The AWS Integration with Terraform

docs>integrations>The AWS Integration with Terraform

Using Terraform, you can create the Datadog IAM role, policy document, and the Datadog-AWS integration with a single terraform apply command.

  1. Configure the Datadog Terraform provider to interact with the Datadog API through a Terraform configuration.

  2. Set up your Terraform configuration file using the example below as a base template. Ensure to update the following parameters before you apply the changes:

    • AWS_PERMISSIONS_LIST: The IAM policies needed by Datadog AWS integrations. The current list is available in the Datadog AWS integration documentation.
    • AWS_ACCOUNT_ID: Your AWS account ID.

See the Terraform Registry for further example usage and the full list of optional parameters, as well as additional Datadog resources.

data "aws_iam_policy_document" "datadog_aws_integration_assume_role" {
  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type = "AWS"
      identifiers = ["arn:aws:iam::464622532012:root"]
    }
    condition {
      test = "StringEquals"
      variable = "sts:ExternalId"

      values = [
        "${datadog_integration_aws.sandbox.external_id}"
      ]
    }
  }
}

data "aws_iam_policy_document" "datadog_aws_integration" {
  statement {
    actions = [<AWS_PERMISSIONS_LIST>]

    resources = ["*"]
  }
}

resource "aws_iam_policy" "datadog_aws_integration" {
  name = "DatadogAWSIntegrationPolicy"
  policy = "${data.aws_iam_policy_document.datadog_aws_integration.json}"
}

resource "aws_iam_role" "datadog_aws_integration" {
  name = "DatadogAWSIntegrationRole"
  description = "Role for Datadog AWS Integration"
  assume_role_policy = "${data.aws_iam_policy_document.datadog_aws_integration_assume_role.json}"
}

resource "aws_iam_role_policy_attachment" "datadog_aws_integration" {
  role = "${aws_iam_role.datadog_aws_integration.name}"
  policy_arn = "${aws_iam_policy.datadog_aws_integration.arn}"
}

resource "datadog_integration_aws" "sandbox" {
  account_id  = "<AWS_ACCOUNT_ID>"
  role_name   = "DatadogAWSIntegrationRole"
}
  1. Run terraform apply. Wait up to 10 minutes for data to start being collected, and then view the out-of-the-box AWS overview dashboard to see metrics sent by your AWS services and infrastructure.

Additional helpful documentation, links, and articles:

Managing Datadog with TerraformBLOG more more