we're planning to use AWS Step Functions. We've done some tests and we see that AWS is logging a lot of information in the Execution Details and Step Details section of the Step Functions console. We're planning to have some PII data there that we don't want to be logged.
Is there any way to control what's logged in those sections? Or can we tell AWS to not log anything there?
Thanks, Vicenç
We've talked with Amazon and it looks like that there's no way to hide this information from the console. The alternative is to limit what gets sent to the Lambda functions at each step, so you can ensure that only non-PII subsets of the input data are seen by certain functions. The usual workaround is to not passing PII data in at all and instead of that, place the PII data in an encrypted data stores, such as an S3 bucket or encrypted RDS database table, and pass a reference to that object through the state machine.
Cheers,