View unmasked data - Amazon CloudWatch Logs
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

View unmasked data

To view unmasked data, a user must have the logs:Unmask permission. Users with this permission can see the unmasked data in the following ways:

  • When viewing the events in a log stream, choose Display, Unmask.

  • Use a CloudWatch Logs Insights query that includes the unmask(@message) command. The following example query displays the 20 most recent log events in the stream, unmasked:

    fields @timestamp, @message, unmask(@message) | sort @timestamp desc | limit 20

    For more information about CloudWatch Logs Insights commands, see CloudWatch Logs Insights query syntax.

  • Use a GetLogEvents or FilterLogEvents operation with the unmask parameter.

The CloudWatchLogsFullAccess policy includes the logs:Unmask permission. To grant logs:Unmask to a user who does not have CloudWatchLogsFullAccess, you can attach a custom IAM policy to that user. For more information, see Adding permissions to a user (console).