Could you please add description about Console log into this article? It exists in "Console" panel on Developer Tools and it is as important as HAR file when we investigate a console issue.
Updated article, thank you for the feedback.
I really wish this article had some help for redacting sensitive info... I have no idea which AWS parameters are sensitive or not. Also doing this manually is a huge PITA. I'm having to use silly regexes with sed to fix up the HAR JSON, in order to save myself from a ton of error-prone manual work.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Until the review is complete... giving a blanket recommendation on what to redact is a bit of a challenge as there is no standard set of sensitive information. And how that sensitive information is included in the HAR file isn't consistent.
For example, if you capture an authentication attempt to Identity Center using Identity Provider X, the resulting HAR file will very likely show the HTTP call where your sent over your password to Identity Provider X. So you want to remove that password. If you authenticate using Identity Provider Y, the same thing happens.
But where the password is displayed (is it a HTTP query parameter? Is it sent in the body of the HTTP request?) depends on the Identity Provider itself and how the Identity Provider implemented their login flow. Also, if you're already logged into your Identity Provider, it may just forward you along without asking for your password again. So your password may not always be in the HAR file -- it depends on a lot of factors.
At the very least, I would suggest opening the HAR file in a text editor and doing a Find command using the plaintext value of your password. Wherever you find your password, remove it.
Regarding sensitive information about your Amazon environment itself, I wouldn't suggest redacting that. Because different support issues require different types of information. And there's no real way to list all types of support cases and what information is needed to troubleshoot.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
You mention to "mask cookies and authentication headers", I wish you could provide more information about what specifically to mask. The HAR file I got is 12,000 lines long and contains more than 100 requests. Is the cookie aws-creds sensitive? What about the s_eVar60 header? aws-userInfo-signed? noflush_awsccs_sid? This is a lot to ask of people.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I was linked to this article by AWS support as I was requested to provide a HAR file for an AWS CLI command we were having an issue with. The article does not provide information for this case. For CLI debugging below is the solution I found. I used this on Mac OS , but it should work on linux too.
For below steps Python installation is required as well as a functioning "pip" package manager for Python.
Terminal 1:
pip install mitmproxy
mitmproxy --set hardump=dump.har -w output.dump
On Terminal 1 you will see any requests made via a proxy which mitmproxy starts on port 8080.
Terminal 2:
HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8080 AWS_CA_BUNDLE=/Users/yourusername/.mitmproxy/mitmproxy-ca-cert.pem aws sts get-caller-identity
Replace the path to the CA cert, it should be located under .mitmproxy/mitmproxy-ca-cert.pem in your user's directory.
Replace the "sts get-caller-identity" command with whichever command you are debugging.
You will see the requests being logged in Terminal 1.
Once you quit mitmproxy using "q" key, the generated "dump.har" file is the HAR file. You should edit this file and remove sensitive information like security tokens and then provide the file to AWS.
Relevant content
- asked 3 years ago
- Accepted Answerasked 3 years ago
- asked a year ago
- asked 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 9 days ago