Skip navigation links

@Stability(value=Stable)

Package io.github.hsiehshujeng.cdk.comprehend.s3olap

cdk-comprehend-s3olap

See: Description

Package io.github.hsiehshujeng.cdk.comprehend.s3olap Description

cdk-comprehend-s3olap

This construct creates the foundation for developers to explore the combination of Amazon S3 Object Lambda and Amazon Comprehend for PII scenarios and it is designed with flexibility, i.e, the developers could tweak arguments via CDK to see how AWS services work and behave.

License Build Release

Table of Contents

Serverless Architecture

Access Control

Data Flow image Ram R. and Austin Q., 2021 Arhictecture image Ram R. and Austin Q., 2021

Redaction

image Ram R. and Austin Q., 2021 image Ram R. and Austin Q., 2021

Introduction

The architecture was introduced by Ram Ramani and Austin Quam and was posted on the AWS Blog as Protect PII using Amazon S3 Object Lambda to process and modify data during retrieval. I converted the architecture into a CDK constrcut for 4 programming languages. With this construct, you could manage the properties of IAM roles, the Lambda functions with Amazon Comprehend, and few for the constrcut. Before deploying the construct via the CDK, you could either places the text files, i.e., those for the access control case and redaction case, under a directory with a specific name as the following or just deploying directly yet you need to upload the text files onto the S3 buckets manually yourself. It's all your choie. 

 # For the access control case.
 $ cd ${ROOT_DIRECTORY_CDK_APPLICATION}
 $ mkdir -p files/access_control
 $ curl -o survey-results.txt https://raw.githubusercontent.com/aws-samples/amazon-comprehend-examples/master/s3_object_lambda_pii_protection_blog/access-control/survey-results.txt
 $ curl -o innocuous.txt https://raw.githubusercontent.com/aws-samples/amazon-comprehend-examples/master/s3_object_lambda_pii_protection_blog/access-control/innocuous.txt
 # For the redaction case.
 $ cd ${ROOT_DIRECTORY_CDK_APPLICATION}
 $ mkdir -p files/redaction
 $ curl -o transcript.txt https://raw.githubusercontent.com/aws-samples/amazon-comprehend-examples/master/s3_object_lambda_pii_protection_blog/redaction/transcript.txt

Example

Typescript

You could also refer to here. 

 $ cdk --init language typescript
 $ yarn add cdk-comprehend-s3olap
 

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.core.*;
 import cdk.comprehend.s3olap.ComprehendS3olab;
 
 public class TypescriptStack extends Stack {
     public TypescriptStack(Construct scope, String id) {
         this(scope, id, null);
     }
 
     public TypescriptStack(Construct scope, String id, StackProps props) {
         super(scope, id, props);
         Object s3olab = ComprehendS3olab.Builder.create(this, "PiiDemo")
                 .adminRedactionLambdaConfig(Map.of(
                         "maskCharacter", " ",
                         "unsupportedFileHandling", "PASS"))
                 .billingRedactionLambdaConfig(Map.of(
                         "maskMode", "REPLACE_WITH_PII_ENTITY_TYPE",
                         "piiEntityTypes", "AGE,DRIVER_ID,IP_ADDRESS,MAC_ADDRESS,PASSPORT_NUMBER,PASSWORD,SSN"))
                 .cusrtSupportRedactionLambdaConfig(Map.of(
                         "maskMode", "REPLACE_WITH_PII_ENTITY_TYPE",
                         "piiEntityTypes", " BANK_ACCOUNT_NUMBER,BANK_ROUTING,CREDIT_DEBIT_CVV,CREDIT_DEBIT_EXPIRY,CREDIT_DEBIT_NUMBER,SSN"))
                 .build();
 
         new CfnOutput(this, "OPiiAccessControlLambdaArn", new CfnOutputProps().value(s3olab.getPiiAccessConrtolLambdaArn()));
         new CfnOutput(this, "OAdminLambdaArn", new CfnOutputProps().value(s3olab.getAdminLambdaArn()));
         new CfnOutput(this, "OBillingLambdaArn", new CfnOutputProps().value(s3olab.getBillingLambdaArn()));
         new CfnOutput(this, "OCustomerSupportLambdaArn", new CfnOutputProps().value(s3olab.getCustomerSupportLambdaArn()));
         new CfnOutput(this, "OS3ObjectLambdaGeneralArn", new CfnOutputProps().value(s3olab.getS3objectLambdaAccessControlArn()));
         new CfnOutput(this, "OS3ObjectLambdaAdminArn", new CfnOutputProps().value(s3olab.getS3objectLambdaAdminArn()));
         new CfnOutput(this, "OS3ObjectLambdaBillingArn", new CfnOutputProps().value(s3olab.getS3objectLambdaBillingArn()));
         new CfnOutput(this, "OS3ObjectLambdaCustomerSupportArn", new CfnOutputProps().value(s3olab.getCustomerSupportLambdaArn()));
     }
 }
 
 App app = new App();
 new TypescriptStack(app, "TypescriptStack", new StackProps()
         .stackName("Comprehend-S3olap"));

Python

TBD

Java

TBD

C#

TBD

Some Notes

  1. You should see similar items as the following diagram displays after deploying the constrcut. image
  2. After creating the foundation with success, you could switch roles that the consrtcut creates for you and see how Amazon S3 Object Lambda works. image
  3. You explore Amazon S3 Object Lambda through the Object Lambda access points and open or download the text files.
  4. Lambda code that incorporates with Amazon Comprehend could be see here.
Skip navigation links

Copyright © 2021. All rights reserved.