Instrumenting Go Serverless Applications

문서 > 서버리스 > AWS Lambda용 서버리스 모니터링 > Instrument AWS Lambda applications > Instrumenting Go Serverless Applications

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

If your Go Lambda functions are still using runtime go1.x and you cannot migrate to the provided.al2 runtime, you must instrument using the Datadog Forwarder. Otherwise, follow the instructions in this guide to instrument using the Datadog Lambda Extension.

Version 67+ of the Datadog Lambda Extension is optimized to significantly reduce cold start duration. Read more.

Setup

If your application is deployed as a container image, use the Container Image method.

Note: Datadog recommends that you use Go tracer v1.73.1 for instrumenting AWS Lambda functions.

The Datadog Serverless Plugin automatically configures your functions to send metrics, traces, and logs to Datadog through the Datadog Lambda Extension.

To install and configure the Datadog Serverless Plugin, follow these steps:

Install the Datadog Serverless Plugin:

serverless plugin install --name serverless-plugin-datadog

Update your `serverless.yml`:

custom:
  datadog:
    site: <DATADOG_SITE>
    apiKeySecretArn: <DATADOG_API_KEY_SECRET_ARN>

To fill in the placeholders:

Replace <DATADOG_SITE> with your Datadog site to send the telemetry to.
Replace <DATADOG_API_KEY_SECRET_ARN> with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can instead use apiKey and set the Datadog API key in plaintext.

For more information and additional settings, see the plugin documentation.

Install the Datadog Lambda Extension
```
COPY --from=public.ecr.aws/datadog/lambda-extension:<TAG> /opt/. /opt/
```
Replace <TAG> with either a specific version number (for example, 84) or with latest. Alpine is also supported with specific version numbers (such as 84-alpine) or with latest-alpine. You can see a complete list of possible tags in the Amazon ECR repository.
Set the required environment variables
- Set DD_SITE to (ensure the correct SITE is selected on the right).
- Set DD_API_KEY_SECRET_ARN to the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can use DD_API_KEY instead and set the Datadog API key in plaintext.
- Optionally set DD_UNIVERSAL_INSTRUMENTATION: true to take advantage of advanced configurations such as capturing the Lambda request and response payloads and inferring APM spans from incoming Lambda events.

The lambda-datadog Terraform module wraps the aws_lambda_function resource and automatically configures your Lambda function for Datadog Serverless Monitoring by:

Adding the Datadog Lambda layers
Redirecting the Lambda handler
Enabling the collection and sending of metrics, traces, and logs to Datadog

module "lambda-datadog" {
  source  = "DataDog/lambda-datadog/aws"
  version = "3.2.1"

  environment_variables = {
    "DD_API_KEY_SECRET_ARN" : "<DATADOG_API_KEY_SECRET_ARN>"
    "DD_ENV" : "<ENVIRONMENT>"
    "DD_SERVICE" : "<SERVICE_NAME>"
    "DD_SITE": "<DATADOG_SITE>"
    "DD_VERSION" : "<VERSION>"
  }

  datadog_extension_layer_version = 84

  # aws_lambda_function arguments
}

Replace the aws_lambda_function resource with the lambda-datadog Terraform module. Then, specify the source and version of the module.
Set the aws_lambda_function arguments:
All of the arguments available in the aws_lambda_function resource are available in this Terraform module. Arguments defined as blocks in the aws_lambda_function resource are redefined as variables with their nested arguments.
For example, in aws_lambda_function, environment is defined as a block with a variables argument. In the lambda-datadog Terraform module, the value for the environment_variables is passed to the environment.variables argument in aws_lambda_function. See inputs for a complete list of variables in this module.
Fill in the environment variable placeholders:
- Replace <DATADOG_API_KEY_SECRET_ARN> with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can instead use the environment variable DD_API_KEY and set your Datadog API key in plaintext.
- Replace <ENVIRONMENT> with the Lambda function’s environment, such as prod or staging
- Replace <SERVICE_NAME> with the name of the Lambda function’s service
- Replace <DATADOG_SITE> with . (Ensure the correct Datadog site is selected on this page).
- Replace <VERSION> with the version number of the Lambda function
Select the version of the Datadog Extension Lambda layer to use. If left blank the latest layer version will be used.

  datadog_extension_layer_version = 84

To configure Datadog using SST v3, follow these steps:

const app = new sst.aws.Function("MyApp", {
  handler: "./src",
  runtime: "go",
  environment: {
    DD_ENV: "<ENVIRONMENT>",
    DD_SERVICE: "<SERVICE_NAME>",
    DD_VERSION: "<VERSION>",
    DATADOG_API_KEY_SECRET_ARN: "<DATADOG_API_KEY_SECRET_ARN>",
    DD_SITE: "<DATADOG_SITE>",
  },
  layers: [
    $interpolate`arn:aws:lambda:${aws.getRegionOutput().name}:464622532012:layer:Datadog-Extension:84`,
  ],
});

Fill in the environment variable placeholders:

Replace <DATADOG_API_KEY_SECRET_ARN> with the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can instead use the environment variable DD_API_KEY and set your Datadog API key in plaintext.
Replace <ENVIRONMENT> with the Lambda function’s environment, such as prod or staging
Replace <SERVICE_NAME> with the name of the Lambda function’s service
Replace <DATADOG_SITE> with . (Ensure the correct Datadog site is selected on this page).
Replace <VERSION> with the version number of the Lambda function

Install the Datadog Lambda Extension

Add the Lambda layer of Datadog Lambda Extension to your Lambda functions, using the ARN format based on your AWS region and architecture:

# Use this format for x86-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension:84

# Use this format for arm64-based Lambda deployed in AWS commercial regions
arn:aws:lambda:<AWS_REGION>:464622532012:layer:Datadog-Extension-ARM:84

# Use this format for x86-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension:84

# Use this format for arm64-based Lambda deployed in AWS GovCloud regions
arn:aws-us-gov:lambda:<AWS_REGION>:002406178527:layer:Datadog-Extension-ARM:84

Replace <AWS_REGION> with a valid AWS region, such as us-east-1.

Configure the required environment variables

Set DD_SITE to (ensure the correct SITE is selected on the right).
Set DD_API_KEY_SECRET_ARN to the ARN of the AWS secret where your Datadog API key is securely stored. The key needs to be stored as a plaintext string (not a JSON blob). The secretsmanager:GetSecretValue permission is required. For quick testing, you can use DD_API_KEY instead and set the Datadog API key in plaintext.

Install the Datadog Lambda library

go get github.com/DataDog/datadog-lambda-go

Update your Lambda function code

package main

import (
	"context"
	"net/http"
	"time"

  ddlambda "github.com/DataDog/datadog-lambda-go"
  "github.com/aws/aws-lambda-go/events"
  "github.com/aws/aws-lambda-go/lambda"
  httptrace "gopkg.in/DataDog/dd-trace-go.v1/contrib/net/http"
	"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer"
)

func main() {
	// Wrap your lambda handler
	lambda.Start(ddlambda.WrapFunction(myHandler, nil))
}

func myHandler(ctx context.Context, _ events.APIGatewayProxyRequest) (string, error) {
	// Trace an HTTP request
	req, _ := http.NewRequestWithContext(ctx, "GET", "https://www.datadoghq.com", nil)
	client := http.Client{}
	client = *httptrace.WrapClient(&client)
	client.Do(req)

	// Submit a custom metric
	ddlambda.Metric(
		"coffee_house.order_value",      // Metric name
		12.45,                           // Metric value
		"product:latte", "order:online", // Associated tags
	)

	// Create a custom span
	s, _ := tracer.StartSpanFromContext(ctx, "child.span")
	time.Sleep(100 * time.Millisecond)
	s.Finish()
	return "ok", nil
}

FIPS compliance

Datadog provides FIPS-compliant monitoring for AWS Lambda functions. For AWS GovCloud environments, the DD_LAMBDA_FIPS_MODE environment variable is enabled by default. When FIPS mode is enabled, AWS FIPS endpoints are used for Datadog API key lookups, and the Lambda metric helper function lambda_metric requires the FIPS-compliant extension for metric submission. While the FIPS-compliant Lambda components work with any Datadog site, end-to-end FIPS compliance requires using the US1-FED site. See AWS Lambda FIPS Compliance for more details.

AWS Lambda and VPC

If your Lambda functions are deployed in a Virtual Private Cloud (VPC) without access to the public internet, and you are using the datadoghq.com Datadog site, you can use AWS PrivateLink to send data.

If your Lambda functions are deployed in a VPC, and you are using a Datadog site that is not datadoghq.com, you can use a proxy to send data.

What’s next?

Add custom tags to your telemetry by using the DD_TAGS environment variable
Configure payload collection to capture your functions’ JSON request and response payloads
If you are using the Datadog Lambda Extension, turn off the Datadog Forwarder’s Lambda logs
See Configure Serverless Monitoring for AWS Lambda for further capabilities