Detect and protect sensitive data with Amazon Lex and Amazon CloudWatch Logs
Machine Learning Blog
This article discusses techniques for protecting sensitive data that may be inadvertently exposed in Amazon Lex and Amazon CloudWatch Logs services. It covers:
- Identifying and classifying sensitive data like personally identifiable information (PII)
- Locating data stores where this data resides, such as Amazon Lex conversation logs and CloudWatch Logs
- Using slot obfuscation and selective conversation log capture in Amazon Lex to mask sensitive data
- Configuring CloudWatch Logs data protection policies with managed and custom identifiers to detect and mask PII
- Securing Amazon S3 buckets that store Lex audio recordings with encryption and access controls
- Implementing Service Control Policies to prevent unauthorized changes to Lex bots and CloudWatch Logs and restrict unmasking of sensitive data
- Conclusion emphasizing regular audits, monitoring, and updating security measures
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 6
2024
2024
How Amazon CloudWatch Logs Data Protection can help detect and protect sensitive log data
Oct 30
2025
2025
Handling sensitive log data using Amazon CloudWatch
Apr 16
2024
2024
Mask sensitive Amazon DocumentDB log data with Amazon CloudWatch Logs data protection
Nov 26
2025
2025
Amazon CloudWatch now supports deletion protection for logs
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.