fix: remove event info logging across all the lambdas, to prevent potential leak of sensitive customer data

nshalabh · nshalabh · commit b12dea4bb9ce · 2025-12-01T11:56:40.000-06:00
diff --git a/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py b/aws_sra_examples/solutions/account/account_alternate_contacts/lambda/src/app.py
@@ -365,8 +365,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     process_accounts(event, params)
@@ -398,8 +396,6 @@ def process_event_organizations(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]:
@@ -427,8 +423,6 @@ def process_event_lifecycle(event: dict) -> None:
     Raises:
         ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus'
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     aws_account_id = ""
@@ -455,8 +449,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     if event["RequestType"] in ["Create", "Update"]:
         params = get_validated_parameters({"RequestType": event["RequestType"]})
@@ -619,8 +611,6 @@ def lambda_handler(event: dict, context: Any) -> None:
     """
     LOGGER.info("....Lambda Handler Started....")
     try:
-        event_info = {"Event": event}
-        LOGGER.info(event_info)
         orchestrator(event, context)
     except Exception:
         LOGGER.exception(UNEXPECTED)
diff --git a/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py b/aws_sra_examples/solutions/cloudtrail/cloudtrail_org/lambda/src/app.py
@@ -323,8 +323,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     LOGGER.debug(f"{context}")
 
     params = get_validated_parameters(event)
diff --git a/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py b/aws_sra_examples/solutions/common/common_prerequisites/lambda/src/app.py
@@ -444,8 +444,6 @@ def create_update_event(event: CloudFormationCustomResourceEvent, context: Conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters(event)
     tags: Sequence[TagTypeDef] = [{"Key": params["TAG_KEY"], "Value": params["TAG_VALUE"]}]
 
@@ -473,8 +471,6 @@ def delete_event(event: CloudFormationCustomResourceEvent, context: Context) ->
         event: event data
         context: runtime information
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     LOGGER.info("SRA SSM Parameters are being retained.")
     # delete_ssm_parameters_in_regions(get_enabled_regions())  # noqa: E800
 
diff --git a/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py b/aws_sra_examples/solutions/common/common_register_delegated_administrator/lambda/src/app.py
@@ -276,8 +276,6 @@ def terraform_handler(event: dict, context: Context) -> None:
         ValueError: Unexpected error executing Lambda function
     """
     LOGGER.info("....Lambda Handler Started....")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         request_type = event["RequestType"]
 
diff --git a/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py b/aws_sra_examples/solutions/config/config_management_account/lambda/src/app.py
@@ -171,8 +171,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters(event)
 
     management_account: str = context.invoked_function_arn.split(":")[4]
diff --git a/aws_sra_examples/solutions/config/config_org/lambda/src/app.py b/aws_sra_examples/solutions/config/config_org/lambda/src/app.py
@@ -74,8 +74,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Update"})
 
     accounts = common.get_active_organization_accounts()
@@ -117,8 +115,6 @@ def process_event_organizations(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     if event["detail"]["eventName"] == "AcceptHandshake" and event["detail"]["responseElements"]["handshake"]["state"] == "ACCEPTED":
@@ -481,8 +477,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     params = get_validated_parameters({"RequestType": event["RequestType"]})
     accounts = common.get_active_organization_accounts()
@@ -533,8 +527,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None:
     LOGGER.info("....Lambda Handler Started....")
     boto3_version = boto3.__version__
     LOGGER.info(f"boto3 version: {boto3_version}")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         orchestrator(event, context)
     except Exception:
diff --git a/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py b/aws_sra_examples/solutions/detective/detective_org/lambda/src/app.py
@@ -72,8 +72,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Update"})
 
     excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
@@ -366,8 +364,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     params = get_validated_parameters({"RequestType": event["RequestType"]})
     excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
@@ -412,8 +408,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None:
     LOGGER.info("....Lambda Handler Started....")
     boto3_version = boto3.__version__
     LOGGER.info(f"boto3 version: {boto3_version}")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         orchestrator(event, context)
     except Exception:
diff --git a/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py b/aws_sra_examples/solutions/ec2/ec2_default_ebs_encryption/lambda/src/app.py
@@ -345,8 +345,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     process_accounts(event, params)
@@ -379,8 +377,6 @@ def process_event_organizations(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]:
@@ -408,8 +404,6 @@ def process_event_lifecycle(event: dict) -> None:
     Raises:
         ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus'
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     aws_account_id = ""
@@ -436,8 +430,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     if event["RequestType"] in ["Create", "Update"]:
         params = get_validated_parameters({"RequestType": event["RequestType"]})
@@ -582,8 +574,6 @@ def lambda_handler(event: dict, context: Any) -> None:
     """
     LOGGER.info("....Lambda Handler Started....")
     try:
-        event_info = {"Event": event}
-        LOGGER.info(event_info)
         orchestrator(event, context)
     except Exception:
         LOGGER.exception(UNEXPECTED)
diff --git a/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py b/aws_sra_examples/solutions/firewall_manager/firewall_manager_org/lambda/src/app.py
@@ -188,8 +188,6 @@ def process_event(event: CloudFormationCustomResourceEvent, context: Context) ->
     Raises:
         botocore.exceptions.ClientError: Client error
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters(event)
 
     if params["action"] == "Add":
diff --git a/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_guardrails/lambda/src/app.py
@@ -838,8 +838,6 @@ def create_event(event: dict, context: Any) -> str:
     DRY_RUN_DATA = {}
     LIVE_RUN_DATA = {}
 
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     LOGGER.info(f"CFN_RESPONSE_DATA START: {CFN_RESPONSE_DATA}")
     # Deploy state table
     deploy_state_table()
diff --git a/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py b/aws_sra_examples/solutions/genai/bedrock_org/lambda/src/app.py
@@ -1413,8 +1413,6 @@ def create_event(event: dict, context: Any) -> str:
     DRY_RUN_DATA = {}
     LIVE_RUN_DATA = {}
 
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     LOGGER.info(f"CFN_RESPONSE_DATA START: {CFN_RESPONSE_DATA}")
     # Deploy state table
     deploy_state_table()
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py b/aws_sra_examples/solutions/guardduty/guardduty_org/lambda/src/app.py
@@ -300,8 +300,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None:
         ValueError: Unexpected error executing Lambda function
     """
     LOGGER.info("....Lambda Handler Started....")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"):
             raise ValueError(
@@ -327,8 +325,6 @@ def terraform_handler(event: Dict[str, Any], context: Context) -> None:
         ValueError: Unexpected error executing Lambda function
     """
     LOGGER.info("....Lambda Handler Started....")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"):
             raise ValueError(
diff --git a/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py b/aws_sra_examples/solutions/iam/iam_password_policy/lambda/src/app.py
@@ -116,8 +116,6 @@ def process_cloudformation_event(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     LOGGER.debug(f"{context}")
 
     params = get_validated_parameters(event)
diff --git a/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py b/aws_sra_examples/solutions/inspector/inspector_org/lambda/src/app.py
@@ -81,8 +81,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Update"})
 
     excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
@@ -443,8 +441,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     params = get_validated_parameters({"RequestType": event["RequestType"]})
     excluded_accounts: list = [params["DELEGATED_ADMIN_ACCOUNT_ID"]]
@@ -578,8 +574,6 @@ def lambda_handler(event: Dict[str, Any], context: Any) -> None:
     LOGGER.info("....Lambda Handler Started....")
     boto3_version = boto3.__version__
     LOGGER.info(f"boto3 version: {boto3_version}")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         orchestrator(event, context)
     except Exception:
diff --git a/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py b/aws_sra_examples/solutions/macie/macie_org/lambda/src/app.py
@@ -206,8 +206,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None:
         ValueError: Unexpected error executing Lambda function
     """
     LOGGER.info("....Lambda Handler Started....")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"):
             raise ValueError(
@@ -233,8 +231,6 @@ def terraform_handler(event: Dict[str, Any], context: Context) -> None:
         ValueError: Unexpected error executing Lambda function
     """
     LOGGER.info("....Terraform Lambda Handler Started....")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         if "Records" not in event and "RequestType" not in event and ("source" not in event and event["source"] != "aws.controltower"):
             raise ValueError(
diff --git a/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py b/aws_sra_examples/solutions/patch_mgmt/patch_mgmt_org/lambda/src/app.py
@@ -866,8 +866,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Update", "ResourceProperties": os.environ})
 
     regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true")
@@ -882,8 +880,6 @@ def process_event_organizations(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Create", "ResourceProperties": os.environ})
     regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true")
 
@@ -933,8 +929,6 @@ def lambda_handler(event: Dict[str, Any], context: Context) -> None:
     LOGGER.info("....Lambda Handler Started....")
     boto3_version = boto3.__version__
     LOGGER.info(f"boto3 version: {boto3_version}")
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     try:
         orchestrator(event, context)
     except Exception:
diff --git a/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py b/aws_sra_examples/solutions/s3/s3_block_account_public_access/lambda/src/app.py
@@ -333,8 +333,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     process_accounts(event, params)
@@ -366,8 +364,6 @@ def process_event_organizations(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     if event["detail"]["eventName"] == "TagResource" and params["EXCLUDE_ACCOUNT_TAGS"]:
@@ -395,8 +391,6 @@ def process_event_lifecycle(event: dict) -> None:
     Raises:
         ValueError: Control Tower Lifecycle Event not 'createManagedAccountStatus' or 'updateManagedAccountStatus'
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({})
 
     aws_account_id = ""
@@ -423,8 +417,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
 
     if event["RequestType"] in ["Create", "Update"]:
         params = get_validated_parameters({"RequestType": event["RequestType"]})
@@ -576,8 +568,6 @@ def lambda_handler(event: dict, context: Any) -> None:
     """
     LOGGER.info("....Lambda Handler Started....")
     try:
-        event_info = {"Event": event}
-        LOGGER.info(event_info)
         orchestrator(event, context)
     except Exception:
         LOGGER.exception(UNEXPECTED)
diff --git a/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py b/aws_sra_examples/solutions/security_lake/security_lake_org/lambda/src/app.py
@@ -145,8 +145,6 @@ def process_event(event: dict) -> None:
     Args:
         event: event data
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": "Update"})
     accounts = common.get_active_organization_accounts()
     regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"] == "true")
@@ -680,8 +678,6 @@ def process_event_cloudformation(event: CloudFormationCustomResourceEvent, conte
     Returns:
         AWS CloudFormation physical resource id
     """
-    event_info = {"Event": event}
-    LOGGER.info(event_info)
     params = get_validated_parameters({"RequestType": event["RequestType"]})
     accounts = common.get_active_organization_accounts()
     regions = common.get_enabled_regions(params["ENABLED_REGIONS"], params["CONTROL_TOWER_REGIONS_ONLY"])
diff --git a/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py b/aws_sra_examples/solutions/securityhub/securityhub_org/lambda/src/app.py
diff --git a/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py b/aws_sra_examples/solutions/shield_advanced/shield_advanced/lambda/src/app.py
