Oracle Cloud Infrastructure

Intégration1.1.0
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

The Oracle Cloud Infrastructure integration is not supported for your selected Datadog site ().

Overview

Oracle Cloud Infrastructure (OCI) is an infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) used by enterprise-scale companies. It includes a full suite of over 30 managed services for hosting, storage, networking, databases, and more.

Use Datadog’s OCI integration to get full visibility into your OCI environment through metrics, logs, and resource data. This data enables you to power dashboards, helps with troubleshooting, and can be monitored for security and compliance posture.

Setup

Datadog recommends using the QuickStart setup method described below. If needed, you can also manually set up the integration.

Metric collection

Datadog’s OCI QuickStart is a fully managed, single-flow setup experience that helps you monitor your OCI infrastructure and applications in just a few clicks. OCI QuickStart creates the necessary infrastructure for forwarding metrics, logs, and resource data to Datadog, and automatically discovers new resources or OCI compartments for data collection.

Notes:

  • Only metrics are sent by default. Enable log collection and resource data collection from the Datadog OCI integration tile after completing this setup.
  • All OCI Commercial regions that existed as of July 15, 2025 are supported. OCI regions added after this date are not currently supported.
  • The Datadog OCI integration is restricted to one integration per tenancy. If you had set up the integration prior to June 2025, you followed the manual setup, and any previous Datadog OCI integration deployment stacks must be deleted before using the OCI QuickStart setup method. If you manually configured log forwarding, and choose to enable log collection in the OCI QuickStart tile, you must also delete your log forwarding resources to avoid sending logs twice. See the manual to QuickStart migration section of this page for more information.

To set up the infrastructure for metric and log forwarding to Datadog:

The integration requires using Oracle Service Connector Hubs to forward data to Datadog. It is recommended that you request a service limit increase before completing the setup. The approximate number of Service Connector Hubs you need is:

$$\text"Service Connector Hubs" = \text"Number of compartments in tenancy" / \text"5"$$

  • Your OCI user account needs the Cloud Administrator role to complete these steps

  • You must be logged into OCI in the tenancy you want to integrate with

  • You must be logged into OCI with the Home Region selected in the top right of the screen

  • Your OCI user account must be able to create a user, user group, and dynamic group in the Identity Domain that you are logged into

  • Your OCI user account must be able to create policies in the root compartment

Datadog OCI integration tile

  1. Go to the Datadog OCI integration tile and click Add New Tenancy.
  2. Select or create a Datadog API key to use for the integration.
  3. Create a Datadog application key.
  4. Click Create OCI Stack. This takes you to an Oracle Resource Manager (ORM) stack to finish deployment.
    Note: Deploy this stack only once per tenancy.

ORM stack

  1. Accept the Oracle Terms of Use.
  2. Leave the option to use custom Terraform providers unchecked.
  3. Use the default working directory to deploy the stack in, or optionally choose a different one.
  4. Click Next.
  5. Datadog recommends leaving the (Optional) Choose specific subnet(s) section blank to create a new Virtual Cloud Network (VCN) and subnet in each region in this tenancy.
    Optionally, you can choose existing subnets (maximum of one per OCI region) for the Datadog QuickStart stack, in which case you need to provide the stack with the subnet OCIDs. Enter one OCID per line, without commas. The Datadog QuickStart stack is then deployed in the region corresponding to each subnet. Each subnet OCID should be in the format: ocid1.subnet.oc[0-9].*. For example, ocid1.subnet.oc1.iad.abcedfgh.
  6. Datadog recommends leaving the (Optional) Advanced configuration section blank to create a new Compartment, Group, and User. The Group and User are created in the OCI Identity Domain that you are currently logged into (which doesn’t need to be the Default domain).
    Optionally, you can choose an existing Compartment, Group, and User for the Datadog QuickStart stack.
    a. Compartment: Choose an existing compartment to place all the resources created by Datadog.
    b. Group ID: Provide the OCID of an existing OCI Group for Datadog authentication. The group must be in the current Identity Domain. If provided, User ID cannot be left blank.
    c. User ID: Provide the OCID of an existing OCI User for Datadog authentication. The user must belong to the current Identity Domain, and be a member of the specified Group. If provided, Group ID cannot be left blank.
  7. Click Next.
  8. Click Create, and wait up to 30 minutes for the deployment to complete.

Complete the setup in Datadog

Return to the Datadog OCI integration tile and click Ready!

Validation

View oci.* metrics in the OCI integration overview dashboard or Metrics Explorer page in Datadog.

OCI function metrics (oci.faas namespace) and container instance metrics (oci_computecontainerinstance namespace) are in Preview.

Configuration

The configuration tab of an OCI tenancy in Datadog

After completing the setup, a configuration tab for the tenancy becomes available on the left side of the Datadog OCI integration tile. Apply tenancy-wide data collection configurations as outlined in the sections below.

Add regions

On the General tab, select the regions for data collection from the Regions checkbox list. Region selections apply to the entire tenancy, for both metrics and logs.

Note: If you used the QuickStart setup method, and afterward subscribed to a new OCI region, reapply the initial setup stack in ORM. The new region then becomes available in the Datadog OCI tile.

Metric and log collection

Use the Metric collection and Log collection tabs to configure which metrics and logs are sent to Datadog:

  • Enable or disable collection of metrics or logs for the entire tenancy
  • Include or exclude specific compartments based on key:value format compartment tags. For example:
    • datadog:monitored,env:prod* includes compartments if either of these tags is present
    • !env:staging,!testing excludes compartments only if both tags are present
    • datadog:monitored,!region:us-phoenix-1 includes compartments that both have the tag datadog:monitored and do not have the tag region:us-phoenix-1
  • Enable or disable collection for specific OCI services

Notes:

  • After modifying tags in OCI, it may take up to 15 minutes for the changes to appear in Datadog.
  • In OCI, tags are not inherited by child compartments; each compartment must be tagged individually.
IntegrationMetric Namespace
API Gatewayoci_apigateway
Autonomous Databaseoci_autonomous_database
Block Storageoci_blockstore
Computeoci_computeagent, rdma_infrastructure_health, gpu_infrastructure_health, oci_compute_infrastructure_health
Container Instances (Preview)oci_computecontainerinstance
Databaseoci_database, oci_database_cluster
Dynamic Routing Gatewayoci_dynamic_routing_gateway
E-Business Suite (EBS)oracle_appmgmt
FastConnectoci_fastconnect
File Storageoci_filestorage
Functions (Preview)oci_faas
GoldenGateoci_goldengate
GPUgpu_infrastructure_health
HeatWave MySQLoci_mysql_database
Kubernetes Engineoci_oke
Load Balanceroci_lbaas, oci_nlb
Media Streamsoci_mediastreams
NAT Gatewayoci_nat_gateway
Network Firewalloci_network_firewall
Object Storageoci_objectstorage
PostgreSQLoci_postgresql
Queueoci_queue
Service Connector Huboci_service_connector_hub
Service Gatewayoci_service_gateway
VCNoci_vcn
VPNoci_vpn
Web Application Firewalloci_waf

Log collection

  1. Ensure that you’ve followed the steps in the setup section to create the necessary infrastructure for forwarding both metrics and logs to Datadog.
  2. Click the Enable Log Collection toggle on the Log Collection tab of the Datadog OCI integration tile.

Resource Collection

On the Resource Collection tab of the Datadog OCI integration tile, click the Enable Resource Collection toggle. Resources are visible in the Datadog Resource Catalog.

OCI integration manual to QuickStart migration

Why do I need to migrate?

The Datadog OCI integration is restricted to one integration per tenancy. If you had set up the integration prior to June 2025, you followed the manual setup, and any previous Datadog OCI integration deployment stacks must be deleted before using the OCI QuickStart setup method. If you manually configured log forwarding, and choose to enable log collection in the OCI QuickStart tile, you must also delete your log forwarding resources to avoid sending logs twice.

Note: There will be a gap in metrics and log collection from the time the manual integration is deleted to when the QuickStart deployment is complete.

How to migrate

Delete previous integration resources in both Datadog and OCI:

In Datadog

In the Datadog OCI integration tile, click Delete Configuration. At this point, metrics and logs are no longer collected.

Delete OCI integration configuration in Datadog

In OCI

Complete the following steps for each region in which the manual integration was previously deployed:

  1. Run a Destroy job on the Datadog OCI metric forwarding stack, to remove all the resources created by the stack. By default, the stack is labeled as datadog-oci-orm-metrics-setup.zip-<NUMBER>, but could have been configured with a custom value during deployment.
  2. Run a Destroy job on the Datadog OCI policy stack. By default, the stack is labeled as datadog-oci-orm-policy-setup.zip-<NUMBER>, but could have been configured with a custom value during deployment.
  3. Optionally, delete the Datadog OCI stacks after destruction is complete.
  4. If you configured log collection, delete the Datadog OCI application, function, and service connector hub.

You are now ready to deploy OCI QuickStart with the QuickStart setup instructions and resume data collection. OCI QuickStart deployment can take up to 30 minutes to complete.

Architecture

Metric and log forwarding resources

A diagram of the OCI metric and log forwarding resources mentioned for this setup option and displaying the flow of data

For each region monitored, this setup option creates the following infrastructure within that region to forward metrics and logs to Datadog:

  • Function Application (dd-function-app)
  • Two functions:
    • Metrics Forwarder (dd-metrics-forwarder)
    • Logs Forwarder (dd-logs-forwarder)
  • VCN (dd-vcn) with secure networking infrastructure:
    • Private subnet (dd-vcn-private-subnet)
    • NAT gateway (dd-vcn-natgateway) for external access to the internet
    • Service gateway (dd-vcn-servicegateway) for internal access to OCI services
  • Key Management Service (KMS) vault (datadog-vault) to store the Datadog API key
  • Dedicated Datadog compartment (Datadog)

All resources are tagged with ownedby = "datadog".

IAM resources

A diagram of the OCI IAM resources mentioned for this setup option and displaying the flow of data

This setup option creates the following IAM resources to enable data forwarding to Datadog:

  • Service user (dd-svc)
  • Group (dd-svc-admin) that the service user belongs to
  • RSA key pair for API authentication
  • OCI API key for the service user
  • Dynamic Group (dd-dynamic-group-connectorhubs) that includes all service connectors in the Datadog compartment
  • Dynamic Group (dd-dynamic-group-function) that includes all functions in the Datadog compartment
  • Policy (dd-svc-policy) to give the service user read access to the tenancy resources, as well as access to manage OCI Service Connector Hubs and OCI Functions in the compartment created and managed by Datadog
- Allow dd-svc-admin to read all-resources in tenancy
- Allow dd-svc-admin to manage serviceconnectors in Datadog compartment
- Allow dd-svc-admin to manage functions-family in Datadog compartment with specific permissions:
     * FN_FUNCTION_UPDATE
     * FN_FUNCTION_LIST
     * FN_APP_LIST
- Endorse dd-svc-admin to read objects in tenancy usage-report
  • Policy dd-dynamic-group-policy to enable the service connectors to read data (logs and metrics) and interact with functions. This policy also allows the functions to read secrets in the Datadog compartment (the Datadog API and application keys stored in the KMS vault)
   - Allow dd-dynamic-group-connectorhubs to read log-content in tenancy
   - Allow dd-dynamic-group-connectorhubs to read metrics in tenancy
   - Allow dd-dynamic-group-connectorhubs to use fn-function in Datadog compartment
   - Allow dd-dynamic-group-connectorhubs to use fn-invocation in Datadog compartment
   - Allow dd-dynamic-group-functions to read secret-bundles in Datadog compartment

To manually forward your OCI metrics to Datadog:

For a visual representation of this architecture, see the Architecture section.

Enter tenancy info

Requirements for this section:

  • Your OCI user account needs the Cloud Administrator role to complete these steps
  • Tenancy OCID
  • Home Region

Enter the OCID and home region of the tenancy you want to monitor in the Datadog OCI integration tile.

Create OCI policy stack

Requirements for this section:

Ensure that the home region of the tenancy is selected in the top right of the screen.

This Oracle Resource Manager (ORM) policy stack should only be deployed once per tenancy.

  1. Click the Create Policy Stack button on the Datadog OCI integration tile.
  2. Accept the Oracle Terms of Use.
  3. Leave the option to use custom Terraform providers unchecked.
  4. Use the default name and compartment for the stack, or optionally provide your own descriptive name or compartment.
  5. Click Next.
  6. Leave the tenancy field and current user field as-is.
  7. Click Next.
  8. Click Create.

Enter DatadogROAuthUser info

Requirements for this section:

  • OCID of the DatadogROAuthUser
  • OCI API key and fingerprint value
  1. In the OCI console search bar, search for DatadogROAuthUser and click on the User resource that appears.
  2. Copy the user’s OCID value.
  3. Paste the value into the User OCID field in the Datadog OCI integration tile.
  4. Returning to the OCI console, generate an API key with these steps:
    a. In the bottom left corner of the screen, under Resources, click API keys.
    b. Click Add API key.
    c. Click Download private key.
    d. Click Add.
    e. A Configuration file preview popup appears, but no action is needed; close the popup.

The Add API Key page in the OCI console

  1. Copy the fingerprint value, and paste it into the Fingerprint field on the Datadog OCI integration tile.
  2. Copy the private key value with these steps: a. Open the downloaded private key .pem file in a text editor, or use a terminal command such as cat to display the file’s contents. b. Copy the entire contents, including -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----.
  3. Paste the private key value into the Private Key field on the Datadog OCI integration tile.

Create OCI metric forwarding stack

Requirements for this section:

  • Your OCI user account must be able to create resources in the compartment
  • Datadog API Key value
  • Username and auth token for a user with the REPOSITORY_READ and REPOSITORY_UPDATE permissions to pull and push images to a Docker repo

Note: To verify the Docker registry login is correct, see Logging in to Oracle Cloud Infrastructure Registry.

The metric forwarding stack must be deployed for each combination of tenancy and region to be monitored. For the simplest setup, Datadog recommends creating all the necessary OCI resources with the Oracle Resource Manager (ORM) stack provided below. Alternatively, you can use your existing OCI networking infrastructure.

All resources created by Datadog’s ORM stack are deployed to the compartment specified, and for the region currently selected in the top right of the screen.

  1. Click the Create Metric Stack button on the Datadog OCI integration tile.
  2. Accept the Oracle Terms of Use.
  3. Leave the Custom providers option unchecked.
  4. Name the stack and select the compartment to deploy it to.
  5. Click Next.
  6. In the Datadog API Key field, enter your Datadog API key value.
    1. In the Network options section, Datadog recommends leaving Create VCN checked.

    Optionally, you can use an existing VCN instead. If you follow this approach, the subnet’s OCID must be provided to the stack. Make sure that the VCN:

    • Is allowed to make HTTP egress calls through NAT gateway
    • Is able to pull images from OCI container registry using service gateway
    • Has the route table rules to allow NAT gateway and service gateway
    • Has the security rules to send HTTP requests
    1. In the Network options section, uncheck the Create VCN option and enter your VCN information:
      a. In the vcnCompartment field, select your compartment.
      b. In the existingVcn section, select your existing VCN.
      c. In the Function Subnet OCID section, enter the OCID of the subnet to be used.
    1. In the Metrics settings section, optionally remove any metric namespaces from collection.
    2. In the Metrics compartments section, enter a comma-separated list of compartment OCIDs to monitor. Any metric namespace filters selected in the previous step are applied to each compartment.
    3. In the Function settings section, select GENERIC_ARM. Select GENERIC_X86 if deploying in a Japan region.
    4. Click Next.
    5. Click Create.
    6. Return to the Datadog OCI integration tile and click Create Configuration.

    Notes:

    • By default, only the root compartment is selected, and all of the metric namespaces from Step 8 which are present in the compartment are enabled (up to 50 namespaces are supported per connector hub). If you choose to monitor additional compartments, the namespaces added to them are an intersection of namespaces selected and the namespaces present in the compartment.

    • You should manage who has access to the Terraform state files of the resource manager stacks. See the Terraform State Files section of the Securing Resource Manager page for more information.

    Data Collected

    Metrics

    For a detailed list of metrics, select the appropriate OCI service in the metric namespace section.

    Service Checks

    The OCI integration does not include any service checks.

    Events

    The OCI integration does not include any events.

    Troubleshooting

    Need help? Contact Datadog support.

    Further Reading

    Additional helpful documentation, links, and articles: