Skip to main content
Sponsor @cloudposse

Module: datadog-integration

Terraform module to configure Datadog AWS integration.

Usage

For a complete example, see examples/complete.

For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test.

Note: At the moment this module supports a limited set of IAM policies to support Datadog integrations. More can be added as needed.

Structure

This module aligns with Datadog's documentation by providing a core-integration policy for minimal permissions and additional policies for specific services. It also includes a full-integration policy (formerly all), encompassing all permissions listed under "All Permissions" for comprehensive coverage. The variable var.integrations is deprecated and replaced by var.policies, which supports Datadog-defined IAM policy names such as core-integration, full-integration, resource-collection, CSPM, SecurityAudit, and everything.

Policy files have been updated for clarity and functionality. The full-integration policy reflects Datadog’s latest permissions and replaces the former all policy. A new resource-collection policy has been added for resource-specific permissions, while the SecurityAudit policy attaches the AWS-managed role for compliance. Backward compatibility is maintained by mapping old var.integrations values to new var.policies, ensuring a seamless transition while supporting legacy configurations.```

Migration Guide

To migrate from the v1.3.0 configuration, replace var.integrations with var.policies in your module usage. The values "core" and "all" previously used in var.integrations should be updated to "core-integration" and "full-integration", respectively. If you were using "CSPM", it now serves as an alias for "SecurityAudit". Existing configurations will remain functional due to backward compatibility mappings, but updating to the new var.policies variable ensures alignment with the latest module structure and Datadog's documentation.

Installation

Include this module in your existing terraform code:

module "datadog_integration" {
  source = "cloudposse/datadog-integration/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"

  namespace                  = "eg"
  stage                      = "test"
  name                       = "datadog"
  policies                   = ["full-integration"]
}

The DataDog integration will be linked with your configured datadog account via the provider's api_key.

Examples

Review the complete example to see how to use this module.