Improving examples

docs/utilities/data_masking.md

@@ -60,7 +60,7 @@ Before you start, you need to create a KMS key to encrypt and decrypt your data
 ### Required resources
 
 === "AWS Serverless Application Model (SAM) example"
-    ```yaml hl_lines="16 30 54-55"
+    ```yaml hl_lines="16 24 35 59-60 66-67"
     --8<-- "examples/data_masking/sam/template.yaml"
     ```
 
@@ -105,16 +105,16 @@ If `fields` is not provided, the entire data object will be masked (or encrypted
 
 You can mask data without having to install any encryption library. Masking data will result in the loss of its original type, and the masked data will always be represented as a string.
 
-=== "input.json"
-    ```json
-    --8<-- "examples/data_masking/src/generic_data_input.json"
-    ```
-
 === "getting_started_mask_data.py"
     ```python hl_lines="1 6 10"
     --8<-- "examples/data_masking/src/getting_started_mask_data.py"
     ```
 
+=== "input.json"
+    ```json
+    --8<-- "examples/data_masking/src/generic_data_input.json"
+    ```
+
 === "output.json"
     ```json hl_lines="5 7 12"
     --8<-- "examples/data_masking/src/mask_data_output.json"

examples/data_masking/sam/template.yaml

@@ -21,7 +21,7 @@ Resources:
   # This function is mainly for documentation purposes. In prod, we recommend you split up the encrypt and decrypt
   # calls, so that one function can act as the encryption proxy via HTTP requests, data pipeline, etc.
   # while authorized personnel can call decrypt from scripts or a separate function.
-  DataMaskingFunctionExample:
+  DataMaskingEncryptFunctionExample:
     Type: AWS::Serverless::Function
     Properties:
       Handler: data_masking_function_example.lambda_handler
@@ -31,8 +31,17 @@ Resources:
       # We recommend to allocate a minimum of 1024MB of memory to your Lambda function
       # when utilizing the DataMasking Utility.
       MemorySize: 1024
-      Architectures:
-      - x86_64
+
+  # DataMaskingDecryptFunctionExample:
+  #   Type: AWS::Serverless::Function
+  #   Properties:
+  #     Handler: data_masking_function_decrypt.lambda_handler
+  #     CodeUri: ../src
+  #     Description: Data Masking Function Example
+  #     # Cryptographic operations demand more memory usage.
+  #     # We recommend to allocate a minimum of 1024MB of memory to your Lambda function
+  #     # when utilizing the DataMasking Utility.
+  #     MemorySize: 1024
 
   # KMS KEY
   DataMaskingKMSKey:
@@ -55,7 +64,7 @@ Resources:
           # For more details: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
           - Effect: Allow
             Principal:
-              AWS: !GetAtt DataMaskingFunctionExampleRole.Arn  # Permission for the Lambda role
+              AWS: !GetAtt DataMaskingEncryptFunctionExampleRole.Arn  # Permission for the Lambda role
             # These IAM permissions are necessary for the envelope encryption that AWS Encryption SDK uses.
             # Envelope encryption randomly generates a data key and encrypts that data key along with your data,
             # so we encrypt in-memory to prevent too many calls to KMS to reduce latency.

examples/data_masking/src/getting_started_mask_data.py

@@ -1,10 +1,18 @@
+from typing import Dict
+
+from aws_lambda_powertools import Logger
 from aws_lambda_powertools.utilities._data_masking import DataMasking
+from aws_lambda_powertools.utilities.typing import LambdaContext
+
+logger = Logger()
+data_masker = DataMasking()
 
 
-def lambda_handler(event, context):
+def lambda_handler(event: dict, context: LambdaContext) -> Dict:
+    data = event.get("body")
 
-    data_masker = DataMasking()
+    logger.info("Masking fields email, address.street, and company_address")
 
-    data = event["body"]
+    fields_masked = data_masker.mask(data=data, fields=["email", "address.street", "company_address"])
 
-    data_masker.mask(data=data, fields=["email", "address.street", "company_address"])
+    return {"fields_masked": fields_masked}