Skip to content

fix: remove event info logging across all the lambdas, to prevent potential leak of sensitive customer data #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nshalabh merged 2 commits into from
Dec 2, 2025
Merged

fix: remove event info logging across all the lambdas, to prevent potential leak of sensitive customer data #334

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b12dea4
fix: remove event info logging across all the lambdas, to prevent pot…
nshalabh Dec 1, 2025
c86c3de
fix: linting errors across the solution (D202 and U100)
nshalabh Dec 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 8 additions & 19 deletions aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ def local_testing(aws_account: AccountTypeDef, params: dict) -> None:
process_alternate_contacts(account_client, aws_account, params)


def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None:
def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], params: dict) -> None: # noqa: U100
"""Process Accounts and Create SNS Messages for each account for solution deployment.

Args:
Expand All @@ -339,7 +339,7 @@ def process_accounts(event: Union[CloudFormationCustomResourceEvent, dict], para
process_sns_message_batches(sns_messages, params["SNS_TOPIC_ARN"])


def process_account(event: dict, aws_account_id: str, params: dict) -> None:
def process_account(event: dict, aws_account_id: str, params: dict) -> None: # noqa: U100
"""Process Account and Create SNS Message for account for solution deployment.

Args:
Expand All @@ -359,20 +359,18 @@ def process_account(event: dict, aws_account_id: str, params: dict) -> None:
publish_sns_message(sns_message, "Account Alternate Contacts", params["SNS_TOPIC_ARN"])


def process_event(event: dict) -> None:
def process_event(event: dict) -> None: # noqa: U100
"""Process Event.

Args:
event: event data
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({})

process_accounts(event, params)


def process_event_sns(event: dict) -> None:
def process_event_sns(event: dict) -> None: # noqa: U100
"""Process SNS event.

Args:
Expand All @@ -392,14 +390,12 @@ def process_event_sns(event: dict) -> None:
process_alternate_contacts(account_client, aws_account, params)


def process_event_organizations(event: dict) -> None:
def process_event_organizations(event: dict) -> None: # noqa: U100
"""Process Event from AWS Organizations.

Args:
event: event data
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({})

if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]:
Expand All @@ -418,7 +414,7 @@ def process_event_organizations(event: dict) -> None:
LOGGER.info("Organization event does not match expected values.")


def process_event_lifecycle(event: dict) -> None:
def process_event_lifecycle(event: dict) -> None: # noqa: U100
"""Process Lifecycle Event from AWS Control Tower.

Args:
Expand All @@ -427,8 +423,6 @@ def process_event_lifecycle(event: dict) -> None:
Raises:
ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus'
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({})

aws_account_id = ""
Expand All @@ -455,9 +449,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)

if event["RequestType"] in ["Create", "Update"]:
params = get_validated_parameters({"RequestType": event["RequestType"]})
process_accounts(event, params)
Expand Down Expand Up @@ -588,7 +579,7 @@ def get_validated_parameters(event: dict) -> dict:
return params


def orchestrator(event: dict, context: Any) -> None:
def orchestrator(event: dict, context: Any) -> None: # noqa: U100
"""Orchestration of Events.

Args:
Expand All @@ -607,7 +598,7 @@ def orchestrator(event: dict, context: Any) -> None:
process_event(event)


def lambda_handler(event: dict, context: Any) -> None:
def lambda_handler(event: dict, context: Any) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand All @@ -619,8 +610,6 @@ def lambda_handler(event: dict, context: Any) -> None:
"""
LOGGER.info("....Lambda Handler Started....")
try:
event_info = {"Event": event}
LOGGER.info(event_info)
orchestrator(event, context)
except Exception:
LOGGER.exception(UNEXPECTED)
Expand Down
2 changes: 1 addition & 1 deletion aws_sra_examples/solutions/ami_bakery/ami_bakery_org/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,7 @@ def delete(event: Dict[str, Any], context: Context) -> None: # noqa: U100
iam.delete_role(session, params["CODEPIPELINE_ROLE_NAME"])


def lambda_handler(event: Dict[str, Any], context: Context) -> None:
def lambda_handler(event: Dict[str, Any], context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand Down
8 changes: 3 additions & 5 deletions aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ def process_create_update(params: dict) -> None:
@helper.create
@helper.update
@helper.delete
def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str:
def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100
"""Process CloudFormation Event. Creates, updates, and deletes a CloudTrail with the provided parameters.

Args:
Expand All @@ -323,8 +323,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)
LOGGER.debug(f"{context}")

params = get_validated_parameters(event)
Expand All @@ -342,7 +340,7 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
return f"{params['CLOUDTRAIL_NAME']}-CloudTrail"


def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None:
def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand All @@ -360,7 +358,7 @@ def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -
raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None


def terraform_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None:
def terraform_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand Down
6 changes: 1 addition & 5 deletions aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -444,8 +444,6 @@ def create_update_event(event: CloudFormationCustomResourceEvent, context: Conte
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters(event)
tags: Sequence[TagTypeDef] = [{"Key": params["TAG_KEY"], "Value": params["TAG_VALUE"]}]

Expand Down Expand Up @@ -473,13 +471,11 @@ def delete_event(event: CloudFormationCustomResourceEvent, context: Context) ->
event: event data
context: runtime information
"""
event_info = {"Event": event}
LOGGER.info(event_info)
LOGGER.info("SRA SSM Parameters are being retained.")
# delete_ssm_parameters_in_regions(get_enabled_regions()) # noqa: E800


def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None:
def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand Down
4 changes: 1 addition & 3 deletions aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ def lambda_handler(
raise ValueError(f"Unexpected error executing Lambda function. Review CloudWatch logs '{context.log_group_name}' for details.") from None


def terraform_handler(event: dict, context: Context) -> None:
def terraform_handler(event: dict, context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand All @@ -276,8 +276,6 @@ def terraform_handler(event: dict, context: Context) -> None:
ValueError: Unexpected error executing Lambda function
"""
LOGGER.info("....Lambda Handler Started....")
event_info = {"Event": event}
LOGGER.info(event_info)
try:
request_type = event["RequestType"]

Expand Down
6 changes: 2 additions & 4 deletions aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ def get_validated_parameters(event: CloudFormationCustomResourceEvent) -> dict:
@helper.create
@helper.update
@helper.delete
def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str:
def process_event(event: CloudFormationCustomResourceEvent, context: Context) -> str: # noqa: U100
"""Process Event from AWS CloudFormation.

Args:
Expand All @@ -171,8 +171,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters(event)

management_account: str = context.invoked_function_arn.split(":")[4]
Expand All @@ -189,7 +187,7 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
return f"{params['AUDIT_ACCOUNT_ID']}-{params['AGGREGATOR_NAME']}"


def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None:
def lambda_handler(event: CloudFormationCustomResourceEvent, context: Context) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand Down
19 changes: 5 additions & 14 deletions aws_sra_examples/solutions/config/config_org/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,14 +68,12 @@ def process_add_update_event(params: dict, regions: list, accounts: list) -> Non
LOGGER.info("...ADD_UPDATE_NO_EVENT")


def process_event(event: dict) -> None:
def process_event(event: dict) -> None: # noqa: U100
"""Process Event.

Args:
event: event data
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({"RequestType": "Update"})

accounts = common.get_active_organization_accounts()
Expand Down Expand Up @@ -111,14 +109,12 @@ def process_account(aws_account_id: str, params: dict) -> None:
config.set_delivery_channel(aws_account_id, region, params["CONFIGURATION_ROLE_NAME"], delivery_channel)


def process_event_organizations(event: dict) -> None:
def process_event_organizations(event: dict) -> None: # noqa: U100
"""Process Event from AWS Organizations.

Args:
event: event data
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({})

if event["detail"]["eventName"] == "AcceptHandshake" and event["detail"]["responseElements"]["handshake"]["state"] == "ACCEPTED":
Expand Down Expand Up @@ -432,7 +428,7 @@ def process_sns_message_batches(sns_messages: list, sns_topic_arn_fanout: str) -
publish_sns_message_batch(batch, sns_topic_arn_fanout)


def process_event_sns(event: dict) -> None:
def process_event_sns(event: dict) -> None: # noqa: U100
"""Process SNS event to complete the setup process.

Args:
Expand Down Expand Up @@ -481,9 +477,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)

params = get_validated_parameters({"RequestType": event["RequestType"]})
accounts = common.get_active_organization_accounts()
regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true")
Expand All @@ -502,7 +495,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
return "SRA-CONFIG-ORG"


def orchestrator(event: Dict[str, Any], context: Any) -> None:
def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100
"""Orchestration.

Args:
Expand All @@ -520,7 +513,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None:
process_event(event)


def lambda_handler(event: Dict[str, Any], context: Any) -> None:
def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand All @@ -533,8 +526,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None:
LOGGER.info("....Lambda Handler Started....")
boto3_version = boto3.__version__
LOGGER.info(f"boto3 version: {boto3_version}")
event_info = {"Event": event}
LOGGER.info(event_info)
try:
orchestrator(event, context)
except Exception:
Expand Down
13 changes: 3 additions & 10 deletions aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,12 @@ def process_add_update_event(params: dict, regions: list, accounts: list) -> Non
LOGGER.info("...ADD_UPDATE_NO_EVENT")


def process_event(event: dict) -> None:
def process_event(event: dict) -> None: # noqa: U100
"""Process Event.

Args:
event: event data
"""
event_info = {"Event": event}
LOGGER.info(event_info)
params = get_validated_parameters({"RequestType": "Update"})

excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
Expand Down Expand Up @@ -366,9 +364,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
Returns:
AWS CloudFormation physical resource id
"""
event_info = {"Event": event}
LOGGER.info(event_info)

params = get_validated_parameters({"RequestType": event["RequestType"]})
excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
accounts = common.get_active_organization_accounts(excluded_accounts)
Expand All @@ -384,7 +379,7 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
return f"sra-detective-org-{params['DELEGATED_ADMIN_ACCOUNT_ID']}"


def orchestrator(event: Dict[str, Any], context: Any) -> None:
def orchestrator(event: Dict[str, Any], context: Any) -> None: # noqa: U100
"""Orchestration.

Args:
Expand All @@ -399,7 +394,7 @@ def orchestrator(event: Dict[str, Any], context: Any) -> None:
process_event(event)


def lambda_handler(event: Dict[str, Any], context: Any) -> None:
def lambda_handler(event: Dict[str, Any], context: Any) -> None: # noqa: U100
"""Lambda Handler.

Args:
Expand All @@ -412,8 +407,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None:
LOGGER.info("....Lambda Handler Started....")
boto3_version = boto3.__version__
LOGGER.info(f"boto3 version: {boto3_version}")
event_info = {"Event": event}
LOGGER.info(event_info)
try:
orchestrator(event, context)
except Exception:
Expand Down
Loading