This component is responsible for provisioning a DataDog <=> AWS integration. It's required that the DataDog API and App secret keys are available in the consuming account at the var.datadog_api_secret_key and var.datadog_app_secret_key paths in either AWS Secrets Manager or the AWS SSM Parameter Store.
Stack Level: Global
Here's an example snippet for how to use this component. It's suggested to apply this component to all accounts which you want to track AWS metrics with DataDog.
components:
terraform:
datadog-integration:
vars:
integrations:
- "all"
secrets_store_type: ASM # AWS Secrets Manager
host_tags:
- env:uw2-demo
- region:us-west-2
- stage:demo| Name | Version |
|---|---|
| terraform | >= 0.12 |
| aws | >= 2.0 |
| datadog | >= 2.15.0 |
| local | >= 1.3 |
| template | >= 2.0 |
| Name | Version |
|---|---|
| aws | >= 2.0 |
| Name | Source | Version |
|---|---|---|
| datadog_integration | git::https://github.com/cloudposse/terraform-aws-datadog-integration.git | tags/0.6.1 |
| iam_roles | ../account-map/modules/iam-roles | n/a |
| this | git::https://github.com/cloudposse/terraform-null-label.git | tags/0.21.0 |
| Name | Type |
|---|---|
| aws_ssm_parameter.datadog_aws_iam_role_name | resource |
| aws_ssm_parameter.datadog_api_key | data source |
| aws_ssm_parameter.datadog_app_key | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_specific_namespace_rules | An object, (in the form {"namespace1":true/false, "namespace2":true/false} ), that enables or disables metric collection for specific AWS namespaces for this AWS account only | map(string) |
{} |
no |
| additional_tag_map | Additional tags for appending to tags_as_list_of_maps. Not added to tags. |
map(string) |
{} |
no |
| attributes | Additional attributes (e.g. 1) |
list(string) |
[] |
no |
| context | Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value.Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. |
object({ |
{ |
no |
| datadog_aws_account_id | The AWS account ID Datadog's integration servers use for all integrations | string |
"464622532012" |
no |
| delimiter | Delimiter to be used between namespace, environment, stage, name and attributes.Defaults to - (hyphen). Set to "" to use no delimiter at all. |
string |
null |
no |
| enabled | Set to false to prevent the module from creating any resources | bool |
null |
no |
| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | string |
null |
no |
| excluded_regions | An array of AWS regions to exclude from metrics collection | list(string) |
[] |
no |
| filter_tags | An array of EC2 tags (in the form key:value) that defines a filter that Datadog use when collecting metrics from EC2. Wildcards, such as ? (for single characters) and * (for multiple characters) can also be used |
list(string) |
null |
no |
| host_tags | An array of tags (in the form key:value) to add to all hosts and metrics reporting through this integration |
list(string) |
[] |
no |
| id_length_limit | Limit id to this many characters.Set to 0 for unlimited length.Set to null for default, which is 0.Does not affect id_full. |
number |
null |
no |
| import_role_arn | IAM Role ARN to use when importing a resource | string |
null |
no |
| integrations | List of AWS permission names to apply for different integrations (e.g. 'all', 'core') | list(string) |
[ |
no |
| label_order | The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present. |
list(string) |
null |
no |
| name | Solution name, e.g. 'app' or 'jenkins' | string |
null |
no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string |
null |
no |
| regex_replace_chars | Regex to replace chars with empty string in namespace, environment, stage and name.If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits. |
string |
null |
no |
| region | AWS Region | string |
n/a | yes |
| ssm_parameter_name_format | SSM parameter name format | string |
"/%s/%s" |
no |
| ssm_path | SSM path | string |
"datadog" |
no |
| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string |
null |
no |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
| tfstate_account_id | The ID of the account where the Terraform remote state backend is provisioned | string |
"" |
no |
| tfstate_assume_role | Set to false to use the caller's role to access the Terraform remote state | bool |
true |
no |
| tfstate_bucket_environment_name | The name of the environment for Terraform state bucket | string |
"" |
no |
| tfstate_bucket_stage_name | The name of the stage for Terraform state bucket | string |
"root" |
no |
| tfstate_existing_role_arn | The ARN of the existing IAM Role to access the Terraform remote state. If not provided and remote_state_assume_role is true, a role will be constructed from remote_state_role_arn_template |
string |
"" |
no |
| tfstate_role_arn_template | IAM Role ARN template for accessing the Terraform remote state | string |
"arn:aws:iam::%s:role/%s-%s-%s-%s" |
no |
| tfstate_role_environment_name | The name of the environment for Terraform state IAM role | string |
"gbl" |
no |
| tfstate_role_name | IAM Role name for accessing the Terraform remote state | string |
"terraform" |
no |
| tfstate_role_stage_name | The name of the stage for Terraform state IAM role | string |
"root" |
no |
| Name | Description |
|---|---|
| aws_account_id | AWS Account ID of the IAM Role for the Datadog integration |
| aws_role_name | Name of the AWS IAM Role for the Datadog integration |
| datadog_external_id | Datadog integration external ID |
- cloudposse/terraform-aws-components - Cloud Posse's upstream component
