CloudWatch agent manipulate log record before sending to AWS - amazon-web-services

I'm searching for an option in CloudWatch agent where you can manipulate the log record data before sending it to AWS.
For example I have following log record:
2019-06-24 08:02:55,767 INFO [api,,,] 4110 --- [restartedMain] c.t.t.s.Application : authentication email was send to bogus#mail.com
And I want to be able to do the following with the log record:
2019-06-24 08:02:55,767 INFO [api,,,] 4110 --- [restartedMain] c.t.t.s.Application : authentication email was send to c71a72a90fab96c4e59d3a5799cb06f7
Would be a useful use case for anonymization of sensitive data before sending it to AWS.
Can't seem to find any information about this:
CloudWatch Agent Configuration File: Logs Section

Related

Phillips-Labs terraform-aws-github-runner not creating ec2 instance

I am trying to set up self-hosted runners for GitHub using Terraform with Phillips-Labs terraform-aws-github-runner module. I see the GH webhook send/receive messages, SQS queue receiving messages and those messages being retrieve. The scale-up lambda is firing and I see the following logs:
2023-01-31 11:50:15.879 INFO [scale-up:22b11002-76d2-5596-9451-4c51746730c2 index.js:119051 scaleUp] Received workflow_job from {my-org}/terraform-aws-github-self-hosted-runners
{}
2023-01-31 11:50:15.880 INFO [scale-up:22b11002-76d2-5596-9451-4c51746730c2 index.js:119084 scaleUp] Received event
{
"runnerType": "Org",
"runnerOwner": "my-org",
"event": "workflow_job",
"id": "11002102910"
}
2023-01-31 11:50:16.188 DEBUG [gh-auth:22b11002-76d2-5596-9451-4c51746730c2 index.js:118486 createAuth] GHES API URL: {"runnerType":"Org","runnerOwner":"my-org","event":"workflow_job","id":"11002102910"}
2023-01-31 11:50:16.193 WARN [scale-runners:22b11002-76d2-5596-9451-4c51746730c2 index.js:118529 Runtime.handler] Ignoring error: error:1E08010C:DECODER routines::unsupported
{
"runnerType": "Org",
"runnerOwner": "my-org",
"event": "workflow_job",
"id": "11002102910"
}
I do not see any EC2 instances being creating. I suspect the GHES API URL: should have a value after it, but I'm not certain. Also, the final log says it is ignoring an error...
I have confirmed my private key pem file is stored as a multi-line secret in secrets manager.
Any advice would be much appreciated!
It looks like not all the permissions needed by the github app are documented. I needed to add a subscription to the Workflow run event.

How to keep track of appsync validation errors on cloudwatch?

I have custom resolvers on appsync that are handled by lambda functions, I can keep track of errors logs created by the lambda functions by using cloudwatch and creating alarms based on these logs. But when client applications tries to request fields that don't exist on the graphql schema(see image below) the lambda runs fine so none error log its created, how can I keep track of these kind of errors using cloudwatch?
The good news is that you can turn on AppSync request logging to get request-level logs in CloudWatch. Configure logging using Cloudformation/CDK LogConfig or directly in the AppSync console.
The bad news is that the logged events do not seem to call out failed validations. Both well-formed and malformed requests are logged similarly, it seems. Log level INFO versus ERROR does not seem to help.
There may be a way to look for log patterns (malformed requests won't call the resolver) to distinguish good from bad requests, but this does not seem straightforward. Perhaps you will have better luck than I did!
Example of log entries for one request:
Begin Request
GraphQL Query: query Labels { labelStats(topic: "cars") { name objects __typename } } , Operation: Labels,...
{"duration":201275210,"logType":"ExecutionSummary","requestId":"4f49d425-18ab-4be7-a40e-0229c17453dc","startTime":"2021-12-17T16:36:30.925216Z","e...
{"logType":"RequestSummary","requestId":"4f49d425-18ab-4be7-a40e-0229c17453dc","graphQLAPIId":"xxxxxxxxxx","statusCode":200,"lat...
Request Headers: {content-length=[148], cloudfront-viewer-country=[US], x-forwarded-proto=[https], x-amzn-r...
Response Headers: {Content-Type=application/json; charset=UTF-8}
End Request

How to disable JSON format and send only the log message to Cloudwatch with Fluentbit?

I am trying to setup Firelens for my Fargate tasks. I would like to send logs to multiple locations, Cloudwatch and Elasticsearch.
But only to Cloudwatch I want to disable JSON format and send only the log message as it is.
I have the below configuration for Cloudwatch output.
[OUTPUT]
Name cloudwatch
Match *
auto_create_group true
log_group_name /aws/ecs/containerinsights/$(ecs_cluster)/application
log_stream_name $(ecs_task_id)
region eu-west-1
Currently logs are coming like this,
{
"container_id": "1234567890",
"container_name": "app",
"log": "2021/08/10 18:42:49 [notice] 1#1: exit",
"source": "stderr"
}
I want only the line,
2021/08/10 18:42:49 [notice] 1#1: exit
in Cloudwatch.
I had a similar issue using just CloudWatch where everything was wrapped in JSON - I imagine it'll be the same when using several targets.
The solution was to add the following to the output section:
log_key log
This tells Fluent Bit to only include the data in the log key when sending to CloudWatch.
The docs have since been updated to include that line by default in this PR.

AWS - SNS (India Text Message) Not sending via Local Routes

Am Using the Java API to try to send SMS to India Numbers.
I have a valid Entity ID and Template ID registered using JIO DLT (https://trueconnect.jio.com/#/)
I am setting Messaage Attributes as following
AWS.SNS.SMS.SMSType - Transactional
AWS.SNS.SMS.SenderID - <My Registered Sender ID>
AWS.MM.SMS.EntityId - <DLT provided Entity ID>
AWS.MM.SMS.TemplateId - <Template ID of the message i want to send>
Am using software.amazon.awssdk.services.sns.SnsClient to send the Request as below...
PublishRequest pb = PublishRequest.builder()
.message(message)
.phoneNumber(snsDefaultCountryCode+to)
.messageAttributes(smsAttributes).build();
PublishResponse result = snsClient.publish(pb);
I do receive the SMS, but via ILDO with international charges. I was expecting the message to go via local routes or at least a response with error 'Entity ID is invalid' or 'Template ID is invalid' etc.
Are there any other steps to do before sending SMS to india using the AWS services?
I believe you need to register the DLT sender id with AWS using a service limit support request on Pinpoint SMS Service.
After AWS support team approves your request, which may take upto 24 hours your SMS will get routed via India with sender id
Please find the reference link for the same here

Stackdriver Error Email Notifications not Sending

I want to get notifications by email for errors on my google cloud service.
It seemed pretty easy to setup. I just hit turn on notifications in Error Reporting in Stackdriver for all services (I only have 1 service).
I created some errors for testing, but didnt receive any emails.
Went into alert policy and profiles and added email notification as a channel. Still not notifications via email.
What am I doing wrong?
I think the best way to check if the notification is actually being sent is to post a test error message manually to the error reporting API.
First, verify that error notifications are available for the project, and then, run the following command on your cloud shell:
gcloud beta error-reporting events report --verbosity=debug --service Manual --service-version test1 \
--message "java.lang.TestError: msg
at com.example.TestClass.test(TestClass.java:51)
at com.example.AnotherClass(AnotherClass.java:25)"
You should receive an email from StackdriverNotifications-noreply#google.com
If you receive the notification for the test, your other errors might be misconfigured. If you don't receive it, then you might need to verify that the noreply address is not being blocked by your provider/filters.