Basic module for the Datadog log forwarder lambda function and related resources.
This module was created to tighten permissions since at time of writing the CloudFormation templates provides more access to KMS and S3 buckets than we would like.
Zip file is from https://github.com/DataDog/datadog-serverless-functions/releases/tag/aws-dd-forwarder-3.60.0
Version numbers for datadog_python_layer_version can be found here: https://github.com/DataDog/datadog-lambda-python/releases
Version numbers for datadog_extension_layer_version can be found here: https://github.com/DataDog/datadog-lambda-extension/releases
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 3.26 |
Name | Version |
---|---|
aws | >= 3.26 |
Name | Source | Version |
---|---|---|
datadog_serverless_s3 | git@github.com:smartrent/terraform-aws-s3.git | 2.2.0 |
Name | Type |
---|---|
aws_cloudwatch_log_group.log_group | resource |
aws_iam_policy.labmda_execution | resource |
aws_iam_role.lambda_execution | resource |
aws_iam_role_policy_attachment.lambda_basic_execution | resource |
aws_iam_role_policy_attachment.lambda_datadog_push | resource |
aws_kms_alias.datadog | resource |
aws_kms_key.datadog | resource |
aws_kms_key_policy.datadog | resource |
aws_lambda_function.logs_to_datadog | resource |
aws_lambda_permission.additional_logs | resource |
aws_lambda_permission.rds_logs | resource |
aws_lambda_permission.sns_topic_arns | resource |
aws_secretsmanager_secret.api-key | resource |
aws_sns_topic_subscription.sns_topic_arns | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.kms_key_policy | data source |
aws_iam_policy_document.lambda_assume_role | data source |
aws_iam_policy_document.lambda_runtime | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_region | AWS Region | string |
n/a | yes |
bucket_arns | A list of s3 bucket ARNs | list(string) |
n/a | yes |
datadog_extension_layer_version | The version of the Datadog Extension Layer | number |
64 |
no |
datadog_forwarder_version | The Datadog Forwarder version to use | string |
"3.121.0" |
no |
datadog_python_layer_version | The version of the Datadog Python Layer | number |
98 |
no |
dd_site | The Datadog Site Address | string |
n/a | yes |
enhanced_metrics | Whether Datadog enhanced metrics is enabled | bool |
false |
no |
environment_name | Environment name: dev, qa, prod | string |
n/a | yes |
exclude_logs_regex | Regex pattern to exclude logs from forwarding to Datadog | string |
`""(START | END) RequestId:\s"` |
layers | Whether or not to use layers | bool |
false |
no |
log_group_names | A map of log group names to create lambda subscriptions for | map(any) |
{} |
no |
memory_size | Amount of memory in MB your Lambda Function can use at runtime | number |
1024 |
no |
provision_trigger | Whether or not to create a lambda trigger from an SNS topic | bool |
"false" |
no |
rds_logs | Whether to create lambda resource policy for sending all /aws/rds/* cloudwatch logs to the datadog log forwarder | bool |
true |
no |
reserved_concurrent_executions | Amount of reserved concurrent executions for this lambda function | number |
100 |
no |
retention | The log group retention in days | number |
30 |
no |
runtime | The version of the runtime to use | string |
"3.11" |
no |
sns_topic_arns | SNS Topic ARNs | list(string) |
[ |
no |
store_failed_events | Whether to store failed events in the log forwarder | bool |
true |
no |
tags | Tags to assign to resources created by this module | map(string) |
n/a | yes |
timeout | The length of time in seconds before function times out | number |
120 |
no |
Name | Description |
---|---|
bucket_arns | n/a |
bucket_name | n/a |
kms_key_arn | n/a |
lambda_api_key_secret | n/a |
lambda_function_arn | n/a |
lambda_function_name | n/a |
lambda_iam_policy_arn | n/a |
lambda_iam_role_arn | n/a |