Posted On: Nov 27, 2022

We are excited to announce data protection in Amazon CloudWatch Logs, a new set of capabilities that leverage pattern matching and machine learning capabilities to detect and protect sensitive log data-in-transit. Amazon CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services, in a single, highly scalable service. With log data protection in Amazon CloudWatch Logs, you can now detect and protect sensitive log data-in-transit logged by your systems, and applications.

Data protection in CloudWatch Logs enables customers to define and apply data protection policies that scan log data-in-transit for sensitive data and mask sensitive data that is detected. Customers select the data identifiers that are relevant to their use cases. For example, log data protection can help with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), General Data Privacy Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), and Federal Risk and Authorization Management Program (FedRAMP). Customers can also view data unmasked for validation via elevated AWS Identity and Access Management privileges.

Amazon CloudWatch Logs data protection is available in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), and South America (São Paulo).

Start discovering and masking sensitive data in Amazon CloudWatch Logs using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation templates, or CloudWatch in the AWS Management Console. To learn more about Amazon CloudWatch Logs data protection, you can read the blog post, developer guide, and API reference documentation. Data protection costs $0.12 per GB of data scanned. Check CloudWatch Pricing - Detecting and masking sensitive log data with data protection for an example of pricing.