AWS Transit Gateway

Overview

Use AWS Transit Gateway to interconnect your virtual private clouds (VPCs) and on-premises networks.

Enable this integration to see all your Transit Gateway metrics in Datadog.

Setup

Installation

If you haven’t already, set up the Amazon Web Services integration first.

Metric & Resource collection

  1. In the AWS integration page, ensure that TransitGateway is enabled under the Metric Collection tab.
  2. Add the following permissions to your Datadog IAM policy to collect AWS Transit Gateway resources.
AWS PermissionDescription
ec2:DescribeTransitGatewaysGrants permission to describe one or more transit gateways
ec2:DescribeTransitGatewayVPCAttachmentsGrants permission to describe one or more VPC attachments on a transit gateway.
ec2:DescribeTransitGatewayRouteTablesGrants permission to describe one or more transit gateway route tables.
ec2:GetTransitGatewayPrefixListReferencesGrants permission to get information about prefix list references for a transit gateway route table.
ec2:SearchTransitGatewayRoutesGrants permission to search for routes in a transit gateway route table.
  1. Install the Datadog - AWS Transit Gateway integration.

Log collection

Enable Transit Gateway flow log logging

Transit Gateway flow logs can be sent to an S3 bucket or a CloudWatch log group.

  1. In the AWS console, go to the Transit Gateway you want to monitor.
  2. Go to the Flow logs tab.
  3. Click Create flow log.
  4. Select the S3 bucket or the CloudWatch log group to send the logs to.

Note: Include the string transit-gateway in the S3 bucket name to enable automatic log parsing.

Send logs to Datadog

  1. If you haven’t already, set up the Datadog Forwarder Lambda function in your AWS account.
  2. Navigate to the Datadog Forwarder Lambda function in your AWS account. In the Function Overview section, click Add Trigger.
  3. Select the S3 or CloudWatch Logs trigger for the Trigger Configuration.
  4. Select the S3 bucket or CloudWatch log group that contains your Transit Gateway logs.
  5. For S3, leave the event type as All object create events.
  6. Click Add to add the trigger to your Lambda.

After a few minutes, Transit Gateway flow logs appear in your Log Explorer.

For more information on collecting AWS Services logs, see Send AWS Services Logs with the Datadog Lambda Function.

Data Collected

Metrics

aws.transitgateway.bytes_in
(count)
The number of bytes received by the transit gateway.
Shown as byte
aws.transitgateway.bytes_out
(count)
The number of bytes sent from the transit gateway.
Shown as byte
aws.transitgateway.packet_drop_count_blackhole
(count)
The number of packets dropped because they matched a blackhole route.
Shown as packet
aws.transitgateway.packet_drop_count_no_route
(count)
The number of packets dropped because they did not match a route.
Shown as packet
aws.transitgateway.packets_in
(count)
The number of packets received by the transit gateway.
Shown as packet
aws.transitgateway.packets_out
(count)
The number of packets sent by the transit gateway.
Shown as packet

Events

The AWS Transit Gateway integration does not include any events.

Service Checks

The AWS Transit Gateway integration does not include any service checks.

Troubleshooting

Need help? Contact Datadog support.

Further reading