATIONNUMBER = <aws_cdk.aws_logs.DataIdentifier object>

ZIPCODE_US = <aws_cdk.aws_logs.DataIdentifier object>

name

• the name of the custom data identifier.

This cannot share the same name as a managed data identifier.

regex

• the regular expression to detect and mask log events for.