cloudformation-datadog-ctblueprints
Datadog AWS Integration Blueprint
For use in deploying Datadog’s AWS Integration in a new AWS account with AWS Control Tower Account Factory Customization.
Datadog is the essential monitoring and security platform for cloud applications. We bring together end-to-end traces, metrics, and logs to make your applications, infrastructure, and third-party services entirely observable. These capabilities help businesses secure their systems, avoid downtime, and ensure customers are getting the best user experience.
This blueprint configures Datadog’s AWS Integration using a CloudFormation stack for a given AWS account so that Datadog can automatically start monitoring your AWS environment.
Architecture
How to use
This solution is designed to be deployed to your Home Region.
When you deploy this solution, you will need to provide the following parameters:
| Name | Description | Type | Default | Allowed Values |
|---|---|---|---|---|
| DatadogApiKey | API key for the Datadog account (find at https://app.datadoghq.com/organization-settings/api-keys) | String | ||
| DatadogAppKey | APP key for the Datadog account (find at https://app.datadoghq.com/organization-settings/application-keys) | String | ||
| DatadogSite | Your Datadog Site to send data to. | String | datadoghq.com | datadoghq.com, datadoghq.eu, us3.datadoghq.com, us5.datadoghq.com, ddog-gov.com |
| DatadogSecretArn | The secret containing your Datadog credentials. This should be as reference to the SecretsManager ARN where Datadog credentials are stored. If no ARN is provided, then you must supply a valid DatadogApiKey, DatadogAppKey, and DatadogSite. | String | ||
| IAMRoleName | Customize the name of IAM role for Datadog AWS integration | String | DatadogIntegrationRole | |
| InstallLambdaLogForwarder | Determines whether the default configuration for the Datadog Lambda Log Forwarder is installed as part of this stack. This is useful for sending logs to Datadog for use in Log Management or Cloud SIEM. Customers who want to customize this setup to include specific custom tags, data scrubbing or redaction rules, or send logs using AWS PrivateLink should select “no” and install this independently (https://docs.datadoghq.com/serverless/libraries_integrations/forwarder/#installation). | String | true | true, false |
| DisableMetricCollection | Disabling metric collection for this account will lead to a loss in visibility into your AWS services. Disable this if you only want to collect tags or resource configuration information from this AWS account, and do not want to use Datadog Infrastructure Monitoring. | String | false | true, false |
| CloudSecurityPostureManagement | Add the AWS Managed SecurityAudit policy to your Datadog AWS Integration role, and enable Datadog Cloud Security Posture Management (CSPM) to start performing configuration checks across your AWS account. Datadog CSPM is a product that automatically detects resource misconfigurations in your AWS account according to industry benchmarks. More info: https://www.datadoghq.com/product/security-platform/cloud-security-posture-management/ | String | false | true, false |
| S3BucketName | Name of the S3 bucket for your copy of the cloudformation blueprint templates. Keep the default bucket name unless you are customizing the template. Changing this prefix updates code references to point to a new blueprint location. | String | controltower-blueprints | |
| S3KeyPrefix | S3 key prefix that is used to simulate a directory for your copy of the cloudformation blueprint. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new blueprint location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html | String | cloudformation-datadog-ctblueprints/ | |
| S3BucketRegion | AWS Region where the S3 bucket (S3BucketName) is hosted. | String | us-east-1 |
See contribution guide for more info