Write now we're dumping stalwart logs right into cloudfront. While they are setup with the correct read permissions (as in not everyone can view the logs), and their ttl is pretty low, we should still deterministically hash any PII.
This way we can still trace problems, but without knowing who sent what.
With this filter we'll have to keep an eye on Stalwart updates and update the lua script accordingly.
https://github.com/thunderbird/mailstrom/blob/main/pulumi/bootstrap/templates/fluent-bit.yaml.j2
Write now we're dumping stalwart logs right into cloudfront. While they are setup with the correct read permissions (as in not everyone can view the logs), and their ttl is pretty low, we should still deterministically hash any PII.
This way we can still trace problems, but without knowing who sent what.
With this filter we'll have to keep an eye on Stalwart updates and update the lua script accordingly.
https://github.com/thunderbird/mailstrom/blob/main/pulumi/bootstrap/templates/fluent-bit.yaml.j2