PII logs of application running on client data center may get printed in ECS control plane

[gopalc]

We have observed that logs of application running on client data center may get printed in ECS control plane. If application is printing PII data in logs(unknowingly or knowingly), then it will get shared in ECS Control plane. Is there any mechanism to avoid printing PII data in ECS Control plane?

[mreferre]

This is a very interesting question. First and foremost consider that the story of PII in this tutorial was fictitious and primarily inspirational. In other words we did not put a lot of efforts in making sure we were not sending specific data that would break this story to the region. Having that said what you log is at your own discretion. For example in this tutorial I am printing the directory name (which matches the SQS message name). I have assumed that PII related data were within the file (and I am not logging any of the content). I am no PII expert but, in a similar real case scenario where I am concerned to log something that would break my PII requirements, I would simply either not log it OR I would consider, for EXTERNAL tasks, to not use CW logs and leave logs locally (parsed with other mechanisms). It is a very interesting topic, thanks for bringing this up. I may add these considerations right in the tutorial.