Manage Datadog with Terraform

Overview

You can use Terraform to interact with the Datadog API and manage your Datadog organization, child organizations, users, credentials, permissions, and more. This guide provides example use cases for managing Datadog with Terraform, with links to commonly used Datadog resources and data sources in the Terraform registry.

You can also import your existing resources into your Terraform configuration for future management through Terraform, and reference existing resources as Terraform data sources.

Setup

If you haven’t already, configure the Datadog Terraform provider to interact with Datadog APIs on your behalf.

Users, roles, teams, and service accounts

The following resources and data sources enable you to follow the security principle of least privilege, providing only the privileges needed for essential activities to the users, teams, and service accounts operating in your Datadog organizations.

Users

Create your account’s users and assign them any of the default or custom roles available. You can also use the AuthN mapping resource to automatically assign roles to users based on their SAML attributes. You can also import your existing users, roles, and AuthN mappings into your Terraform configuration.

The user data source can be used to retrieve information about existing users in your Terraform configuration for use in other resources, such as the Datadog team membership resource.

Roles

Datadog provides three out-of-the-box roles for user permissions, but you can also use the role resource to create and manage custom roles.

The role data source can be used to retrieve information about existing roles for use in other resources, such as the Datadog user resource.

Teams

Use the Datadog Team resource to associate specific resources with a group of users and filter their Datadog experience to prioritize those resources. Manage team membership with the team membership resource, and control who can manage the team with the team permission setting resource.

The team data source and team memberships data sourcecan be used to retrieve information about existing teams and team memberships, respectively, for use in other resources.

See the Teams page for more information.

Service accounts

The service account resource provides a non-interactive account that can be used to own service account application keys and other resources that are shared across your teams.

The service account data source can be used to retrieve information about existing service accounts for use in other resources.

See Service Accounts for more information.

Credentials

API and app keys

API keys allow for the submission of data to your Datadog account, and Application keys allow resources to be created in your Datadog account. You can also import your existing credentials.

The API key data source and application key data source can be used to retrieve information about existing credentials already being managed with Terraform.

Organizations

Organization-level resources provide the ability to manage organization settings for both single-account and multi-account environments.

Organization settings

Configure account access and widget sharing capabilities for any of your accounts with the organization settings resource. For example, you can manage the IdP endpoints, login URLs, and whether or not SAML strict mode is enabled. See Single Sign On With SAML for more information.

You can also import your existing organization settings into your Terraform configuration.

Child organizations

The Multi-organization Account feature is not enabled by default. Contact Datadog support to have it enabled.

If you need to maintain separate, isolated environments, you can create child orgs under a main parent org. From the parent account, you can track the usage of any associated sub-accounts, and users with access to multiple orgs can switch between them with a single click.

See Managing Multiple-Organization Accounts for more information.

Note: Child orgs do not inherit the SAML configurations of the parent org.

Restriction policies

Restriction policies are associated to a specific resource, and define the level of access provided to roles, teams, or users. Use the restriction policy resource to create and manage your restriction policies, or import your existing restriction policies into your Terraform configuration.

Further reading

Additional helpful documentation, links, and articles:

Plan and Usage SettingsDOCUMENTATION more more Streamline collaboration throughout your organization with Datadog TeamsBLOG more more