For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/integrations/cloudaware-logsight.md. A documentation index is available at /llms.txt.

Cloudaware LogSight

Supported OS Linux

Integration version1.0.0

To find out if this integration is available in your organization, see your Datadog Integrations page or ask your organization administrator.

To initiate an exception request to enable this integration for your organization, email support@ddog-gov.com.

Included Datadog dashboard displaying coverage by Cloud Service.
Datadog dashboard displaying CloudTrail Gap Analysis and Coverage
Cloudaware gap analysis on services not being sent to Datadog

Overview

Cloudaware is a cloud management platform that provides real-time asset discovery, CMDB, and cloud governance across multi-cloud environments. Cloudaware LogSight helps you get the most out of Datadog by ensuring your entire cloud infrastructure is forwarding logs to Datadog. It connects Cloudaware’s real-time CMDB, which auto-discovers every configuration item across AWS, Azure, and GCP, to the Datadog API, continuously reconciling your full asset inventory against active log sources and surfacing gaps before they become blind spots.

By automating discovery and reconciliation of cloud service log status, inventory data, and Datadog ingestion metadata across 3,000+ services, LogSight replaces error-prone manual audits and catches coverage gaps the moment they appear. This gives compliance teams ongoing, documented proof that every service is forwarding logs to Datadog.

Key capabilities

  • Full cloud coverage discovery: 3,000+ services across AWS, Azure, GCP, Oracle, and Alibaba Cloud
  • Datadog API reconciliation: Live inventory compared against Datadog’s active log sources
  • Gap reporting: Identifies which services, accounts, and regions aren’t forwarding logs to Datadog
  • Per-service visibility: Logging status, destination, and Datadog ingestion status per resource
  • Continuous monitoring: Real-time detection of new gaps as infrastructure changes
  • Compliance evidence: Audit-ready proof of log coverage completeness

Setup

Prerequisites

Before connecting Cloudaware to Datadog, ensure you have the following:

  1. Datadog API & Application Keys: Required to allow Cloudaware to query log statistics and create the audit dashboard.

    • Generate these in Datadog under Organization Settings > API Keys and Application Keys.

  2. AWS Integration: Your AWS accounts must already be connected to Cloudaware for resource discovery.

  3. AWS IAM Permissions: Cloudaware requires a read-only IAM Role to scan your infrastructure configuration. Ensure the policy attached to the Cloudaware role includes the permissions listed below.

IAM Policy Reference

Add the following permissions to your Cloudaware IAM Role to enable full audit capabilities:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudtrail:DescribeTrails",
        "ec2:DescribeRegions",
        "ec2:DescribeFlowLogs",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "lambda:ListFunctions",
        "eks:ListClusters",
        "eks:DescribeCluster",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLogging",
        "logs:DescribeLogGroups",
        "cloudfront:ListDistributions",
        "cloudfront:GetDistributionConfig",
        "route53:ListHostedZones",
        "route53:ListQueryLoggingConfigs",
        "route53resolver:ListResolverQueryLogConfigs",
        "wafv2:ListWebACLs",
        "wafv2:GetLoggingConfiguration",
        "config:DescribeDeliveryChannels"
      ],
      "Resource": "*"
    }
  ]
}

Permissions

The following list shows the permission that controls access to section of your infrastructure:

  • General: ec2:DescribeRegions
  • CloudTrail: cloudtrail:DescribeTrails
  • ELB: elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeLoadBalancerAttributes
  • Lambda: lambda:ListFunctions
  • EKS: eks:ListClusters, eks:DescribeCluster
  • VPC Flow: ec2:DescribeFlowLogs
  • S3: s3:ListAllMyBuckets, s3:GetBucketLogging
  • CloudWatch: logs:DescribeLogGroups (Used to discover Log Groups)
  • CloudFront: cloudfront:ListDistributions, cloudfront:GetDistributionConfig
  • Route53: route53:ListHostedZones, route53:ListQueryLoggingConfigs, route53resolver:ListResolverQueryLogConfigs
  • WAF: wafv2:ListWebACLs, wafv2:GetLoggingConfiguration
  • AWS Config: config:DescribeDeliveryChannels

Configuration

  1. Log in to Cloudaware and navigate to Admin > Integrations.
  2. Locate and select the Datadog integration tile.
  3. Click +Add.
  4. Enter your Datadog API Key and Application Key.
  5. Click Save to activate the integration.

Validation

Once the integration is saved, Cloudaware automatically starts scanning your AWS and Datadog accounts to reconcile log sources.

  1. In Datadog, go to Dashboards > Dashboard List.
  2. Search for the dashboard titled “AWS Logging Audit”.
  3. Open the dashboard. Data should begin populating within a few minutes of the initial scan.

Uninstallation

To stop the integration and data collection:

  1. Log in to Cloudaware and navigate to Admin > Integrations.
  2. Locate the active Datadog integration.
  3. Select Delete or Disable to remove the connection. This stops Cloudaware from sending data to Datadog.
  4. In Datadog, navigate to the Cloudaware integration and click Uninstall to remove the included dashboard.

Support

Need help? Contact Cloudaware Support.