Piiredactyl lets users redact PII in logs for Cloudtrail and other AWS services. It is a turnkey solution that can be deployed in a Users AWS account.
The solution uses AWS Glue to crawl, classify and then process logs, replacing sensitive PII data as per a Users requirements.
Deploy the provided Cloudformation Template to install Piiredactyl.
aws <command> <subcommand>
aws <command> <subcommand>
python <script>
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Copy nested templates to cfn-repo
aws s3 cp piiredactyl-platform.json s3://builder-cfn-templates/templates/dev/000/piiredactyl-platform.json
aws s3 cp piiredactyl-glue.json s3://builder-cfn-templates/templates/dev/000/piiredactyl-glue.json
Copy scripts to cfn-repo
aws s3 cp piiredactyl.py s3://builder-cfn-templates/scripts/dev/000/piiredactyl.py
Launch main CFN template
aws cloudformation create-stack --capabilities CAPABILITY_NAMED_IAM --stack-name piiredactyl --template-body file://piiredactyl-main.json
Copy Sample Log data into Ingest bucket. Obtain bucket name with the following
aws cloudformation describe-stacks --stack-name piiredactyl |jq '.Stacks[].Outputs[]|select(.OutputKey=="IngestDataBucket")|.OutputValue'
Run Glue crawler
aws <command> <subcommand>
Run Glue script
aws <command> <subcommand>
Observe transformed log in Transform bucket. Obtain bucket name with the following
aws cloudformation describe-stacks --stack-name piiredactyl |jq '.Stacks[].Outputs[]|select(.OutputKey=="TransformDataBucket")|.OutputValue'