What is the primary purpose of the "Get Event Attendee Sanitized List" function?
The primary purpose of this function within the Calendar Invite Server (CIS) Dashboard is to retrieve a list of attendees for a specific event while simultaneously sanitizing any personally identifiable information (PII) for Web Display use cases.
This ensures that event organizers can access and analyze attendee data without compromising the privacy of individuals.
Which AWS services are utilized by this function?
The "Get Event Attendee Sanitized List" function leverages two key AWS services:
AWS Lambda: This service is used to handle the API requests for retrieving attendee data.
Amazon DynamoDB: This NoSQL database service is responsible for storing both attendee and event data, allowing for efficient data retrieval.
How does the function ensure the privacy of attendee data?
The function ensures privacy by redacting personally identifiable information (PII) from attendee names and email addresses. Specifically, for email addresses, it masks the local part, replacing all but the first character with asterisks (e.g., johndoe@example.com becomes j*******@example.com). For attendee names, it redacts the name, keeping only the first character visible (e.g., John Doe becomes J*******).
What is the typical flow of execution for retrieving a sanitized attendee list?
The event processing flow involves several steps:
Trigger: The function is invoked via an API Gateway request, which extracts the unique event identifier (UID) from the request parameters.
Retrieve Attendee Data: It then queries DynamoDB to fetch all attendees associated with that specific event.
Sanitize Attendee Data: Once retrieved, the function redacts PII from attendee names and email addresses.
Return Sanitized Data: Finally, it returns the cleaned attendee list as a JSON response.
What are the key internal functions involved in this process?
The process involves several key internal functions:
lambda_handler(event, *): Extracts the event UID, calls get_sanitized_attendee_list_for(uid), and returns an HTTP 200 response.
get_sanitized_attendee_list_for(uid): Retrieves the attendee list using get_attendee_list_for(uid) and then sanitizes it using sanitize(attendee_list).
get_attendee_list_for(uid): Queries DynamoDB for attendees, using event# as the Partition Key and attendee# as a Sort Key prefix, limiting results to 100 per request.
sanitize(attendee_list): Iterates through the list, calling sanitize_sender_from(email) and sanitize_attendee(name) for each attendee.
How is attendee data structured and stored in DynamoDB?
Attendee records in DynamoDB are structured with:
pk (Partition Key): event#
sk (Sort Key): attendee# These records store essential attendee information such as name, email, RSVP status, origin, and event metadata.
What environmental variables are essential for the function's operation?
The function relies on several environmental variables for proper operation:
REGION: Specifies the AWS Region where DynamoDB is located.
DYNAMODB_TABLE: Defines the name of the DynamoDB table used to store event and attendee records.
LOG_LEVEL: Sets the verbosity level for logging within the function.
How does the function handle errors?
The function incorporates error-handling mechanisms for common issues:
Missing Event UID: If the API request lacks a valid UID, it logs an error and returns a "400 Bad Request" response.
DynamoDB Query Failures: If the retrieval of the attendee list from DynamoDB fails, the error is logged, but the function execution is not interrupted.
Sanitization Issues: The design incorporates fallback mechanisms to address unexpected data structures that may arise during the sanitization process.
