AWS

Crawler

Overview

Connect to Amazon Web Services (AWS) to:

See automatic AWS status updates in your stream
Get CloudWatch metrics for EC2 hosts without installing the Agent
Tag your EC2 hosts with EC2-specific information (e.g. availability zone)
See EC2 scheduled maintenance events in your stream
Collect CloudWatch metrics and events from many other AWS products

Datadog's Amazon integration is built to collect ALL metrics from CloudWatch. Datadog strives to continually update the docs to show every sub-integration, but cloud services rapidly release new metrics and services so the list of integrations are sometimes lagging.

Integration	Description
API Gateway	Create, publish, maintain, and secure APIs
Appstream	Fully managed application streaming on AWS
AppSync	A GraphQL service with real-time data synchronization and offline programming features
Athena	Serverless interactive query service
Autoscaling	Scale EC2 capacity
Billing	Billing and budgets
CloudFront	Local content delivery network
Cloudhsm	Managed hardware security module (HSM)
CloudSearch	Access to log files and AWS API calls
CloudTrail	Access to log files and AWS API calls
CodeBuild	Fully managed build service
CodeDeploy	Automate code deployments
Cognito	Secure user sign-up and sign-in
Connect	A self-service, cloud-based contact center service
Direct Connect	Dedicated network connection to AWS
DMS	Database Migration Service
DocumentDB	MongoDB-compatible database
Dynamo DB	NoSQL Database
EBS (Elastic Block Store)	Persistent block level storage volumes
EC2 (Elastic Cloud Compute)	Resizable compute capacity in the cloud
EC2 Spot	Take advantage of unused EC2 capacity
ECS (Elastic Container Service)	Container management service that supports Docker containers
EFS (Elastic File System)	Shared file storage
EKS	Elastic Container Service for Kubernetes
Elastic Transcoder	Media and video transcoding in the cloud
ElastiCache	In-memory cache in the cloud
Elastic Beanstalk	Service for deploying and scaling web applications and services
ELB (Elastic Load Balancing)	Distributes incoming application traffic across multiple Amazon EC2 instances
EMR (Elastic Map Reduce)	Data processing using Hadoop
ES (Elasticsearch)	Deploy, operate, and scale Elasticsearch clusters
Firehose	Capture and load streaming data
Gamelift	Dedicated game server hosting
Glue	Extract, transform, and load data for analytics
GuardDuty	Intelligent threat detection
Health	Visibility into the state of your AWS resources, services, and accounts
Inspector	Automated security assessment
IOT (Internet of Things)	Connect IOT devices with cloud services
Kinesis	Service for real-time processing of large, distributed data streams
KMS (Key Management Service)	Create and control encryption keys
Lambda	Serverless computing
Lex	Build conversation bots
Machine Learning	Create machine learning models
MediaConnect	Transport for live video
MediaConvert	Video processing for broadcast and multiscreen delivery
MediaPackage	Prepare and protect video for delivery over the internet
MediaTailor	Scalable server-side ad insertion
MQ	Managed message broker for ActiveMQ
Managed Streaming for Kafka	Build and run applications that use Apache Kafka to process streaming data
NAT Gateway	Enable instances in a private subnet to connect to the internet or other AWS services
Neptune	Fast, reliable graph database built for the cloud
OpsWorks	Configuration management
Polly	Text-speech service
RDS (Relational Database Service)	Relational database in the cloud
Redshift	Data warehouse solution
Rekognition	Image and video analysis for applications
Route 53	DNS and traffic management with availability monitoring
S3 (Simple Storage Service)	Highly available and scalable cloud storage service
SageMaker	Machine learning models and algorithms
SES (Simple Email Service)	Cost-effective, outbound-only email-sending service
SNS (Simple Notification System)	Alerts and notifications
SQS (Simple Queue Service)	Messaging queue service
Storage Gateway	Hybrid cloud storage
SWF (Simple Workflow Service)	Cloud workflow management
VPC (Virtual Private Cloud)	Launch AWS resources into a virtual network
Web Application Firewall (WAF)	Protect web applications from common web exploits
Workspaces	Secure desktop computing service
X-Ray	Tracing for distributed applications

Setup

Setting up the Datadog integration with Amazon Web Services requires configuring role delegation using AWS IAM. To get a better understanding of role delegation, refer to the AWS IAM Best Practices guide.

Role delegation

Choose a method for setting up the necessary AWS role. CloudFormation is recommended.

Dropdown

Open the Datadog AWS integration tile.
Under the Configuration tab, choose Automatically Using CloudFormation. If you already have an attached AWS account, click Add another account first.
Login to the AWS console.
On the CloudFormation page, create a new stack and provide your Datadog API key.
Update the Datadog AWS integration tile with the IAM role name and account ID used to create the CloudFormation stack.

AWS

Create a new role in the AWS IAM Console.
Select Another AWS account for the Role Type.
For Account ID, enter 464622532012 (Datadog’s account ID). This means that you are granting Datadog read only access to your AWS data.
Select Require external ID and enter the one generated in the AWS integration tile. Make sure you leave Require MFA disabled. For more information about the External ID, refer to this document in the IAM User Guide.
Click Next: Permissions.
If you’ve already created the policy, search for it on this page and select it, then skip to step 12. Otherwise, click Create Policy, which opens in a new window.
Select the JSON tab. To take advantage of every AWS integration offered by Datadog, use policy snippet below in the textbox. As other components are added to an integration, these permissions may change.
Click Review policy.
Name the policy DatadogAWSIntegrationPolicy or one of your own choosing, and provide an apt description.
Click Create policy. You can now close this window.
Back in the “Create role” window, refresh the list of policies and select the policy you just created.
Click Next: Review.
Give the role a name such as DatadogAWSIntegrationRole, as well as an apt description. Click Create Role.

Bonus: If you use Terraform, set up your Datadog IAM policy using - The AWS Integration with Terraform.

Datadog

Open the AWS integration tile.
Select the Role Delegation tab and select Manually.
Enter your AWS Account ID without dashes, for example: 123456789012. Your Account ID can be found in the ARN of the role created during the installation of the AWS integration.
Enter the name of the created role. Note: The role name you enter in the integration tile is case sensitive and must exactly match the role name created on the AWS side.
Choose the services to collect metrics from on the left side of the dialog.
Optionally, add tags to all hosts and metrics.
Optionally, monitor a subset of EC2 instances by entering the AWS tags in the textbox to hosts with tag.
Optionally, monitor a subset of Lambdas by entering the AWS tags in the textbox to Lambdas with tag.
Click Install Integration.

Datadog AWS IAM Policy

The permissions listed below are included in the Policy Document using wild cards such as List* and Get*. If you require strict policies, use the complete action names as listed and reference the Amazon API documentation for the services you require.

All Permissions

If you are not comfortable with granting all permissions, at the very least use the existing policies named AmazonEC2ReadOnlyAccess and CloudWatchReadOnlyAccess, for more detailed information regarding permissions see the Core Permissions section.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "apigateway:GET",
                "autoscaling:Describe*",
                "budgets:ViewBudget",
                "cloudfront:GetDistributionConfig",
                "cloudfront:ListDistributions",
                "cloudtrail:DescribeTrails",
                "cloudtrail:GetTrailStatus",
                "cloudwatch:Describe*",
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "codedeploy:List*",
                "codedeploy:BatchGet*",
                "directconnect:Describe*",
                "dynamodb:List*",
                "dynamodb:Describe*",
                "ec2:Describe*",
                "ecs:Describe*",
                "ecs:List*",
                "elasticache:Describe*",
                "elasticache:List*",
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:DescribeTags",
                "elasticfilesystem:DescribeAccessPoints",
                "elasticloadbalancing:Describe*",
                "elasticmapreduce:List*",
                "elasticmapreduce:Describe*",
                "es:ListTags",
                "es:ListDomainNames",
                "es:DescribeElasticsearchDomains",
                "health:DescribeEvents",
                "health:DescribeEventDetails",
                "health:DescribeAffectedEntities",
                "kinesis:List*",
                "kinesis:Describe*",
                "lambda:AddPermission",
                "lambda:GetPolicy",
                "lambda:List*",
                "lambda:RemovePermission",
                "logs:TestMetricFilter",
                "logs:PutSubscriptionFilter",
                "logs:DeleteSubscriptionFilter",
                "logs:DescribeSubscriptionFilters",
                "rds:Describe*",
                "rds:List*",
                "redshift:DescribeClusters",
                "redshift:DescribeLoggingStatus",
                "route53:List*",
                "s3:GetBucketLogging",
                "s3:GetBucketLocation",
                "s3:GetBucketNotification",
                "s3:GetBucketTagging",
                "s3:ListAllMyBuckets",
                "s3:PutBucketNotification",
                "ses:Get*",
                "sns:List*",
                "sns:Publish",
                "sqs:ListQueues",
                "states:ListStateMachines",
                "states:DescribeStateMachine",
                "support:*",
                "tag:GetResources",
                "tag:GetTagKeys",
                "tag:GetTagValues",
                "xray:BatchGetTraces",
                "xray:GetTraceSummaries"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Core permissions

The core Datadog AWS integration pulls data from AWS CloudWatch. At a minimum, your Policy Document needs to allow the following actions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "ec2:Describe*",
                "support:*",
                "tag:GetResources",
                "tag:GetTagKeys",
                "tag:GetTagValues"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

AWS Permission	Description
`cloudwatch:ListMetrics`	List the available CloudWatch metrics.
`cloudwatch:GetMetricData`	Fetch data points for a given metric.
`support:*`:	Add metrics about service limits. It requires full access because of AWS limitations
`tag:getResources`	Get custom tags by resource type.
`tag:getTagKeys`	Get tag keys by region within an AWS account.
`tag:getTagValues`	Get tag values by region within an AWS account.

The main use of the Resource Group Tagging API is to reduce the number of API calls needed to collect custom tags. For more information, review the Tag policies documentation on the AWS website.

GovCloud and China

Open the AWS integration tile.
Select the Access Keys (GovCloud or China Only) tab.
Enter your AWS Access Key and AWS Secret Key. Only access and secret keys for GovCloud and China are accepted.
Choose the services to collect metrics from on the left side of the dialog.
Optionally, add tags to all hosts and metrics.
Optionally, monitor a subset of EC2 instances by entering the AWS tags in the textbox to hosts with tag.
Optionally, monitor a subset of Lambdas by entering the AWS tags in the textbox to Lambdas with tag.
Click Install Integration.

Log collection

AWS service logs are collected with the Datadog Forwarder Lambda function. This Lambda—which triggers on S3 Buckets, Cloudwatch log groups, and Cloudwatch events—forwards logs to Datadog.

To start collecting logs from your AWS services:

Set up the Datadog Forwarder Lambda function in your AWS account by following the instructions in the DataDog/datadog-serverless-functions Github repository.
Enable logging for your AWS service (most AWS services can log to a S3 bucket or CloudWatch Log Group).
Configure the triggers that cause the Lambda to execute. There are two ways to configure the triggers:
- Automatically: Datadog automatically retrieves the logs for the selected AWS services and adds them as triggers on the Datadog Lambda function. Datadog also keeps the list up to date.
- Manually: Set up each trigger yourself via the AWS console.

Note: If you are in AWS us-east-1 region, leverage Datadog-AWS Private Link to forward your logs to Datadog. If you do so, your forwarder function must have the VPCLambdaExecutionRole permission.

Advanced: Ingesting logs with Kinesis

Instead of triggering the Datadog Forwarder on the CloudWatch Log groups of your Lambda functions, you can configure a Kinesis stream that is subscribed to the Lambda log groups which you then subscribe the Datadog Forwarder to.

Kinesis log forwarding setup steps

Follow these instructions to launch the Datadog Forwarder CloudFormation Stack in your AWS account.
Identify the Lambda CloudWatch log groups that you want to forward data to Datadog from. These log groups are named /aws/lambda/{Lambda function name} and can be found by filtering the log groups to the /aws/lambda/ prefix.
Check if anything is currently subscribed to your relevant log groups in the Subscriptions column on the log groups index page. Because CloudWatch Log groups can only have one subscription, any existing subscription to the log groups will need to be removed before adding the new Kinesis stream as a subscriber.
- Note that if you have something else you want to subscribe to these logs, you can subscribe that to the new Kinesis stream after completing this setup.
Create a new Kinesis stream (see the Kinesis documentation). Name the stream something descriptive, like DatadogLambdaLogStream, and give it a shard count of 1.
Subscribe your new Kinesis stream to the CloudWatch log groups you want to ingest into Datadog. Refer to this CloudWatch Logs doc section to:
1. Use the aws iam create-role command to create the IAM role that gives CloudWatch Logs permission to put logs data into the Kinesis stream.
2. Create a permissions policy allowing the kinesis:PutRecord action.
3. Attach the permissions policy to your newly created IAM role using the aws iam put-role-policy command.
4. Use the aws logs put-subscription-filter command to subscribe your Kinesis stream to each CloudWatch log group you want to ingest into Datadog.
Check the Subscriptions column in the log groups index page to confirm that the new Kinesis stream is now subscribed to your Lambdas’ log groups.
Add the Kinesis stream as a trigger to your Datadog Forwarder Lambda. To ensure a low latency of metrics and logs, it is recommended that you set the batch window to 60 seconds.
You will start to see your Datadog Forwarder Lambda triggered by the logs from your other Lambda functions, and your logs will appear in Datadog.

Advantages of using Kinesis for streaming logs

CloudWatch Log groups can only have one subscriber, but Kinesis streams can have multiple subscribers. By subscribing the Kinesis stream to the log groups, you can have multiple consumers of your log data by subscribing them all to the Kinesis stream.
Because you can set the batch window and batch size of trigger events from Kinesis, you’ll have more control over how often the Datadog Forwarder Lambda is triggered.

Disadvantages of using Kinesis for streaming logs

Using a Kinesis stream for your logs will not work in conjunction with Datadog’s automatic Forwarder trigger management. You’ll need to add your stream as a subscriber to each log group that you want to ingest data into Datadog from.
AWS charges for usage of the Kinesis stream. Refer to the Kinesis pricing docs for details.

Enable logging for your AWS service

Any AWS service that generates logs into a S3 bucket or a CloudWatch Log Group is supported. Find specific setup instructions for the most used services in the table below:

AWS service	Activate AWS service logging	Send AWS logs to Datadog
API Gateway	Enable AWS API Gateway logs	Manual log collection
Cloudfront	Enable AWS Cloudfront logs	Manual and automatic log collection
Cloudtrail	Enable AWS Cloudtrail logs	Manual log collection
DynamoDB	Enable AWS DynamoDB logs	Manual log collection
EC2	`-`	Use the Datadog Agent to send your logs to Datadog
ECS	`-`	Use the docker agent to gather your logs
Elastic Load Balancing (ELB)	Enable AWS ELB logs	Manual and automatic log collection
Lambda	`-`	Manual and automatic log collection
RDS	Enable AWS RDS logs	Manual log collection
Route 53	Enable AWS Route 53 logs	Manual log collection
S3	Enable AWS S3 logs	Manual and automatic log collection
SNS	There is no “SNS Logs”. Process logs and events that are transiting through to the SNS Service.	Manual log collection
RedShift	Enable AWS Redshift logs	Manual and automatic log collection
VPC	Enable AWS VPC logs	Manual log collection

Send AWS service logs to Datadog

There are two options when configuring triggers on the Datadog Lambda function:

Manually set up triggers on S3 buckets, Cloudwatch Log Groups, or Cloudwatch Events.
Let Datadog automatically set and manage the list of triggers.

Automatically setup triggers

If you are storing logs in many S3 buckets or Cloudwatch Log groups, Datadog can automatically manage triggers for you.

If you haven’t already, set up the Datadog log collection AWS Lambda function.

Ensure the policy of the IAM role used for Datadog-AWS integration has the following permissions. Information on how these permissions are used can be found in the descriptions below:

"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"lambda:List*",
"lambda:AddPermission",
"lambda:GetPolicy",
"lambda:RemovePermission",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"s3:GetBucketLogging",
"s3:GetBucketLocation",
"s3:GetBucketNotification",
"s3:ListAllMyBuckets",
"s3:PutBucketNotification",
"logs:PutSubscriptionFilter",
"logs:DeleteSubscriptionFilter",
"logs:DescribeSubscriptionFilters"

AWS Permission	Description
`cloudfront:GetDistributionConfig`	Get the name of the S3 bucket containing CloudFront access logs.
`cloudfront:ListDistributions`	List all CloudFront distributions.
`elasticloadbalancing:` `DescribeLoadBalancers`	List all load balancers.
`elasticloadbalancing:` `DescribeLoadBalancerAttributes`	Get the name of the S3 bucket containing ELB access logs.
`lambda:List*`	List all Lambda functions.
`lambda:AddPermission`	Add permission allowing a particular S3 bucket to trigger a Lambda function.
`lambda:GetPolicy`	Gets the Lambda policy when triggers are to be removed.
`lambda:RemovePermission`	Remove permissions from a Lambda policy.
`redshift:DescribeClusters`	List all Redshift clusters.
`redshift:DescribeLoggingStatus`	Get the name of the S3 bucket containing Redshift Logs.
`s3:GetBucketLogging`	Get the name of the S3 bucket containing S3 access logs.
`s3:GetBucketLocation`	Get the region of the S3 bucket containing S3 access logs.
`s3:GetBucketNotification`	Get existing Lambda trigger configurations.
`s3:ListAllMyBuckets`	List all S3 buckets.
`s3:PutBucketNotification`	Add or remove a Lambda trigger based on S3 bucket events.
`logs:PutSubscriptionFilter`	Add a Lambda trigger based on CloudWatch Log events
`logs:DeleteSubscriptionFilter`	Remove a Lambda trigger based on CloudWatch Log events
`logs:DescribeSubscriptionFilters`	Lists the subscription filters for the specified log group.

Navigate to the Collect Logs tab in the AWS Integration tile.
Select the AWS Account from where you want to collect logs, and enter the ARN of the Lambda created in the previous section.
Select the services from which you’d like to collect logs and hit save. To stop collecting logs from a particular service, uncheck it.
If you have logs across multiple regions, you must create additional Lambda functions in those regions and enter them in this tile.
To stop collecting all AWS logs, press the x next to each Lambda ARN. All triggers for that function are removed.
Within a few minutes of this initial setup, your AWS Logs appear in your Datadog log explorer page in near real time.

Manually setup triggers

Collecting logs from Cloudwatch Log Group

If you are storing logs in a CloudWatch Log Group, send them to Datadog as follows:

If you haven’t already, set up the Datadog log collection AWS Lambda function.
Once the lambda function is installed, manually add a trigger on the CloudWatch Log Group that contains your logs in the AWS console:

Select the corresponding CloudWatch Log Group, add a filter name (but feel free to leave the filter empty) and add the trigger:

Once done, go into your Datadog Log section to start exploring your logs!

For Terraform users, you can provision and manage your triggers using the aws_cloudwatch_log_subscription_filter resource. See sample code below.

resource "aws_cloudwatch_log_subscription_filter" "datadog_log_subscription_filter" {
  name            = "datadog_log_subscription_filter"
  log_group_name  = <CLOUDWATCH_LOG_GROUP_NAME> # e.g., /aws/lambda/my_lambda_name
  destination_arn = <DATADOG_FORWARDER_ARN> # e.g., arn:aws:lambda:us-east-1:123:function:datadog-forwarder
  filter_pattern  = ""
}

For Serverless Framework, SAM, and CloudFormation users, you can provision and manage your triggers using the CloudFormation AWS::Logs::SubscriptionFilter resource. See sample code below. For Serverless Framework users, you need to put the code snippet under the resources section within your serverless.yml.

Resources:
  MyLogSubscriptionFilter:
    Type: "AWS::Logs::SubscriptionFilter"
    Properties:
      DestinationArn: "<DATADOG_FORWARDER_ARN>"
      LogGroupName: "<CLOUDWATCH_LOG_GROUP_NAME>"
      FilterPattern: ""

Collecting logs from S3 buckets

If you are storing logs in a S3 bucket, send them to Datadog as follows:

If you haven’t already, set up the Datadog log collection AWS Lambda function.
Once the lambda function is installed, manually add a trigger on the S3 bucket that contains your logs in the AWS console:
Select the bucket and then follow the AWS instructions:
Set the correct event type on S3 buckets:

Once done, go into your Datadog Log section to start exploring your logs!

For Terraform users, you can provision and manage your triggers using the aws_s3_bucket_notification resource. See sample code below.

resource "aws_s3_bucket_notification" "my_bucket_notification" {
  bucket = my_bucket
  lambda_function {
    lambda_function_arn = "<DATADOG_FORWARDER_ARN>"
    events              = ["s3:ObjectCreated:*"]
    filter_prefix       = "AWSLogs/"
    filter_suffix       = ".log"
  }
}

resource "aws_lambda_permission" "allow_bucket" {
  statement_id  = "AllowExecutionFromS3Bucket"
  action        = "lambda:InvokeFunction"
  function_name = "<DATADOG_FORWARDER_ARN>"
  principal     = "s3.amazonaws.com"
  source_arn    = "<MY_BUCKET_ARN>"
}

For Serverless Framework, SAM, and CloudFormation users, you can configure triggers using the CloudFormation NotificationConfiguration for your S3 bucket. See sample code below. For Serverless Framework users, you need to put the code snippet under the resources section within your serverless.yml.

Resources:
  Bucket:
    Type: AWS::S3::Bucket
    DependsOn: BucketPermission
    Properties:
      BucketName: "<MY_BUCKET>"
      NotificationConfiguration:
        LambdaConfigurations:
        - Event: 's3:ObjectCreated:*'
          Function: "<DATADOG_FORWARDER_ARN>"
  BucketPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: "<DATADOG_FORWARDER_ARN>"
      Principal: s3.amazonaws.com
      SourceArn: <MY_BUCKET_ARN>
      SourceAccount: !Ref "AWS::AccountId"

Data Collected

Metrics

aws.logs.incoming_bytes (gauge)	The volume of log events in uncompressed bytes uploaded to Cloudwatch Logs. Shown as byte
aws.logs.incoming_log_events (count)	The number of log events uploaded to Cloudwatch Logs. Shown as event
aws.logs.forwarded_bytes (gauge)	The volume of log events in compressed bytes forwarded to the subscription destination. Shown as byte
aws.logs.forwarded_log_events (count)	The number of log events forwarded to the subscription destination. Shown as event
aws.logs.delivery_errors (count)	The number of log events for which CloudWatch Logs received an error when forwarding data to the subscription destination. Shown as event
aws.logs.delivery_throttling (count)	The number of log events for which CloudWatch Logs was throttled when forwarding data to the subscription destination. Shown as event
aws.events.invocations (count)	Measures the number of times a target is invoked for a rule in response to an event. This includes successful and failed invocations but does not include throttled or retried attempts until they fail permanently.
aws.events.failed_invocations (count)	Measures the number of invocations that failed permanently. This does not include invocations that are retried or that succeeded after a retry attempt
aws.events.triggered_rules (count)	Measures the number of triggered rules that matched with any event.
aws.events.matched_events (count)	Measures the number of events that matched with any rule.
aws.events.throttled_rules (count)	Measures the number of triggered rules that are being throttled.
aws.usage.call_count (count)	The number of specified operations performed in your account Shown as operation
aws.usage.resource_count (count)	The number of specified resources in your account Shown as resource

Events

Events from AWS are collected on a per AWS-service basis. Please refer to the documentation of specific AWS services to learn more about the events collected.

Tag

The following tags are collected from AWS integrations. Note: Some tags only display on specific metrics.

Integration	Datadog Tag Keys
All	`region`
API Gateway	`apiid`, `apiname`, `method`, `resource`, `stage`
Auto Scaling	`autoscalinggroupname`, `autoscaling_group`
Billing	`account_id`, `budget_name`, `budget_type`, `currency`, `servicename`, `time_unit`
CloudFront	`distributionid`
CodeBuild	`project_name`
CodeDeploy	`application`, `creator`, `deployment_config`, `deployment_group`, `deployment_option`, `deployment_type`, `status`
DirectConnect	`connectionid`
DynamoDB	`globalsecondaryindexname`, `operation`, `streamlabel`, `tablename`
EBS	`volumeid`, `volume-name`, `volume-type`
EC2	`autoscaling_group`, `availability-zone`, `image`, `instance-id`, `instance-type`, `kernel`, `name`, `security_group_name`
ECS	`clustername`, `servicename`, `instance_id`
EFS	`filesystemid`
[ElastiCache][]	`cachenodeid`, `cache_node_type`, `cacheclusterid`, `cluster_name`, `engine`, `engine_version`, `prefered_availability-zone`, `replication_group`
ElasticBeanstalk	`environmentname`, `enviromentid`
ELB	`availability-zone`, `hostname`, `loadbalancername`, `name`, `targetgroup`
EMR	`cluster_name`, `jobflowid`
ES	`dedicated_master_enabled`, `ebs_enabled`, `elasticsearch_version`, `instance_type`, `zone_awareness_enabled`
Firehose	`deliverystreamname`
Health	`event_category`, `status`, `service`
IoT	`actiontype`, `protocol`, `rulename`
Kinesis	`streamname`, `name`, `state`
KMS	`keyid`
Lambda	`functionname`, `resource`, `executedversion`, `memorysize`, `runtime`
Machine Learning	`mlmodelid`, `requestmode`
MQ	`broker`, `queue`, `topic`
OpsWorks	`stackid`, `layerid`, `instanceid`
Polly	`operation`
RDS	`auto_minor_version_upgrade`, `dbinstanceclass`, `dbclusteridentifier`, `dbinstanceidentifier`, `dbname`, `engine`, `engineversion`, `hostname`, `name`, `publicly_accessible`, `secondary_availability-zone`
Redshift	`clusteridentifier`, `latency`, `nodeid`, `service_class`, `stage`, `wlmid`
Route 53	`healthcheckid`
S3	`bucketname`, `filterid`, `storagetype`
SES	Tag keys are custom set in AWS.
SNS	`topicname`
SQS	`queuename`
VPC	`nategatewayid`, `vpnid`, `tunnelipaddress`
WorkSpaces	`directoryid`, `workspaceid`

Troubleshooting

Discrepancy between your data in CloudWatch and Datadog

There are two important distinctions to be aware of:

In AWS for counters, a graph that is set to ‘sum’ ‘1minute’ shows the total number of occurrences in one minute leading up to that point, i.e. the rate per 1 minute. Datadog is displaying the raw data from AWS normalized to per second values, regardless of the time frame selected in AWS. This is why you might see Datadog’s value as lower.
Overall, min/max/avg have a different meaning within AWS than in Datadog. In AWS, average latency, minimum latency, and maximum latency are three distinct metrics that AWS collects. When Datadog pulls metrics from AWS CloudWatch, the average latency is received as a single time series per ELB. Within Datadog, when you are selecting ‘min’, ‘max’, or ‘avg’, you are controlling how multiple time series are combined. For example, requesting system.cpu.idle without any filter would return one series for each host that reports that metric and those series need to be combined to be graphed. On the other hand, if you requested system.cpu.idle from a single host, no aggregation would be necessary and switching between average and max would yield the same result.

Metrics delayed

When using the AWS integration, Datadog pulls in your metrics via the CloudWatch API. You may see a slight delay in metrics from AWS due to some constraints that exist for their API.

To begin, the CloudWatch API only offers a metric-by-metric crawl to pull data. The CloudWatch APIs have a rate limit that varies based on the combination of authentication credentials, region, and service. Metrics are made available by AWS dependent on the account level. For example, if you are paying for “detailed metrics” within AWS, they are available more quickly. This level of service for detailed metrics also applies to granularity, with some metrics being available per minute and others per five minutes.

Datadog has the ability to prioritize certain metrics within an account to pull them in faster, depending on the circumstances. Please contact Datadog support for more info.

To obtain metrics with virtually zero delay, install the Datadog Agent on the host. For more information, see Datadog’s blog post Don’t fear the Agent: Agent-based monitoring.

Missing metrics

CloudWatch’s API returns only metrics with data points, so if for instance an ELB has no attached instances, it is expected not to see metrics related to this ELB in Datadog.

Wrong count of aws.elb.healthy_host_count

When the cross-zone load balancing option is enabled on an ELB, all the instances attached to this ELB are considered part of all availability zones (on CloudWatch’s side), so if you have 2 instances in 1a and 3 in ab, the metric displays 5 instances per availability zone. As this can be counter intuitive, we’ve added new metrics, aws.elb.healthy_host_count_deduped and aws.elb.un_healthy_host_count_deduped, that display the count of healthy and unhealthy instances per availability zone, regardless of if this cross-zone load balancing option is enabled or not.

Duplicated hosts when installing the Agent

When installing the Agent on an AWS host, you might see duplicated hosts on the infra page for a few hours if you manually set the hostname in the Agent’s configuration. This second host disappears a few hours later, and won’t affect your billing.