/terraform-aws-datadog-integration

Configures Datadog Integration, Forwarder, and Logs

Primary LanguageHCLMIT LicenseMIT

Contact Us | Stratusphere FinOps | StratusGrid Home | Blog

terraform-aws-datadog-intergration

GitHub: StratusGrid/terraform-aws-datadog-intergration

This module configures the AWS / Datadog integration.

There are two main components:

  1. Datadog core integration, enabling datadog's AWS integration
  2. Datadog logs_monitoring forwarder, enabling logshipping watched S3 buckets * Forward CloudWatch, ELB, S3, CloudTrail, VPC and CloudFront logs to Datadog * Forward S3 events to Datadog * Forward Kinesis data stream events to Datadog, only CloudWatch logs are supported * Forward custom metrics from AWS Lambda functions via CloudWatch logs * Forward traces from AWS Lambda functions via CloudWatch logs * Generate and submit enhanced Lambda metrics (aws.lambda.enhanced.*) parsed from the AWS REPORT log: duration, billed_duration, max_memory_used, and estimated_cost

Examples

# Cloudwatch log sync Integration

variable "dd_api_key" {
 type    = string
 default = "1234567890"
}

variable "dd_app_key" {
 type    = string
 default = "1234567890"
}

variable "aws_region" {
 type    = string
 default = "us-west-2"
}

provider "datadog" {
 api_key = var.dd_api_key
 app_key = var.dd_app_key
}

provider "aws" {
 region = var.aws_region
}

module "datadog" {
 source                         = "github.com/StratusGrid/terraform-aws-datadog"
 version                        = "~>1"
 datadog_api_key                = var.dd_api_key
 aws_region                     = var.aws_region
 create_elb_logs_bucket         = false
 enable_datadog_aws_integration = false
 cloudwatch_log_groups          = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
}
# Full Integration

variable "dd_api_key" {
 type    = string
 default = "1234567890"
}

variable "dd_app_key" {
 type    = string
 default = "1234567890"
}

variable "aws_region" {
 type    = string
 default = "us-west-2"
}

provider "datadog" {
 api_key = var.dd_api_key
 app_key = var.dd_app_key
}

provider "aws" {
 region = var.aws_region
}

data "aws_caller_identity" "current" {}

module "datadog" {
 source          = "github.com/StratusGrid/terraform-aws-datadog"
 version         = "~>1"
 aws_region      = var.aws_region
 datadog_api_key = var.dd_api_key
 aws_account_id  = data.aws_caller_identity.current.account_id

 cloudtrail_bucket_id  = "S3_BUCKET_ID"
 cloudtrail_bucket_arn = "S3_BUCKET_ARN"

 cloudwatch_log_groups = ["cloudwatch_log_group_1", "cloudwatch_log_group_2"]
}

Requirements

Name Version
terraform >= 1.1
aws >= 3.63
datadog >= 2.10, < 3

Resources

Name Type
aws_cloudformation_stack.datadog_forwarder resource
aws_cloudwatch_log_subscription_filter.test_lambdafunction_logfilter resource
aws_iam_policy.datadog_core resource
aws_iam_role.datadog_integration resource
aws_iam_role_policy_attachment.datadog_core_attach resource
aws_lambda_permission.allow_cloudwatch_logs_to_call_dd_lambda_handler resource
aws_lambda_permission.allow_ctbucket_trigger resource
aws_lambda_permission.allow_elblog_trigger resource
aws_s3_bucket.elb_logs resource
aws_s3_bucket_notification.ctbucket_notification_dd_log resource
aws_s3_bucket_notification.elblog_notification_dd_log resource
datadog_integration_aws.core resource
datadog_integration_aws_lambda_arn.main_collector resource
datadog_integration_aws_log_collection.main resource

Inputs

Name Description Type Default Required
account_name The account_name tag to apply to all data sent to datadog string "" no
account_specific_namespace_rules account_specific_namespace_rules argument for datadog_integration_aws resource map(any) {} no
aws_account_id The ID of the AWS account to create the integration for string "" no
aws_integration_tags Tags to add to metrics from AWS integration. map(any) {} no
aws_region AWS Region string "us-east-2" no
cloudtrail_bucket_arn The Cloudtrail bucket ID. Use only from org master account string "" no
cloudtrail_bucket_id The Cloudtrail bucket ID. Use only from org master account. string "" no
cloudwatch_log_groups Sync logs from cloudwatch by given list of log groups list(string) [] no
create_elb_logs_bucket Create S3 bucket for ELB log sync bool true no
datadog_api_key_name The API key name for the datadog integration from Secrets Manager. string n/a yes
dd_forwarder_dd_site Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu string "datadoghq.com" no
dd_forwarder_log_retention_in_days Defines the log retention period (in days) for CloudWatch logs generated by the DataDog Log Forwarder. number 90 no
dd_forwarder_template_version Sets Datadog Forwarder version to use string "3.17.0" no
elb_logs_bucket_prefix Prefix for ELB logs S3 bucket name string "awsdd" no
enable_datadog_aws_integration Use datadog provider to give datadog aws account access to our resources bool true no
excluded_regions An array of AWS regions to exclude from metrics collection list(string) [] no
filter_tags Array of EC2 tags (in the form key:value) defines a filter that Datadog use when collecting metrics from EC2. Wildcards, such as ? (for single characters) and * (for multiple characters) can also be used. Only hosts that match one of the defined tags will be imported into Datadog. The rest will be ignored. list(string) [] no
log_exclude_at_match Sets EXCLUDE_AT_MATCH environment variable, which allows excluding unwanted log lines string "$x^" no
reserved_concurrency Lambda reserved concurrency for Datadog Forwarder. number 100 no

Outputs

Name Description
datadog_iam_role Datadog IAM Role
datadog_logs_monitoring_lambda_function_name Datadog monitoring lambda function name

Note!

Manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml