Terraform module that helps with various Datadog AWS integrations. This module consists of the Main module for creating the AWS Integration role and the following submodules:
- Metric polling (out of the box with integration role)
- Metric streams with Kinesis Firehose
- Cloud Security Posture Management (can be enabled via the integration role)
- Scrape DB metrics for DBM
- Forward any S3 or CloudWatch logs to Datadog
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_specific_namespace_rules | Enables or disables metric collection for specific AWS namespaces for this AWS account only. | map(bool) |
null |
no |
| aws_account_id | AWS Account ID to integrate with DataDog. If left empty, the current account will be used. | string |
null |
no |
| cspm_resource_collection_enabled | If enabled, will add the Cloud Security Posture Management policy to the integration role and enable Datadog to collect the information. | bool |
false |
no |
| datadog_aws_account_id | AWS Account ID of DataDog. | string |
"464622532012" |
no |
| excluded_regions | An array of AWS regions to exclude from metrics collection. | list(string) |
null |
no |
| filter_tags | Array of EC2 tags (in the form key:value) defines a filter that Datadog uses when collecting metrics from EC2. Wildcards, such as ? (for single characters) and * (for multiple characters) can also be used. Only hosts that match one of the defined tags will be imported into Datadog. | list(string) |
null |
no |
| host_tags | Array of tags (in the form key:value) to add to all hosts and metrics reporting through this integration. | list(string) |
null |
no |
| metrics_collection_enabled | Whether Datadog collects metrics for this AWS account. | bool |
null |
no |
| prefix | Prefix that will added to created resources. | string |
n/a | yes |
| resource_collection_enabled | Whether Datadog collects a standard set of resources from your AWS account. | bool |
null |
no |
| tags | Tags to add to the created resources. | map(any) |
{} |
no |
| Name | Description |
|---|---|
| datadog_integration_role_arn | The ARN of the IAM role created for Datadog to integrate with AWS. |
| Name | Version |
|---|---|
| aws | >= 4.36 |
| datadog | >= 3.21 |
- resource.aws_iam_role_policy_attachment.csp (main.tf#161)
- resource.datadog_integration_aws.main (main.tf#28)
- data source.aws_caller_identity.current (main.tf#20)
# Can be configured via ENV vars. See: https://registry.terraform.io/providers/DataDog/datadog/latest/docs#optional
provider "datadog" {}
provider "aws" {}
# Enable the basic AWS integration:
# https://docs.datadoghq.com/integrations/amazon_web_services/#aws-iam-permissions
module "integration" {
source = "../../"
prefix = "datadog-pro"
}
# Enable metric stream integration for faster metric ingestion:
# https://docs.datadoghq.com/integrations/guide/aws-cloudwatch-metric-streams-with-kinesis-data-firehose
module "metric_stream" {
source = "../../modules/metrics_firehose"
prefix = "datadog-pro"
datadog_api_key = var.datadog_api_key
}
# Deploy the log forwarder Lambda via CloudFormation:
# https://docs.datadoghq.com/logs/guide/forwarder/?tab=terraform
module "log_forwarder" {
source = "../../modules/log_forwarder"
prefix = "datadog-pro"
datadog_api_key = var.datadog_api_key
}