Posted On: Dec 13, 2023
Data protection is a feature that leverages pattern matching and machine learning capabilities to detect and protect sensitive log data in-transit. Data protection already supported over 100 managed data identifiers that cover common patterns of sensitive data. With custom data identifiers, now you are able to extend detection and protection of sensitive data tailored to data within your logs.
Custom data identifiers can be used in data protection policies in both an account level data protection policy as well as per log group policy. By default you can create up to 10 custom data identifiers per policy. For example, you can now create a custom data identifier to detect and protect your company's employee IDs that are logged by your systems and applications when using Amazon CloudWatch logs data protection. An audit log can also be configured to help understand what sensitive data has been detected. These operations can help you adhere to compliance regulations, including HIPAA, FedRAMP, GDPR, and PCI.
Custom data identifier support for Amazon CloudWatch Logs data protection is available in all AWS Commercial Regions, except Tel Aviv, and Amazon Web Services China Regions.
Start detecting and protecting sensitive log data in Amazon CloudWatch Logs, in real-time, using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation, or AWS Management Console. To learn more about custom data identifiers, see the following: Custom data identifiers, in the Amazon CloudWatch Logs Developer Guide.