Overview
Use AWS Identity and Access Management (IAM) Access Analyzer across your Amazon account to continuously analyze IAM permissions granted with any of your account policies. Datadog integrates with Amazon IAM Access Analyzer using a Lambda function that ships its findings as logs to Datadog.
Setup
Log collection
If you haven’t already, set up the Datadog Forwarder
Lambda function.
Create a new rule with type Rule with an event pattern in AWS EventBridge.
For the event source configuration, select Other. For Creation method, select Custom pattern (JSON editor). For Event pattern, copy and paste the following JSON:
{
"source": ["aws.access-analyzer"]
}
Select AWS service to use as the target type. Select Lambda function as the target and select the Datadog Forwarder Lambda or enter the ARN.
Save your rule.
Once the AWS Access Analyzer runs and produces findings, the events will be picked up by the Datadog Lambda Forwarder tagged with source:access-analyzer. See the Log Explorer
to start exploring your logs.
Data Collected
Metrics
This integration does not include any metrics.
Service Checks
This integration does not include any service checks.
Logs
This integration can be configured to send logs.
Events
This integration does not include any events.
Troubleshooting
Need help? Contact Datadog support
.
