Data protection and data privacy with CloudWatch RUM - Amazon CloudWatch
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Data protection and data privacy with CloudWatch RUM

The Amazon shared responsibility model applies to data protection and data privacy in Amazon CloudWatch RUM. As described in this model, Amazon is responsible for protecting the global infrastructure that runs all of the Amazon cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. For more information about data privacy, see the Data Privacy FAQ. For information about data protection in Europe, see The Amazon Shared Responsibility Model and GDPR blog post on the Amazon Security Blog. For more resources about complying with GDPR requirements, see the General Data Protection Regulation (GDPR) Center.

Amazon CloudWatch RUM generates a code snippet for you to embed into your website or web application code, based on your input of end user data that you want to collect. The web client, downloaded and configured by the code snippet, uses cookies (or similar technologies) to help you collect end user data. The use of cookies (or similar technologies) is subject to data privacy regulations in certain jurisdictions. Before using Amazon CloudWatch RUM, we strongly recommend that you assess your compliance obligations under applicable law, including any applicable legal requirements to provide legally adequate privacy notices and obtain any necessary consents for the use of cookies and the processing (including collection) of end user data. For more information about how the web client uses cookies and what end-user data the web client collects, see Information collected by the CloudWatch RUM web client and CloudWatch RUM web client cookies.

We strongly recommend that you never put sensitive identifying information, such as your end users’ account numbers, email addresses, or other personal information, into free-form fields. Any data that you enter into Amazon CloudWatch RUM or other services might be included in diagnostic logs.

CloudWatch RUM web client cookies

The CloudWatch RUM web client collects certain data about user sessions by default. You can choose to enable cookies to have the web client also collect a user ID and session ID for each session. The user ID is randomly generated by RUM.

If these cookies are enabled, RUM is able to display the following types of data when you view the RUM dashboard for this app monitor.

  • Aggregated data based on user IDs, such as number of unique users and the number of different users who experienced an error.

  • Aggregated data based on session IDs, such as number of sessions and the number of sessions that experienced an error.

  • The user journey, which is the sequence of pages that each sampled user session includes.


If you do not enable these cookies, the web client still records certain information about end user sessions such as browser type/version, operating system type/version, device type, and so on. These are collected to provide aggregated page-specific insights, such as web vitals, page views, and pages that experienced errors. For more information about the data recorded, see Information collected by the CloudWatch RUM web client.