View unmasked data

To view unmasked data, a user must have the logs:Unmask permission. Users with this permission can see the unmasked data in the following ways:

When viewing the events in a log stream, choose Display, Unmask.
Use a CloudWatch Logs Insights query that includes the unmask(@message) command. The following example query displays the 20 most recent log events in the stream, unmasked:
```
fields @timestamp, @message, unmask(@message)
| sort @timestamp desc
| limit 20
```
For more information about CloudWatch Logs Insights commands, see CloudWatch Logs Insights language query syntax.
Use a GetLogEvents or FilterLogEvents operation with the unmask parameter.

The CloudWatchLogsFullAccess policy includes the logs:Unmask permission. To grant logs:Unmask to a user who does not have CloudWatchLogsFullAccess, you can attach a custom IAM policy to that user. For more information, see Adding permissions to a user (console).

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Create a data protection policy for a single log group

Audit findings reports