AWS Cloudhsm
New announcements from Dash: Incident Management, Continuous Profiler, and more! New announcements from Dash!

AWS Cloudhsm

Crawler Crawler


When an HSM in your account receives a command from the AWS CloudHSM command line tools or software libraries, it records its execution of the command in audit log form. The HSM audit logs include all client-initiated management commands, including those that create and delete the HSM, log into and out of the HSM, and manage users and keys. These logs provide a reliable record of actions that have changed the state of the HSM.

Datadog integrates with AWS CloudHSM via a Lambda function that ships CloudHSM logs to Datadog’s Log Management solution.


Log Collection

Enable CloudHSM logs

Audit logs are enabled by default for CloudHSM.

Send your logs to Datadog

  1. If you haven’t already, set up the Datadog log collection AWS Lambda function.
  2. Once the lambda function is installed, manually add a trigger on the Cloudwatch Log group that contains your CloudHSM logs in the AWS console:Select the corresponding CloudWatch Log group, add a filter name (but feel free to leave the filter empty) and add the trigger.

Once done, go in your Datadog Log section to start exploring your logs!


Need help? Contact Datadog Support.