Description
In AWS Lambda functions the console.log() output will be stored in the Cloudwatch log files. Often developers just log the event and context objects to the console. Those objects might contain sensitve information, e.g. the Authorization header variable, API keys and client Ids. This package extends the Javascript Console object with the method logFilteredEvent(). It should be used by developers to log JSON objects, which contain sensitive data, e.g. event, context, header
Configuration
Out of the box the package comes with the following pre-defined properties:
- Authorization
- Authentication
- PASSWORD
- password
- x-api-key
- x-auth-key
This list can be overwritten by a comma separated string to be stored in the Lambda environment variable SENSITIVE_TAGS
Lambda Environment Variables
SENSITIVE_TAGS: 'Authorization, Authentication, PASSWORD, password, x-api-key'
SENSITIVE_REPLACE_TEXT: '--- sensitive information ---'
Installation
npm install dxc-lambda-console-extension --save
Usage
require('dxc-lambda-console-extension').init();
console.logFilteredEvent(<JSON object>);
Example
{ "Authentication": "BASIC QWEKSJDFJJERHDHS==",
"key1": "value1",
"key2": "value2",
"header": {
"x-api-key": "ASLKQWOILSKJDLJDSLKJWEOU"
}}will be stored in the Cloudwatch logfile as
{ "Authentication": "--- sensitive information ---",
"key1": "value1",
"key2": "value2",
"header": {
"x-api-key": "--- sensitive information ---"
}}