--- title: Cloudaware LogSight description: >- CMDB-powered log coverage analysis. Identify gaps in Datadog logs for full observability across your cloud environments breadcrumbs: Docs > Integrations > Cloudaware LogSight --- # Cloudaware LogSight Supported OS Integration version1.0.0 {% callout %} # Important note for users on the following Datadog sites: us2.ddog-gov.com {% alert level="info" %} To find out if this integration is available in your organization, see your [Datadog Integrations](https://app.datadoghq.com/integrations) page or ask your organization administrator. To initiate an exception request to enable this integration for your organization, email [support@ddog-gov.com](mailto:support@ddog-gov.com). {% /alert %} {% /callout %} Included Datadog dashboard displaying coverage by Cloud Service.Datadog dashboard displaying CloudTrail Gap Analysis and CoverageCloudaware gap analysis on services not being sent to Datadog ## Overview{% #overview %} Cloudaware is a cloud management platform that provides real-time asset discovery, CMDB, and cloud governance across multi-cloud environments. Cloudaware LogSight helps you get the most out of Datadog by ensuring your entire cloud infrastructure is forwarding logs to Datadog. It connects Cloudaware's real-time CMDB, which auto-discovers every configuration item across AWS, Azure, and GCP, to the Datadog API, continuously reconciling your full asset inventory against active log sources and surfacing gaps before they become blind spots. By automating discovery and reconciliation of cloud service log status, inventory data, and Datadog ingestion metadata across 3,000+ services, LogSight replaces error-prone manual audits and catches coverage gaps the moment they appear. This gives compliance teams ongoing, documented proof that every service is forwarding logs to Datadog. ### Key capabilities{% #key-capabilities %} - **Full cloud coverage discovery**: 3,000+ services across AWS, Azure, GCP, Oracle, and Alibaba Cloud - **Datadog API reconciliation**: Live inventory compared against Datadog's active log sources - **Gap reporting**: Identifies which services, accounts, and regions aren't forwarding logs to Datadog - **Per-service visibility**: Logging status, destination, and Datadog ingestion status per resource - **Continuous monitoring**: Real-time detection of new gaps as infrastructure changes - **Compliance evidence**: Audit-ready proof of log coverage completeness ## Setup{% #setup %} ### Prerequisites{% #prerequisites %} Before connecting Cloudaware to Datadog, ensure you have the following: 1. Datadog API & Application Keys: Required to allow Cloudaware to query log statistics and create the audit dashboard. - Generate these in Datadog under **Organization Settings** > **API Keys** and **Application Keys**. 1. AWS Integration: Your AWS accounts must already be connected to Cloudaware for resource discovery. 1. AWS IAM Permissions: Cloudaware requires a read-only IAM Role to scan your infrastructure configuration. Ensure the policy attached to the Cloudaware role includes the permissions listed below. #### IAM Policy Reference{% #iam-policy-reference %} Add the following permissions to your Cloudaware IAM Role to enable full audit capabilities: ```gdscript3 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "ec2:DescribeRegions", "ec2:DescribeFlowLogs", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "lambda:ListFunctions", "eks:ListClusters", "eks:DescribeCluster", "s3:ListAllMyBuckets", "s3:GetBucketLogging", "logs:DescribeLogGroups", "cloudfront:ListDistributions", "cloudfront:GetDistributionConfig", "route53:ListHostedZones", "route53:ListQueryLoggingConfigs", "route53resolver:ListResolverQueryLogConfigs", "wafv2:ListWebACLs", "wafv2:GetLoggingConfiguration", "config:DescribeDeliveryChannels" ], "Resource": "*" } ] } ``` #### Permissions{% #permissions %} The following list shows the permission that controls access to section of your infrastructure: - **General:** ec2:DescribeRegions - **CloudTrail:** cloudtrail:DescribeTrails - **ELB:** elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeLoadBalancerAttributes - **Lambda:** lambda:ListFunctions - **EKS:** eks:ListClusters, eks:DescribeCluster - **VPC Flow:** ec2:DescribeFlowLogs - **S3:** s3:ListAllMyBuckets, s3:GetBucketLogging - **CloudWatch:** logs:DescribeLogGroups (Used to discover Log Groups) - **CloudFront:** cloudfront:ListDistributions, cloudfront:GetDistributionConfig - **Route53:** route53:ListHostedZones, route53:ListQueryLoggingConfigs, route53resolver:ListResolverQueryLogConfigs - **WAF:** wafv2:ListWebACLs, wafv2:GetLoggingConfiguration - **AWS Config:** config:DescribeDeliveryChannels ### Configuration{% #configuration %} 1. Log in to Cloudaware and navigate to **Admin** > **Integrations**. 1. Locate and select the Datadog integration tile. 1. Click **+Add**. 1. Enter your Datadog API Key and Application Key. 1. Click **Save** to activate the integration. ### Validation{% #validation %} Once the integration is saved, Cloudaware automatically starts scanning your AWS and Datadog accounts to reconcile log sources. 1. In Datadog, go to **Dashboards** > **Dashboard List**. 1. Search for the dashboard titled "AWS Logging Audit". 1. Open the dashboard. Data should begin populating within a few minutes of the initial scan. ## Uninstallation{% #uninstallation %} To stop the integration and data collection: 1. Log in to Cloudaware and navigate to **Admin** > **Integrations**. 1. Locate the active **Datadog** integration. 1. Select **Delete** or **Disable** to remove the connection. This stops Cloudaware from sending data to Datadog. 1. In Datadog, navigate to the Cloudaware integration and click **Uninstall** to remove the included dashboard. ## Support{% #support %} Need help? Contact [Cloudaware Support](mailto:support@cloudaware.com).