Hello, Does there exists in AWS, a service, a service component, an option in a service, a filter, (something like presented [here](https://www.jamieweb.net/blog/using-a-bloom-filter-to-anonymize-web-server-logs/) or [here](https://sematext.com/docs/logagent/how-to-gdpr_web_logs/)), that could do logs anonymization according to GDPR/CCPA, for the logs in the AWS Services ? Thank you,

Complete a 3 Question Survey and Earn a re:Post Badge

Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!

Logs anonymization component

Hello,

Does there exists in AWS, a service, a service component, an option in a service, a filter, (something like presented here or here), that could do logs anonymization according to GDPR/CCPA, for the logs in the AWS Services ?

Thank you,

Topics

Security, Identity, & Compliance

Tags

Security, Identity, & Compliance

Language

English

rePost-User-4717319

asked 25 days ago49 views

1 Answer

Newest
Most votes
Most comments

Yes, it does, included but not limited to AWS Glue, Amazon Macie, AWS Lambda, AWS Step Functions, Amazon S3 Object Lambda and AWS Config and CloudTrail

https://aws.amazon.com/solutions/guidance/data-anonymization-on-aws/

https://aws.amazon.com/blogs/big-data/part-1-build-a-pseudonymization-service-on-aws-to-protect-sensitive-data/

EXPERT

Kidd Ip

answered 25 days ago

EXPERT

Jordan Sandri

reviewed 25 days ago

rePost-User-4717319
25 days ago
Thank you for your answer,

I've taken a look over the documents, and while they speak about anonymisation, I did not understood which is the anonymisation service itself, where PII are transformed into anonymous data. The first link are only talking about detecting PII and anonymising them, without specifying a service, while the second link is talking about a service for pseudoanonymization. Could you please be more specific about the exact service where the anonymisation transformation is done ? Does Macie do the anonymisation ? Or the presented architecture consider that the anonymisation process should be done by clients, in Lambda functions ?

I've taken a look at Macie's PIIs to detect. They are mainly person centric PIIs, while this question was about logs. I haven't noticed the IP in the PIIs. Should I add the IP as custom personal data identifier ? If yes, could you please provide more documentation about how IPs from logs should be added in Macie ?

Thank you,

Relevant content

Using greengrass-cli logs command from within a component
Accepted Answer
scriobhneoir
asked 2 years ago
How to stop a windows service using greengrass custom component
rePost-User-5430058
asked 2 years ago
Is there a way to read the group name in a component or environment var?
mdbox-exwzd
asked 4 years ago
Existing RDS clone, can it be Anonymized?
gavinc
asked a year ago
How do I check EKS Anywhere cluster component logs on primary and worker nodes for BottleRocket, Ubuntu, or Redhat?
AWS OFFICIALUpdated 2 years ago
Why did I get a "User: anonymous is not authorized" error when I tried to access my OpenSearch Service cluster?
AWS OFFICIALUpdated 2 years ago
How do I stream data from CloudWatch Logs to a VPC-based OpenSearch Service cluster in a different AWS account?
AWS OFFICIALUpdated 10 months ago
How can I retrieve Amazon EKS control plane logs from CloudWatch Logs?
AWS OFFICIALUpdated 8 months ago
Optimizing CloudWatch Container Insights Costs: A Comprehensive Guide
EXPERT
Benji
published 2 months ago
AWS re:Invent 2024 - Enhancing observability in Amazon ECS to gain actionable insights
EXPERT
Henrique Santana
published 4 months ago